2024-02-05 // Today, extract macOS passwords with osx-password-dumper, scan networks via NetProbe, test servers with HTTP Garden, maintain access with RedTeam-Checker, analyze cloud security with PoiEx, solve CAPTCHAs using AI with a project by AashiqRamachandran, and learn more about vulnerabilities and breaches affecting AnyDesk, Meta, and Microsoft products. [more...]

2024-02-04 // Explore PETEP, a Java-based network traffic analysis and modification tool, and Deluder, a Python interception tool utilizing Frida for capturing traffic. Dive into Ken Shirriff's reverse engineering of the Intel 386 processor and learn about exploiting HackTheBox's RegistryTwo machine. Understand DMAC in PS2 development, enhance FPGA skills, bypass Windows UAC with a script, and test SpringBoot vulnerabilities using a GUI. [more...]

2024-02-03 // Today, Ivanti patched a big SSRF bug (CVE-2024-21893). Secure your network with least privilege and multi-factor authentication. Charlie Miller shows how to fix mobile device weaknesses. Yak Lang is a cool cybersecurity language. ADOKit attacks Azure DevOps, and Ransack secures Ruby apps. EventLogCrasher bugs Windows services, while CVE-2024-20698 is a tough exploit. Beware of fake NFT games and use SOAPHound for sneaky data collection. ToumaPet reveals its secrets, guard against sneaky OAuth apps, and Math Invaders gets decoded. ThievingFox steals credentials, and AnyDesk IOCs help spot threats. Monitor Telegram with tg-keyword-trends, secure your bootloader against CVE-2023-40547, and track SEC filings with SECurityTr8Ker! [more...]

2024-02-02 // Today, relay attack blocker, a code cracker called De4py, and a neat project reporter, PeCoReT. They found weak spots in Tenda routers and are studying a tricky RedLine Stealer malware. SmuggleFuzz spots sneaky web tricks, and Thinkst’s Tokens catch phishers. Google’s oss-fuzz-gen and Red Team Courses teach about computer safety, while DRAKVUF secretly checks for viruses. Synacktiv helps fight hackers, LEAKEY checks for secret leaks, and mydumbedr and CBMC help test and fix our computer guards. SSHimpanzee, CVE-2023-35636, and JS-Tap are awesome tools to protect our computers. We learn to stop sneaky attacks with OAuth tips, keep our 2FA apps safe, and use ExecIT and PurpleLab to practice protecting our computers! [more...]

2024-02-01 // Deploy ulexecve to execute ELF binaries in Linux userland for discreet operations. Soroush Dalili offers insightful methods for exploiting IIS Short File Name issues. Learn how custom EDR systems detect malicious activities, as demonstrated by SensePost’s practical example. Use DIFFER by Trail of Bits to spot bugs in modified software. ADOKit targets Azure DevOps Services, offering reconnaissance and escalation capabilities. Stompy adjusts file MAC times, aiding in forensic countermeasures. Analyze Apache OFBiz vulnerabilities to understand authentication bypasses and implement recommended patches. [more...]