HAQ.NEWS

# Daily

// Today, deploy Afrog for vulnerability scans, master TorBot for anonymous investigations, and optimize password cracking with the latest hardware and software advice. Use tg-keyword-trends for Telegram data analysis, Phunter for phone number intelligence, and Route-Detect for securing web routes. Explore netstalking-osint for public data analysis, osintgpt for applying AI in OSINT, and certutil.exe for file manipulation. Conduct online searches with Gideon, exploit vulnerabilities using POC-bomber, decompile software with dnSpyEx, and enhance driver security with IOCTLance. [more...]
 
// Windows Exploit Suggester-NG checks for unpatched vulnerabilities, with an updatable database. New executables like CVE-2023-28252 allow payload delivery on Windows. Vulhub offers Docker environments for testing, while tools like Fuzzable automate fuzzing target identification. Midnight Blizzard attacks highlight the importance of regular updates and strong authentication. [more...]
 
// A new fuzzing tool CLZero tests for HTTP/1.1 CL.0 Request Smuggling vulnerabilities, while Porch Pirate serves as an OSINT framework for Postman. Skrapa speeds up memory scanning, and a Default Credentials Cheat Sheet helps find devices with default passwords. Make sure to rigorously check template inputs in MyBB after an RCE vulnerability alert, and apply patches. [more...]
 
// A script to scrape Facebook profiles is out, but beware the risks. Python assists GoAnywhere MFT patching, while a new GitHub repo tracks Linux kernel CVEs. Windows DPAPI insights offer encryption tactics, and Airgorah helps audit WiFi security legally. RemoteTLS leverages TLS callbacks for payload execution without new threads, and vhostawesome optimizes virtual host scanning with threading. [more...]
 
// Today, explore ODAT for Oracle Database security testing, including SID discovery and remote command execution. Discover a GitHub repository with educational malware sample builders, Rayder for automating command-line tasks in bug hunting, new techniques to bypass EDR using LoLBins, and BrowserStealer for extracting sensitive data from web browsers. [more...]
 
<< 16 of 18 >>

# Recent Podcasts

# Emailz

First HAQ.NEWS was just descriptions and links I shared on social media. Then a buddy wanted an rss feed and now folks are requesting emails. Give me your address if you want emails too. Simple single click unsubscribe if it gets annoying.


# F.A.Q

Problem

Many websites are using AI/ML to create clickbait which actually doesn't have any valuable content.

Value

I use AI to de-clickbait the clickbait by allowing AI to read my news for me. Then it creates a meaningful tldr; regarding the articles of interest which helps discern what I should read. It is saving me a ton of time.

Why

FWIW HAQ.NEWS really started out as my personal news feed, enriched by Ai, and converted into something quick and easy to read. But then I started getting requests for features like rss, Gracie got involved, and with the super-power of Ai things have taken on a life of their own.

Sharing

I currently post daily infosec news to x, linkedin, mastodon and rss.

I also post daily infosec podcasts and interviews to apple podcasts and spotify.

Ads

This isn't an Ad.

current friend of haq 2024-04-12

I want to encourage people and projects that impress me, by posting a banner linking their work, as it's my desire to help others. I do not take or make any money.

Thanks,
Jared Folkins

Mastodon