HAQ.NEWS

# Daily

// Today, learn about a Confluence template injection vulnerability enabling remote code execution, a unique Game Boy Advance ROM data glitch, a comprehensive eBook on proactive threat hunting, Uscrapper 2.0 for advanced OSINT web scraping, GraphStrike for command and control via Microsoft Graph API, decrypting AsyncRAT configurations, finding unprotected databases with Netlas.io, Binary Ninja tutorials for reverse engineering, OSINT and GEOINT techniques in a Bodrum counterfeit money case, GAP-Burp-Extension for enhanced parameter testing, mitigating risks from Google Dorking in Belgian web applications, and exploiting SeBackupPrivilege for domain escalation. [more...]
 
// Today, delve into DLLNotificationInjection’s stealthy process injection, setting up a vulnerable Active Directory lab for cybersecurity practice, reverse engineering an EV charger, XNLReveal Chrome extension for security testing, Nmap scripts targeting CVE-2023-46805 and CVE-2024-21887, MetaRadar, an offline Bluetooth security tool, Taranis AI for OSINT cyber threat analysis, and Phish.ly for analyzing suspicious emails. [more...]
 
// Today, utilize GSSAPI-Abuse for Active Directory vulnerability detection, HackTheBox’s Bookworm challenge exploiting XSS and SQL injection, Bash commands for network management, PHunter for OSINT phone analysis, CoWitness for web app testing simulation, IPATool for iOS app retrieval, Logboost for enhanced log analysis, a hardware hacking infographic, AngryOxide for advanced WiFi exploitation, WScan’s machine learning-based web security scanner, a V8 JavaScript engine exploit in Chrome, Freeze.rs for EDR evasion in Rust, and AllForOne’s comprehensive Nuclei YAML template collection. [more...]
 
// Today, explore ChopChopGo for rapid Linux log threat hunting, Novaldr’s Rust-based malware techniques, Ghidra for Android app reverse engineering, basics of Hashcat for ethical password cracking, FalconHound as a Blue Team multitool, ADCsync for NTLM hash extraction, and Evernote’s MacOS flaw with Electroniz3r detection. [more...]
 
// Today, pull apart reverse engineering for web apps with AST analysis, RustHound for Active Directory data collection, youneverknow00’s kernelmode DLL injector, pwndoc-ng and pwndoc for pentest reporting, GraphRunner for post-exploitation on Microsoft Entra IDS, TruffleHog for secret detection in code, U-Boot and UART for Android rooting, and techniques to bypass remote browser isolation. [more...]
 
<< 17 of 18 >>

# Recent Podcasts

# Emailz

First HAQ.NEWS was just descriptions and links I shared on social media. Then a buddy wanted an rss feed and now folks are requesting emails. Give me your address if you want emails too. Simple single click unsubscribe if it gets annoying.


# F.A.Q

Problem

Many websites are using AI/ML to create clickbait which actually doesn't have any valuable content.

Value

I use AI to de-clickbait the clickbait by allowing AI to read my news for me. Then it creates a meaningful tldr; regarding the articles of interest which helps discern what I should read. It is saving me a ton of time.

Why

FWIW HAQ.NEWS really started out as my personal news feed, enriched by Ai, and converted into something quick and easy to read. But then I started getting requests for features like rss, Gracie got involved, and with the super-power of Ai things have taken on a life of their own.

Sharing

I currently post daily infosec news to x, linkedin, mastodon and rss.

I also post daily infosec podcasts and interviews to apple podcasts and spotify.

Ads

This isn't an Ad.

current friend of haq 2024-04-12

I want to encourage people and projects that impress me, by posting a banner linking their work, as it's my desire to help others. I do not take or make any money.

Thanks,
Jared Folkins

Mastodon