HAQ.NEWS

# Daily

// A new fuzzing tool CLZero tests for HTTP/1.1 CL.0 Request Smuggling vulnerabilities, while Porch Pirate serves as an OSINT framework for Postman. Skrapa speeds up memory scanning, and a Default Credentials Cheat Sheet helps find devices with default passwords. Make sure to rigorously check template inputs in MyBB after an RCE vulnerability alert, and apply patches. [more...]
 
// A script to scrape Facebook profiles is out, but beware the risks. Python assists GoAnywhere MFT patching, while a new GitHub repo tracks Linux kernel CVEs. Windows DPAPI insights offer encryption tactics, and Airgorah helps audit WiFi security legally. RemoteTLS leverages TLS callbacks for payload execution without new threads, and vhostawesome optimizes virtual host scanning with threading. [more...]
 
// Today, explore ODAT for Oracle Database security testing, including SID discovery and remote command execution. Discover a GitHub repository with educational malware sample builders, Rayder for automating command-line tasks in bug hunting, new techniques to bypass EDR using LoLBins, and BrowserStealer for extracting sensitive data from web browsers. [more...]
 
// Today, learn about a Confluence template injection vulnerability enabling remote code execution, a unique Game Boy Advance ROM data glitch, a comprehensive eBook on proactive threat hunting, Uscrapper 2.0 for advanced OSINT web scraping, GraphStrike for command and control via Microsoft Graph API, decrypting AsyncRAT configurations, finding unprotected databases with Netlas.io, Binary Ninja tutorials for reverse engineering, OSINT and GEOINT techniques in a Bodrum counterfeit money case, GAP-Burp-Extension for enhanced parameter testing, mitigating risks from Google Dorking in Belgian web applications, and exploiting SeBackupPrivilege for domain escalation. [more...]
 
// Today, delve into DLLNotificationInjection’s stealthy process injection, setting up a vulnerable Active Directory lab for cybersecurity practice, reverse engineering an EV charger, XNLReveal Chrome extension for security testing, Nmap scripts targeting CVE-2023-46805 and CVE-2024-21887, MetaRadar, an offline Bluetooth security tool, Taranis AI for OSINT cyber threat analysis, and Phish.ly for analyzing suspicious emails. [more...]
 
<< 17 of 18 >>

# Recent Podcasts

# Emailz

First HAQ.NEWS was just descriptions and links I shared on social media. Then a buddy wanted an rss feed and now folks are requesting emails. Give me your address if you want emails too. Simple single click unsubscribe if it gets annoying.


# F.A.Q

Problem

Many websites are using AI/ML to create clickbait which actually doesn't have any valuable content.

Value

I use AI to de-clickbait the clickbait by allowing AI to read my news for me. Then it creates a meaningful tldr; regarding the articles of interest which helps discern what I should read. It is saving me a ton of time.

Why

FWIW HAQ.NEWS really started out as my personal news feed, enriched by Ai, and converted into something quick and easy to read. But then I started getting requests for features like rss, Gracie got involved, and with the super-power of Ai things have taken on a life of their own.

Sharing

I currently post daily infosec news to x, linkedin, mastodon and rss.

I also post daily infosec podcasts and interviews to apple podcasts and spotify.

Ads

This isn't an Ad.

current friend of haq 2024-05-15

I want to encourage people and projects that impress me, by posting a banner linking their work, as it's my desire to help others. I do not take or make any money.

Thanks,
Jared Folkins

Mastodon