HAQ.NEWS

# Daily

// Today, utilize GSSAPI-Abuse for Active Directory vulnerability detection, HackTheBox’s Bookworm challenge exploiting XSS and SQL injection, Bash commands for network management, PHunter for OSINT phone analysis, CoWitness for web app testing simulation, IPATool for iOS app retrieval, Logboost for enhanced log analysis, a hardware hacking infographic, AngryOxide for advanced WiFi exploitation, WScan’s machine learning-based web security scanner, a V8 JavaScript engine exploit in Chrome, Freeze.rs for EDR evasion in Rust, and AllForOne’s comprehensive Nuclei YAML template collection. [more...]
 
// Today, explore ChopChopGo for rapid Linux log threat hunting, Novaldr’s Rust-based malware techniques, Ghidra for Android app reverse engineering, basics of Hashcat for ethical password cracking, FalconHound as a Blue Team multitool, ADCsync for NTLM hash extraction, and Evernote’s MacOS flaw with Electroniz3r detection. [more...]
 
// Today, pull apart reverse engineering for web apps with AST analysis, RustHound for Active Directory data collection, youneverknow00’s kernelmode DLL injector, pwndoc-ng and pwndoc for pentest reporting, GraphRunner for post-exploitation on Microsoft Entra IDS, TruffleHog for secret detection in code, U-Boot and UART for Android rooting, and techniques to bypass remote browser isolation. [more...]
 
// Today, discover tools like noxer for automating Android pentesting in Nox Emulator, sbscan for detecting Spring Framework vulnerabilities, Kaspersky’s iShutdown for spotting iOS spyware, a new Linux kernel exploit for root access, PyGPOAbuse for editing GPOs, an intro to YARA for reverse engineering, a Cobalt Strike BOF for checking DLL hijacking, techniques for reversing obfuscated JavaScript, the versatile Flipper Zero for hacking, AVRed for improving red teaming obfuscation, and Kaspersky’s scripts for iShutdown analysis on iOS. [more...]
 
// Today, learn about CloudRecon for SSL certificate-based asset discovery, a script for detecting Ivanti Connect Secure vulnerabilities, explore Web LLM attack techniques, apply Linux hardening techniques, understand crypto drainer risks in account takeovers, use Xeol Scanner to find outdated software, set up Caldera for cyber attack simulations, discover Linikatzv2 for Active Directory attacks, Ken Shirriff’s exploration of the Bendix CADC, and Ivanti’s critical security vulnerabilities requiring immediate mitigation. [more...]
 
<< 18 of 18

# Recent Podcasts

# Emailz

First HAQ.NEWS was just descriptions and links I shared on social media. Then a buddy wanted an rss feed and now folks are requesting emails. Give me your address if you want emails too. Simple single click unsubscribe if it gets annoying.


# F.A.Q

Problem

Many websites are using AI/ML to create clickbait which actually doesn't have any valuable content.

Value

I use AI to de-clickbait the clickbait by allowing AI to read my news for me. Then it creates a meaningful tldr; regarding the articles of interest which helps discern what I should read. It is saving me a ton of time.

Why

FWIW HAQ.NEWS really started out as my personal news feed, enriched by Ai, and converted into something quick and easy to read. But then I started getting requests for features like rss, Gracie got involved, and with the super-power of Ai things have taken on a life of their own.

Sharing

I currently post daily infosec news to x, linkedin, mastodon and rss.

I also post daily infosec podcasts and interviews to apple podcasts and spotify.

Ads

This isn't an Ad.

current friend of haq 2024-05-15

I want to encourage people and projects that impress me, by posting a banner linking their work, as it's my desire to help others. I do not take or make any money.

Thanks,
Jared Folkins

Mastodon