2024-04-09 // In this recent rundown CloudGrappler, a tool for finding threat data in cloud AWS/Azure, and GMER, which detects rootkits in Windows kernel, are highlighted for their importance in cyber security. A blog talking about Cobalt Strike, mentioning how its post-exploit toolkit can use the Community Kit’s scripts for updates. [more...]

2024-04-08 // A Proof of Concept for CVE-2024-3273 shows how to hack into D-Link NAS devices, GDBFuzz improves testing for gadgets and stuff, and Genzai helps find weak spots in IoT things by checking out their dashboards and passwords. The ’nexus’ plugin for IP.Board had a bad security problem but got fixed, and now there’s another tool to break into those D-Link NAS devices using the CVE-2024-3273 weakness. Looking at JumpServer, there’s a couple of CVEs, CVE-2024-29201 and CVE-2024-29202, and you gotta update some things to stop hackers. ADOKit helps test Azure stuff, and DeWatermark.AI takes off watermarks from pics. DroneXtract is for checking out DJI drone data, while VolWeb makes it easier to look at memory for computer clues. Obsidian is a cool and safe app for jotting down cyber threat info, perfect-dll-proxy helps with messing with DLLs in Windows, and the OSTE-Web-Log-Analyzer looks for web attacks in server logs. [more...]

2024-04-07 // A cybersecurty hobbyist showed how to use vm2 JavaScript sandbox vulnerabilities to get into a Linux server, find a hash, and root access in a HackTheBox Codify challenge. Web cache issues, which can leak info, need careful monitoring; techniques like underscores in headers and fuzzing help prevent these attacks. The OSTE-Web-Log-Analyzer is a tool in Python for analyzing web logs to spot web attacks. C2 Cloud makes pentesting simpler with its web interface for handling backdoor sessions. To get Wi-Fi passwords from Windows after a breach, you need admin rights or the user’s context, and it’s suggested to not use WPA2 PSK for private networks.The Xen hypervisor got updated to fix handling of page table entries for superpages. Mahmoud Attia explains how to automate finding XSS vulnerabilities and avoid WAF detection using certain tools. A blog post explained how to create a backdoored Amazon Machine Image (AMI). Another post shows an exploit for BioTime software, allowing directory walking and code execution. A step-by-step method was given to analyze and get a malicious file from a site. MayflyHack has new cybersecurity resources like setting up a SCCM lab, network architecture, image creation, infrastructure deployment, and config management. The site itself provides tutorials for developing cyber security environments. Red Team Attack Lab uses real systems and vulnerabilities for offensive cybersecurity without cloud service costs. OpenGFW firewall is open-source, inspired by China’s firewall. Using Validin, 36 phishing domains linked to Latrodectus were found. Global Socket helps to securely communicate through firewalls using encrypted traffic. Japan EQ Locator helps visualize earthquake data, available on GitHub.QuickStego hides text in images, while QuickCrypto does the same with encryption. A Local Privilege Escalation (LPE) vulnerability in macOS filesystems was discovered and patched. Samuel Groß discussed finding vulnerabilities in image format parsers that impact Apple’s messenger apps. DroneXtract is softwre for analyzing DJI drone data. Articles explore Windows Containers creation and windows APIs. Web cache attacks can lead to site takeovers, but James Kettle suggests defenses like not caching error pages. FreeTube is a YouTube app for private viewing, and SearXNG is a private metasearch engine that doesn’t track users. [more...]

2024-04-06 // Today, AttackGen is a cybersecurity tool for creating scenarios to test incident responses. A blog recommends more secure Wi-Fi password practices. There’s a GitHub Ansible playbooks for fixing a vulnerability CVE-2024-3094. An article offers a comprehensive guide to phishing investigations using Microsoft tools. White Knight Labs’ GitHub focuses on cyber operations tools. Cofense specializes in cyber threat training and detection. Rundll32.exe exploitation is tackled by Cybereason’s AI platform per another article. Bsides Cymru 2023 introduced a method for process injection without traditional threads. OffSec EXP-401 course gives insight into exploit development. Windows HOSTS file management is explained for enhancing security. Monitoring Windows services is crucial for protecting against malicious activities. Payload-Generator simplifies Cobalt Strike payload building. Huntress analysts found ransomware misuse of data backup tools. A cloud penetration test showed a new technique for lateral movement exploiting PSRemoting. Taherio/redi on GitHub scripts the setup of CobaltStrike redirectors. A resource offers cybersecurity techniques for penetration testing. Tim Bandos emphasizes using MITRE’s ATT\u0026CK Framework for threat hunting. Vulnerability Management bootcamp helps start cybersecurity careers. A Cobalt Strike setup guide explains various red team operation techniques. **FortyNorth Security’s tool EDD is for domain data enumeration. A course teaches creating a detection playbook in Security Onion 2.3. HOPain OSINT Search Tools Version 2.0 gathers open-source intelligence. Fast-recon Python script automates sensitive file searches for domains. Web-traffic-generator simulates web traffic. Splunk Attack Range builds cyber attack simulations. Subdomain fuzzing nets a $35,000 bug bounty. Nemanja Mijailovic shares how to download Bandcamp albums not in a user’s collection. [more...]

2024-04-05 // In a recent post, Incinerator was introduced as a tool for reversing engineering Android malware and for security audits on apps. Discussions on r/netsec highlighted "Gram", a web application for threat modeling that works alongside system inventories. Chiasmodon came up as a CLI OSINT tool helping hackers gather info on domains and expanding with features like facial recognition. Readers also learned about alternatives to Netcat like Rlwrap, Rustcat, Pwncat, and Windows ConPty shell for secure connections in penetration testing. Lastly, Tunnelmole was mentioned for safely sharing local servers with the internet. [more...]