HAQ.NEWS

# Daily

// A security engineer found two methods to bypass DOMPurify’s protection by targeting how XML and HTML parsers work. The Drozer framework is used for testing Android app vulnerabilities, it’s user-friendly and can be set up using Docker. It’s important to check Active Directory admin groups to reduce risks. GitHub’s xz-vulnerable-honeypot shows how to set up a honeypot detecting SSH attacks. AssetViz draws subdomains as a mind map for penetration testers. ChaiLdr repository helps avoid antivirus using shellcode loader techniques. Misusing the DLL Search Order can allow malware on Windows, so defenses are needed. An Android 14 kernel exploit affects Pixel devices, can gain root access. ADPT simplifies DLL hijack and sideloading exploits automatically. Modpot uses Go and gin for a web app honeypot to catch cyberattacks. Arjun hunts for HTTP parameters effectively. ADCSCoercePotato can force ADCS to authenticate for elevated privileges. HuntKit compiles pentesting tools in Docker for performance. A Python script makes simulated web traffic for network training. Portr safely shares local web services. LLVM is a compiler framework supporting many languages. CS 6120 at Cornell teaches programming language implementation online. A security researcher, amlweems, created a honeypot for CVE-2024-3094. Sudistark/xss-writeups explains an XSS bug on figma.com. An online service checks XZ backdoor in ELF binaries. Microsoft’s ML-For-Beginners provides a 26-lesson course on machine learning. A blog post demonstrates executing a buffer overflow attack. Linux’s ‘wall’ command has a flaw, WallEscape (CVE-2024-28085), which can leak sensitive info. And Helix is a modern text editor offering features for coders. [more...]
 
// The HEDnsExtractor tool helps cyber security folks by pulling out domains/IP networks that could be bad news. Sadly, there’s a nasty bug CVE-2024-0204 in GoAnywhere Admin that lets sneaky folks make high-privilege accounts they shouldn’t. For you tech heads, there’s a guide to writing 64-bit Linux shellcode so you can say "Hello World" with your CPU. R2Frida is a cool thing mixing radare2 with Frida to tweak live processes. Gynvael Coldwind busted a sneaky attack hiding in xz/liblzma that messes with data and sneaks in a backdoor. DroidLysis speeds up reverse engineering for Android apps while Subfinder and httpx are ace for finding digital weak spots. Certificate Transparency logs help spot tricky subdomains, helping in research and bounty hunting. FFUF finds hidden web content, and an SSH honeypot using CVE-2024-3094 waits for hackers. Cloudtopolis cracks passwords using Google’s cloud and the net. Sniff out leaked credentials with Chrome and Burp Suite. Compare different EDR products with EDR-Telemetry. Hijack Windows with CcmPwn, and level up your cybersecurity chops with a book covering all things low-level. Some smart cookies found a Linux kernel bug (CVE-2024-1086) and a Cisco Umbrella script that susses out weird DNS requests. There’s new malware-sniffing gear for .NET, and the latest tricks for nabbing manually mapped rootkits. Learn all about Windows UAC, poking around group policy bits for security testing, and make stuff safer with the Failsafe-go library. See OSINT trends with MetaOSINT, dig into Mastodon with Masto, and lurk on CashApp profile pics. Bag complex web data with One, track blockchain wallets with Wallet-Tracker CLI, learn malware analysis free from Arch Cloud Labs, and speed-scan websites with PIDRILA. There’s a list of tools for taking apart social media, a fancy Cobalt Strike code generator, smackdab in ya face. OffSec Reporting beautifies pentest reports and there’s more Telegram and Discord sleuthing gear, plus search savvy IRBIS for personal info digging.PHP library ’telegram-osint-lib’ focuses on Telegram for data scraping, and the OSINT Notebook by tjnull organizes your snooping. Gynvael Coldwind had another go at showing how attacks creep into xz/liblzma. Slide into a process on Windows with the NtSetInformationProcess function. CVE-2023-4863 made a boo-boo with WebP images, gotta patch those browsers! Then there’s a crafty exploit messing with Google’s sign-in, and finally, a treasure trove of cyber security resources for folks gearing up for the OSCP or just being security-smart. [more...]
 
// Ken Shirriff takes a dive into a military-grade chip to explore its gate array design and compares it with custom chips, outlining the costs and production differences. A cyber security fan uncovers how to hack into the Rebound box on HackTheBox with techniques that bump up privileges. Trail of Bits launches Ruzzy, a fuzzer to sniff out Ruby code bugs. "forensictools" toolkit makes a one-stop virtual spot for digital forensics, loaded with a bunch of analysis tools. An article unveils a hacking trick to mess with turnstiles using the Wiegand protocol. Lastly, C2 Tracker on GitHub keeps an eye on shady online dealings, nabbing IP addresses to spot malign servers. [more...]
 
// This article teaches malware develpers how to dodge antivirus by changing NTFS attributes, in-memory tricks, digital certificates, and more, with tips for security pros. There’s updates on malware IOCs vital for knowing and stopping threats. Cloud_Enum looks for open cloud stuff on AWS, Azure, and others using keywords. Telerecon helps with Intel on Telegram, like scraping chats and seeing user links, but you need to set it up right. Awesome Cloud Security Labs has free security exercises for cloud tech. Netlas.io scans the internet for research and can spot industrial controls online needing better security. Backslash-powered-scanner finds hidden injection problems in servers and slides past firewalls. You can learn how to use Rust language in cybersecurity with their tool. There’s a full guide on Windows for malware work, and a project for a DNS Tunnel Keylogger to sneak out info without getting caught. Lastly, learn to spot .NET malware with GUIDs and MVIDs, and find Yara rules online. [more...]
 
// This series helps with emulating IoT malware using Docker and Qiling. A pro explains using Velociraptor on VMware ESXi hypervisors for forensics. Security flaws in ChatGPT allow XSS attacks. A JavaScript file cleverly hides AsyncRAT deployment. There’s a binary exploitation roadmap from basics through pwn.college. SARA teaches making Android Trojans. BruteUnpackage cracks compressed file passwords. Demonstrate elevated privileges with CVE-2024-1086 on Linux. CVE-2023-48788 exploit for Fortinet’s FortiClient EMS is on GitHub. Understand Open Redirect vulnerability in IIS using JavaScript. CVE-2024-25153 proof-of-concept affects Fortra FileCatalyst Workflow. Xiaomi WiFi routers had security issues now fixed. A 64-bit library loads DLLs stealthily. Lastly, Meckazin/ChromeKatz extracts browser cookies from memory. [more...]
 
<< 3 of 18 >>

# Recent Podcasts

# Emailz

First HAQ.NEWS was just descriptions and links I shared on social media. Then a buddy wanted an rss feed and now folks are requesting emails. Give me your address if you want emails too. Simple single click unsubscribe if it gets annoying.


# F.A.Q

Problem

Many websites are using AI/ML to create clickbait which actually doesn't have any valuable content.

Value

I use AI to de-clickbait the clickbait by allowing AI to read my news for me. Then it creates a meaningful tldr; regarding the articles of interest which helps discern what I should read. It is saving me a ton of time.

Why

FWIW HAQ.NEWS really started out as my personal news feed, enriched by Ai, and converted into something quick and easy to read. But then I started getting requests for features like rss, Gracie got involved, and with the super-power of Ai things have taken on a life of their own.

Sharing

I currently post daily infosec news to x, linkedin, mastodon and rss.

I also post daily infosec podcasts and interviews to apple podcasts and spotify.

Ads

This isn't an Ad.

current friend of haq 2024-04-12

I want to encourage people and projects that impress me, by posting a banner linking their work, as it's my desire to help others. I do not take or make any money.

Thanks,
Jared Folkins

Mastodon