2024-03-26 // A vulnerability in JustSystems Ichitaro Word Processor was fixed after Cisco Talos reported it. Git-Rotate helps avoid IP detection on GitHub during password attacks. AzureNum gathers data on Microsoft Entra IDs. There’s a way to disable Windows Defender by tweaking system permissions. An OS engineer explains overcoming a Linux kernel bug (CVE-2023-0461) using advanced hacking techniques. DynamicMSBuilder makes .NET builds unique to dodge security checks. Dropper on GitHub crafts risky Office docs. BlueSpy steals audio from Bluetooth gadgets without user permision. Radamsa tests program stability with bad data. "WhoIsWho" shows other ways to do "whoami" tasks. Chiasmodon is a tool for domain info like emails. Tips for email investigation using OSINT tools are shared. To fix a "404 error," you should check the website URL. Various OSINT tools can find online profiles by nickname/email. Python scripts can automate file, web, and database work. Mr.Holmes mines public data about domains and such. Google Dork Maker creates search queries for hard-to-find data. Analyzing Latrodectus loader involves removing code clutter to see the harmful payload. Lastly, Telegram-Anti-Revoke was a plugin to keep Telegram messages from disappearing. [more...]

2024-03-25 // Cybersecurity AI Pentest Muse offers creative solutions for professionals, helping analyze code and craft payloads. Alisa Esage shares JIT engine and VM escape exploits on GitHub. unKover, a PoC anti-rootkit, detects malicious drivers using specialized techniques. A new malware analysis toolkit features 98 tools for various tasks, plus updates. DroneXtract analyzes data from DJI drones, including file parsing and telemetry. bootfuzz tests MBR-based system BIOS, requesting more tests on physical hardware. Octopii by RedHunt Labs scans for personal identifiable information using OCR and NLP technologies. Osintracker provides a browser-based tool for OSINT investigators. OffSec-Reporting by Syslifters enables cybersecurity report generation. ’telegram-osint-lib’ on GitHub provides a Telegram API for OSINT activities, and TJ-OSINT-Notebook includes tools and resources for OSINT work. GitOSINT Bot will return for professional use with paid APIs after being discontinued due to misuse. Various scripts scrape social media profiles, supporting Python. "HackingEnVivo/Doxing" is a Python tool for gathering personal info via doxing. A document offers resources and tools for OSINT. HINTS stores intelligence on targets and plans for secure user authentication and reporting. TELEKRAM-DOX hosts a Telegram flood bot. Social_X embeds RATs in files and warns against illegal use. SoulTaker packs multiple hacking features. LinkDox gathers info through different techniques. ‘krishpranav/car-osint’ helps gather vehicle associated data. DaProfiler collects digital identities to correct personal info leaks. Graver script exploits a vulnerability in Grav CMS. ‘FattusRattus/Grandstream’ scripts target Grandstream Phones vulnerabilities. CVE-2021-31630 PoC allows OpenPLC remote code execution. ‘asploit’ repository provides backdoors for multiple web servers. Exploit configurations for CVE-2021-44228 vulnerability and usage instructions are provided. f5_scanner identifies devices vulnerable to CVE-2020-5902. NoMoney is an information gathering tool that combines data from platforms. Learn low-level bit manipulation techniques for embedded systems. ComplianceAsCode project aids in maintaining security policies. MTProxy process for Telegram is outlined on GitHub. Akamai shares a privilege escalation technique detection in Active Directory. Neutron, an AI-driven assistant, joins Nebula Pro’s free tier. A Python script checks for systems vulnerable to a new denial of service attack, CVE-2024–2169. [more...]

2024-03-24 // Kubesploit is a framework for attacking container environments, with modules for both exploits and defenses. Ken Shirriff explores the Intel 8088 prefetch system, which boosts performance by pre-fetching instructions. A cyber security tutorial demonstrates how to exploit a vulnerability in Metabase. The Sr2T tool converts security scan reports into readable formats. A new tool extracts URLs and paths from web pages, suggesting improvements for handling applications. Researchers exploit a Chrome vulnerability by manipulating heap allocation patterns. Olivier Laflamme’s blog teaches emulating IoT firmware using QEMU. Reverser_ai offers automated reverse engineering tools on consumer hardware. The rev.ng decompiler has a modern interface and structure detection for code analysis. NoArgs hides command-line arguments of a process for covert operations. Emora is an open-source tool for finding user accounts with just a username. Secure coding guides teach prevention of common security issues. Sysmon blocks malicious file execution as backup to EDR systems in critical environments. Understanding process creation is important for cybersecurity. SquareX browser extension improves online safety. A vulnerability in Android’s Package Manager was exploited on Samsung devices. Scripts for finding vulnerable systems on networks using search engines. Auto-Gmail-Creator GitHub repository automates Gmail account creation. Python script discussed for SSH and FTP brute-forcing. Alisa Esage shares exploit code for competitions. Guide for testing AWS security. Repository for creating reverse shells and bypassing antivirus for educational purposes. Directory listing of educational cyber security content and tools. Resources for the Certified Red Team Expert (CRTE) exam. Cheatsheet-God provides cyber security resources. Command & Control frameworks are key for cyber operations. Code for manipulating Windows process’s command line arguments. International Anti Crime Academy gives guidance on investigating the Dark Web. Exploitation of the old TRACE method and HTTP/2 desync issues for web attacks. Method for privilege escalation in Azure. Handling dangling pointer errors through proper labeling and restructuring. Chrome’s detector for dangling pointers forces crashes to prevent their use. "Bob the Smuggler" conceals and encrypts files in other files to bypass security. DOMPurify’s deficiency is patched to prevent sanitization bypass. Method for maintaining persistent access with a malicious DLL. WindowsHardeningScript enhances Windows 10/11 security with system modifications. [more...]

2024-03-23 // The amazing nimvoke is a Nim library for safely doing indirect syscalls and making DInvoke style delegate declarations, with examples shown for use in Nim projects. Skytrack is a Python tool for tracking planes using public data, creating PDFs about them, plus a feature to convert tail numbers and ICAO codes. A security researcher found a bug to listen in on Bluetooth speakers with Just Work pairing, tested with nRF Connect app. NetSoc_OSINT by XDeadHackerX can get info from social networks without needing an account or API. Testing file upload vulnerabilities includes several advanced methods like checking PHP functions, exploiting paths, testing XSS and XXE payloads, and ZIP Slip. SpecterInsight 2.3.0 has a ransomware emulation that safely encrypts files, evades defenses, and comes with a decrypter. CS-AutoPostChain for CobaltStrike focuses on post-exploitation while staying stealthy. Obsidian can turn into a Cyber Threat Intelligence platform for analysts to manage data and analyze links. Someone shared solutions for JavaScript ‘Capture the Flag’ puzzles, demonstrating weird JS behaviors like type coercion. Setting up notifications for new local admin accounts on Intune devices needs PowerShell scripts, Azure, and sending alerts through email or Teams. Managing data and configs, users can reset filters and adjust kernel object settings. ReverserAI is a Binary Ninja plugin using local LLMs to suggest names for reverse-engineered functions offline, and ‘reverser_ai’ on GitHub also does this for malware such as PowerPC files. Lastly, there’s a guide for checking SMB services on Windows using netexec, smbclient, Impacket, and nmap for finding vulnerabilities and other tasks. [more...]

2024-03-22 // Today’s cybersecurity updates cover a range of topics, starting with techniques for SMB enumeration. WebSockets face risks from CSWSH, and there’s a keylogger that uses DNS tunneling for data exfiltration. GitHub now offers code scanning autobix, while a Chrome vulnerability (CVE-2023-3079) threatens JavaScript engine security. "asploit" emerges as a new tool for server-side backdoors, and "Bob the Smuggler" adeptly hides malicious payloads using HTML Smuggling. OSTE-Meta-Scanner scans for web injection flaws, and Attacknet challenges blockchain nodes. Abusing DACL for domain control is explained, and Hadess enlightens on cybersecurity. Rembg handles background removal in images. Wigle.net helps in tracking down WiFi-connected suspects, while Netlas.io optimizes attack surface discovery. Project Zero delves into MTE in kernel security, and Windows 11 showcases a protective KUSER_SHARED_DATA tweak. A browser exploit for Microsoft Edge is dissected. Microsoft Exchange servers prove risky for domains, prompting calls for permission limitations. Lastly, HiddenVM lets you run OSes within Tails. [more...]