2024-03-11 // Today, SiCat functions as a detailed exploit search tool that aggregates data from numerous sources like Exploit-DB, Packetstorm Security, Exploit Alert, NVD Database, and Metasploit Modules, aiding cybersecurity experts in pinpointing vulnerabilities. An article introduces a method to boost security for JSON Web Tokens by masking the "userid" payload through XOR encryption with a symmetric key to avert simple decoding of confidential data. Furthermore, CVE-2023-22527 is a vulnerability in Confluence that permits code execution through memory sans file system usage, overcoming OGNL expression limits, with indicators of compromise available for detection. [more...]

2024-03-10 // The SSH-Private-Key-Looting-Wordlists aids in brute-forcing SSH configurations, while the Appsanity box exploitation uses JWT and SSRF for elevated access on HackTheBox. Puncia is an AI tool for subdomain hunting, Nomore403 automates bypassing HTTP 403 errors, and Invoke-ADEnum collects Active Directory data. APKDeepLens reviews Android APKs for vulnerabilities. Importance of input validation in security is underscored by experts like Dan Kaminsky. Tools like VK Paranoid provide anonymous tracking, and EML Analyzer handles email security. Halberd tests cloud service security, with FreeViewer managing email files. Strategies for cybersecurity emphasize penetration testing and XSS defenses for web application security. [more...]

2024-03-09 // Bishop Fox has decrypted the obfuscated FortiOS root filesystem highlighting Fortinet’s encryption enhancements and offered a decryption script for vulnerability research. Thomas Jeunet conducted an analysis of Arlo cameras, uncovering memory dumping, and gained access to firmware encryption keys, providing a repository for ongoing research. Java application vulnerabilities were examined, suggesting critical mitigations such as input validation and secure coding to counter unsafe deserialization and command injection risks. The sspsec/Scan-Spring-GO repository introduces a penetration tool for Spring Framework to detect and exploit vulnerabilities, integrating batch scanning. Daniel Underhay showcased password spraying attacks via GitHub Actions with IP rotation, potentially circumventing IP-based security but risking GitHub account closure. The Parasite-Invoke tool conceals P/Invoke signatures inside signed .NET assemblies for stealthy code execution. Lastly, SessionProbe is a tool for penetration testing that discovers authorization issues in web applications by probing session tokens on different URLs. [more...]

2024-03-08 // Today, WinFiHack is a Python tool for brute-forcing Windows Wi-Fi connections using netsh and native scripts. An incident response consultant employed OSINT to reveal a phishing campaign at a financial institution. Permiso Security launched CloudGrappler, a detection tool for AWS and Azure threats. A new Rust-based project allows code injection into Android without ptrace. PichichiH0ll0wer is a Nim loader focusing on payload protection. Trend Micro described Earth Kapre’s espionage tactics. ASP.NET Core is a multi-platform framework for building web applications, with potential source code disclosure risks addressed by updating IIS/.NET and disabling short name file creation. Maldev Academy Code Search aids cyber security professionals with malware code snippets. SecureLayer7 Lab analyzed a Confluence Data Center CVE, and GitLab open-sourced a video content scanning tool. A series on Baphomet Ransomware explains encryption operations. CyberArk shares rootkit detection methods. Kraven Security provides a guide for developing Python threat hunting tools. The Penetration Testing Lab lists techniques for system persistence. A datasheet includes resources for Earth Observation data. CalcMaps offers mapping tools online. A cyber range training course covers Linux Attack and Live Forensics. [more...]

2024-03-07 // The security tool Yasha helps in examining Burp Suite proxy history to flag misconfigured security headers in web applications, making report generation more accurate, with its source code open for enhancement on GitHub. SharpCovertTube is an inventive tool that facilitates remote command execution on Windows systems via QR codes in YouTube video thumbnails and uses DNS queries for data exfiltration. The quicmap tool aids in the scanning and identifying of QUIC-enabled services, assessing supported protocols and security weaknesses. A method involving Windows’ built-in SSH client has surfaced, which hackers can exploit for split tunnelling and clandestine traffic forwarding, where mitigations include SSH access limitations. There’s an exposé of a PHP flaw (CVE-2023-3824) causing a heap overflow through improper handling of phar:// URLs, essentially allowing arbitrary code execution. A detailed cheat sheet provides insights into ELF (Executable and Linkable Format) files, dissecting their structure and showcasing headers, segments, and symbols pertinent to binary file manipulation. The mastering-fuzzing GitHub repository presents a workshop with examples for smart contract developers to grasp fuzzing of Ethereum contracts using tools like Foundry and Echidna. An article demonstrates how to manipulate SentinelOne’s "Scan for threats" context menu by tweaking the registry to maintain persistence using an alternative binary. And finally, security experts have revealed a Nim-based loader that patches AmsiScanBuffer and EtwEventWrite, and employs a unique GUID node ID for C2 communications while delivering an encrypted DLL for creating a PowerShell reverse shell. [more...]