2024-03-08 // Today, WinFiHack is a Python tool for brute-forcing Windows Wi-Fi connections using netsh and native scripts. An incident response consultant employed OSINT to reveal a phishing campaign at a financial institution. Permiso Security launched CloudGrappler, a detection tool for AWS and Azure threats. A new Rust-based project allows code injection into Android without ptrace. PichichiH0ll0wer is a Nim loader focusing on payload protection. Trend Micro described Earth Kapre’s espionage tactics. ASP.NET Core is a multi-platform framework for building web applications, with potential source code disclosure risks addressed by updating IIS/.NET and disabling short name file creation. Maldev Academy Code Search aids cyber security professionals with malware code snippets. SecureLayer7 Lab analyzed a Confluence Data Center CVE, and GitLab open-sourced a video content scanning tool. A series on Baphomet Ransomware explains encryption operations. CyberArk shares rootkit detection methods. Kraven Security provides a guide for developing Python threat hunting tools. The Penetration Testing Lab lists techniques for system persistence. A datasheet includes resources for Earth Observation data. CalcMaps offers mapping tools online. A cyber range training course covers Linux Attack and Live Forensics. [more...]

2024-03-07 // The security tool Yasha helps in examining Burp Suite proxy history to flag misconfigured security headers in web applications, making report generation more accurate, with its source code open for enhancement on GitHub. SharpCovertTube is an inventive tool that facilitates remote command execution on Windows systems via QR codes in YouTube video thumbnails and uses DNS queries for data exfiltration. The quicmap tool aids in the scanning and identifying of QUIC-enabled services, assessing supported protocols and security weaknesses. A method involving Windows’ built-in SSH client has surfaced, which hackers can exploit for split tunnelling and clandestine traffic forwarding, where mitigations include SSH access limitations. There’s an exposé of a PHP flaw (CVE-2023-3824) causing a heap overflow through improper handling of phar:// URLs, essentially allowing arbitrary code execution. A detailed cheat sheet provides insights into ELF (Executable and Linkable Format) files, dissecting their structure and showcasing headers, segments, and symbols pertinent to binary file manipulation. The mastering-fuzzing GitHub repository presents a workshop with examples for smart contract developers to grasp fuzzing of Ethereum contracts using tools like Foundry and Echidna. An article demonstrates how to manipulate SentinelOne’s "Scan for threats" context menu by tweaking the registry to maintain persistence using an alternative binary. And finally, security experts have revealed a Nim-based loader that patches AmsiScanBuffer and EtwEventWrite, and employs a unique GUID node ID for C2 communications while delivering an encrypted DLL for creating a PowerShell reverse shell. [more...]

2024-03-06 // Today, Windows File Explorer is vulnerable to DLL Hijacking using missing DLLs, notably cscapi.dll, allowing for persistent malicious access. The "awesome-threat-detection" repository on GitHub serves as a resource hub for cyber threat detection and hunting. An exploit in LaborOfficeFree version 19.10 can reveal the MySQL root password using two constants without admin rights. Heartwood, an update to the Radicle Protocol, provides secure, peer-to-peer code collaboration tools. Ubicloud’s Linux flowtables integration has shown a 7.5% latency reduction in PostgreSQL benchmarks. MobSleuth simplifies setting up a mobile app hacking lab for Android with a variety of tools in a Dockerized environment. A comprehensive Windows 10 hardening guide script offers security enhancements without sacrificing usability. Nemesis streamlines repetitive tasks in cybersecurity assessments with its Kubernetes-based platform. Exploitation of DevOps environments is detailed, highlighting methods to leverage common security gaps. Another repository showcases techniques for gaining local privilege in Windows via misconfigurations. DNS Spy alerts to DNS changes and ensures DNS consistency with historical data for security assessments. BobTheSmuggler, an open-source tool, evades firewalls using encrypted payloads concealed in image polyglots. Huntress analysts found a healthcare endpoint infiltrated by BlackCat ransomware, which demonstrates the necessity for thorough asset management. Tools for detecting the Sliver C2 framework’s traffic and decrypting payloads are available in a distinct repository. The screenshot-to-code repository uses AI, including GPT-4 Vision and DALL-E 3, to turn screenshots into framework-specific code and can replicate websites from URLs. [more...]

2024-03-05 // A penetration testing lab blog post reveals the use of Visual Studio Code extensions for achieving persistent access in compromised systems, highlighting extension development, packaging, and execution with .NET and JavaScript integration. BloodHound, a security tool utilizing graph theory, reveals intricate privilege relationships within Active Directory and Azure, benefiting both attackers and defenders. A detailed guide introduces the creation of an automated command and control (C2) infrastructure using Terraform, Nebula, Caddy, and Cobalt Strike. Separately, a security researcher discovered a vulnerability on a community website allowing access to supposedly deleted comments, which was recognized as a minor issue and fixed. Lastly, 403JUMP is introduced as a penetration testing tool designed to bypass HTTP 403 errors, equipped with features for customization and concurrency. [more...]

2024-03-04 // The blog post introduces DUALITY, a method to create persistent red team footholds by backdooring multiple DLLs, with a follow-up explaining its use for initial access and undetectability. SharpADWS serves as a Red Team tool for less detectable Active Directory reconnaissance and exploitation. Researchers detail extracting Secure Onboard Communication keys from a 2021 Toyota RAV4 Prime for third-party device integration. For web application reconnaissance, methods and tools like SecurityTrails and Burp Suite are discussed. A technique using Shodan is explained for locating accessible admin/setup panels. Steps for securing SSH and GIT operations with Yubikeys in WSL2 are provided. Enhancing Nmap to detect OPC UA services in ICS environments is outlined with a new service probe. Mahmoud Hamed revealed a self-XSS combined with CORS misconfiguration leading to user PII leakage. Jineesh AK discovered an email enumeration vulnerability patched by adding input validation. WebViews in Android apps can present JavaScript XSS vulnerabilities; secure coding practices are suggested along with relevant tools. TELEKRAM-DOX repository contains a telegram flood bot for bombarding messages. \n\nRemy develops a system for fingerprint BTLE devices to enhance BTLE security discussions. Joff Thyer presents a CI/CD pipeline method for generating unique malware artifacts. The tool Subdomains-Spider is introduced for subdomain discovery. F31 is a script for Kali Linux aiming to reduce network detection. A cyber security expert shares techniques for gaining Domain Admin privileges. Lastly, SmuggleFuzz is described as an adaptable, HTTP downgrade smuggling scanner. [more...]