HAQ.NEWS

# Daily

// Today, Windows File Explorer is vulnerable to DLL Hijacking using missing DLLs, notably cscapi.dll, allowing for persistent malicious access. The "awesome-threat-detection" repository on GitHub serves as a resource hub for cyber threat detection and hunting. An exploit in LaborOfficeFree version 19.10 can reveal the MySQL root password using two constants without admin rights. Heartwood, an update to the Radicle Protocol, provides secure, peer-to-peer code collaboration tools. Ubicloud’s Linux flowtables integration has shown a 7.5% latency reduction in PostgreSQL benchmarks. MobSleuth simplifies setting up a mobile app hacking lab for Android with a variety of tools in a Dockerized environment. A comprehensive Windows 10 hardening guide script offers security enhancements without sacrificing usability. Nemesis streamlines repetitive tasks in cybersecurity assessments with its Kubernetes-based platform. Exploitation of DevOps environments is detailed, highlighting methods to leverage common security gaps. Another repository showcases techniques for gaining local privilege in Windows via misconfigurations. DNS Spy alerts to DNS changes and ensures DNS consistency with historical data for security assessments. BobTheSmuggler, an open-source tool, evades firewalls using encrypted payloads concealed in image polyglots. Huntress analysts found a healthcare endpoint infiltrated by BlackCat ransomware, which demonstrates the necessity for thorough asset management. Tools for detecting the Sliver C2 framework’s traffic and decrypting payloads are available in a distinct repository. The screenshot-to-code repository uses AI, including GPT-4 Vision and DALL-E 3, to turn screenshots into framework-specific code and can replicate websites from URLs. [more...]
 
// A penetration testing lab blog post reveals the use of Visual Studio Code extensions for achieving persistent access in compromised systems, highlighting extension development, packaging, and execution with .NET and JavaScript integration. BloodHound, a security tool utilizing graph theory, reveals intricate privilege relationships within Active Directory and Azure, benefiting both attackers and defenders. A detailed guide introduces the creation of an automated command and control (C2) infrastructure using Terraform, Nebula, Caddy, and Cobalt Strike. Separately, a security researcher discovered a vulnerability on a community website allowing access to supposedly deleted comments, which was recognized as a minor issue and fixed. Lastly, 403JUMP is introduced as a penetration testing tool designed to bypass HTTP 403 errors, equipped with features for customization and concurrency. [more...]
 
// The blog post introduces DUALITY, a method to create persistent red team footholds by backdooring multiple DLLs, with a follow-up explaining its use for initial access and undetectability. SharpADWS serves as a Red Team tool for less detectable Active Directory reconnaissance and exploitation. Researchers detail extracting Secure Onboard Communication keys from a 2021 Toyota RAV4 Prime for third-party device integration. For web application reconnaissance, methods and tools like SecurityTrails and Burp Suite are discussed. A technique using Shodan is explained for locating accessible admin/setup panels. Steps for securing SSH and GIT operations with Yubikeys in WSL2 are provided. Enhancing Nmap to detect OPC UA services in ICS environments is outlined with a new service probe. Mahmoud Hamed revealed a self-XSS combined with CORS misconfiguration leading to user PII leakage. Jineesh AK discovered an email enumeration vulnerability patched by adding input validation. WebViews in Android apps can present JavaScript XSS vulnerabilities; secure coding practices are suggested along with relevant tools. TELEKRAM-DOX repository contains a telegram flood bot for bombarding messages. \n\nRemy develops a system for fingerprint BTLE devices to enhance BTLE security discussions. Joff Thyer presents a CI/CD pipeline method for generating unique malware artifacts. The tool Subdomains-Spider is introduced for subdomain discovery. F31 is a script for Kali Linux aiming to reduce network detection. A cyber security expert shares techniques for gaining Domain Admin privileges. Lastly, SmuggleFuzz is described as an adaptable, HTTP downgrade smuggling scanner. [more...]
 
// Today, CozyHosting box uses session hijacking, addressing Apache DolphinScheduler’s vulnerabilities, and introducing tools like Sebel for blocking malicious SSL/TLS certificates. It discusses Android management with Moukthar, data protection via MultiDump and Excel-Anonymizer, and secure file sharing with QR codes. The guide highlights software like AdGuardHome for ad blocking, TikTok Uploader, and Fossify Messages for SMS automation. It also touches on network security with Onionpipe, social media analysis with Hunt Intelligence, and updates on APT-HUNTER, cURL fuzzing, and IoT exploits. Additionally, it explores SQL injection detection, command and control with Havoc C2, and access to the vulnerability database with CVEMAP. [more...]
 
// The LogSnare project is a web application aimed at educational purposes, demonstrating common security flaws like IDOR and broken access control. RKS automates keystrokes for post-exploitation activities in remote desktop environments. VMP-Imports-Deobfuscator rebuilds the IAT in VMProtect-protected applications. Techniques to harden Windows systems against various cyber threats involve modifying Registry and service settings. Telegram users can locate others via the ‘People Nearby’ feature; however, this can be countered by disabling location settings. The smtpEmailChecker is a Python tool for validating email addresses over SMTP. The article outlines the creation and concealment of a keylogger payload for stealthy data exfiltration. A tool for searching Malware Bazaar enhances the ability to find Cobalt Strike LNK loaders. The gitdoorcheck tool uses OpenAI’s LLM APIs for code analysis to detect backdoors in Git repositories. The Mysterious Werewolf threat group is exploiting a WinRAR vulnerability to deliver the RingSpy backdoor to military-industrial targets. Elastic Security Labs shared a technique to capture ransomware encryption keys using canary files. An Android vulnerability in APEX package signature verification allows for malicious code execution. BOFHound is an offline tool that generates BloodHound-compatible JSON for Active Directory analysis. An exploit for a Linux kernel vulnerability in the Traffic Control subsystem enables kernel access via a Use-After-Free condition. Lastly, the cybersecurity-roadmap GitHub repository provides a comprehensive guide for career progression in the cybersecurity field. [more...]
 
<< 9 of 18 >>

# Recent Podcasts

# Emailz

First HAQ.NEWS was just descriptions and links I shared on social media. Then a buddy wanted an rss feed and now folks are requesting emails. Give me your address if you want emails too. Simple single click unsubscribe if it gets annoying.


# F.A.Q

Problem

Many websites are using AI/ML to create clickbait which actually doesn't have any valuable content.

Value

I use AI to de-clickbait the clickbait by allowing AI to read my news for me. Then it creates a meaningful tldr; regarding the articles of interest which helps discern what I should read. It is saving me a ton of time.

Why

FWIW HAQ.NEWS really started out as my personal news feed, enriched by Ai, and converted into something quick and easy to read. But then I started getting requests for features like rss, Gracie got involved, and with the super-power of Ai things have taken on a life of their own.

Sharing

I currently post daily infosec news to x, linkedin, mastodon and rss.

I also post daily infosec podcasts and interviews to apple podcasts and spotify.

Ads

This isn't an Ad.

current friend of haq 2024-05-15

I want to encourage people and projects that impress me, by posting a banner linking their work, as it's my desire to help others. I do not take or make any money.

Thanks,
Jared Folkins

Mastodon