547
Here is my podium where I share my interests, experiences and notes about software engineering and security.
'Pegasus' Android Version
😉 Old but gold!
❗️ Use at your own risk.
#pegasus
https://dfirtnt.wordpress.com/2020/11/25/detecting-ransomware-precursors/
Detecting Ransomware Precursors
The business model for Ransomware has evolved to include multi-level and multi-stage services and tool kits. Initial access is often accomplished by 1st stage compromise, followed by 2nd stage download/drop of tools like Emotet, Trickbot, and Qakbot. This 2nd stage allows adversaries to lurk in your network, profiling normal use and/or searching for targets of maximum impact. At this point the attack often looks like any other infiltration. However, several techniques are often observed just prior to ransomware execution. In this post I’ll provide examples of these detectable behaviors which you can use to build SIEM alerts, custom EDR prevention/response rules, and threat hunting logic.
#article #windows #ransomware
SSL/TLS Encryption simplified
#infosec #cybersecurity #SSL #simplifiedsecurity
https://offlinemark.com/2021/05/12/an-obscure-quirk-of-proc/
Linux Internals: How /proc/self/mem writes to unwritable memory
#article #linux #kernel
https://jychp.medium.com/how-to-bypass-cloudflare-bot-protection-1f2c6c0c36fb
How to bypass CloudFlare bot protection ?
Cloudflare offers a system of JavaScript workers that can be used to execute code on the server side (at Cloudfalre therefore). This feature can be useful for static sites, maintenance pages etc … But it is also a great tool for pentest (serverless C&C, easy phishing proxy etc …). In this post we will explore Cloudflare bot protection bypass.
#writeup #cloudflare #bypass
https://research.checkpoint.com/2021/playing-in-the-windows-sandbox/
Playing in the (Windows) Sandbox
Interesting analysis of Windows Sandbox 👌
#writeup #windows #sandbox #hyper-v
alex.birsan/dependency-confusion-4a5d60fec610" rel="nofollow">https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610
Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies
The Story of a Novel Supply Chain Attack
#article #hack #linux
Sniff, there leaks my BitLocker key
https://labs.f-secure.com/blog/sniff-there-leaks-my-bitlocker-key/
#writeup #hardware #bitlocker
https://erik-engheim.medium.com/why-is-apples-m1-chip-so-fast-3262b158cba2
Why is Apple’s M1 Chip So Fast?
Real world experience with the new M1 Macs have started ticking in. They are fast. Real fast. But why? What is the magic?
👌 Really useful and compact writeup
#article #hardware #cpu #mac #writeup
https://thehackernews.com/2020/11/apple-lets-some-of-its-big-sur-macos.html
Apple is facing the heat for a new feature in macOS Big Sur that allows many of its own apps to bypass firewalls and VPNs, thereby potentially allowing malware to exploit the same shortcoming to access sensitive data stored on users' systems and transmit them to remote servers.
#news #security #apple #macos
https://www.theguardian.com/uk-news/2020/nov/06/companies-house-forces-business-name-change-to-prevent-security-risk
Company forced to change name that could be used to hack websites
#news #security #fun
https://github.com/dstotijn/hetty
Hetty is an HTTP toolkit for security research. It aims to become an open source alternative to commercial software like Burp Suite Pro, with powerful features tailored to the needs of the infosec and bug bounty community.
#tools #free #opensource #security
"Nobody gets hacked. To get hacked you need somebody with 197 IQ and he needs about 15 percent of your password."
Thank you, Mr. President, that's a relief.
#fun
https://www.bleepingcomputer.com/news/security/hackers-hijack-telegram-email-accounts-in-ss7-mobile-attack/
Hackers hijack Telegram, email accounts in SS7 mobile attack
Hackers with access to the Signaling System 7 (SS7) used for connecting mobile networks across the world were able to gain access to Telegram messenger and email data of high-profile individuals in the cryptocurrency business.
#news #hack
https://github.com/Flangvik/SharpCollection
SharpCollection
Nightly builds of common C# offensive tools, fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.
#tools #offensive #csharp
https://arkadiyt.com/2021/07/25/scanning-your-iphone-for-nso-group-pegasus-malware
Scanning your iPhone for Pegasus, NSO Group's malware
In collaboration with more than a dozen other news organizations The Guardian recently published an exposé about Pegasus, a toolkit for infecting mobile phones that is sold to governments around the world by NSO Group. It’s used to target political leaders and their families, human rights activists, political dissidents, journalists, and so on, and surreptitiously download their messages/photos/location data, record their microphone, and otherwise spy on them.
#tools #exploit #pegasus #ios
johncantrell97/how-i-checked-over-1-trillion-mnemonics-in-30-hours-to-win-a-bitcoin-635fe051a752" rel="nofollow">https://medium.com/@johncantrell97/how-i-checked-over-1-trillion-mnemonics-in-30-hours-to-win-a-bitcoin-635fe051a752
👌How I checked over 1 trillion mnemonics in 30 hours to win a bitcoin
#article #idea #btc #crypto
https://hex-rays.com/blog/ida-celebrating-30-years-of-binary-analysis-innovation/
IDA: celebrating 30 years of binary analysis innovation
Today, IDA turns thirty years old. In commemoration of the anniversary we’ll describe the beginnings and major milestones of the epic journey.
#ida #reverse
https://medium.com/asecuritysite-when-bob-met-alice/making-rsa-great-again-or-fishing-in-an-empty-barrel-3be801ebb9a1
1 TB Encryption Key?
The RSA method has stood the test of time, but its end may be nigh. It’s tried its hardest to keep up, and has continually expanded its prime number size (with 2,048 bits now seen as being secure, while 1,024 bits primes are insecure). Anything signed with 512-bit keys should definitely be defined as insecure. But quantum computing is likely to be the method that truly ends the 40 year reign of RSA.
#article #encryption #rsa #quantum
Spectre
This site hosts a proof of concept for the Spectre vulnerability written in JavaScript.
https://leaky.page/
#exploit #poc
CVE-2021-3156
Sudo before 1.9.5p2 has a Heap-based Buffer Overflow, allowing privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sudo-privesc-jan2021-qnYQfcM
https://github.com/r4j0x00/exploits/blob/master/CVE-2021-3156/exploit.c
#source #exploit
https://www.linkedin.com/pulse/recovering-passwords-from-pixelized-screenshots-sipke-mellema/
Recovering passwords from pixelized screenshots
Pixelization is used in many areas to obfuscate information in images. I've seen companies pixelize passwords in internal documents. No tools were available for recovering a password from such an image, so I created one. This article covers the algorithm and similar research on depixelization.
https://github.com/beurtschipper/Depix
#tools #opensource #password #redteam
Workloads
You may implement both compute-bound and I/O-bound asynchronous operations as TAP methods. However, when TAP methods are exposed publicly from a library, they should be provided only for workloads that involve I/O-bound operations (they may also involve computation, but should not be purely computational). If a method is purely compute-bound, it should be exposed only as a synchronous implementation. The code that consumes it may then choose whether to wrap an invocation of that synchronous method into a task to offload the work to another thread or to achieve parallelism. And if a method is I/O-bound, it should be exposed only as an asynchronous implementation.
#dev #note #parallel #tpl #tap
https://www.synthesia.io/
Synthesia CREATE is a powerful tool to create engaging video content without the need for actors, film crews and studios.
[In collaboration with Malaria No More, RG/A and Ridley Scott Associates we produced a synthetic video of David Beckham speaking 9 different languages to raise awareness of the Malaria, the worlds deadliest disease.
The video has garnered over 800m impressions online and was covered by most major media outlets.]
#tools #ai #deepfake
https://www.mei.edu/multimedia/podcast/hacker-hire-story-iranian-cyber-recruitment
Cyber security researcher Chris Kubecka shares the story of how the Iranian government attempted for over two years to recruit her to come to Iran and teach the skills needed to hack critical infrastructure targets--until the FBI stepped in. Steph Shample of MEI’s Cyber program guest hosts this week’s special episode.
#podcast #cybersecurity #cyberwar
https://github.com/Neo23x0/Raccine
Raccine
A Simple Ransomware Protection
Raccine register a debugger for vssadmin.exe (and wmic.exe), which is our compiled raccine.exe. Raccine is a binary, that first collects all PIDs of the parent processes and then tries to kill all parent processes. 👌
#tools #windows #ransomware
https://www.bleepingcomputer.com/news/security/bug-bounty-reporter-cashes-out-on-someone-elses-exploit/
Bug bounty reporter cashes out on someone else's exploit !
#news #hack #fun
https://redteaming.co.uk/2020/07/12/dll-proxy-loading-your-favorite-c-implant/
DLL Proxy Loading Your Favourite C# Implant
DLL Side-Loading or DLL Proxy loading allows an attacker to abuse a legitimate and typically signed executable for code-execution on a compromised system.
#writeup #windows #dotnet #dllhijack
https://blog.jetbrains.com/dotnet/2020/10/19/troubleshoot-allocations-with-dynamic-program-analysis-resharper-2020-3-eap/
Troubleshoot allocations with Dynamic Program Analysis – ReSharper 2020.3 EAP
DPA is a process that runs in the background of our application and looks for various memory allocation issues. It currently checks for closures and allocations to the large and small object heaps (LOH and SOH). It starts automatically every time we run or debug our apps, and there is almost no overhead cost associated with collecting memory allocation data.
#dev #csharp #memory #tools