AI chatbots are all the rage! Many people are experimenting with new and exciting ways to leverage them to accomplish routine tasks and there is a lot of concern that they may eventually automate away a lot of entry level jobs. Of course this is always the fear when there is a step forward in … Read More “ChatGPT AI GENERATED PHISHING CAMPAIGNS” »
Year: 2022
Tom Forbes recently published an interesting article detailing how a strange pull request on his pypi-data project led him to discover a publicly available release file that contained a hard coded AWS access key and an AWS secret key. This key was still active and allowed Tom access to an AWS bucket containing clinical data … Read More “InfoSys LEAKS FullAdminAccess AWS KEYS ON PyPi FOR OVER A YEAR” »
PersistenceSniper is a script written for PowerShell that can be used by Blue Teams, Incident Responders, System Admins, and more to hunt for persistence activity in Windows based devices. The tool aims to spot a number of offensive techniques and has the ability to run on an number of machines remotely so results can be … Read More “PersistenceSniper – PowerShell SCRIPT THAT HUNTS FOR PERSISTENCE ACTIVITY IN WINDOWS” »
CyberMasterV has published a great article on analyzing Symbiote, a Linux Malware that steals and exfiltrates credentials. If you are interested in reverse engineering or malware analysis this is a great step-by-step that shows both how the malware works and how to dissect it. Full writeup here!
A vulnerability in the Linux kernel was recently disclosed that could allow a bad actor with local access to escalate to root privileges. A bug in nft_elem_init leads to a buffer overflow and allows for access as root. The vulnerability has a CVSS score of 7.8 HIGH. A patch has been released by the Linux … Read More “LINUX FIREWALL VULNERABILITY – CVE-2022-34918” »
A new privilege escalation vulnerability has been released for Active Directory. The vulnerability allows a low privileged user to escalate their privileges to Domain Administrator by abusing certificate based authentication. This vulnerability was patched as part of the May 2022 Microsoft Security Updates, so ensure you are up to date. Great writeup on the vulnerability … Read More “CERTIFRIED Active Directory DOMAIN PRIVILEGE ESCALATION – CVE-2022-26923” »
AWS released several hot patches to mitigate vulnerability to log4shell. Unfortunately Unit 42 at Palo Alto identified several severe vulnerabilities with their fixes, including container escape which is pretty much the holy grail of a cloud vulnerability. If you are not familiar, cloud infrastructure works by having a lot of hardware that is effectively “shared” … Read More “AWS Log4Shell PATCH VULNERABLE TO CONTAINER ESCAPE AND PRIV ESCALATION” »
Google is again issuing an update to address a zero-day vulnerability in Google Chrome since the beginning of this year. Type confusion could allow a bad actor to exploit heap corruption via a specially crafted HTML page. Currently this CVE is CVSS scored 8.8 HIGH. Google is acknowledging there is already an exploit in the … Read More “Google ISSUES SECOND UPDATE TO ADDRESS A ZERO-DAY VULNERABILITY in Google Chrome THIS YEAR – CVE-2022-1096” »
Sometimes your paranoia is justified! You may remember this story from 2015 about the NSA installing backdoors into the firmware of hard drives that would not be easily removed. So you may already have reasons to be skeptical of your hardware. Well rmcybernetics has a great writeup here about discovering malware on a machine they … Read More “HARDWARE ARRIVES FROM CHINA COMPLETE WITH PREINSTALLED MALWARE” »