This function combines all the above functions and takes necessary information from the user to change the IP and MAC address, start the responder and tcpdump tools, and run the nbtscan tool.

https://github.com/alperenugurlu/Nac_Bypass_Agent

Sites scramble to block ChatGPT web crawler after instructions emerge.

User agent token: GPTBot
Full user-agent string: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.0; +https://openai.com/gptbot)

https://arstechnica.com/information-technology/2023/08/openai-details-how-to-keep-chatgpt-from-gobbling-up-website-data/

Cyber-War by Russia: SandWorm group's latest Operation
Android malware + Tor + Mirai +dropbear = Anonymous attack exploit chain.

https://github.com/blackorbird/APT_REPORT/blob/master/Sandworm/SBU%20exposes%20russian%20intelligence%20attempts%20to%20penetrate%20Armed%20Forces'%20planning%20operations%20system.pdf

Sundown: anonfiles.com for sale.

AnonFiles, the anonymous file upload and sharing website, has decided to call it a quits today. When attempting to visit their website you are greeted with a farewell message.

United States: A Warning from the NSA, CISA and NIST on Post-Quantum Cryptography.

https://medium.com/asecuritysite-when-bob-met-alice/a-warning-from-the-nsa-cisa-and-nist-on-post-quantum-cryptography-fc406a5ade71

MalDoc in PDF - Detection bypass by embedding a malicious Word file into a PDF file.

https://blogs.jpcert.or.jp/en/2023/08/maldocinpdf.html

🚨 BLASTPASS NSO Group iPhone Zero-Click, Zero-Day Exploit Captured in the Wild.

● Update your Apple devices.

https://citizenlab.ca/2023/09/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild/

Active North Korean campaign targeting security researchers.

https://blog.google/threat-analysis-group/active-north-korean-campaign-targeting-security-researchers/

United States: Cyber-Terrorism; Washington DC-based group targeted in apparent Pegasus hack by NSO Group (an Israeli state sponsored cyber-terrorist organization).

Citizen Lab discovers alleged attack using ‘zero-click exploit’ on individual employed by DC organization.

https://www.theguardian.com/us-news/2023/sep/08/pegasus-hack-washington-dc-group-nso

In a first, spyware is found on phone of prominent Russian journalist.

● This is highly likely that Russia deployed the same Zero-Day vulnerability in the (almost) publicly available mobile application hosting a false flag Cyber-Attack on the victim.

https://www.washingtonpost.com/technology/2023/09/13/pegasus-infection-meduza-founder/

● Real world OSINT challenge.

United States' military loses F35B over its territory. Unable to track, the US government has requested civilian help to find the missing plane.

https://twitter.com/flightradar24/status/1703827299412455459

https://twitter.com/TeamCharleston/status/1703523385475534968

https://www.businessinsider.com/missing-f35-flying-after-pilot-ejected-soviet-jet-cold-war-2023-9

Signal adds quantum-resistant encryption to its E2EE messaging protocol.

https://signal.org/blog/pqxdh/

https://www.bleepingcomputer.com/news/security/signal-adds-quantum-resistant-encryption-to-its-e2ee-messaging-protocol/

Telegram policy violated privacy 🔏 as the platform mentions that any government with "high democracy index" can request information of any telegram account and telegram shall comply with IP address of the username.

The following thread from Kashmir deals with such a request from telegram. Forget a similar incident was reported by the Dutch.

https://twitter.com/R_J_0ppenheimer/status/1704842373476520329

Mozilla: Say (an encrypted) hello to a more private internet.

https://blog.mozilla.org/en/products/firefox/encrypted-hello/

● Thought of sharing: There are high changes that I will reject a candidate in an interview, if they are a bug-bounty hunter.

Following are some reasons for most and not all the hunters.

1. They are technically not sound. They only have limited information about the bug they identified or they usually identify like web based attacks or sometimes mobile apps.

2. They are mostly check-lists and tool reliant people.

3. They know very few bugs and start spraying on multiple targets. They are nuclei attackers (maybe this is a right term to have them associated).

4. They omit hard bugs almost always. They go for easy rewarding bugs. And not for zero-days or tricky RCEs.

5. Most hunters cannot perform a pentest. Since they're good (not in depth though) in specific bug or set of bugs.

6. Most of them are not researchers (as they are often called). They do not have patents, CVEs or published researches.

On the other hand, some top CTF players are excellent. And those who perform research are good for the job.

In an interview, I ask candidate what vulnerability class or type they are comfortable. They choose the easiest like IDOR or XSS or even SQLi. And are almost always web based attacks.

And then I ask them to tell me what mutation or universal XSS is. They be; we know reflected and stored and a bit about DOM (since they automate DOM).

For SQLi, 90% rely upon SQL-Map. The remaining use single quote combos 😂

If this skillset is at my gate. I'll choose to outsource through hacker-one; since they have bounty hunters.

I would need something more professional in the organisation to find issues. Because our goal is not to protect against nuclei templates but APT groups' that are nation-state.