Alert for iOS users
Trust Wallet has just alerted about zero-day exploit in iMessage.

To disable iMessage go to Settings > Messages and toggle iMessage button.

The days are getting harder and harder 🤷

⚠️PuTTY CVE-2024-31497 ⚠️

📰Brief: attacker can gain access to private key with public key and some signed messages on hand via forged identification signature of legitimate user. Signed messages may be publicly visible due to storage in public Git.

🚩Possibilities: login into any servers key was used in, supply chain attacks software maintained git, etc.

📗Affected versions: 0.80 and prior.

📚Full description: https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-p521-bias.html

MikroTik equipment is widely distributed all over the world and its security is an acute issue. In this paper, Caster covered many aspects related to the network security of MikroTik equipment.

Caster - Lockdown

https://blog.exploit.org/caster-routeros-lockdown

Cisco equipment is widespread in production networks. In this article, Caster will demonstrate methods to protect Cisco IOS from network attacks.

Caster - Disciple

https://blog.exploit.org/caster-disciple

Poisoning attacks against Windows machines have become well known among pentesters. In this article, Caster will demonstrate how to detect poisoning attacks using Suricata.

Caster - Neurotransmitter

https://blog.exploit.org/caster-neurotransmitter

Kerberos, while more secure than NTLM, also has some security nuances. In this article, researcher Caster will demonstrate techniques for detecting Kerberos attacks using Suricata.

Caster - Kerbhammer

https://blog.exploit.org/caster-kerbhammer

Tomorrow

Active Directory is used in many networks and is often the target of attacks. In this article, Caster will demonstrate the capabilities of Suricata signatures to detect attacks against Active Directory.

Caster - If You Hadn't

https://blog.exploit.org/caster-ifyouhadnt

I think network traffic analysis in pentest scenarios is vastly underrated. In this article, I will demonstrate a technique to silently analyze the security of network equipment based on traffic analysis alone.

Caster - Funeral

https://blog.exploit.org/caster-funeral

Currently we are witnessing arrest of creator of main digital privacy respecting messenger Pavel Durov.

WHY THIS MATTERS:
With over 950 million users, Telegram is one of the last products with respect to digital privacy. Holding Durov accountable for content shared by users or for protecting user data from authorities sets a dangerous precedent moving on for everyone that wants to create a privacy first solutions. This is not just about one person. It’s about safeguarding the right to privacy for all of us as a collective.

This action is a serious threat to the fundamental right to privacy in the digital age. Telegram has been a vital tool for millions around the world, ensuring freedom of speech and protecting our personal data, as well as providing the outlet to freely share opinions and information from unwarranted intrusion.

WHAT CAN YOU DO:
We need to raise our voices and demand justice. Write to Amnesty International at contactus@amnesty.org and urge them to support Pavel Durov and advocate for his release. Amnesty has a powerful voice on global platform and has been instrumental in defending human rights across the world. If we unite and work together by sending our concerns to them with requests, we will get justice to work.

Let’s stand together for our fundamental digital rights and make sure this doesn’t go unnoticed. 🛡️

#Repost to other places and channels in order to reach broader masses and communities, so we can get more gravitas in order to protect human right to digital privacy

We as humans are stronger and louder in unity and mass.

Line for Enquiries: contactus@amnesty.org
Mail template: https://telegra.ph/Amnesty-Mail-Template-08-25

#FreeDurov #PrivacyMatters #DigitalRights #AmnestyInternational

A researcher under the nickname Caster returns with his "Against" release to our blog.
This is an extremely specific article about attacks on MikroTik routers.

Release Date: 09/27/2024

https://blog.exploit.org/caster-against/

TailScale is a popular solution for building virtual networks, but in the hands of a pentester, it can be a pivoting tool.

Magama Bazarov, known under his alter ego “Caster” returns to exploit.org with his exotic release “Bipolar Disorder” about pivoting using TailScale.

https://blog.exploit.org/caster-bipolar-disorder

Caster strikes again!

His RouterOS configuration security analyzer “Sara” got its own icon in the Kali Linux distribution in the form of Caster's logo.
You can install this tool directly from the Kali repository:

kali@kali:~$ sudo apt update && sudo apt install sara

Unstoppable psycho!

Perhaps an airplane will fly over your head every few minutes, or even more than one. Services like Flightradar24 amazingly accurately show information about planes in the air because they receive data through the ADS-B protocol. This can be done independently, and I will show you how to do it.

A security researcher under the alias "Sterva" makes his debut on exploit.org with his article on processing flight information with ADS-B.

https://blog.exploit.org/ads-b-guide-demodulation-and-decoding/

Sterva continues to conquer ADS-B!

Meet his new article on exploit.org “ADS-B Spoofing”. This article explores the principles of ADS-B data transmission, encoding, and signal generation through a controlled experimental setup.

https://blog.exploit.org/ads-b-spoofing/

Magama Bazarov, known under his alter ego Caster is preparing a new release - "Philosophy of Nietzsche"
In his September work “Violence” he broke down the technique of pivoting on Linux with Nebula, now he will do the same on Windows with an exotic trick using ICS Sharing.

Stay tuned.