I forgot to upload my #EuskalHack slides about #Diaphora 3.0. Here you have a link to the online version:
https://docs.google.com/presentation/d/1aLPjH3_4v6Zt2cwzROzMKVBqf8w7vwYfzJCRFbA-xGQ/edit?usp=drivesdk
🗣matalaz
🎖@malwr
https://docs.google.com/presentation/d/1aLPjH3_4v6Zt2cwzROzMKVBqf8w7vwYfzJCRFbA-xGQ/edit?usp=drivesdk
🗣matalaz
🎖@malwr
Google Docs
Modern Binary Diffing
Modern Binary Diffing Joxean Koret
❤1
Flutter Hackers
Understand and reverse engineer Flutter APK Release Mode with #Frida
Part 1: https://infosecwriteups.com/flutter-hackers-uncovering-the-devs-myopia-part-1-6c316be56b13
Part 2: https://infosecwriteups.com/flutter-hackers-uncovering-the-devs-myopia-part-2-598a44942b5e
🗣androidmalware2
🎖@malwr
Understand and reverse engineer Flutter APK Release Mode with #Frida
Part 1: https://infosecwriteups.com/flutter-hackers-uncovering-the-devs-myopia-part-1-6c316be56b13
Part 2: https://infosecwriteups.com/flutter-hackers-uncovering-the-devs-myopia-part-2-598a44942b5e
🗣androidmalware2
🎖@malwr
👍1
Hacking Auto-GPT and escaping its docker container
🗣albinowax
> The docker-compose.yml file present in the repo mounts itself into the docker
I mean this is just fucking stupid so...
👤1esproc
This is the biggest issue with AI in my opinion and why it's not going to take over everyone's jobs just yet. It's too much of a black box
👤UnacceptableUse
🎖@malwr
🗣albinowax
> The docker-compose.yml file present in the repo mounts itself into the docker
I mean this is just fucking stupid so...
👤1esproc
This is the biggest issue with AI in my opinion and why it's not going to take over everyone's jobs just yet. It's too much of a black box
👤UnacceptableUse
🎖@malwr
positive.security
Hacking Auto-GPT and escaping its docker container | Positive Security
We leverage indirect prompt injection to trick Auto-GPT (GPT-4) into executing arbitrary code when it is asked to perform a seemingly harmless task such as text summarization on a malicious website, and discovered vulnerabilities that allow escaping its sandboxed…
Process Mockingjay: Echoing RWX In Userland To Achieve Code Execution
🗣thewatcher_
Do industrial attackers not know about ROP compilers? This whole silly arms race about process injection vs EDRs could be ended by simply using an existing free tools. Maybe most do and all the vendors are just fighting everyone who hasn't yet made the jump.
👤SirensToGo
🎖@malwr
🗣thewatcher_
Do industrial attackers not know about ROP compilers? This whole silly arms race about process injection vs EDRs could be ended by simply using an existing free tools. Maybe most do and all the vendors are just fighting everyone who hasn't yet made the jump.
👤SirensToGo
🎖@malwr
Security Joes
Process Mockingjay: Echoing RWX In Userland To Achieve Code Execution
Our research team is committed to continuously identifying potential security vulnerabilities and techniques that threat actors may exploit to bypass existing security controls. In this blog post, our team is detailing on a comprehensive research specifically…
AI Red Team: An Introduction
🗣digicat
Established frameworks applied to ML and development. Thanks for nothing Nvidia, that read was a waste of time.
👤Sloky
🎖@malwr
🗣digicat
Established frameworks applied to ML and development. Thanks for nothing Nvidia, that read was a waste of time.
👤Sloky
🎖@malwr
NVIDIA Technical Blog
NVIDIA AI Red Team: An Introduction
Machine learning has the promise to improve our world, and in many ways it already has. However, research and lived experiences continue to show this technology has risks. Capabilities that used to be…
👍1
New Malware Analysis/RE plugin is now available!🚨
IAT-Tracer is an offline automation plugin for the Tiny-Tracer framework (by @hasherezade) to trace and watch functions directly out of the executable's import table.
https://github.com/YoavLevi/IAT-Tracer
ℹ️ Thanks Levi, for such a nice tool.
🎖@malwr
IAT-Tracer is an offline automation plugin for the Tiny-Tracer framework (by @hasherezade) to trace and watch functions directly out of the executable's import table.
https://github.com/YoavLevi/IAT-Tracer
ℹ️ Thanks Levi, for such a nice tool.
🎖@malwr
GitHub
GitHub - YoavLevi/IAT-Tracer: An automation plugin for Tiny-Tracer framework to trace and watch functions directly out of the executable's…
An automation plugin for Tiny-Tracer framework to trace and watch functions directly out of the executable's import table or trace logs (.tag) files. - YoavLevi/IAT-Tracer
❤2
疑似摩诃草组织利用WarHawk后门变种Spyder窥伺多国 - The suspected Maha grass organization uses the WarHawk backdoor variant Spyder to spy on many countries
🗣digicat
🎖@malwr
🗣digicat
🎖@malwr
微信公众平台
疑似摩诃草组织利用WarHawk后门变种Spyder窥伺多国
近期,奇安信威胁情报中心在日常样本跟踪分析过程中,发现一批与摩诃草存在关联的恶意样本,攻击者使用的后门并非摩诃草组织此前常用的木马。根据Spyder后门早期样本使用的数字签名和以此关联到的Remcos木马样本,怀疑背后的攻击团伙是摩诃草。
[CVE-2022-43684 - Insecure Access Control to Full Administrator Takeover in ServiceNow Instances](https://x64.sh/posts/ServiceNow-Insecure-access-control-to-admin/)
🗣Rezk0n_
🎖@malwr
🗣Rezk0n_
🎖@malwr
R3zk0n
ServiceNow Insecure Access Control To Full Admin Takeover
ServiceNow Insecure Access Control leading to Administrator Account Takeover - CVE-2022-43684
👍1
HexWalk 1.4.0 , Hex Analyzer new release for Windows/Mac/Linux, new release with Byte Patterns (header color tags + YAML format)
🗣gcarmix1
Can I compare two or more files so it would highlight same patterns even if they're shifted?
👤1mrpeter
Does HexWalk do everything that 010 editor does?
👤WindyDaysAreWindy
🎖@malwr
🗣gcarmix1
Can I compare two or more files so it would highlight same patterns even if they're shifted?
👤1mrpeter
Does HexWalk do everything that 010 editor does?
👤WindyDaysAreWindy
🎖@malwr
GitHub
GitHub - gcarmix/HexWalk: Hex Viewer/Editor/Analyzer compatible with Linux/Windows/MacOS
Hex Viewer/Editor/Analyzer compatible with Linux/Windows/MacOS - gcarmix/HexWalk
The List of Hacker Search Engines for Penetration Testing, Vulnerability Assessments, Red Team Operations, Bug Bounty, etc.
https://github.com/RocketGod-git/Flipper\_Zero/blob/1df6c171c9687e2722559cb13fc31061cd8d3faf/badusb/BadUSB-FalsePhilosopher/Misc/Cheat\_Sheets/Awesome-hacker-search-engines/README.md
https://preview.redd.it/f77nay5vtocb1.png?width=945&format=png&auto=webp&s=2e88eac6d3fe099d9760583dee1105b45ae9dc72
https://preview.redd.it/2ur1bcxvtocb1.png?width=930&format=png&auto=webp&s=6d43321c464c294a4f28c1bf204127319d963d9d
🗣AJ_GOAT_3476
🎖@malwr
https://github.com/RocketGod-git/Flipper\_Zero/blob/1df6c171c9687e2722559cb13fc31061cd8d3faf/badusb/BadUSB-FalsePhilosopher/Misc/Cheat\_Sheets/Awesome-hacker-search-engines/README.md
https://preview.redd.it/f77nay5vtocb1.png?width=945&format=png&auto=webp&s=2e88eac6d3fe099d9760583dee1105b45ae9dc72
https://preview.redd.it/2ur1bcxvtocb1.png?width=930&format=png&auto=webp&s=6d43321c464c294a4f28c1bf204127319d963d9d
🗣AJ_GOAT_3476
🎖@malwr
GitHub
Flipper_Zero/badusb/BadUSB-FalsePhilosopher/Misc/Cheat_Sheets/Awesome-hacker-search-engines/README.md at 1df6c171c9687e2722559…
My SD Drive for Flipper Zero. Contribute to RocketGod-git/Flipper_Zero development by creating an account on GitHub.
Biden-Harris Administration Announces Cybersecurity Labeling Program for Smart Devices to Protect American Consumers
🗣digicat
A) this will result in another new unnecessary government agency
B) the list of companies voluntarily committing to the program are all massive orgs, smaller agile and innovative orgs won't be able to compete
C) do the basics better, there's no need for this
👤crawdad101
I think this is a great idea but who's going to be in charge of this?
The Gov doesn't have enough people to independently review every single smart device that comes to market. So is it left on companies to self certify that they meet the requirements?
If it's self certification then what happens if a company fraudulently claims they meet the requirements when they don't? Are there penalties?
👤AnApexBread
🎖@malwr
🗣digicat
A) this will result in another new unnecessary government agency
B) the list of companies voluntarily committing to the program are all massive orgs, smaller agile and innovative orgs won't be able to compete
C) do the basics better, there's no need for this
👤crawdad101
I think this is a great idea but who's going to be in charge of this?
The Gov doesn't have enough people to independently review every single smart device that comes to market. So is it left on companies to self certify that they meet the requirements?
If it's self certification then what happens if a company fraudulently claims they meet the requirements when they don't? Are there penalties?
👤AnApexBread
🎖@malwr
The White House
Biden-Harris Administration Announces Cybersecurity Labeling Program for Smart Devices to Protect American Consumers
Leading electronics and appliance manufacturers and retailers make voluntary commitments to increase cybersecurity on smart devices, help consumers choose
Streamlining Websocket Pentesting with wsrepl
🗣nibblesec
Nice work!
👤ilimanjf
I'm the author of this tool. As the blog post describes, I created it to address my own frustrations during engagements. If you've ever encountered challenges while testing websockets, I'd love to hear your thoughts.
👤execveat
🎖@malwr
🗣nibblesec
Nice work!
👤ilimanjf
I'm the author of this tool. As the blog post describes, I created it to address my own frustrations during engagements. If you've ever encountered challenges while testing websockets, I'd love to hear your thoughts.
👤execveat
🎖@malwr
Doyensec
Streamlining Websocket Pentesting with wsrepl
In an era defined by instant gratification, where life zips by quicker than a teenager’s TikTok scroll, WebSockets have evolved into the heartbeat of web applications. They’re the unsung heroes in data streaming and bilateral communication, serving up everything…
VirusTotal Leak Data of 5,600 registered users
Better change those passwords.
Link here)
🗣hawaii_brian
I feel like I see data leaks of passwords all the time. What makes it so common?
How are they supposed to be stored? Hashed and salted?
👤TheAnxiousPianist
"Users’ names and e-mail addresses have been leaked, but passwords haven’t."
I have 2FA enabled but updated my password anyhow, making it longer and more complex.
👤fmtheilig
Community notes about to get real interesting
👤GoodEbening
🎖@malwr
Better change those passwords.
Link here)
🗣hawaii_brian
I feel like I see data leaks of passwords all the time. What makes it so common?
How are they supposed to be stored? Hashed and salted?
👤TheAnxiousPianist
"Users’ names and e-mail addresses have been leaked, but passwords haven’t."
I have 2FA enabled but updated my password anyhow, making it longer and more complex.
👤fmtheilig
Community notes about to get real interesting
👤GoodEbening
🎖@malwr
Help Net Security
VirusTotal leaked data of 5,600 registered users
VirusTotal has suffered a data leak, which exposed the names and email addresses of 5600 of its registered users.
👍1😱1
Detecting Fileless PowerShell operations
I am currently doing an internship where I am pen testing a proprietary incident response/memory forensics tool. I am new to pentesting/forensics in general. One of the things I am thinking about trying is using IEX in PowerShell to download/run things. Does this leave any kind of artifacts?
What would you be checking for in something like this?
I am planning on using atomic red team or caldera. I have noticed that with ART that the PowerShell commands you run are unique to that program and probably would not be a typical PowerShell command so perhaps not the best way to find out what PowerShell is actually doing but it seemed the easiest way to start testing quickly.
🗣Ghostnineone
Depending on the setup of the target organisation, using powershell on the target will leave logs in the "Windows PowerShell.evtx" logs in decoded form, and if more logging are in place, "powershell transcripts" or "sysmon" logs may exist, other than logs, artifacts like Prefetch, ShimCache or AmCache can provide more evidence of powershell execution.
👤OverZeeR
You can usually find PowerShell in the event logs.
👤smc0881
🎖@malwr
I am currently doing an internship where I am pen testing a proprietary incident response/memory forensics tool. I am new to pentesting/forensics in general. One of the things I am thinking about trying is using IEX in PowerShell to download/run things. Does this leave any kind of artifacts?
What would you be checking for in something like this?
I am planning on using atomic red team or caldera. I have noticed that with ART that the PowerShell commands you run are unique to that program and probably would not be a typical PowerShell command so perhaps not the best way to find out what PowerShell is actually doing but it seemed the easiest way to start testing quickly.
🗣Ghostnineone
Depending on the setup of the target organisation, using powershell on the target will leave logs in the "Windows PowerShell.evtx" logs in decoded form, and if more logging are in place, "powershell transcripts" or "sysmon" logs may exist, other than logs, artifacts like Prefetch, ShimCache or AmCache can provide more evidence of powershell execution.
👤OverZeeR
You can usually find PowerShell in the event logs.
👤smc0881
🎖@malwr
Reddit
From the computerforensics community on Reddit
Explore this post and more from the computerforensics community
❤1