—— Unveiled ——

Researchers finally discovered how SUNBURST backdoor was inserted into the SolarWinds software.

Hackers used a 3rd malware strain, dubbed 'SUNSPOT,' that was deployed into the Orion platform's build environment.

Read details: https://thehackernews.com/2021/01/unveiled-sunspot-malware-was-used-to.html

Getting root on a 4G LTE mobile hotspot (Alcatel MW41)
https://alex.studer.dev/2021/01/04/mw41-1
#mehran_p51

In a Europol-led operation, authorities have taken down—DarkMarket—the world's largest illegal marketplace on the dark web, specialized in the sales of drugs, counterfeit money, stolen credit card data, anonymous SIM cards, and off-the-shelf malware.

https://thehackernews.com/2021/01/authorities-take-down-worlds-largest.html

Cybersecurity experts sound alarm on a new Android spyware sold on hacking forums—marketed by a 25-year-old #Indian vendor.

https://thehackernews.com/2021/01/experts-sound-alarm-on-new-android.html

It can exfiltrate photos, locations, contacts & messages from popular apps such as Facebook, Instagram, WhatsApp, Telegram

Warning — Researchers took the wraps off a new spyware operation targeting users in Pakistan that leverages trojanized versions of legitimate Android apps to carry out covert surveillance and espionage.

Read: https://thehackernews.com/2021/01/warning-5-new-trojanized-android-apps.html

Patch Tuesday, Jan 2021

Microsoft releases Windows updates to patch a total of 83 newly discovered security flaws, including an actively exploited zero-day RCE vulnerability affecting Defender (CVE-2021-1647) application.

https://thehackernews.com/2021/01/microsoft-issues-patches-for-defender.html

⚠️ WARNING : "A sophisticated threat actor" compromised the digital certificate 'Mimecast' provided to certain customers to connect its products securely with cloud-based #Microsoft 365 Exchange.

Read details here: https://thehackernews.com/2021/01/hackers-steal-mimecast-certificate-used.html

Intel adds hardware-enabled ransomware detection to its newly announced 11th generation Core vPro business-class processors.

Read: https://thehackernews.com/2021/01/intel-adds-hardware-enabled-ransomware.html

Cybersecurity researchers have disclosed a series of attacks by a threat actor of Chinese origin (Winnti or APT41) that has targeted organizations in Russia and Hong Kong with malware — including a previously undocumented backdoor.

https://thehackernews.com/2021/01/researchers-disclose-undocumented.html

Zero Click account Takeover

#Account_Takeover #bugbounty_writeup

https://medium.com/@zahirtariq/zero-click-account-takeover-32e888d13e73

5 Ways to Exploit a Domain Takeover Vulnerability
https://redhuntlabs.com/blog/5-ways-to-exploit-a-domain-takeover-vulnerability.html

AD Attack

1) Performing domain #recon using PS
https://stealthbits.com/blog/performing-domain-reconnaissance-using-powershell/

2) Attack mapping with #bloodhound
https://stealthbits.com/blog/local-admin-mapping-bloodhound/

3) Extracting passwd hashes
https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/

4) Pass-the-hash attacks with #mimikatz
https://stealthbits.com/blog/passing-the-hash-with-mimikatz/

#Penetration_Testing

Best writeup CTF hackthebox
https://github.com/Ignitetechnologies/HackTheBox-CTF-Writeups

https://www.lunasec.io/docs/blog/log4j-zero-day/.