2024-08-12 | Hacker Trends

9 Posts

GitHub - badsectorlabs/sccm-http-looter: Find interesting files stored on (System Center) Configuration Manager (SCCM/CM) shares via HTTP(s)

https://github.com/badsectorlabs/sccm-http-looter

6 Posts

GitHub - deepinstinct/ShimMe

https://github.com/deepinstinct/ShimMe

5 Posts

Google deactivates Russian AdSense accounts, sends final payments

https://www.bleepingcomputer.com/news/google/google-deactivates-russian-adsense-accounts-sends-final-payments/

5 Posts

Threat Actors’ Toolkit: Leveraging Sliver, PoshC2 & Batch Scripts – The DFIR Report

https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/

5 Posts

Living off the VPN — Exploring VPN Post-Exploitation Techniques | Akamai

https://www.akamai.com/blog/security-research/2024/aug/2024-august-vpn-post-exploitation-techniques-black-hat

5 Posts

GitHub - assetnote/nowafpls: Burp Plugin to Bypass WAFs through the insertion of Junk Data

https://github.com/assetnote/nowafpls

4 Posts

Fake X content warnings on Ukraine war, earthquakes used as clickbait

https://www.bleepingcomputer.com/news/security/fake-x-content-warnings-on-ukraine-war-earthquakes-used-as-clickbait/

4 Posts

DEF CON 32: Office of the National Cyber Director (ONCD) Badge Challenge Write-Up | by Joe Christian | Aug, 2024 | Medium

https://medium.com/@JoeChrist/def-con-32-office-of-the-national-cyber-director-oncd-badge-challenge-write-up-a0a406606875

4 Posts

The SSO Wall of Shame | A list of vendors that treat single sign-on as a luxury feature, not a core security requirement.

http://sso.tax

3 Posts

The UN Is Moving to Fight Cybercrime but Privacy Groups Say Human Rights Will Be Violated - SecurityWeek

https://www.securityweek.com/the-un-is-moving-to-fight-cybercrime-but-privacy-groups-say-human-rights-will-be-violated/

3 Posts

Building a nation-scale evidence base for cyber deception - NCSC.GOV.UK

https://www.ncsc.gov.uk/blog-post/building-a-nation-scale-evidence-base-for-cyber-deception

3 Posts

Hacking a Smart Home Device - James Warner

https://jmswrnr.com/blog/hacking-a-smart-home-device

3 Posts

Industrial Remote Access Tool Ewon Cosy+ Vulnerable to Root Access Attacks

https://thehackernews.com/2024/08/industrial-remote-access-tool-ewon-cosy.html

3 Posts

Malware development part 1 - basics – 0xPat blog – Red/purple teamer

https://0xpat.github.io/Malware_development_part_1/

3 Posts

Justice Department Disrupts North Korean 'Laptop Farm' Operation - SecurityWeek

https://www.securityweek.com/justice-department-disrupts-north-korean-laptop-farm-operation/

3 Posts

Bipartisan Bill to Tighten Vulnerability Disclosure Rules for Federal Contractors - SecurityWeek

https://www.securityweek.com/bipartisan-bill-to-tighten-vulnerability-disclosure-rules-for-federal-contractors/

3 Posts

Malware development part 2 - anti dynamic analysis & sandboxes – 0xPat blog – Red/purple teamer

https://0xpat.github.io/Malware_development_part_2/

3 Posts

EastWind Attack Deploys PlugY and GrewApacha Backdoors Using Booby-Trapped LNK Files

https://thehackernews.com/2024/08/russian-government-hit-by-eastwind.html

3 Posts

Malware development part 3 - anti-debugging – 0xPat blog – Red/purple teamer

https://0xpat.github.io/Malware_development_part_3/

3 Posts

Researchers Uncover Vulnerabilities in Solarman and Deye Solar Systems

https://thehackernews.com/2024/08/researchers-uncover-vulnerabilities-in.html

3 Posts

Chinese hacking groups target Russian government, IT firms

https://www.bleepingcomputer.com/news/security/chinese-hacking-groups-target-russian-government-it-firms/

3 Posts

GitHub - klezVirus/DriverJack: Hijacking valid driver services to load arbitrary (signed) drivers abusing native symbolic links and NT paths

https://github.com/klezVirus/DriverJack

3 Posts

GitHub - badsectorlabs/sccm-http-looter: Find interesting files stored on (System Center) Configuration Manager (SCCM/CM) shares via HTTP(s)

GitHub - deepinstinct/ShimMe

Google deactivates Russian AdSense accounts, sends final payments

Threat Actors’ Toolkit: Leveraging Sliver, PoshC2 & Batch Scripts – The DFIR Report

Living off the VPN — Exploring VPN Post-Exploitation Techniques | Akamai

GitHub - assetnote/nowafpls: Burp Plugin to Bypass WAFs through the insertion of Junk Data

Fake X content warnings on Ukraine war, earthquakes used as clickbait

DEF CON 32: Office of the National Cyber Director (ONCD) Badge Challenge Write-Up | by Joe Christian | Aug, 2024 | Medium

The SSO Wall of Shame | A list of vendors that treat single sign-on as a luxury feature, not a core security requirement.

The UN Is Moving to Fight Cybercrime but Privacy Groups Say Human Rights Will Be Violated - SecurityWeek

Building a nation-scale evidence base for cyber deception - NCSC.GOV.UK

Hacking a Smart Home Device - James Warner

Industrial Remote Access Tool Ewon Cosy+ Vulnerable to Root Access Attacks

Malware development part 1 - basics – 0xPat blog – Red/purple teamer

Justice Department Disrupts North Korean 'Laptop Farm' Operation - SecurityWeek

Bipartisan Bill to Tighten Vulnerability Disclosure Rules for Federal Contractors - SecurityWeek

Malware development part 2 - anti dynamic analysis & sandboxes – 0xPat blog – Red/purple teamer

EastWind Attack Deploys PlugY and GrewApacha Backdoors Using Booby-Trapped LNK Files

Malware development part 3 - anti-debugging – 0xPat blog – Red/purple teamer

Researchers Uncover Vulnerabilities in Solarman and Deye Solar Systems

Chinese hacking groups target Russian government, IT firms

GitHub - klezVirus/DriverJack: Hijacking valid driver services to load arbitrary (signed) drivers abusing native symbolic links and NT paths

Microsoft Warns of OpenVPN Vulnerabilities, Potential for Exploit Chains - SecurityWeek

200k Impacted by East Valley Institute of Technology Data Breach - SecurityWeek

Microsoft shares Outlook workaround for Gmail sign-in issues

X

FreeBSD Releases Urgent Patch for High-Severity OpenSSH Vulnerability