Notes

The world is infested with garbage pretending to be people.

Unauthenticated and authenticated Grafana users can send a false request for snapshot query using random key parameters, having access to the system dashboard area by going through the login page. CVE-2022-32276 / CVE-2022-32275 - Grafana vulnerabilities

Watsor detects objects in video stream using deep learning-based approach. Intended primarily for surveillance it works in sheer real-time analysing the most recent frame to deliver the fastest reaction against a detected threat. Watsor

It’s a comforting thought to think that Reddit is all bots, but unfortunately you’re still probably talking to real humans there. The robotic nature of that website has more to do with the ranking and moderation system creating uniformity of thought.

Authenticated Remote Code Execution in Tp-Link Routers

Affected Devices

If your Tp-Link router has backup and restore functionality and firmware is older than june 2022, it is probably vulnerable.

Tested With

Tp-Link Archer AX50, other tplink routers may use different format of backups and exploit needs to be modified. Tp-Link Archer AX50 Authenticated RCE (CVE-2022-30075)

The Notkia uses the Nokia 1680/1681/1682 form factor. Yes, it has a proper shell. The 1680 has a camera, and the other models don’t. It can be comfortably operated one handed, no matter in public transport or in bed. Having it accidentally falling into your face won’t cause extreme pain. It can be put in almost all pockets and bags without a problem, and won’t scratch your clothes or pull your beach pants down.

Note: This is NOT a custom ROM for Nokia phones. It is a freshly designed PCB with exactly the same dimensions as the original PCB of the Nokia phone, so it can be put in the Nokia’s shell. Notkia, Linux phone in the shape of Nokia, with LoRa+WiFI+BT connectivity

PiRogue tool suite (PTS) is an open-source tool suite that provides a comprehensive mobile forensic and network traffic analysis platform. PiRogue tool suite (PTS)

Nidhogg is a multi-functional rootkit for red teams. The goal of Nidhogg is to provide an all-in-one and easy to use rootkit with multiple helpful functionalities for red team engagements that can be integrated with your own C2 framework via single header file with simple usage, you can see an example here.

Nidhogg can work on any version of Windows 10 and Windows 11.

This repository contains a kernel driver with C++ header to communicate with it.

NOTE: This project is currently on its beta, more features will be released in the coming weeks.Nidhogg - all-in-one simple to use rootkit for red teams

AutoPWN Suite is a project for scanning vulnerabilities and exploiting systems automatically.

AutoPWN Suite uses nmap TCP-SYN scan to enumerate the host and detect the version of software running on it. After gathering enough information about the host, AutoPWN Suite automatically generates a list of “keywords” to search NIST vulnerability database. AutoPWN Suite

We come from the Linux world and we don’t use Windows very often. However, we have been “forced” to use it more here at Trunc lately as we work to properly support Windows logs. Because of that, we installed a Windows 11 Pro server on Azure as one of our testing servers for our Windows logging agent.

And I have to say - unrelated to this content - that the Windows experience has improved a lot. So much easier to use and cleaner than what it was back in the old Windows 2000/Vista days - yes, that’s how long we have avoided Windows. Brute force attacks against Windows Remote Desktop

In general, people are so engaged, so invested, deep in their distraction bubbles (jobs, social interactions, accumulation of goods, etc.), that they don’t even have time to think about it, to question the point of doing all of this, and just keep reproducing, like it’s a must, like it’s an obvious thing to do. They just follow the ’life script’, no questions asked.

What’s frustrating is that those people are profoundly and irrevocably convinced they have the absolute right to create another sentient being, and bring them into the world. They’re creating a need, a set of needs (emotional, physiological, etc.), which then need, or at least are pursued, to be fulfilled.

They’re creating a problem that begs for a solution.

There’s no creativity left; there’s only “destructivity” now.

I am not a fan of “Internet” being used as a metonymy for the “World Wide Web” but that’s pretty much the only thing normal people use the actual Internet for nowadays, even for checking e-mail.

There is a cancer in the Western society that can no longer be healed, under any circumstances.

There is a lot of useful information on the Internet, but you need a stoic mind to avoid distractions.

Hayabusa is a Windows event log fast forensics timeline generator and threat hunting tool created by the Yamato Security group in Japan. Hayabusa means “peregrine falcon” in Japanese and was chosen as peregrine falcons are the fastest animal in the world, great at hunting and highly trainable. It is written in Rust and supports multi-threading in order to be as fast as possible. We have provided a tool to convert sigma rules into hayabusa rule format.

The hayabusa detection rules are based on sigma rules, written in YML in order to be as easily customizable and extensible as possible. It can be run either on running systems for live analysis or by gathering logs from multiple systems for offline analysis. (At the moment, it does not support real-time alerting or periodic scans.) The output will be consolidated into a single CSV timeline for easy analysis in Excel, Timeline Explorer, or Elastic Stack. Hayabusa

Tornado implements tor network with metasploit-framework tool and msfvenom module, you can easily create hidden services for your localhost .onion domain without port forwarding. If you have experience different remote administration tools, probably you know you need forward port with virtual private network or ngrok but in this sense with tornado, the tor network offers the possibility of making services in a machine accessible as hidden services without port forwarding, by taking advantage of the anonymity it offers and thereby preventing the real location of the machine from being exposed.

Tornado can:

• create hidden service with tor network
• generate cross platform msfvenom payload with fully undetectable shellcode execution not shikata_ga_nai things
• hidden service becomes available outside tor network and ready to reverse shell connection

be careful with tor2web even onion network, the only suicide mission is wearing blinders. tornado not secure from victim’s point of view: the point of tor is that users can connect without being eavesdropped on and going through the clearnet with tor2web, even with https seriously cripples the efforts made to protect users.Tornado - anonymously reverse shell over Tor network without port forwarding

An initial review of one of the Confluence Server systems quickly identified that a JSP file had been written into a publicly accessible web directory. The file was a well-known copy of the JSP variant of the China Chopper webshell. However, a review of the web logs showed that the file had barely been accessed. The webshell appears to have been written as a means of secondary access. CVE-2022-26134 - Additional info | Zero-Day Exploitation of Atlassian Confluence | Security Advisory

What a lovely email from the Korean National Police Agency, on behalf of Samsung, of course. The KNPA likes my work so much that they want to make sure that my article about the Samsung leak is not available anymore.

Unfortunately, no torrent files are hosted on the sizeof.cat domain and I am not a big fan of censorship. So, so sorry!

But hey, Samsung, feel free to email me anytime if you have any more “requests”.

Chainsaw provides a powerful ‘first-response’ capability to quickly identify threats within Windows event logs. It offers a generic and fast method of searching through event logs for keywords, and by identifying threats using built-in detection logic and via support for Sigma detection rules. Chainsaw