Notes

A list of tools that handle different data and make it usable in Maltego. Maltego Transforms List

Crime is a social construct dictated by whatever society arbitrarily defines as crime. Crime is not systemic at all but simply an inevitable aspect of any given civilisation that identifies the idea of a crime and treats it as a problem, so “rehabilitation” will never work either.

The truth is that there will always be “crime” as in essence it’s just human behaviour that doesn’t conform to the status quo of a given culture, completely made up. That is why you will never stop crime, nor would you likely want to if you knew what this actually entailed.

After such knowledge, what forgiveness? Think now
History has many cunning passages, contrived corridors
And issues, deceives with whispering ambitions,
Guides us by vanities. Think now
She gives when our attention is distracted
And what she gives, gives with such supple confusions
That the giving famishes the craving. Gives too late
What’s not believed in, or if still believed,
In memory only, reconsidered passion. Gives too soon
Into weak hands, what’s thought can be dispensed with
Till the refusal propagates a fear. Think
Neither fear nor courage saves us. Unnatural vices
Are fathered by our heroism. Virtues
Are forced upon us by our impudent crimes.
These tears are shaken from the wrath-bearing tree. T.S. Eliot, Gerontion

→ in reply to @note#1650650656

Yeah, it’s still up, 5 days later. But muah h@xx0r3rz!

multicast_bytecopy is a kernel r/w exploit for iOS 15.0 - 15.1.1 by @jaakerblom and the spiritual successor of multipath_kfree.

The exploit can be adapted to gain kernel r/w on prior iOS versions. This implementation is for iOS 15.0 - 15.1.1.

The bug exploited is CVE-2021-30937 patched in iOS 15.2. The code uses iokit.h by @s1guza and a couple of IOSurface definitions by @bazad. multicast_bytecopy is a kernel r/w exploit for iOS 15.0 - 15.1.1

Simple wrapper around some of the features of Rubeus and KrbRelay (and a few other honorable mentions in the acknowledgements section) in order to streamline the abuse of the following attack primitive:

• (Optional) New machine account creation (New-MachineAccount)
• Local machine account auth coercion (KrbRelay)
• Kerberos relay to LDAP (KrbRelay)
• Add RBCD privs and obtain privileged ST to local machine (Rubeus)
• Using said ST to authenticate to local Service Manager and create a new service as NT/SYSTEM. (SCMUACBypass)

This is essentially a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings). KrbRelayUp - a universal no-fix local privilege escalation

A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. OAuth, LDAP, SAML) in GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowing attackers to potentially take over accounts.

Exploit:

New Gitlab Accounts (created since the first affect version and if Gitlab is before the patched version) can be logged into with the following password:

123qweQWE!@#000000000 Gitlab 14.9 - Authentication bypass with hardcoded password

People have completely bought into the black / white mindset that there are heroes and villains in this world, and that if you’re part of the hero team then anything is justifiable.

Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Benjamin Franklin

On April 14 and 15, Morphisec identified exploitation attempts for a week-old VMware Workspace ONE Access (formerly VMware Identity Manager) remote code execution (RCE) vulnerability. Due to indicators of a sophisticated Core Impact backdoor, Morphisec believes advanced persistent threat (APT) groups are behind these VMWare identity manager attack events. The tactics, techniques, and procedures used in the attack are common among groups such as the Iranian linked Rocket Kitten.

This new vulnerability is a server-side template injection that affects an Apache Tomcat component, and as a result, the malicious command is executed on the hosting server. As part of the attack chain, Morphisec has identified and prevented PowerShell commands executed as child processes to the legitimate Tomcat prunsrv.exe process application. A malicious actor with network access can use this vulnerability to achieve full remote code execution against VMware’s identity access management. New Core Impact Backdoor Delivered Via VMWare Vulnerability

Cloud tunneling services, which allow users to expose internal systems from their homes or businesses to the internet by relaying the traffic through cloud-based systems, have grown in use over the past few years. Unfortunately, as with any kind of service that helps developers and infrastructure administrators, cybercriminals have been abusing these services for various illicit operations.How Cybercriminals Abuse Cloud Tunneling Services

Social media networks have now overtaken shipping, retail and technology as the category most likely to be targeted by criminal groups. So far this year, LinkedIn has been related to more than half (52%) of all phishing-related attacks globally, marking the first time the social media network has reached the top of rankings. It represents a dramatic 44% uplift from the previous quarter, when LinkedIn was in fifth position and related to only 8% of phishing attempts. LinkedIn has now overtaken DHL as the most targeted brand, which has now fallen to second position and accounted for 14% of all phishing attempts during the quarter.

Our latest report highlights an emerging trend toward threat actors leveraging social networks, now the number one targeted category ahead of shipping companies and technology giants such as Google, Microsoft and Apple. As well as LinkedIn being the most targeted brand by a considerable margin, WhatsApp maintained its position in the top ten, accounting for almost 1 in 20 phishing-related attacks worldwide. LinkedIn now accounting for half of all phishing attempts worldwide

Well, if you had a CTemplar email account (hopefully not), they are shutting down and the last day of operation for the email service will be on May 26 of 2022.

Our 24/7 digital lives mean we’re increasingly sitting in front of a screen, whether that’s a laptop, a smartphone or another device. That usually means we’re also sitting in front of a camera. Some of us rarely used this feature, until the pandemic hit and saw homebound workers and bored students alike switch on their webcams to stay connected with the rest of the world. But while online cameras can provide a lifeline to friends and family, and a near-ubiquitous way of participating in meetings, they also put us at risk.

Whether it’s financially motivated cybercriminals, stalkers, bullies, trolls or just plain weirdos, the tools and knowledge to hack webcams have never been easier to find online. That puts the onus on us all to become more aware of the risks, and take steps to improve our online privacy and safety. A lot of it is common sense. Some of it needs to be learned behavior. Webcam hacking: How to know if someone may be spying on you through your webcam

Stormous Ransomware group claims to have hacked Coca Cola and stole 161GB of data from them. I hope the ultra-mega-secret recipe is among the data retrieved. Next, KFC and their famous almost-chicken wings!

Link to their website, use Tor browser.

In one of the fastest ransomware cases we have observed, in under four hours the threat actors went from initial access, to domain wide ransomware. The initial access vector for this case was an IcedID payload delivered via email. We have observed IcedID malware being utilized as the initial access by various ransomware groups. Quantum Ransomware

We have been closely investigating the Android BianLian botnet (also known as Hydra). This botnet emerged in 2018. It is still very alive in 2022, particularly active since the beginning of 2022, where we are closely monitoring at least three independent campaigns.

The Android malware typically poses as a video player, Google Play app, or a mobile banking application. Once installed, it asks the victim to activate Accessibility Services for the app to “work correctly.” In reality, this is needed by the malware to overlay images and validate forms without user interaction. Asking for Accessibility Services activation should raise an alarm in the victim’s mind. Unfortunately, many won’t understand this is not legitimate. Android/BianLian Botnet Trying to Bypass Photo TAN Used for Mobile Banking

If I were to take a wild guess, none of the people drooling over the idea of war actually want to face its horrors. But they love the idealised, movie-esque idea of war.

I learn from the mistakes of people who take my advice.

I cant tell whether the Internet is dead because people have gotten more bitter as they have gotten older or the younger generation is very angry.