HN SecurityHello Rustaceans! Our technical director @raptor is back at it.
In this second installment of our #Rust series, “An offensive Rust encore”, he will guide you in bringing your skills to the next level by using a new PoC #RedTeaming tool as an excuse:
@asicc
- 3 Followers
- 57 Following
- 81 Posts
BleepingComputerChinese hackers targeting large IT service providers in Southern Europe were seen abusing Visual Studio Code (VSCode) tunnels to maintain persistent access to compromised systems.
/r/netsecThe Ultimate Handheld Hacking Device - My Experience with NetHunter https://andy.codes/blog/security_articles/2024-11-27-the-ultimate-handheld-hacking-device.html
2024-11-27 - The Ultimate Handheld Hacking Device - My Experience with NetHunter - Andy Codes
This page is a collection of topics I've studied and practiced during my transition from software engineering to offensive security, including my notes from a variety of certifications (such as OSCP, OSWA, and OSWP).
@BleepingComputer I'm a big confused on the implementation and constraints. All the implementation posits is that the host is "previously" infected. For some reason, the malware decides to use a "secured" browser for comms with C2 servers? Why not just make the requests directly outside of a browser? The whole point is to bypass the isolation features of a browser, but why even use a browser at all? Is the rendering machine that important? The implementation has latency drawbacks after all.
Mandiant has identified a novel method to bypass contemporary browser isolation technology and achieve command-and-control C2 operations.
@forst This was a very interesting problem thanks for sharing. You're right, it would be nice for technical users outside of an organization to sort of provide QA tickets/interface directly with some actual engineers. If you're a big enough "customer" you can get these tickets escalated.
I'm sure companies try to buffer those connections due to liabilities, social engineering, etc.
@_r_netsec Awesome article. Found a sweet new blog to follow
From XSS Vulnerability to Full Admin Access https://haymiz.dev/security/2024/11/25/stored-xss-takeover/
hack_luDon't forget, all the videos from hack.lu 2024 will be available on https://administraitor.video/edition/Hack.lu/2024 after each talk, provided the speaker has agreed to publish it.
Lukasz OlejnikCyber-enabled information operation by allegedly Iranian actors has some success - Trump campaign data emerged in public via an independent journalist outlet. They apparently ask it to be attributed to them, not Iran's cyber operators. https://www.reuters.com/world/us/accused-iranian-hackers-successfully-peddle-stolen-trump-emails-2024-10-25/
U.S. Intelligence agencies say that Russian actors manufactured and amplified a video that falsely depicted an individual ripping up ballots in Pennsylvania. It's debunked by election officials, too. https://www.cisa.gov/news-events/news/joint-odni-fbi-and-cisa-statement-0
U.S. Intelligence agencies say that Russian actors manufactured and amplified a video that falsely depicted an individual ripping up ballots in Pennsylvania. It's debunked by election officials, too. https://www.cisa.gov/news-events/news/joint-odni-fbi-and-cisa-statement-0
