Offensive Bookmarks

A collection of bookmarks for penetration testers, bug bounty hunters, malware developers, reverse engineers and anyone who is just interested in infosec topics.

https://github.com/kargisimos/offensive-bookmarks

#infosec #bookmarks
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

When Hackers hack the Hackers - Malware Analysis for a group targeting Malware Developers

Last year, our experts had the opportunity to observe the execution of non-standard processes in a sandbox-like, isolated virtual machine (VM). Further analysis of these processes revealed Command & Control (C2) connections using Discord for communication. As we continued to analyse the C2 agent, we also gained access to the attacker's Discord channel and were able to take a look at all the commands and modules executed for many more compromised systems.

This attacker/group was very different to the ones we typically see while doing Incident Response for our customers in terms of the motivation and goals. It seemed, that this attacker was mainly compromising Malware developers and or Offensive Security related people to steal and sell code from the target systems. In this post, the malware analysis process, as well as attacker activities and Indicators of Compromise (IoCs) are presented.

https://www.r-tec.net/r-tec-blog-when-hackers-hack-the-hackers.html

#malware
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

From “Heavy Purchasers” of Pregnancy Tests to the Depression-Prone: We Found 650,000 Ways Advertisers Label You

A spreadsheet on ad platform Xandr’s website revealed a massive collection of “audience segments” used to target consumers based on highly specific, sometimes intimate information and inferences

What words would you use to describe yourself? You might say you’re a dog owner, a parent, that you like Taylor Swift, or that you’re into knitting. If you feel like sharing, you might say you have a sunny personality or that you follow a certain religion.

👀 https://web.archive.org/web/20230525225839/https://docs.xandr.com/en-US/bundle/monetize_monetize-standard/page/topics/data-marketplace-buyer-overview.html

👀 https://web.archive.org/web/20230525225541mp_/https://xandr-be-prod.zoominsoftware.io/bundle/monetize_monetize-standard/page/attachments/data-marketplace-buyer-overview/data_marketplace_public_segments_pricing_05212021.xlsx

https://themarkup.org/privacy/2023/06/08/from-heavy-purchasers-of-pregnancy-tests-to-the-depression-prone-we-found-650000-ways-advertisers-label-you

#privacy #advertising #thinkabout
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

LLMs are good at playing you

Large language models (LLMs) are eerily human-like: in casual conversations, they mimic humans with near-perfect fidelity. Their language capabilities hold promise for some fields — and spell trouble for others. But above all, the models’ apparent intellect makes us ponder the fate of humanity. I don’t know what the future holds, but I think it helps to understand how often the models simply mess with our heads.

Recall that early LLMs were highly malleable: that is, they would go with the flow of your prompt, with no personal opinions and no objective concept of truth, ethics, or reality. With a gentle nudge, a troll could make them spew out incoherent pseudoscientific babble — or cheerfully advocate for genocide. They had amazing linguistic capabilities, but they were just quirky tools.

https://lcamtuf.substack.com/p/llms-are-better-than-you-think-at

#llm
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Great blog post for learning Linux (Android) kernel exploitation (Analysis and exploitation of CVE-2017-11176)

https://labs.bluefrostsecurity.de/revisiting-cve-2017-11176

#exploitation #exploit #cve #linux #android
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

US government agencies hit in global cyberattack

Several US federal government agencies have been hit in a global cyberattack by Russian cybercriminals that exploits a vulnerability in widely used software, according to a top US cybersecurity agency.

The US Cybersecurity and Infrastructure Security Agency “is providing support to several federal agencies that have experienced intrusions affecting their MOVEit applications,” Eric Goldstein, the agency’s executive assistant director for cybersecurity, said in a statement on Thursday to CNN, referring to the software impacted. “We are working urgently to understand impacts and ensure timely remediation.”

https://edition.cnn.com/2023/06/15/politics/us-government-hit-cybeattack/index.html

#cyberattack
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Senior government officials are racing to limit impact - of what one cyber expert calls - potentially the LARGEST THEFT + extortion event in recent history’..

https://nitter.net/ChuckCallesto/status/1669552188383739904#m

Via Twitter

Read as well: US government agencies hit in global cyberattack
https://news.1rj.ru/str/BlackBox_Archiv/3096

#cyberattack #video
🎥@cRyPtHoN_INFOSEC_IT
🎥@cRyPtHoN_INFOSEC_FR
🎥@cRyPtHoN_INFOSEC_EN
🎥@cRyPtHoN_INFOSEC_DE
🎥@BlackBox_Archiv

Mozilla puts advertising into Firefox AGAIN

They have added a new option to Firefox privacy settings, enabled by default of course, to allow "suggestions from sponsors" to "occasional"ly appear in the navigation bar dropdown, as if they were bookmarks. I noticed this by seeing a link to Office Depot in the pulldown, wondering what Office Depot page I had bookmarked or in my history, and discovering that it was an in-browser "sponsored suggestion". It appears to work by sending all your navigation bar typeahead to Mozilla so it can match you with a sponsor (oops about that privacy, lol). I'm not sure how recent this "feature" is, but I think it is recent, and I only noticed it today (I'm on LTS Firefox but installed an update a few days ago). Maybe the less stable releases have had it for longer.

Turning the sponsored suggestions off is not that difficult (see the url above for instructions), but Mozilla's unceasing obsession with inveigling advertising into the browser is... disturbing. Another day in the enshittification of the web.

👀 See: How to customize Firefox Suggest settings, https://support.mozilla.org/en-US/kb/firefox-suggest

https://news.ycombinator.com/item?id=36351322

#firefox
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Pegasus Spyware: so dangerous that it should be banned? OTW explains...

Pegasus is used around the world to hack people's phones. It's extremely dangerous and can be used to control a phone remotely without the user knowing that is running.

https://www.youtube.com/watch?v=Fsh5JcK5F4k

00:00 - Intro
00:22 - Brilliant Add
01:59 - OTW Books
03:54 - Pegasus overview ....

‼️ just start the video from 03:54 to skip that sponsoring crap ‼️

#pegasus #spyware #video
🎥@cRyPtHoN_INFOSEC_IT
🎥@cRyPtHoN_INFOSEC_FR
🎥@cRyPtHoN_INFOSEC_EN
🎥@cRyPtHoN_INFOSEC_DE
🎥@BlackBox_Archiv

Sharing Your Credit Card With a Shady Pirate IPTV Service Isn’t a Brilliant Idea

Pirate IPTV services have transformed into a billion-dollar industry in recent years. It is a highly profitable business that, at the upper echelon, appears to be well organized. However, research from the Digital Citizens Alliance shows that handing over credit card details to unknown parties also has its drawbacks, including 'surprise' charges.

https://torrentfreak.com/sharing-your-credit-card-with-a-shady-pirate-iptv-service-isnt-a-brilliant-idea-230624/

#iptv
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

The Russian government is trying to block the Tor network, but users can circumvent this block by using a Tor Bridge or Tor Snowflake.

👉🏼 Download Tor Browser: @gettor_bot

💡 You can help Tor Russian users to circumvent censorship by:
- Running a snowflake proxy: https://snowflake.torproject.org
- Running an obsf4 bridge:
https://community.torproject.org/relay/setup/bridge/

https://forum.torproject.org/t/tor-blocked-in-russia-how-to-circumvent-censorship/982

#tor #russia
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Cracking Down on Dissent, Russia Seeds a Surveillance Supply Chain

Russia is incubating a cottage industry of new digital surveillance tools to suppress domestic opposition to the war in Ukraine. The tech may also be sold overseas.

As the war in Ukraine unfolded last year, Russia’s best digital spies turned to new tools to fight an enemy on another front: those inside its own borders who opposed the war.

To aid an internal crackdown, Russian authorities had amassed an arsenal of technologies to track the online lives of citizens. After it invaded Ukraine, its demand grew for more surveillance tools. That helped stoke a cottage industry of tech contractors, which built products that have become a powerful — and novel — means of digital surveillance.

The technologies have given the police and Russia’s Federal Security Service, better known as the F.S.B., access to a buffet of snooping capabilities focused on the day-to-day use of phones and websites. The tools offer ways to track certain kinds of activity on encrypted apps like WhatsApp and Signal, monitor the locations of phones, identify anonymous social media users and break into people’s accounts, according to documents from Russian surveillance providers obtained by The New York Times, as well as security experts, digital activists and a person involved with the country’s digital surveillance operations.

https://www.nytimes.com/2023/07/03/technology/russia-ukraine-surveillance-tech.html

#surveillance
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

The National Assembly in France adopted article 3 of the Justice bill which authorizes the authorities to remotely activate the cameras and microphones of telephones or other connected devices without the knowledge of the persons concerned.

https://twitter.com/WallStreetSilv/status/1676724700074897409

https://newsinfrance.com/justice-law-the-activation-of-remote-telephones-approved-by-the-national-assembly/

#surveillance #france
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Surveillance advertising in Europe: The adtech industry tracks most of what you do on the Internet. This file shows just how much

The advertising industry has more than 650,000 labels to target people. Reading through them reveals how even the most sensitive aspects of our life are monitored. EU-based data brokers play a vital role in this system.

Everything we do on the Internet is being recorded and analyzed in order to achieve one goal: to show us targeted advertising. This is a reality to which many people have become accustomed in exchange for free services. However, very few people understand exactly where our data ends up when we visit websites, use apps or make digital payments. Targeted advertising moves in mysterious ways. That’s another fact we’ve become accustomed to.

👉🏼 Download: https://web.archive.org/web/20230525225541mp_/https://xandr-be-prod.zoominsoftware.io/bundle/monetize_monetize-standard/page/attachments/data-marketplace-buyer-overview/data_marketplace_public_segments_pricing_05212021.xlsx

https://netzpolitik.org/2023/surveillance-advertising-in-europe-the-adtech-industry-tracks-most-of-what-you-do-on-the-internet-this-file-shows-just-how-much/

#surveillance #advertising #eu
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

The Death of Infosec Twitter

“Infosec twitter” has been used to describe the vibrant, active and often enthusiastic community of security practitioners working in and around the industry. It’s been a source of insight, inspiration and entertainment for many and for years. Therefore, it is with a bit of sadness that I must announce that the death of infosec twitter is upon us.

https://www.cyentia.com/the-death-of-infosec-twitter/

#infosec
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Debunking Runa Sandvik — CatalanGate Spyware

In April 2022, the world was informed about 65 suspected instances of espionage in Catalonia. The revelation came through a report and data jointly released by The Citizen Lab, a public policy institution at The University of Toronto, and Amnesty Tech, a cybersecurity division of Amnesty International. Following their investigation, these special interest groups leveled direct accusations against the Spanish government, alleging the utilization of surveillance technology developed by Israeli cyber intelligence firms NSO Group and Candiru, LTD to target Catalan civil society.

https://jonathandata1.medium.com/debunking-runa-sandvik-pegasus-spyware-catalangate-40a3cd2ebc53

#nso #pegasus #spyware #catalangate
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Hackers are infecting Call of Duty players with a self-spreading malware

Hackers are infecting players of an old Call of Duty game with a worm that spreads automatically in online lobbies, according to two analyses of the malware.

On June 26, a user on a Steam forum alerted other players of Call of Duty: Modern Warfare 2 that hackers “attack using hacked lobbies,” and suggested running an antivirus. The malware mentioned in the thread appears to be on the malware online repository VirusTotal.

Another player claimed to have analyzed the malware and wrote in the same forum thread that the malware appears to be a worm, based on a series of text strings inside the malware. A game industry insider, who asked to remain anonymous because they were not allowed to speak to the press, confirmed that the malware contains those strings, indicating a worm.

https://techcrunch.com/2023/07/27/hackers-are-infecting-call-of-duty-players-with-a-self-spreading-malware

#malware #alert
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

CannaPower - Pirate Site Not Impressed by Global DNS Blocking Order

Sony Music's legal efforts have produced a major breakthrough. As the result of a German blocking order, DNS provider Quad9 now blocks global access to music piracy site CannaPower. The operator of the site doesn't appear to be impressed so far, noting that it doesn't really hurt traffic. "They will never get us down," the operator says, adding that moving to the Tor network remains an option as well.

https://torrentfreak.com/pirate-site-not-impressed-by-global-dns-blocking-order-230803/

#cannapower
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

<Lolek> Hosted, a notorious bulletproof hosting provider who was a competitor to the infamous CyberBunker, has been seized by the United States Federal Bureau-Investigation, IRS Criminal Investigation unit, and Poland's Central Bureau of Combating Cybercrime (CBZC)

https://nitter.net/vxunderground/status/1688965817654775820#m

Via Twitter

#lolek #bulletproof #hosting #seized
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Ransomware Diaries: Volume 3 – LockBit’s Secrets

In this volume of the Ransomware Diaries, I will share interesting, previously unknown details of the LockBit ransomware operation that LockBit has tried very hard to cover up. Until now, you have been lied to about LockBit’s true capability. Today, I will show you the actual current state of its criminal program and demonstrate with evidence-backed analysis that LockBit has several critical operational problems, which have gone unnoticed.

This time, besides using fake personas, I have spoken directly with the gang and many of its affiliate partners. I also reached out to victims. I learned what happens behind the scenes during the ransom negotiations and the relationships LockBit has with its affiliate partners and competing rival gangs. LockBit has secrets it does not want either party to know. Now, I look forward to sharing them with you!

Before I begin, I need to share a significant event that took place as I finalized this report. In August 2023, LockBit’s leadership vanished and was unreachable to fellow gang members, including its affiliate partners, for the first two weeks of August. During that time, several of LockBit’s close associates shared concerns that the gang’s leadership was on the run or dead. Then, on August 13, LockBit reappeared on private channels as if it never happened. Still, during the time LockBit was gone, LockBits data leak site and infrastructure were up, but no one was actively managing it.

👉🏼 Volume 3: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/

👉🏼 Volume 2: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/#Part_II_The_Victims%E2%80%99_Story

👉🏼 Volume 1: https://analyst1.com/ransomware-diaries-volume-1/

#ransomware #lockbit
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Big Ass Data Broker Opt-Out List

This list was started on September 29, 2017 and was most recently updated in May 2023 to add information on sites that require you to click links sent via email or to receive an automated call and enter a four-digit number on your phone in order to complete an opt-out request.

https://github.com/yaelwrites/Big-Ass-Data-Broker-Opt-Out-List

#bigdata
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv