OWASP Secure Coding Practices

Dragnmove

Dragnmove is a post-exploitaition tool that infects files shared between users in order to move from one system to another. Dragnmove can detect actions like dropping a file into the browser window or attaching a file to an email client. After Dragnmove detects the action, it hooks CreateFile API calls to modify handles:

https://github.com/OccamsXor/Dragnmove

A New MacOS Persistence and Deception Technique: Default Application Hijacking

This bug allows for code execution and potentially allows an attacker to trick the user into granting TCC permissions to an attacker-controlled application..:

https://medium.com/@marcusthebrody/a-new-macos-persistence-and-deception-technique-default-application-hijacking-52de66955a16

OSV-Scanner

Use OSV-Scanner to find existing vulnerabilities affecting your project's dependencies..:

* https://github.com/google/osv-scanner

#tool #research

100 000 000 морских свинок: Опасности в каждодневной еде, лекарствах и косметике - книга, написанная Артуром Каллетом и Ф.Дж. Шлинком и выпущенная в США в 1933 году "Вангард Пресс". Центральная идея книги - то, что население США используется в качестве морских свинок в гигантском эксперименте пищевых и медицинских корпораций:

https://fb2-epub.ru/load/jizn/zdorove/100_millionov_morskikh_svinok_artur_kallet_frederik_shlink/133-1-0-13384

Domain Name System (DNS) Parameters

Last Updated 2022-12-06

https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml

ImgBackdoor

Hide your payload into .jpg file

https://github.com/Tsuyoken/ImgBackdoor

Blindside is a technique for evading the monitoring of endpoint detection and response (EDR) and extended detection and response (XDR) platforms using hardware breakpoints to inject commands and perform unexpected, unwanted, or malicious operations. It involves creating a breakpoint handler, and setting a hardware breakpoint that will force the debugged process to load only ntdll to memory

— https://github.com/CymulateResearch/Blindside

Avoiding Detection with Shellcode Mutator

…Today we are releasing a new tool to help red teamers avoid detection. Shellcode is a small piece of code that is typically used as the payload in an exploit, and can often be detected by its “signature”, or unique pattern. Shellcode Mutator mutates exploit source code without affecting its functionality, changing its signature and making it harder to reliably detect as malicious..:

— https://labs.nettitude.com/blog/shellcode-source-mutations/

Backdoor HackTheBox Walkthrough

https://www.hackingarticles.in/backdoor-hackthebox-walkthrough/

The FBI is warning the public that cyber criminals are using search engine advertisement services to impersonate brands and direct users to malicious sites that host ransomware and steal login credentials and other financial information:

https://www.ic3.gov/Media/Y2022/PSA221221

Proof-of-concept app to overwrite fonts on iOS using CVE-2022-46689

https://github.com/zhuowei/WDBFontOverwrite

pdfcpu: a Go PDF processor

pdfcpu is a PDF processing library written in Go supporting encryption. It provides both an API and a CLI. Supported are all versions up to PDF 1.7 (ISO-32000).

— https://github.com/pdfcpu/pdfcpu

#tool

Reverse Prompt Engineering for Fun and (no) Profit

Pwning the source prompts of Notion AI, 7 techniques for Reverse Prompt Engineering... and why everyone is *wrong* about prompt injection

https://lspace.swyx.io/p/reverse-prompt-eng

dnstwist

This is a tool that will fetch potential typo-squatting or IDN domains which could be targeting your domain for spear phishing. Permutations will be fetched from https://dnstwist.it

— https://github.com/hazcod/dnstwist

GoAccess is an open source real-time web log analyzer and interactive viewer that runs in a terminal on *nix systems or through your browser

— https://github.com/allinurl/goaccess

#tool

P.S. thx for https://news.1rj.ru/str/sysadm_in/214083

MegaCortex RANSOMWARE DECRYPTION TOOL