Using MITM to bypass FIDO2 phishing-resistant protection
What is FIDO2 - is a modern authentication group term for passwordless authentication. The Fast Identity Online (FIDO) Alliance developed it to replace the use of legacy known passwords and provide a secure method to authenticate using a physical or embedded key...
https://www.silverfort.com/blog/using-mitm-to-bypass-fido2/
What is FIDO2 - is a modern authentication group term for passwordless authentication. The Fast Identity Online (FIDO) Alliance developed it to replace the use of legacy known passwords and provide a secure method to authenticate using a physical or embedded key...
https://www.silverfort.com/blog/using-mitm-to-bypass-fido2/
Silverfort
Using MITM to bypass FIDO2 phishing-resistant protection
In this article, Senior Security Researcher Dor Segal will take you through his research uncovering how to use MITM attacks to bypass FIDO2.
Unmasking Tycoon 2FA: A Stealthy Phishing Kit Used to Bypass Microsoft 365 and Google MFA
Tycoon 2FA is a phishing-as-a-service (PhaaS) platform that was first seen in August 2023. Like many phish kits, it bypasses multifactor authentication (MFA) protections and poses a significant threat to users. Lately, Tycoon 2FA has been grabbing headlines because of its role in ongoing campaigns designed to target Microsoft 365 and Gmail accounts.
This blog post is a rundown of how these attacks work, how they’re evolving, what they look like in the real world..:
https://www.proofpoint.com/us/blog/email-and-cloud-threats/tycoon-2fa-phishing-kit-mfa-bypass
Tycoon 2FA is a phishing-as-a-service (PhaaS) platform that was first seen in August 2023. Like many phish kits, it bypasses multifactor authentication (MFA) protections and poses a significant threat to users. Lately, Tycoon 2FA has been grabbing headlines because of its role in ongoing campaigns designed to target Microsoft 365 and Gmail accounts.
This blog post is a rundown of how these attacks work, how they’re evolving, what they look like in the real world..:
https://www.proofpoint.com/us/blog/email-and-cloud-threats/tycoon-2fa-phishing-kit-mfa-bypass
Proofpoint
Tycoon 2FA: Phishing Kit Being Used to Bypass MFA | Proofpoint US
Explore Tycoon 2FA, a sophisticated phishing kit used to bypass MFA. Learn how it works, what an attack looks like, detection techniques and more.
Mastering S.O.L.I.D Principles: Easy Examples (on React) and Best Practices
https://dev.to/drruvari/mastering-solid-principles-in-react-easy-examples-and-best-practices-142b
https://dev.to/drruvari/mastering-solid-principles-in-react-easy-examples-and-best-practices-142b
DEV Community
Mastering S.O.L.I.D Principles in React: Easy Examples and Best Practices
Single Responsibility Principle (SRP) A component should have only one reason to change,...
1. Be vigilant:
* Don't trust public Wi-Fi networks.
* Verify the network name.
* Disable automatic network connection.
* Avoid using public Wi-Fi for sensitive matters.
2. Use additional security measures:
* Turn on a VPN (if exists).
* Update your software.
* Use two-factor authentication.
3. Be careful what you do:
* Do not download files from unknown websites.
* Do not open suspicious links.
* Do not use cracked software
4. Use mobile internet:
* If possible, use mobile internet instead of Wi-Fi.
5. Additional tips:
* Use HTTPS websites.
* Use secure DoH services, like Cloudflare, OpenBLD.net etc.
Remember:
- Following these simple tips will help you protect your data and devices when using public Wi-Fi.
Do you use public WiFi away from home?)
Please open Telegram to view this post
VIEW IN TELEGRAM
Gemini will get even better at understanding context to assist you in getting things done
Legitimate spying in Android:
https://blog.google/products/android/google-ai-android-update-io-2024/
Legitimate spying in Android:
https://blog.google/products/android/google-ai-android-update-io-2024/
Google
Experience Google AI in even more ways on Android
Here’s more ways you can experience Google AI on Android. Learn how on-device AI is changing what your phone can do.
GitCaught: Threat Actor Leverages GitHub Repository for Malicious Infrastructure
https://go.recordedfuture.com/hubfs/reports/cta-2024-0514.pdf
https://go.recordedfuture.com/hubfs/reports/cta-2024-0514.pdf
HTTP/2 Continuation Flood (and POC)
The
https://blog.kybervandals.com/http-2-continuation-flood-and-poc/
The
CONTINUATION Flood is a class of vulnerabilities within numerous HTTP/2 protocol implementations. In many cases, it poses a more severe threat compared to the Rapid Reset: a single machine (and in certain instances, a mere single TCP connection or a handful of frames) has the potential to disrupt server availability, with consequences ranging from server crashes to substantial performance degradation. Remarkably, requests that constitute an attack are not visible in HTTP access logs.https://blog.kybervandals.com/http-2-continuation-flood-and-poc/
Startup-Playbook-from-Sam-Altman.pdf
1.2 MB
Startup Playbook from Sam Altman
This is meant for people new to the world of startups. Most of this will not be new to people who have read a lot of what YC partners have written—the goal is to get it into one place:
https://playbook.samaltman.com/
This is meant for people new to the world of startups. Most of this will not be new to people who have read a lot of what YC partners have written—the goal is to get it into one place:
https://playbook.samaltman.com/
Ransomware incident response plan.pdf
787.7 KB
The incident response cycle, applied to ransomware
Git CVE-2024-32002 - This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed
Got vesrsions: 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, 2.39.4
git config --global core.symlinks false can be disable this attack vector
https://nvd.nist.gov/vuln/detail/CVE-2024-32002
PoC: https://github.com/szybnev/git_rce/blob/main/create_poc.sh
P.S. Thx Tatyana for the reporting ✌️
Got vesrsions: 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, 2.39.4
git config --global core.symlinks false can be disable this attack vector
https://nvd.nist.gov/vuln/detail/CVE-2024-32002
PoC: https://github.com/szybnev/git_rce/blob/main/create_poc.sh
P.S. Thx Tatyana for the reporting ✌️
GitHub
git_rce/create_poc.sh at main · szybnev/git_rce
Exploit PoC for CVE-2024-32002. Contribute to szybnev/git_rce development by creating an account on GitHub.
Как чувство осознанности может повлиять на безопасность жизни?
Мое интервью на тему кибербезопасности, как можно обезопасить себя, свое окружение, следить за собой - быть осторожным.
Отдельное спасибо хочу выразить авторам проекта Commutator Казахстан - Узлу связи между государством, бизнесом, обществом и масс-медиа и в частности Татьяне Бендзь за интересно поднятую тему.
Как вести себя с умными колонками, что делать нашим бабушкам и дедушкам в эпоху цифровизации, что такое OpenBLD.net и зачем существует этот проект.
Приятного и полезного просмотра (титры на Казахском, Русском языках присутствуют):
- https://youtu.be/MxWD1N0Bmv8?si=nSmTxUH_AAzsng-5
Детали проекта Commutator о чем он, множество других интересных интервью можно посмотреть на официальном сайте проекта:
- https://commutator.tilda.ws/
Мое интервью на тему кибербезопасности, как можно обезопасить себя, свое окружение, следить за собой - быть осторожным.
Отдельное спасибо хочу выразить авторам проекта Commutator Казахстан - Узлу связи между государством, бизнесом, обществом и масс-медиа и в частности Татьяне Бендзь за интересно поднятую тему.
Как вести себя с умными колонками, что делать нашим бабушкам и дедушкам в эпоху цифровизации, что такое OpenBLD.net и зачем существует этот проект.
Приятного и полезного просмотра (титры на Казахском, Русском языках присутствуют):
- https://youtu.be/MxWD1N0Bmv8?si=nSmTxUH_AAzsng-5
Детали проекта Commutator о чем он, множество других интересных интервью можно посмотреть на официальном сайте проекта:
- https://commutator.tilda.ws/
YouTube
Как защитить себя в интернете: кибербезопасность и искусственный интеллект (қазақша субтитрлер)
Почти 15 тысяч кибератак было зарегистрировано в казнете за первые три месяца 2024-го. За аналогичный период прошлого года их было всего 4,3 тысячи. То есть, за год количество кибератак выросло втрое. Такой статистикой недавно поделился ресурс factcheck.kz…
A technical look at a threat
actor’s ever-evolving tools and
tactics
https://blogapp.bitdefender.com/labs/content/files/2024/05/Bitdefender-Report-DeepDive-creat7721-en_EN.pdf
actor’s ever-evolving tools and
tactics
https://blogapp.bitdefender.com/labs/content/files/2024/05/Bitdefender-Report-DeepDive-creat7721-en_EN.pdf
Terraform Beginners Guide and Demos to Practice
https://github.com/venkateshk111/terraform-beginners-guide
https://github.com/venkateshk111/terraform-beginners-guide
GitHub
GitHub - venkateshk111/terraform-beginners-guide: Terraform Beginners Guide and Demos to Practice
Terraform Beginners Guide and Demos to Practice. Contribute to venkateshk111/terraform-beginners-guide development by creating an account on GitHub.
Freeway is a Python scapy-based tool for WiFi penetration that aim to help ethical hackers and pentesters develop their skills and knowledge in auditing and securing home or enterprise networks.
https://github.com/FLOCK4H/Freeway
https://github.com/FLOCK4H/Freeway
Disrupting FlyingYeti's campaign
FlyingYeti is the cryptonym given by Cloudforce One to the threat group behind this phishing campaign, which overlaps with UAC-0149 activity tracked by CERT-UA in February and April 2024.
https://blog.cloudflare.com/disrupting-flyingyeti-campaign-targeting-ukraine
FlyingYeti is the cryptonym given by Cloudforce One to the threat group behind this phishing campaign, which overlaps with UAC-0149 activity tracked by CERT-UA in February and April 2024.
https://blog.cloudflare.com/disrupting-flyingyeti-campaign-targeting-ukraine
The Cloudflare Blog
Disrupting FlyingYeti's campaign targeting Ukraine
In April and May 2024, Cloudforce One employed proactive defense measures to successfully prevent Russia-aligned threat actor FlyingYeti from launching their latest phishing campaign targeting Ukraine.
Chrome Manifest v2 RIP coming soon . Google has set the first date for getting rid of the manifest for this version.
Starting on June 3 on the Chrome Beta, Dev and Canary channels, if users still have Manifest V2 extensions installed, some will start to see a warning banner when visiting their extension management page..:
https://blog.chromium.org/2024/05/manifest-v2-phase-out-begins.html
Starting on June 3 on the Chrome Beta, Dev and Canary channels, if users still have Manifest V2 extensions installed, some will start to see a warning banner when visiting their extension management page..:
https://blog.chromium.org/2024/05/manifest-v2-phase-out-begins.html
Chromium Blog
Manifest V2 phase-out begins
Update (10/10/2024): We’ve started disabling extensions still using Manifest V2 in Chrome stable. Read more details in the MV2 support ...
Confluence Data Center and Server Remote Code Execution Vulnerability
Technical Overview:
https://blog.sonicwall.com/en-us/2024/05/confluence-data-center-and-server-remote-code-execution-vulnerability/
Technical Overview:
https://blog.sonicwall.com/en-us/2024/05/confluence-data-center-and-server-remote-code-execution-vulnerability/
Hacking Millions of Modems (and Investigating Who Hacked My Modem)
Big story with step by step examples..:
https://samcurry.net/hacking-millions-of-modems
Big story with step by step examples..:
https://samcurry.net/hacking-millions-of-modems
samcurry.net
Hacking Millions of Modems (and Investigating Who Hacked My Modem)
Two years ago, something very strange happened to me while working from my home network. I was exploiting a blind XXE vulnerability that required an external HTTP server to smuggle out files, so I spun up an AWS box and ran a simple Python webserver to receive…
Bypass Windows Defender 2024 - Windows Cyber Security
Video. The video provides a step-by-step demonstration on modifying the source code of the FilelessPELoader project, resulting in the loader being undetected by Windows Defender:
- https://youtu.be/NmB2MPAafTo?si=yEotdtVzYUmFYdC7
Video. The video provides a step-by-step demonstration on modifying the source code of the FilelessPELoader project, resulting in the loader being undetected by Windows Defender:
- https://youtu.be/NmB2MPAafTo?si=yEotdtVzYUmFYdC7
YouTube
Bypass Windows Defender 2024 - Windows Cyber Security
Be better than yesterday
In this video, we will be demonstrating how we can bypass the latest Windows Defender on a fully updated Windows 11 machine.
The video provides a step-by-step demonstration on modifying the source code of the FilelessPELoader project…
In this video, we will be demonstrating how we can bypass the latest Windows Defender on a fully updated Windows 11 machine.
The video provides a step-by-step demonstration on modifying the source code of the FilelessPELoader project…
What’s Going on With Check Point (CVE-2024-24919)?
https://www.greynoise.io/blog/whats-going-on-with-checkpoint-cve-2024-24919
https://www.greynoise.io/blog/whats-going-on-with-checkpoint-cve-2024-24919
www.greynoise.io
What’s Going on With Check Point (CVE-2024-24919)? | GreyNoise Blog
Find out more about CVE-2024-24919, a zero-day vulnerability in Check Point's Network Security gateway products that threat actors are exploiting in the wild.