How to be Invisible Online (and the hard truth about it)

Don't be fooled ... Occupy The Web (OTW) tells us the hard truth about being anonymous online. The brutal truth: Will using your neigbors wifi keep you anonymous? Can you hide from the NSA? Can you hide from Google and other companies? Will Tor help you? Will Proxy Chains help? Which phone do you need to use - Android or iPhone or something else? Which operating system - Windows, macOS or Linux? What is the truth? What do you need to use?

https://www.youtube.com/watch?v=LEbAxsYRMcQ

#video #otw #invisible #online
🎥@cRyPtHoN_INFOSEC_IT
🎥@cRyPtHoN_INFOSEC_FR
🎥@cRyPtHoN_INFOSEC_EN
🎥@cRyPtHoN_INFOSEC_DE
🎥@BlackBox_Archiv

HyperDeceit

This repository contains the full source-code of the HyperDeceit project which is a library that allows you to impersonate as Hyper-V and intercept hypercalls done by the Windows kernel.

https://reversing.info/posts/hyperdeceit/

https://github.com/Xyrem/HyperDeceit

#hyperdeceit
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Another research paper on anti-cheat measures for all the game hackers out there!

https://repositorio-aberto.up.pt/bitstream/10216/142935/2/572983.pdf

#anticheat #research #pdf
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Two Bugs With One PoC: Rooting Pixel 6 From Android 12 to Android 13

https://i.blackhat.com/Asia-23/AS-23-WANG-Two-bugs-with-one-PoC-Rooting-Pixel-6-from-Android-12-to-Android-13.pdf

#MobileSecurity #AndroidSecurity #root #pixel #poc #pdf
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Compromised from Within: The Unauthorized Restoration of TorGuard’s Telegram Channel

This is the comprehensive, substantiated account of how TorGuard’s deleted Telegram Channel was improperly resurrected and handed over to a known fraudster, by a paid insider at Telegram. We bring forth irrefutable evidence, shedding light on this disturbing violation, which calls into question the integrity of Telegram’s internal security mechanisms.

https://medium.com/@TorGuard/compromised-from-within-the-unauthorized-restoration-of-torguards-telegram-channel-dce4c5836

#telegram #torguard
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Compromised from Within (Part 2): Telegram Support Finally Responds

In this follow-up post, we clarify misunderstandings about channel deletion on Telegram, learned through interactions with Reddit users, Telegram Support, and Telegram CEO Pavel Durov. It appears you can’t delete channels with over 1K subscribers — only Telegram Support can, shedding new light on our previous “unauthorized channel restoration” misunderstanding.

https://medium.com/@TorGuard/compromised-from-within-part-2-telegram-support-finally-responds-a30b7e66e859

#telegram #torguard
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Snapping Snap Sync: Practical attacks on Go Ethereum sync nodes

https://appliedcrypto.ethz.ch/content/dam/ethz/special-interest/infk/inst-infsec/appliedcrypto/research/TavernaPaterson-SnappingSnapSync.pdf

#ethereum #snapsync #attacks #pdf
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

File Archiver In The Browser

This article explores a phishing technique that emulates a file archiver software in the browser while using a .zip domain.

Introduction

Last week Google released several new top-level domains (TLDs) including .dad, .phd, .mov and .zip. Many members of the security community began posting about concerns they had with TLDs that can be mistaken for file extensions, specifically, .mov and .zip. The intention of this article isn’t to discuss my opinion on the topic, instead, I’ll be showcasing how it can be used to enhance phishing engagements.

With this phishing attack, you simulate a file archiver software (e.g. WinRAR) in the browser and use a .zip domain to make it appear more legitimate.

https://mrd0x.com/file-archiver-in-the-browser/

#tlds #poc #phishing
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Documenting the rise of facial recognition in the UK

Facial recognition surveillance turns us into walking ID cards, and treats members of the public like suspects in a high-tech police line up.

Our new detailed report, Biometric Britain: The Expansion of Facial Recognition Surveillance, lays out how police, retailers, tech companies and even some schools are investing huge sums of money into this intrusive technology.

https://bigbrotherwatch.org.uk/campaigns/stop-facial-recognition/#report

https://www.youtube.com/watch?v=bX-Yxy1ESAQ

#surveillance #uk
🎥@cRyPtHoN_INFOSEC_IT
🎥@cRyPtHoN_INFOSEC_FR
🎥@cRyPtHoN_INFOSEC_EN
🎥@cRyPtHoN_INFOSEC_DE
🎥@BlackBox_Archiv

Near-Ultrasound Inaudible Trojan (NUIT): Exploits your speaker to attack your microphone

https://www.usenix.org/system/files/sec23fall-prepub-261-xia-qi.pdf

#nuit #trojan #ultrasound #pdf
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

MullvadVPN - Removing the support for forwarded ports

Today we announce that we no longer support port forwarding. New port forwards will no longer be supported, and existing ports will be removed 2023-07-01.

https://mullvad.net/en/blog/2023/5/29/removing-the-support-for-forwarded-ports/

#mullvad #vpn
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Offensive Bookmarks

A collection of bookmarks for penetration testers, bug bounty hunters, malware developers, reverse engineers and anyone who is just interested in infosec topics.

https://github.com/kargisimos/offensive-bookmarks

#infosec #bookmarks
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

When Hackers hack the Hackers - Malware Analysis for a group targeting Malware Developers

Last year, our experts had the opportunity to observe the execution of non-standard processes in a sandbox-like, isolated virtual machine (VM). Further analysis of these processes revealed Command & Control (C2) connections using Discord for communication. As we continued to analyse the C2 agent, we also gained access to the attacker's Discord channel and were able to take a look at all the commands and modules executed for many more compromised systems.

This attacker/group was very different to the ones we typically see while doing Incident Response for our customers in terms of the motivation and goals. It seemed, that this attacker was mainly compromising Malware developers and or Offensive Security related people to steal and sell code from the target systems. In this post, the malware analysis process, as well as attacker activities and Indicators of Compromise (IoCs) are presented.

https://www.r-tec.net/r-tec-blog-when-hackers-hack-the-hackers.html

#malware
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

From “Heavy Purchasers” of Pregnancy Tests to the Depression-Prone: We Found 650,000 Ways Advertisers Label You

A spreadsheet on ad platform Xandr’s website revealed a massive collection of “audience segments” used to target consumers based on highly specific, sometimes intimate information and inferences

What words would you use to describe yourself? You might say you’re a dog owner, a parent, that you like Taylor Swift, or that you’re into knitting. If you feel like sharing, you might say you have a sunny personality or that you follow a certain religion.

👀 https://web.archive.org/web/20230525225839/https://docs.xandr.com/en-US/bundle/monetize_monetize-standard/page/topics/data-marketplace-buyer-overview.html

👀 https://web.archive.org/web/20230525225541mp_/https://xandr-be-prod.zoominsoftware.io/bundle/monetize_monetize-standard/page/attachments/data-marketplace-buyer-overview/data_marketplace_public_segments_pricing_05212021.xlsx

https://themarkup.org/privacy/2023/06/08/from-heavy-purchasers-of-pregnancy-tests-to-the-depression-prone-we-found-650000-ways-advertisers-label-you

#privacy #advertising #thinkabout
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

LLMs are good at playing you

Large language models (LLMs) are eerily human-like: in casual conversations, they mimic humans with near-perfect fidelity. Their language capabilities hold promise for some fields — and spell trouble for others. But above all, the models’ apparent intellect makes us ponder the fate of humanity. I don’t know what the future holds, but I think it helps to understand how often the models simply mess with our heads.

Recall that early LLMs were highly malleable: that is, they would go with the flow of your prompt, with no personal opinions and no objective concept of truth, ethics, or reality. With a gentle nudge, a troll could make them spew out incoherent pseudoscientific babble — or cheerfully advocate for genocide. They had amazing linguistic capabilities, but they were just quirky tools.

https://lcamtuf.substack.com/p/llms-are-better-than-you-think-at

#llm
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Great blog post for learning Linux (Android) kernel exploitation (Analysis and exploitation of CVE-2017-11176)

https://labs.bluefrostsecurity.de/revisiting-cve-2017-11176

#exploitation #exploit #cve #linux #android
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

US government agencies hit in global cyberattack

Several US federal government agencies have been hit in a global cyberattack by Russian cybercriminals that exploits a vulnerability in widely used software, according to a top US cybersecurity agency.

The US Cybersecurity and Infrastructure Security Agency “is providing support to several federal agencies that have experienced intrusions affecting their MOVEit applications,” Eric Goldstein, the agency’s executive assistant director for cybersecurity, said in a statement on Thursday to CNN, referring to the software impacted. “We are working urgently to understand impacts and ensure timely remediation.”

https://edition.cnn.com/2023/06/15/politics/us-government-hit-cybeattack/index.html

#cyberattack
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Senior government officials are racing to limit impact - of what one cyber expert calls - potentially the LARGEST THEFT + extortion event in recent history’..

https://nitter.net/ChuckCallesto/status/1669552188383739904#m

Via Twitter

Read as well: US government agencies hit in global cyberattack
https://t.iss.one/BlackBox_Archiv/3096

#cyberattack #video
🎥@cRyPtHoN_INFOSEC_IT
🎥@cRyPtHoN_INFOSEC_FR
🎥@cRyPtHoN_INFOSEC_EN
🎥@cRyPtHoN_INFOSEC_DE
🎥@BlackBox_Archiv

Mozilla puts advertising into Firefox AGAIN

They have added a new option to Firefox privacy settings, enabled by default of course, to allow "suggestions from sponsors" to "occasional"ly appear in the navigation bar dropdown, as if they were bookmarks. I noticed this by seeing a link to Office Depot in the pulldown, wondering what Office Depot page I had bookmarked or in my history, and discovering that it was an in-browser "sponsored suggestion". It appears to work by sending all your navigation bar typeahead to Mozilla so it can match you with a sponsor (oops about that privacy, lol). I'm not sure how recent this "feature" is, but I think it is recent, and I only noticed it today (I'm on LTS Firefox but installed an update a few days ago). Maybe the less stable releases have had it for longer.

Turning the sponsored suggestions off is not that difficult (see the url above for instructions), but Mozilla's unceasing obsession with inveigling advertising into the browser is... disturbing. Another day in the enshittification of the web.

👀 See: How to customize Firefox Suggest settings, https://support.mozilla.org/en-US/kb/firefox-suggest

https://news.ycombinator.com/item?id=36351322

#firefox
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Pegasus Spyware: so dangerous that it should be banned? OTW explains...

Pegasus is used around the world to hack people's phones. It's extremely dangerous and can be used to control a phone remotely without the user knowing that is running.

https://www.youtube.com/watch?v=Fsh5JcK5F4k

00:00 - Intro
00:22 - Brilliant Add
01:59 - OTW Books
03:54 - Pegasus overview ....

‼️ just start the video from 03:54 to skip that sponsoring crap ‼️

#pegasus #spyware #video
🎥@cRyPtHoN_INFOSEC_IT
🎥@cRyPtHoN_INFOSEC_FR
🎥@cRyPtHoN_INFOSEC_EN
🎥@cRyPtHoN_INFOSEC_DE
🎥@BlackBox_Archiv

Sharing Your Credit Card With a Shady Pirate IPTV Service Isn’t a Brilliant Idea

Pirate IPTV services have transformed into a billion-dollar industry in recent years. It is a highly profitable business that, at the upper echelon, appears to be well organized. However, research from the Digital Citizens Alliance shows that handing over credit card details to unknown parties also has its drawbacks, including 'surprise' charges.

https://torrentfreak.com/sharing-your-credit-card-with-a-shady-pirate-iptv-service-isnt-a-brilliant-idea-230624/

#iptv
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv