EP 072 | Techno Watch January – Round 2 part 2

January 22, 2024

Discord: https://discord.gg/tH8wEpNKWS
Socials: https://linktr.ee/TheLaluka

Links:
https://about.gitlab.com/blog/2023/11/28/how-gitlabs-red-team-automates-c2-testing/
https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/#account-takeover-via-password-reset-without-user-interactions

Dieselgate, but for trains – some heavyweight hardware hacking

https://blog.hrncirik.net/cve-2023-46214-analysis
https://blog.s1r1us.ninja/research/brokenconflu/
https://blog.stephane-robert.info/docs/securiser/durcissement/ssh/

Using Cloudflare to bypass Cloudflare

How I made a heap overflow in curl

https://github.com/7h30th3r0n3/Evil-M5Core2
https://github.com/christophetd/CloudFlair
https://github.com/curl/curl/discussions/12026
https://github.com/netspooky/scare
https://github.com/spyboy-productions/CloakQuest3r
https://github.com/V1lu0/CVE-2023-7028/issues/1
https://github.com/xaitax/SploitScan
https://grsecurity.net/constify_fast_defenses_for_new_exploits
https://itnext.io/best-practices-for-writing-quality-vulnerability-reports-119882422a27
https://kyverno.io/docs/introduction/#quick-start

Plundering Postman with Porch Pirate

https://medium.com/@renwa/you-are-not-where-you-think-you-are-opera-browsers-address-bar-spoofing-vulnerabilities-aa36ad8321d8
https://medium.com/@val_deleplace/does-the-race-detector-catch-all-data-races-1afed51d57fb
https://n0.lol/
https://php.watch/versions/8.0/phar-stream-wrapper-unserialize
https://portswigger.net/research/top-10-web-hacking-techniques-of-2023-nominations-open
https://portswigger.net/research/web-storage-the-lesser-evil-for-session-tokens
https://pulsesecurity.co.nz/articles/OMGCICD-gitlab
https://pyinstaller.org/en/stable/
M5Stack Core2 ESP32 IoT Development Kit
https://sokarepo.github.io/redteam/2023/10/11/create-reflective-dll-for-cobaltstrike.html
https://sokarepo.github.io/redteam/2024/01/04/increase-your-stealth-capabilities-part1.html
https://sokarepo.github.io/redteam/2024/01/04/increase-your-stealth-capabilities-part2.html

WTF! Why is my LG Washing Machine using 3.6GB of data/day? pic.twitter.com/xQqQicTqxI

— Johnie (@Johnie) January 9, 2024

https://vin01.github.io/piptagole/ssh/security/openssh/libssh/remote-code-execution/2023/12/20/openssh-proxycommand-libssh-rce.html
https://www.ambionics.io/blog/wrapwrap-php-filters-suffix
https://www.cncf.io/blog/2023/11/06/kyverno-expands-beyond-kubernetes/
https://www.cosive.com/blog/watching-them-watching-you-opsec-for-security-investigators
https://www.elastic.co/security-labs/the-elastic-container-project
https://www.imperva.com/blog/navigating-the-sea-exploiting-digitalocean-apis/
https://www.jackphilipbutton.com/post/how-to-protect-evilginx-using-cloudflare-and-html-obfuscation
https://www.nongnu.org/fbi-improved/
https://www.synacktiv.com/publications/using-ntdissector-to-extract-secrets-from-adam-ntds-files

https://zelda64.dev/games/tmc
https://zeldaret.github.io/tmc/