As George Costanza used to say, "You know, we're living in a society!", but just in case we don't, remember this website has a mirror on the Tor network. Bookmark it for safekeeping. Also, RSS feed is here.

Cellebrite UFED 4PC (capabilities and a bonus)

Saturday, April 9, 2022   Post   1425 words  7 mins read

This article might look like an ad but trust me, it’s not. I suggest you stick around until the end of the article, there will be a small-ish surprise.

In case you’re not familiar with Cellebrite, they are an Israeli digital intelligence company that provides tools for federal, state, and local law enforcement as well as enterprise companies and service providers to collect, review, analyze and manage digital data.

Cellebrite UFED 4PC is a universal hardware and software package for forensic research that makes it possible to extract, decode and analyze digital data obtained from mobile devices on an existing PC or laptop. The complex is delivered with a set of UFED applications, peripherals and accessories necessary for successful research. UFED 4PC can work both independently and with third-party software.

Read more ...

Spring Core RCE 0-day vulnerability

Wednesday, March 30, 2022   Post   306 words  2 mins read

Earlier today we got a hint that a new Spring Core RCE might be available:

Updated, it’s confirmed now.

As the world’s most popular Java lightweight open-source framework, Spring allows developers to focus on business logic and simplifies the development cycle of Java enterprise applications.

However, in the JDK9 version (and above) of the Spring framework, a remote attacker can obtain the AccessLogValve object and malicious field values through the parameter binding function of the framework on the basis of meeting certain conditions, thereby triggering the pipeline mechanism and writing arbitrary fields. SpringShell: Spring Core RCE 0-day Vulnerability - Image

An unconfirmed, but probable, remote code execution vulnerability is believed to exist in Spring, an extremely popular Java framework. This issue is likely easily exploited in common configurations. If confirmed, another notice will be sent out with a severity of ‘critical’. While unconfirmed, the severity has been assigned ‘high’.

Looks serious if confirmed.

Well, now it’s confirmed. Additional info (PDF file, in Chinese by original author).

Vulnerability impact

  • JDK version 9 and above.
  • uses Spring Framework or derivative framework.

Bug fixes

At present, the Spring maintainers have not released a patch and it is recommended to use a lower JDK version as a temporary solution.

PoC (download)

Read more ...

Globant (and customers) leak by Lapsus$ Group

Wednesday, March 30, 2022   Post   2829 words  14 mins read

Lapsus$ is back and on fire, today we got a new leak today with Globant.com admin credentials and a 70GB torrent from Globant customers. Keep in mind that no torrent files are hosted on the sizeof.cat website.

Globant is an IT and Software Development company operating in Argentina, Colombia, Uruguay, the United Kingdom, Brazil, the United States, Canada, Peru, India, Mexico, Chile, Costa Rica, Ecuador, Spain, France, Germany, Romania and Belarus. It was formed in 2003 by Martín Migoya, Guibert Englebienne, Martín Umaran and Néstor Nocetti. It was founded in Buenos Aires, but currently is headquartered in Luxembourg and principally serves clients in the United States and United Kingdom.

Original messages from Lapsus$ Group are below.

Read more ...

OSINT resources

Sunday, March 27, 2022   Post   10701 words  51 mins read
OSINT resources

If you’ve heard the name but are wondering what it means, OSINT stands for open source intelligence, which refers to any information that can legally be gathered from free, public sources about an individual or organization. In practice, that tends to mean information found on the Internet, but technically any public information falls into the category of OSINT whether it’s books or reports in a public library, articles in a newspaper or statements in a press release.

Maps, geo-location, transport

Social media and photos

Read more ...