Rascals are always sociable, and the chief sign that a man has any nobility in his character is the little pleasure he takes in others company. Arthur Schopenhauer

In general, people are so engaged, so invested, deep in their distraction bubbles (jobs, social interactions, accumulation of goods, etc.), that they don’t even have time to think about it, to question the point of doing all of this, and just keep reproducing, like it’s a must, like it’s an obvious thing to do. They just follow the ’life script’, no questions asked.

What’s frustrating is that those people are profoundly and irrevocably convinced they have the absolute right to create another sentient being, and bring them into the world. They’re creating a need, a set of needs (emotional, physiological, etc.), which then need, or at least are pursued, to be fulfilled.

They’re creating a problem that begs for a solution.

There’s no creativity left; there’s only “destructivity” now.

I am not a fan of “Internet” being used as a metonymy for the “World Wide Web” but that’s pretty much the only thing normal people use the actual Internet for nowadays, even for checking e-mail.

There is a cancer in the Western society that can no longer be healed, under any circumstances.

There is a lot of useful information on the Internet, but you need a stoic mind to avoid distractions.

Hayabusa is a Windows event log fast forensics timeline generator and threat hunting tool created by the Yamato Security group in Japan. Hayabusa means “peregrine falcon” in Japanese and was chosen as peregrine falcons are the fastest animal in the world, great at hunting and highly trainable. It is written in Rust and supports multi-threading in order to be as fast as possible. We have provided a tool to convert sigma rules into hayabusa rule format.

The hayabusa detection rules are based on sigma rules, written in YML in order to be as easily customizable and extensible as possible. It can be run either on running systems for live analysis or by gathering logs from multiple systems for offline analysis. (At the moment, it does not support real-time alerting or periodic scans.) The output will be consolidated into a single CSV timeline for easy analysis in Excel, Timeline Explorer, or Elastic Stack. Hayabusa

Tornado implements tor network with metasploit-framework tool and msfvenom module, you can easily create hidden services for your localhost .onion domain without port forwarding. If you have experience different remote administration tools, probably you know you need forward port with virtual private network or ngrok but in this sense with tornado, the tor network offers the possibility of making services in a machine accessible as hidden services without port forwarding, by taking advantage of the anonymity it offers and thereby preventing the real location of the machine from being exposed.

Tornado can:

  • create hidden service with tor network
  • generate cross platform msfvenom payload with fully undetectable shellcode execution not shikata_ga_nai things
  • hidden service becomes available outside tor network and ready to reverse shell connection

be careful with tor2web even onion network, the only suicide mission is wearing blinders. tornado not secure from victim’s point of view: the point of tor is that users can connect without being eavesdropped on and going through the clearnet with tor2web, even with https seriously cripples the efforts made to protect users.Tornado - anonymously reverse shell over Tor network without port forwarding

An initial review of one of the Confluence Server systems quickly identified that a JSP file had been written into a publicly accessible web directory. The file was a well-known copy of the JSP variant of the China Chopper webshell. However, a review of the web logs showed that the file had barely been accessed. The webshell appears to have been written as a means of secondary access. CVE-2022-26134 - Additional info | Zero-Day Exploitation of Atlassian Confluence | Security Advisory

What a lovely email from the Korean National Police Agency, on behalf of Samsung, of course. The KNPA likes my work so much that they want to make sure that my article about the Samsung leak is not available anymore.

Unfortunately, no torrent files are hosted on the domain and I am not a big fan of censorship. So, so sorry!

But hey, Samsung, feel free to email me anytime if you have any more “requests”.

Chainsaw provides a powerful ‘first-response’ capability to quickly identify threats within Windows event logs. It offers a generic and fast method of searching through event logs for keywords, and by identifying threats using built-in detection logic and via support for Sigma detection rules. Chainsaw

Zircolite is a standalone tool written in Python 3. It allows to use SIGMA rules on MS Windows EVTX (EVTX and JSONL format), Auditd logs and Sysmon for Linux logs.

  • Zircolite can be used directly on the investigated endpoint (use releases) or in your forensic/detection lab
  • Zircolite is fast and can parse large datasets in just seconds (check benchmarks)

Zircolite can be used directly in Python or you can use the binaries provided in releases (Microsoft Windows and Linux only). Documentation is here. Zircolite

I used to think that, in the end, most people will be able to discern the truth from the lies.

It embeds the executable file or payload inside the jpg file. The method the program uses isn’t exactly called one of the steganography methods [secure cover selection, least significant bit, palette-based technique, etc]. For this reason, it does not cause any distortion in the JPG file. The JPG file size and payload do not have to be proportional.The JPG file is displayed normally in any viewing application or web application. It can bypass various security programs such as firewall, antivirus. If the file is examined in detail, it is easier to detect than steganography methods. However, since the payload in the JPG file is encrypted, it cannot be easily decrypted. It also uses the “garbage code insertion/dead-code insertion” method to prevent the payload from being caught by the antivirus at runtime. JPGtoMalware

Generally speaking, any code which runs on an iOS device must have a chain-of-trust leading up to Apple’s root certificate authority. This chain-of-trust is embedded into the Mach-O executable itself when the executable is signed. When talking about an iOS application, each resource used by it (be it an image, font or a library) must also be signed along with the main executable.

However, it is rather hard (and inefficient) to stuff all of the aforementioned information into the executable itself. The application might not need access to all of its embedded resources at launch time, so embedding their signature into the main executable is a waste of memory. Therefore, a code signature consists of two major components: the Application Seal (AKA the Resource Directory), and the Embedded Signature. A Deep Dive into iOS Code Signing

MS Office docx files may contain external OLE Object references as HTML files. There is an HTML scheme ms-msdt: which invokes the msdt diagnostic tool, what is capable of executing arbitrary code (specified in parameters).

The result is a terrifying attack vector for getting RCE through opening malicious docx files (without using macros). New Microsoft Office Zero-Day Exploit

DevSecOps focuses on security automation, testing and enforcement during DevOps - Release - SDLC cycles. The whole meaning behind this methodology is connecting together Development, Security and Operations. DevSecOps is methodology providing different methods, techniques and processes backed mainly with tooling focusing on developer/security experience.

DevSecOps takes care that security is part of every stage of DevOps loop - Plan, Code, Build, Test, Release, Deploy, Operate, Monitor. Ultimate DevSecOps library

There are several opportunities to test network penetration. These penetration tests are typically carried out by businesses in order to ascertain whether or not their network and all of the devices that are connected to their internal network are secure and up to date in accordance with the policies that they have established.

Imagine that a firm has hired you to conduct a network-based penetration test for them, but all you have is a list of IP addresses, and even then, the corporation isn’t entirely sure how many IP addresses are used internally because there is always the possibility that there are more. Firewall Evasion Techniques using Nmap

Little things you can do to save the environment.

Finally had some time to do some quality-of-life improvements to the Civitas battles.

Can we finally accept DuckDuckNo is done and dusted?