Best of Cybersecurity — November 2024

1
Video
Fireship·1y
The horrors of software bugs
Software bugs, sometimes deemed as features, can have significant and often dire consequences. Historical examples include Civilization's Gandhi bug, the 2008 Zune freeze due to a leap year miscalculation, and the Pentium FDIV bug of 1994 impacting floating-point division. Other notable bugs caused the 2019 iPhone FaceTime eavesdropping glitch, Chase ATM's check fraud loophole in 2024, and several critical failures in aerospace and military software systems. Learning from these bugs emphasizes the critical importance of robust testing and error handling in software development.
1.3K
24
2
Video
ByteByteGo·1y
How SSH Really Works
SSH is essential for providing secure remote access over unsecured networks. This video explains how SSH creates a secure tunnel between client and server, focusing on SSH2, which offers improved security features compared to SSH1. Key aspects covered include TCP connection establishment, version and algorithm negotiation, key exchange using the Elliptic Curve Diffie-Hellman method, and public key authentication. Once authenticated, all communication between the client and server is encrypted using a session key. SSH also supports local forwarding for tunneling other network services securely.
254
4
3
Article
Misfits Developers·1y
Hackers breach Andrew Tate’s online university, leak data on 800,000 users
Hackers have breached The Real World, an online course founded by controversial influencer Andrew Tate, exposing data on nearly 800,000 users, including 325,000 unique email addresses and chat logs from over 600 servers. The attackers, motivated by hacktivism, criticized the platform's poor security. The breach underscores significant concerns about user privacy and security on such platforms.
75
10
4
Article
InfoSec Write-ups·1y
Building an Integrated Threat Intelligence Platform Using Python and Kibana
The post discusses the creation of a comprehensive Threat Intelligence Platform (TIP) using Python, Elasticsearch, and Kibana. Key features include breach monitoring, subdomain enumeration, phishing domain detection, GitHub leak searches, IOCs integration, dark web monitoring, and HTTP header analysis. The system uses Python scripts for data collection, Elasticsearch for data storage, and Kibana for visualization. The post emphasizes ethical considerations, including data privacy, legality, and secure coding practices.
62
5
Article
freeCodeCamp·1y
Useful Nmap Scripts for Ethical Hackers
Nmap, an open-source Linux command-line tool, is widely used for scanning IP addresses and ports in a network to identify running devices, discover open ports and services, and detect vulnerabilities. This post explains the Nmap Scripting Engine (NSE) and various useful scripts, such as `http-enum`, `smb-os-discovery`, `http-headers`, `ssh-brute`, and `dns-brute`. These scripts enhance the ability to perform detailed network scans and gather specific information, providing a powerful way to audit, troubleshoot, and secure networks.
61
6
Video
Fireship·1y
D-Link says “just buy a new router” after 9.8 critical vulnerability…
D-Link has announced that a critical 9.8 vulnerability affecting its NAS and router devices will not be fixed due to the devices reaching their end-of-life. This exposes users to potential remote code execution and security breaches. The company recommends purchasing new devices instead. The post also highlights the broader industry practice of planned obsolescence and provides an ethical hacking overview for educational purposes.
53
3
7
Article
Semaphore·1y
How Attackers Use HTTP Status Codes for Malicious Purposes
HTTP status codes are crucial for communication between servers and clients, but they can be exploited by attackers to compromise servers. Understanding the role of status codes, how attackers use them, and proper handling techniques are essential for web application security. While returning uncommon status codes might confuse attackers temporarily, following API security best practices is the real solution to mitigate risks.
47
8
Article
InfoSec Write-ups·1y
Dark Web Scraping Using AI : Tools, Techniques, and Challenges
Learn how to use AI for scraping dark web data by leveraging Python and the Llama model. This guide covers setting up the necessary tools, including Streamlit, LangChain, Selenium, and BeautifulSoup, in a Python virtual environment. It demonstrates a step-by-step process to create a web scraper, retrieve and clean webpage content, and analyze the scraped data using Llama for accurate and relevant insights.
40
6
9
Article
selfh.st·1y
This Week in Self-Hosted (29 November 2024)
This edition provides updates and news on various self-hosted applications and deals for Black Friday 2024, including sales on storage solutions and VPNs. Software updates featured include ByteStash's new SSO support, Grist's Debian-based Docker image, and features like the new timeline layout in Lychee. New releases discussed include Bearlytics for privacy-first analytics and Jellyplist for syncing Spotify playlists to Jellyfin. Highlighted is the Readeck platform for bookmarking and article saving.
34
10
Article
Community Picks·1y
infinition/Bjorn: Bjorn is a powerful network scanning and offensive security tool for the Raspberry Pi with a 2.13-inch e-Paper HAT. It discovers network targets, identifies open ports, exposed servi
Bjorn is an advanced network scanning and offensive security tool for the Raspberry Pi, featuring a 2.13-inch e-Paper HAT display. It includes capabilities for network scanning, vulnerability assessment, and various system attacks such as brute-force and data exfiltration. Designed as an educational tool, Bjorn's modular architecture allows for extensibility, making it suitable for penetration testing and learning cybersecurity concepts. It provides real-time monitoring via the e-Paper display and a web interface.
32
11
Article
System Weakness·1y
Google Dorking in Cybersecurity
Google Dorking, also known as Google Hacking, is a technique for crafting search queries on Google to access specific sites, file types, or pages. This process is useful in OSINT investigations and penetration testing. The post explains common dorks like 'cache', 'filetype', 'intitle', 'inurl' and their uses, while emphasizing the legal boundaries. It covers use cases such as searching for mentions, documents, web cameras, and sensitive files. The guide also details how to automate these searches with Python scripts and mentions other search engines like Netlas, Shodan, and Censys that can complement Google Dorking.
27
2
12
Article
InfoSec Write-ups·1y
Building a Virtual Ethical Hacking Home Lab — Part 2: Lab Topology
This guide covers the hardware requirements and configurations needed to set up a virtual ethical hacking home lab using VMware. It details steps to check and enable virtualization, outlines the lab topology with different virtual machines including a domain controller, Metasploitable VM, and an attack machine, and provides instructions for downloading and installing VMware Workstation.
26
13
Article
DEV·1y
🚀 Unlocking Fine-Grained Access Control with Cerbos
Cerbos is an innovative authorization solution that simplifies fine-grained access control for developers. It features an open-source Policy Decision Point (PDP) for evaluating access requests and an enterprise-grade Cerbos Hub for centralized policy management. Cerbos integrates seamlessly with various programming languages and frameworks, offering robust policy management, easy installation, and scalability. Ideal for industries like SaaS, enterprise software, healthcare, and e-commerce, Cerbos ensures secure and streamlined authorization processes.
23
4
14
Article
System Weakness·1y
Azure honeypot Project
The Azure Honeypot Project is a guide to setting up a T-Pot honeypot on Microsoft Azure. It details the steps to create a virtual machine, configure necessary settings, and install T-Pot to monitor hacker activity. T-Pot combines multiple honeypots into one platform, offering robust threat intelligence and network security monitoring with advanced visualization tools like Kibana.
22
15
Article
The Hacker News·1y
A Hacker's Guide to Password Cracking
Hackers exploit weak passwords to breach organizational security, often targeting commonly used passwords like '123456' and 'password.' They employ brute force and dictionary attacks, making short, simple passwords vulnerable to rapid cracking. Organizations can better defend against these attacks by using complex passphrases, implementing multi-factor authentication, and encouraging good password hygiene among users. Tools like Specops Password Policy help enforce strong password practices and identify compromised passwords within Active Directory.
20
2
16
Video
Seytonic·1y
Spotify Has a Malware Problem
Cyber criminals are using platforms like Spotify and Amazon Music to spread pirated software and malware. By indexing these platforms' web players on search engines, they attract users searching for cracked software, leading them to malicious links. This method, though not new, showcases how legitimate services can be repurposed for illicit activities. The post also highlights an infamous hacking incident where Russian state hackers hid control servers in Instagram comments. Additionally, it covers a curious case of a hacker in Montana trying to advertise his pentesting services by hacking into businesses first.
18
1
17
Article
Cyber Security·1y
56% of successful cyber attacks use HTTP status codes
HTTP status codes play a crucial role in web application security, with around 56% of cyber threats exploiting these codes. Attacks often target 4xx and 5xx error codes. Understanding and monitoring these codes can significantly reduce cybersecurity risks.
18
2
18
Video
Low Level Learning·1y
C, but for Offensive Security
Learning C through capture the flag (CTF) exercises is recommended for those interested in cyber security. CTF helps understand how code can be broken and how to improve code safety as a result. Writing safe code requires knowledge of breaking code.
15
19
Article
InfoSec Write-ups·1y
Python for Security Engineers
Python is an essential skill for cybersecurity professionals due to its simple syntax and versatile use cases. This guide covers basic programming skills, working with APIs, data processing, and creating custom scripts. Practical suggestions include standing up Flask apps and building CLI tools, which are crucial skills for automating processes and solving specific challenges in cybersecurity.
14
20
Article
Cyber Security·1y
Free magazine, by a hacker
A link is provided to access a free magazine created by a hacker. Readers can find various articles and resources related to hacking topics.
13
2
21
Video
David Bombal·1y
Have you been hacked? Hacker explains how to find out!
Cybersecurity experts David Bumble and OTW discuss how to determine if your computer has been hacked. They cover symptoms like slower performance, unusual system behavior, unauthorized email activity, and unexpected pop-ups. The discussion highlights using tools like Task Manager, Process Explorer, and Wireshark to identify and manage potential malware on your system. Key advice includes regularly changing passwords, not reusing them, and staying alert for signs of compromise.
12
22
Video
ThePrimeTime·1y
Zendesk Mega Backdoor
A 15-year-old programmer discovered a vulnerability in Zendesk that allowed remote attackers to read ticket histories via email spoofing. Despite the severity of the issue, Zendesk initially dismissed the report, leading the teenager to disclose the bug to affected companies directly. This eventually pressured Zendesk to fix the issue, but they did not reward the programmer, citing a breach of disclosure guidelines.
10

See all Cybersecurity archives