🚨 ALERT:
#LinuxKernel
backdoor in netfilter! JIAXX user's pull request malicious code 2 wks ago, manipulating 'cntl_msg_accept' in netfilter/nfnetlink_conntrack.h so netfilter may permit incoming TCP connections via a specific magic packet sequence, potentially resulting in RCE!
@Essb33
Those there have 1 to 10% of specific knowledge, which can be theirs, they have acquired the remaining 90-99% by people, they should thank them and their approach of sharing, otherwise they would never have acquired this 1-10% themselves.
Receive and share.
Living Off Trusted Sites:
Attackers are using popular legitimate domains to conduct attacks (e.g. phishing). I've attempted to compile a list of legitimate domains that can be abused by attackers. As usual, feel free to contribute.
@MrTuxracer
Ah yes, I understand your point better. Thanks.
The question is really very complex and multifaceted, maybe more transparency and/or regulation is needed for this new (amazing) technology.
I'm considering calling them "on-prem employees" versus "cloud employees" to see if that helps make things a little bit more clear to people who are struggling to grasp remote work. I want to see people make the argument that on-prem is better.
@Sudhans42246878
I agree with you, but some companies may not like it when you watch something without having a clear mandate. I wouldn't take a chance at this game, seriously...
Regarding the xz backdoored binary, see the one-liner below to check the version you have installed.
**I wouldn’t suggest folks running the malicious binary with -v option🫠🫣
for xz_p in $(type -a xz | awk '{print $NF}' | uniq); do strings "$xz_p" | grep "xz (XZ Utils)" ||…
Scriptomatic V2 from The Scripting Guys, Microsoft.
Written in 2004, generates automatic script from WMI classes in VBscript, Perl, Jscript, Python 🔥
Here is the hash in case you wanna take it for a spin.
de8e453636393e4611d538e7c6be1b6f9d3eeab5f5ec926cf8070fce0980be94
2/n: Open-source projects often face challenges due to a lack of human, financial, and material support, as seen with the recent XZ backdoor incident
#xzbackdoor
#XZUtils
Did some consulting a few months back where an IT staff stored credentials on their desktop in a null ASCII folder, making it impossible to access without renaming. Honestly, super weird thing to come across... Would honestly make an interesting challenge out of it.
@joehelle
Ignoring that email may result in receiving an email with the same information. Ignoring that email may result in receiving another email with the same information. Sorry.
Today I reached
#1
on
@hackthebox_eu
! It probably won't be for long but it's still a huge achievement for me 😎 Special shoutouts to Tabacci for helping me with crypto,
@clubby789
for making a cheesable 9 point challenge and
@devx00
for recommending HeapLap :)