Innholdsfortegnelse for November 2024 i Hackercool Magazine

Hackercool Magazine|November 2024

BLACK HAT HACKING

Security analysts at Infoblox encountered a domain while observing malicious traffic that appeared to be a lookalike of a very popular Slack hosting resource. This domain may belong to a phishing URL or a case of domain hijacking that happened due to credential theft. The domain they found was actually a lookalike of a high-value domain name. Re-searchers at Infoblox encounter cases like these regularly. Hence, they reported this domain hijacking case to both the domain register and DNS provider and moved on with their day-to-day work. Infoblox is an IT security company that focuses on managing and identifying devices connected to network. They are specialized in DNS security and DHCP security. While Other IT security companies try to reverse engineer a malware detected and try to find out what…

6 min

Hackercool Magazine|November 2024

VULNERABILITY FOR BEGINNERS

Researchers at ACROS security recently discovered a zero-day vulnerability in Windows Server 2012 OS of Microsoft. Windows Server 2012 launched in 2012 (obviously) like all other Server operating systems of Microsoft is used for Active Directory services and other domain related services. Mainstream support ended for this operating system in October 2018 and extended support ended on October 2023. At present, Microsoft is offering paid support for Windows server 2012 until 2026. Properties of a signed file Properties of a unsigned file like our meterpreter payload About the vulnerability The zero-day vulnerability whose details are not being revealed for fear of exploitation by threat actors got added to the Windows Server 2012 two years back. The vulnerability is present in Windows Mark of The Web (MoTW) feature. Mark of the…

2 min

Hackercool Magazine|November 2024

USEFUL RESOURCES

Check whether you email is a part of any data breach https://haveibeenpwned.com Vulnera https: //github.com/hackercoolmagz/vulnera “There are only two types of companies in the world: those that have been breached and know it and those that have been breached and don’t know it.”—Ted Schlein Although patches have been applied to fix this vulnerability, the cybersecurity company Huntress, reported that these patches don’t mitigate the vulnerability totally. The vulnerability affects Cleo Harmony (upto version 5.8.0.23), Cleo VLTrader (upto version 5.8.0.23) and Cleo Lexicon (upto Version 5.8.0.23). How this vulnerability can be exploied? The device with vulnerable software needs to be exposed to internet for threat actors to exploit this vulnerability. Usually, MFT’s need to be exposed to internet to fulfill their purpose of file transfer between organizations on internet. To exploit…

1 min

Hackercool Magazine|November 2024

WHAT’S NEW

The team of BackBox Linux have announced the release of their latest version of the BackBox penetration testing operating system. The latest version is version 9 with a codename “Noble Numbat”. This has given us an opportunity to introduce this operating system for the first time to our readers in our magazine. Gone are the days when hackers (or ethical hackers) used to install all the hacking tools they needed on a single system. It has long been the era of penetration testing distros or operating systems built for pen testing and ethical hacking. But when you think of pen testing distros, only Kali Linux and Parrot Security OS come to your mind. In all this noise or rather encouraging shouts of Kali Linux and Parrot OS, don’t forget there…

2 min

Hackercool Magazine|November 2024

AV/EDR EVASION

In the AV Evasion feature of this month, you will learn about a tool that is currently being used by Black Hat Hackers around the world to evade Antivirus and Endpoint Detection and Response (EDR). The name of this tool is EDRSilencer. EDR Silencer is an open-source tool written in C language and available on GitHub. As the name of the tool implies, it silences EDRs from detecting malicious payloads or files. How does this tool do it? It does this by using Windows Filtering Platform (WFP) to block Endpoint detection and Response (EDR) agents from reporting security events to the server. This tool was inspired from another tool called FireBlock from md5sec’s Night task. Before you understand how this tool works, you need to understand some basics. Let’s start.…

5 min

Hackercool Magazine|November 2024

CYBER SECURITY

Jongkil Jay Jeong Senior Research Fellow in the School of Computing and Information System, The University of Melbourne Despite huge advances in cyber security, one weakness continues to overshadow all others: human error. Research has consistently shown human error is responsible for an overwhelming majority of successful cyber attacks. A recent report puts the figure at 68%. No matter how advanced our technological defences become, the human element is likely to remain the weakest link in the cyber security chain. This weakness affects everyone using digital devices, yet traditional cyber education and awareness programs – and even new, forward-looking laws – fail to adequately address it. So, how can we deal with human-centric cyber security related challenges? Understanding human error There are two types of human error in the context…

4 min

Hackercool Magazine|November 2024

GAINING ACCESS

A person was searching for team-building activities on internet. After a few minutes of searching, he found a link on Indeed job search platform and clicked on that link. Going to the website automatically downloaded a document. He then clicked on it to see what is inside that document. Little did he know that the file that got downloaded to his system was not a document but a malware known as SolarMaker imitating itself as a document. Not just that he also didn’t realize that he was directed to a malicious website that looked like website of Indeed job search platform but not. As weekend was approaching, Vijay was searching for a nice movie to download so that he can watch it on weekend. Vijay is not a subscriber to…

5 min

Hackercool Magazine|November 2024

HACKING ACTIVE DIRECTORY

Well, welcome to Hacking Active Directory-Rebirth again. In our previous Issue, you learnt about all the basics that are needed to understand about Active Directory hacking. As promised, in this Issue, we are back with a hacking attack that is very common in Windows Active Directory environment. The name of the attack is Pass-the-Hash attack. No matter what attack real-world hackers perform in Active directory environment their end goal is to take control of the domain controller system. As you read in our previous Issues, Domain Controller is the most important part of Active Directory. Before we go into the detailed explanation of Pass-the-Hash attack, let me explain you about the environment or Hacking lab we are using for this article. Let’s explain about each system in the lab now.…

5 min

Hackercool Magazine|November 2024

VULNERABILITY FOR BEGINNERS

Cybersecurity company Huntress discovered evidence of Black Hat Hacker groups in real-world exploiting a vulnerability in Cleo File Transfer Software. Cleo MFT (Managed File Transfer) is a file transfer software made by Cleo, an Illinois based company that has over 4200 customers worldwide. The customers of Cleo-MFT included, Sadea, Ryder etc. A managed File Transfer (MFT) system is a secure solution used by organizations for reliable inbound and outbound file transfer. About the vulnerability The vulnerability being tracked as CVE-2024-50623 is an unrestricted file upload that could result in unauthenticated remote code execution.…

1 min