Welcome
** Welcome! Thank you for your Support. **
Hello Chapter!
Welcome New Members. Thank you to returning and current members.
Thank you for your support!
Thank you to our presenter for an informative session.
Also, thank you to our GitTech presenter. Always a great demo.
Our Chapter grows with your support. Get Involved
GitTech (Use Caution)
GitHub - TCM-Course-Resources/Practical-Ethical-Hacking-Resources: Compilation of Resources from TCM's Practical Ethical Hacking Udemy Course
Compilation of Resources from TCM Practical Ethical Hacking Udemy Course - GitHub - TCM-Course-Resources/Practical-Ethical-Hacking-Resources:
github.com
GitHub - t3l3machus/Villain: Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells, enhance their functionality with additional features (commands, utilities etc) and share them among connected sibling servers (Villain instances running on different machines).
Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells, enhance their functionality with additional features (commands, utilities etc) and share them amo...
github.com
Cyber News
Coercions and Relays – The First Cred is the Deepest
Video will cover network protocol poisoning, relays, and abuses. Learn how to use Responder, Ntlmrelayx, and Mitm6. From PetitPotam to WebDAV remote and local privilege escalation, and much more. BHIS.
youtube.com
Isn’t it ironic: Exploiting GDPR laws to gain access to personal data | The Daily Swig
A security researcher has detailed how they were able to exploit GDPR laws to leak sensitive personal information from the systems put in place to protect it.
portswigger.net
Introducing Whisper
We’ve trained and are open-sourcing a neural net called Whisper that approaches human level robustness and accuracy on English speech recognition.
openai.com
Attackers are starting to target .NET developers with malicious-code NuGet packages | JFrog
The NuGet team had already detected and removed the malicious packages in question. Malicious packages are often spread by the open source NPM and PyPI package repositories, with few other repositories affected. Specifically – there was no public evidence of severe malicious activity in the …
jfrog.com
Windows 11 Snipping Tool privacy bug exposes cropped image content
A severe privacy flaw named 'acropalypse' has also been found to affect the Windows Snipping Tool, allowing people to partially recover content that was edited out of an image.
bleepingcomputer.com
Thousands in CT have personal information exposed after Webster Bank data breach
Thousands of Webster Bank customers may now have their personal information for sale on the internet. A data breach of a third party vendor, Guardian Analytics, exposed bank customers’ information.
wfsb.com
NSA shares guidance on how to secure your home network
The U.S. National Security Agency (NSA) has issued guidance to help remote workers secure their home networks and defend their devices from attacks.
bleepingcomputer.com
AWS Security Hub launches 4 new security best practice controls
AWS Security Hub has released 4 new controls for its National Institute of Standards and Technology (NIST) SP 800-53 Rev. 5 standard. These controls conduct fully-automatic security checks against Elastic Load Balancing (ELB), Amazon Elastic Kubernetes Service (Amazon EKS), Amazon Redshift, and Amazon Simple Storage Service (Amazon S3). To use these controls, you should first turn on the NIST standard. If you are already using the standard and have Security Hub set to automatically turn on new controls, these new controls will run without having to take any additional action.
amazon.com
Unauthenticated SSRF Vulnerability on Azure Functions
This blog we describes how an SSRF Vulnerability in Azure Functions allowed any unauthenticated user to request any URL abusing the server. Reported the vulnerability to Microsoft on November 12th, and it was fixed on December 9th, 2022.
orca.security