SecureHats Weekly — Issue #5
Hey Guys,
Thanks for taking the time and opening up the SecureHats newsletter. I’m still looking for the right time of publishing due to the overload of information that is available. Fridays don’t seem to be the best time of the week because of the overlap with another crazy good update by Rod Trent in his newsletter on Fridays.
Then again, having too much information about security doesn’t exist, so I will keep putting together a weekly curated list of all important security news for your reading pleasure.
I can’t say it enough, this newsletter is only possible due to the great contribution by the community members who are scouring the web to deliver the best content.
One of our members MVP — Giani Castaldi @castello_johnny has started an amazing initiative with Alex Verboon called KQL Cafe, see link below. If you are interested in KQL then join the kick-off event on January 25, 6 PM CET
I also want to give a warm welcome to the new members. It’s great to see how small the security world actually is, and how many of you already know each other.
Have fun reading this week and stay safe!
@DijkmanRogier @SecureHats
Picture of the Week
Weekly Spotlight
KQL Cafe (Zürich, Switzerland) | Meetup — www.meetup.com
We’re an online and in-person community to make the world a better place with KQL. Join us to learn, share and practice the KQL language.
Intel & Vulnerabilities
A mysterious threat actor is running hundreds of malicious Tor relays — therecord.media
The Record by Recorded Future gives exclusive, behind-the-scenes access to leaders, policymakers, researchers, and the shadows of the cyber underground.
Nine WiFi routers used by millions were vulnerable to 226 flaws — www.bleepingcomputer.com
Security researchers analyzed nine popular WiFi routers and found a total of 226 potential vulnerabilities in them, even when running the latest firmware.
Ex Ubiquiti Developer Arrested for Data Theft — www.infosecurity-magazine.com
Former employee charged with stealing data and posing as cyber-attacker to extort ransom
ProxyShell exploitation leads to BlackByte ransomware — Red Canary — redcanary.com
BlackByte ransomware leverages ProxyShell Microsoft Exchange vulnerabilities for initial access and Cobalt Strike for lateral movement.
Breaches
2.1 Million People Affected by Breach at DNA Testing Company
On August 6, 2021, DNA Diagnostics Center, Inc. (DDC) detected potential unauthorized access to its network, during which there was unauthorized access and acquisition of […]
Nordic Choice Hit By Virus — Internal Systems Affected (Manual Check-Ins) — LoyaltyLobby — loyaltylobby.com
Nordic Choice faces IT issues after its internal systems were affected by a virus.
Data Breach at Panasonic — Infosecurity Magazine — www.infosecurity-magazine.com
Japanese multinational conglomerate issues notice of unauthorized access to file server
Blogs
Azure AD Kerberos authentication (Preview) | Microsoft Docs — docs.microsoft.com
Learn about Azure AD Kerberos authentication
How Azure AD Kerberos Works — syfuhs.net
Azure AD Kerberos is a modern form of Kerberos for hybrid environments.
Lateral Movement with Managed Identities of Azure Virtual Machines | Microsoft 365 Security — m365internals.com
This blog post will cover details about Managed Identities in Azure VMs. During this blog post, we are trying to get a few questions answered, which goes from what Managed Identities are, why people are using them, and if we could abuse them to move laterally, etc. This blog post will be focusing on Managed…
How to Secure an Azure Service Principal with Conditional Access | ARGOS Cloud Security — www.argos-security.io
Identity and Access Management (IAM) is absolutely fundamental to a Cloud operation, however, sometimes you had to make allowances for certain scenarios. For example, in order to gain access to a Microsoft Azure environment the most common way for Software […]
Tools & Solutions
Use Terraform To Create Your Own Vulnerable By Design AWS IAM Privilege Escalation Playground — www.kitploit.com
Use Terraform to create your own vulnerable by design AWS IAM privilege escalation playground. IAM Vulnerable uses the Terraform bina…
GitHub — AzureAD/Azure-AD-Incident-Response-PowerShell-Module — github.com
The Azure Active Directory Incident Response PowerShell module provides a number of tools, developed by the Azure Active Directory Product Group in conjunction with the Microsoft Detection and Response Team (DART), to assist in compromise response.
goEnumBruteSpray — User Enumeration And Password Bruteforce On Azure, ADFS, OWA, O365 And Gather Emails On Linkedin — www.kitploit.com
The recommended module is o365 for user enumeration and passwords Bruteforce / spray. Additional information can be retrieved to avoid a…
Events & Training
Join the TryHackMe Discord Server! — discord.com
Learn about ethical hacking and information security from the ground up. All you need is a willingness to research! | 106,436 members
SecureHats — roundtable (secure communications plan) Registration, Thu, Jan 6, 2022 at 7:00 PM | Eventbrite
www.eventbrite.com
Eventbrite — SecureHats presents SecureHats — roundtable (secure communications plan) — Thursday, January 6, 2022 — Find event and registration information.
InfoSec Jupyterthon 2021 Playlist — www.youtube.com
Day 1 of the InfoSec Jupytertthon 2021 edition!An open community event for security researchers to share their experience and favorite notebooks with the inf…
