┌────────┐
│┌─ ─┐ │
┌─────┘ / \ └─────┐
│ ┌── ─ TC ─ ──┐ │
┌─────┘ HQ └─────┐
│ ┌── ─ \ / ─ ──┐ │
│ │ │ │
│ 2 0 1 9 0 9 1 7 │
┌────────────┘ └────────────┐
│ ┌── ─ ─ ──┐ │
│ │ ░░░░░░░░░░░░░░░ ░░░░░ ░░░░░ ░░░░░ ░░░░░ ░░░░░░░░░░░ │ │
│ ░███████████████░█████░█████░█████░█████░███████████ │
│ │ ░███████████████░█████░█████░█████░█████░███████████ │ │
│ │ ███████████████░█████░█████░█████░█████░█████ █████ │ │
│ │ ░█████ ░███████████░█████░█████░█████░░░░░ │ │
│ │ ░█████ ░█████░█████░█████░█████░█████ █████ │ │
│ │ ░█████ ░█████░█████░█████░█████░█████ ░████ │ │
│ │ ░█████ ░█████░█████░█████░█████░█████ ░████ │ │
│ │ ░█████ ░█████░█████░███████████░███████████ │ │
│ │ ▒▒▒▒▒ ▒▒▒▒▒ ▒▒▒▒▒ ▒▒▒▒▒▒▒▒▒▒▒ ▒▒▒▒▒▒▒▒▒▒▒ │ │
│ │ │ │
░░░░░░░░░░░ ░░░░░░░░░░░ ░░░░░░░░░ ░░░░░ ░░░░░ ░░░░░░░░░░░
░███████████░███████████ ░█████████ ░█████ ░█████░███████████
░███████████░█████░█████ ░█ ░█ ░█████ ░█████░███████████
░█████ █████░█████░█████░░█░░░░░░░█ ░█████ ░█████░█████░█████
░█████░░░░░ ░██████████ ░███████████░█████ ░█████░█████░█████
░█████░█████░█████░█████░█████░█████░█████ ░ ░█████░█████░█████
░█████░█████░█████░█████░█████░█████░█████░░█ ░█████░█████░█████
░█████░█████░█████░█████░█████░█████░█████░███░█████░█████░█████
░███████████░█████░█████░███████████░███████░███████░██████████
▒▒▒▒▒▒▒▒▒▒▒ ▒▒▒▒▒ ▒▒▒▒▒ ▒▒▒▒▒▒▒▒▒▒▒ ▒▒▒▒▒▒▒ ▒▒▒▒▒▒▒ ▒▒▒▒▒▒▒▒▒▒
│ │ │ │
┌─────────┘ └─────────┐
│ ┌── ─ A N N O U N C E M E N T S ─ ──┐ │
│ │ │ │
│ │
│ Welcome to another week of ThugCrowd! We've been experimenting with │
│ the format of "Extended News", where we get to discuss infosec news │
│ and other interesting things we've found this week. │
│ │
│ We'll have guests come in different formats, whether it's live, or │
│ pre-recorded, on an irregular schedule for a bit. It'll give us the │
│ opportunity to deep dive into more interesting subjects between our │
│ selves, and allow us to have a more free-flowing discussion. │
│ │
│ NOTE: For those of you in our Matrix chat, we experienced a strange │
│ issue with DNS that messed up some channels over the weekend. If │
│ you experienced any issues, please try and reconnect. DM us if you │
│ have any further problems. │
│ │
│ │ │ │
│ └── ─ ─ ──┘ │
└────────────┐ ┌───┐┌───┐┌─┐╷╷ ┌─┬┐ ┌────────────────────────────┐ ┌────────────┘
│ │ │ ││ ╲ ┤│ │││ │ │ │ │ │
┌────────────┘ └─┘─┘└───┘└─┴┴┘└┴─┘ └────────────────────────────┘ └────────────┐
│ ┌── ─ ─ ──┐ │
│ │ │ │
│ │
│ → Intel server-grade CPUs impacted by new NetCAT attack │
│ → VUSec - NetCAT Writeup │
│ │
│ → Simjacker attack exploited in the wild to track users for at least two │
│ years │
│ │
│ → Infosec duo cuffed after physically breaking into courthouse during IT │
│ security assessment │
│ │
│ → House Antitrust Panel Seeks Documents From 4 Big Tech Firms │
│ │
│ → Phishing Attack Targets The Guardian's Whistleblowing Site │
│ │
│ → Meet the three North Korean hacking groups funding the country's │
│ weapons programs │
│ │
│ → ICE Fails To Properly Redact Document, Reveals Location Of Future │
│ 'Urban Warfare' Training Facility │
│ │
│ → Ryuk Related Malware Steals Confidential Military, Financial Files │
│ │
│ → Computer Scientist Richard Stallman Resigns From MIT Over Epstein │
│ Comments │
│ │
│ → Russia carried out a 'stunning' breach of FBI communications system, │
│ escalating the spy game on U.S. soil │
│ │
│ → This Company Built a Private Surveillance Network. We Tracked Someone │
│ With It │
│ │
│ → Skidmap Linux Malware Uses Rootkit Capabilities to Hide │
│ → Cryptocurrency-Mining Payload │
│ │
│ → Cubans are avoiding the U.S. sanctions to use cryptocurrency │
│ │
│ → Millions of Americans' Medical Images and Data Are Available on the │
│ Internet. Anyone Can Take a Peek. │
│ │
│ → Coast Guard seeks tips for threatening radio broadcast │
│ │
│ │ │ │
│ └── ─ ┐ ┐ ─ ──┘ │
└────────────┐ ┌───┐┌───┐┌───┐┌───│ ┌─┬─┐┌───┐┌───│┌───│ ┌─┬┐ ┌──┐ ┌────────────┘
│ │ ╲ ││ ╲ ││ ╲ ││ ╲ │ │ │ │ ╲ ┤│ ╲ ││ ╲ │ │ │ │ │ │
┌────────────┘ └───│└───┘└───┘└───┘ └─┘ └───┘└───┘└───┘└┴─┘ └──┘ └────────────┐
│ ┌── ─ └───┘ ─ ──┐ │
│ │ │ │
│ │
│ → The Intriguing Sneaker Bot industry │
│ │
│ → Leveraging the PE Rich Header for Static Malware Detection and Linking │
│ │
│ → Azeria Labs: The Process of Mastering a Skill │
│ │
│ → From BinDiff to Zero-Day: A Proof of Concept Exploiting CVE-2019-1208 │
│ in Internet Explorer │
│ │
│ → Medical Malware: An Interesting Research Path for H+ security │
│ │
│ → Hexa's Hackventures - Wall || Tokyo, Japan │
│ │
│ → The Mango One - 6502 Computer │
│ │
│ → icyphox - Disinformation demystified │
│ │
│ → Developer on Fire Episode 426 Gareth Small - Grateful Turnaround │
│ │
│ → Milo Adopts 'Fursona,' But Furries Say No Thanks │
│ │
│ → The Internet Relies on People Working for Free │
│ │
│ → Numbers & Oddities a.k.a. the "Spooks Newsletter" #263, August 2019 │
│ │
│ │ │ │
│ └── ─ ─ ──┘ │
└────────────┐ ┌─┐─┐ ┌─┬┐┌───┐┌──┬╴┌─┐─┐┌─┐ ┌──────────────────┐ ┌────────────┘
│ │ │ │ │ │ │ ╲ ┤│ ├╴│ │ ││ │─┐ │ │ │
┌────────────┘ └─┴─┘└┴─┘ └───┘└──┘ └─┴─┘└─┴─┘ └──────────────────┘ └────────────┐
│ ┌── ─ ─ ──┐ │
│ │ │ │
│ │
│ → netspooky/inhale: A malware analysis and classification tool │
│ │
│ → SVD-Loader for Ghidra: Simplifying bare-metal ARM reverse engineering │
│ │
│ → posborne/cmsis-svd: Aggegration of ARM Cortex-M CMSIS SVDs and │
│ related tools │
│ │
│ → corkami - Windows PE Resource │
│ │
│ → Command and Control via TCP Handshake │
│ │
│ → b4rtik/SharpMiniDump Create a minidump of the LSASS process from │
│ memory │
│ │
│ → Static-Flow/BurpSuite-Team-Extension: A Burp plugin for collaboration │
│ │
│ │ │ │
│ └── ─ ─ ──┘ │
└────────────┐ ┌─┬─┐┌─┐─┐┌───┐┌───│┌─┐ ┌─┬┐ ┌──────────────────┐ ┌────────────┘
│ │ │ │ ├ ││ ╲ ┤│ ╲ ││ ├ │ │ │ │ │
┌────────────┘ └─┴─┘└─┘─┘└───┘└───┘└─┴─┘└┴─┘ └──────────────────┘ └────────────┐
│ ┌── ─ ─ ──┐ │
│ │ │ │
│ │
│ → lastpass: bypassing do_popupregister() leaks credentials from prev site │
│ │
│ → hermit: 2FA Code Dork │
│ │
│ → xsscx/Commodity-Injection-Signatures - Commodity Injection Signatures, │
│ Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, JS, XSLT │
│ │
│ → Microsoft DirectWrite out-of-bounds read in sfac_GetSbitBitmap while │
│ processing TTF fonts │
│ │
│ │ │ │
│ └── ─ ─ ──┘ │
└────────────┐ ┌─┬┐┌───│┌──┬╴┌───│┌─┬─┐┌┬─┬┐ ┌──────────────────┐ ┌────────────┘
│ │ │ │ ╲ ││ ├╴│ ╲ ││ │ │ │ │ │ │
┌────────────┘ └┴─┘ └───┘└──┘ └───┘└─┘ └┴─┴┘ └──────────────────┘ └────────────┐
│ ┌── ─ ─ ──┐ │
│ │ │ │
│ │
│ [def_hand] │
│ │
│ → Can binary code hack any system? │
│ │
│ [hermit] │
│ │
│ → hermit: 2FA Code Dork link │
│ │
│ → #DORKTEAM6 Streams on Twitch │
│ │
│ → A very broken page with an XSS │
│ │
│ → intext:"account kit by facebook" site:receive-sms.cc │
│ │
│ [nux] │
│ │
│ → Some reverse shell │
│ │
│ → A whole bunch of Arab stream links │
│ │
│ → TrickBot info │
│ │
│ → "Cu hecking the system architecture" │
│ │
│ → Some reflective DLL injection payload │
│ │
│ → Giant base64 blob │
│ │
│ [Plazmaz] │
│ │
│ → Some obfuscated code from a loader of some sort │
│ │
│ [sh1ttykids] │
│ │
│ → SecureDrop Phishing Page │
│ │
│ [xehle] │
│ │
│ → Online IDE & Paste Search Tool │
│ │
│ [x0] │
│ │
│ → String.fromCharCode fun │
│ │
│ → More String.fromCharCode fun │
│ │
│ → Some wild JS obfuscation │
│ │
│ → PoC to call code from a block comment │
│ │
│ → [F4M] Centaur girls: Yay or neigh? │
│ │
│ → Sausage stroganoff │
│ │
│ → A big list of mysterious exe's │
│ │
│ → What are these things that keep getting deleted quickly from pb? │
│ │
│ → Supposedly code that proves Time Ai's claims │
│ │
│ [yuu] │
│ │
│ → Output from inhale.py of unpacked miners found in the wild │
│ │
│ → Possibly a PizzaHut bot detector │
│ │
│ → Unminified and decoded form of the PizzaHut code │
│ │
│ → SjUcxgiX.earlyversion.pizza.js │
│ │
│ │ │ │
│ └── ─ ─ ──┘ │
└──────────────────────┐ W E E K L Y M I X ┌──────────────────────┘
│ │
│ by │
│ │ │ │
│ └── ─ @0katz ─ ──┘ │
└─────┐ ┌─────┘
│ └── ─ ─ ──┘ │
└─────┐ ┌─────┘
│ └ ┘ │
└────────┘