/* * This file is part of the Symfony package. * * (c) Fabien Potencier * * For the full copyright and license information, please view the LICENSE * file that was distributed with this source code. */ namespace Symfony\Component\String; if (!\function_exists(u::class)) { function u(?string $string = ''): UnicodeString { return new UnicodeString($string ?? ''); } } if (!\function_exists(b::class)) { function b(?string $string = ''): ByteString { return new ByteString($string ?? ''); } } if (!\function_exists(s::class)) { /** * @return UnicodeString|ByteString */ function s(?string $string = ''): AbstractString { $string = $string ?? ''; return preg_match('//u', $string) ? new UnicodeString($string) : new ByteString($string); } } information – Page 3 – OWASP Jakarta

information

Dancho Danchev’s Blog – Mind Streams of Information Security Knowledge: Dynamic DNS Service Providers for APT Command and Control (C&C)

Dancho Danchev’s Blog – Mind Streams of Information Security Knowledge: Dynamic DNS Service Providers for APT Command and Control (C&C) Dear blog readers, The following is a compilation of dynamic DNS providers in specific ones used by APTs and various other targeted campaign obtained using public sources. Sample dynamic DNS Read more…

By adminowasp, ago

Dancho Danchev’s Blog – Mind Streams of Information Security Knowledge: An OSINT Profile of U.S Secret Service’s Most Wanted Cybercriminal Danil Potekhin

Dancho Danchev’s Blog – Mind Streams of Information Security Knowledge: An OSINT Profile of U.S Secret Service’s Most Wanted Cybercriminal Danil Potekhin In this analysis we’ll take a look at the Internet connected infrastructure of U.S Secret Service’s most wanted cybercriminal with a $10M reward Danil Potekhin using a variety Read more…

By adminowasp, ago

Analyse Binaries For Missing Security Features, Information Disclosure And More…

Analyse Binaries For Missing Security Features, Information Disclosure And More…



Analyse binaries for missing security features, information disclosure and more.

Extrude is in the early stages of development, and currently only supports ELF and MachO binaries. PE (Windows) binaries will be supported soon.

Usage

Usage:
extrude [flags] [file]
Flags:
-a, --all               Show details of all tests, not just those which failed.
-w, --fail-on-warning   Exit with a non-zero status even if only warnings are discovered.
-h, --help              help for extrude

Docker

You can optionally run extrude with docker via:

docker run -v `pwd`:/blah -it ghcr.io/liamg/extrude /blah/targetfile

Supported Checks

ELF

  • PIE
  • RELRO
  • BIND NOW
  • Fortified Source
  • Stack Canary
  • NX Stack

MachO

  • PIE
  • Stack Canary
  • NX Stack
  • NX Heap
  • ARC

Windows

Coming soon…

TODO

  • Add support for PE
  • Add secret scanning
  • Detect packers

(more…)

By adminowasp, ago

Dancho Danchev’s Blog – Mind Streams of Information Security Knowledge: Spamvertized Github Powershell Malicious Software Executing Campaign Spotted in the Wild

Dancho Danchev’s Blog – Mind Streams of Information Security Knowledge: Spamvertized Github Powershell Malicious Software Executing Campaign Spotted in the Wild Dear blog readers, I’ve recently intercepted a currently circulating spamvertised campaign enticing users into interacting with a Powershell script ultimately tricking them into downloading and executing malicious software on Read more…

By adminowasp, ago

Dancho Danchev’s Blog – Mind Streams of Information Security Knowledge: Exposing an Indian Police Spyware Cyber Operation

Dancho Danchev’s Blog – Mind Streams of Information Security Knowledge: Exposing an Indian Police Spyware Cyber Operation This analysis is based on this Wired.com story. Sample Gmail accounts known to have been involved in the campaign include:jagdish.meshraam@gmail.comdrsnehapatil64@gmail.comsinhamuskaan04@gmail.comjennifergonzales789@gmail.compayalshastri79@gmail.com Sample malicious domains known to have been involved in the campaign:researchplanet.zapto.orgsocialstatistics.zapto.orgduniaenewsportal.ddns.net Sample domain Read more…

By adminowasp, ago

DockerSpy Searches For Images On Docker Hub And Extracts Sensitive Information Such As Authentication Secrets, Private Keys, And More

DockerSpy Searches For Images On Docker Hub And Extracts Sensitive Information Such As Authentication Secrets, Private Keys, And More DockerSpy searches for images on Docker Hub and extracts sensitive information such as authentication secrets, private keys, and more. What is Docker? Docker is an open-source platform that automates the deployment, Read more…

By adminowasp, ago

Dancho Danchev’s Blog – Mind Streams of Information Security Knowledge: Profiling the Gaza Hackers Team

Dancho Danchev’s Blog – Mind Streams of Information Security Knowledge: Profiling the Gaza Hackers Team In the following post I’ll profile the Gaza Hackers Team. Sample photos: Primary group’s domains: hxxp://gaza-hacker.comhxxp://hacker.pshxxp://gaza-hacker.nethxxp://gaza-hack.orghxxp://gaza-hack.infohxxp://xhackerx.comhxxp://gaza-hack.comhxxp://gaza-hackers.com Primary group’s email address accounts: moayy2ad@hotmail.comc-e@hotmail.comle0n005061@gmail.com Related domain names registered using the same email address accounts: hxxp://frontat.comhxxp://nswaa.comhxxp://elsahefa.comhxxp://naji-albatta.comhxxp://dr-sohila-edu.comhxxp://samozico.comhxxp://shahidn.comhxxp://spider-rss.comhxxp://sv4media.comhxxp://m3n4.comhxxp://shamaly.comhxxp://g2mz.comhxxp://4as7ab.comhxxp://cfpalestine.comhxxp://q8yh.comhxxp://wac-yamama.orghxxp://rawshna.orghxxp://saawa.comhxxp://4rbshare.comhxxp://lajlek.comhxxp://l7ens.comhxxp://koraw.comhxxp://kwgram.comhxxp://gwafe.comhxxp://q8ey.comhxxp://x23x.comhxxp://kuwaitpwr.comhxxp://kuwaitfn.comhxxp://abovlan.comhxxp://q8pinq.comhxxp://eli4s.comhxxp://7koma.comhxxp://juod.nethxxp://topteamdns.comhxxp://nhla7-uae.comhxxp://3agil.comhxxp://wtnfjr.comhxxp://norislam.nethxxp://universalimporting.comhxxp://gaza-shell.comhxxp://remas3.comhxxp://3dshared.comhxxp://3dm3mare.comhxxp://al-ra3ed.comhxxp://bissan-m.comhxxp://bnimashhor.comhxxp://pure4ever.nethxxp://shaatha.comhxxp://ispal.nethxxp://paldream.nethxxp://islhack.nethxxp://adsyour.nethxxp://bnimashhor.nethxxp://mr-matrix.nethxxp://amtaar-a.orghxxp://darhuda.orghxxp://downiphone.comhxxp://6ayf.orghxxp://jadoptical.comhxxp://yomo-az.comhxxp://bfbcps.comhxxp://glaroo7y.comhxxp://amal-ci.comhxxp://q8gz.comhxxp://dubai-g.comhxxp://3mrrycam.comhxxp://psdmate.comhxxp://njomksa.comhxxp://g-ghram.comhxxp://coctael.comhxxp://alhajere.infohxxp://glaoman.comhxxp://ascdascascasc.comhxxp://m7b4.comhxxp://shrooq.orghxxp://3uz.comhxxp://alhajere.nethxxp://wt2n.comhxxp://sfena.comhxxp://artsformedia.comhxxp://r-alfrsan.comhxxp://arabgmaes.comhxxp://studiomustapha.comhxxp://adamttc.comhxxp://helolhost.comhxxp://soblslam.comhxxp://forexufx.comhxxp://dsfbdfbsdfgbdsf.comhxxp://frsan-aslm.comhxxp://g2z4.comhxxp://ewfdssdcsdxc.comhxxp://sam-sport.nethxxp://fr4wa.comhxxp://sama-a.nethxxp://hayatk.nethxxp://gallerycenter.nethxxp://frfish.nethxxp://q8ey.nethxxp://cfpalestine.nethxxp://m3n4.nethxxp://wt2n.nethxxp://gaza-sporting-club.nethxxp://mo7et.nethxxp://alnkhala.comhxxp://alibel.infohxxp://q8gz.nethxxp://dlo3.nethxxp://butt3rfly.nethxxp://butt3rfly.orghxxp://pnsport.nethxxp://sawasport.nethxxp://echotic.nethxxp://healthclubxl.comhxxp://dancingqueensdk.comhxxp://dancingqueensuk.comhxxp://nadinerandle.comhxxp://hackers.toolshxxp://pinkybarbie.comhxxp://florencemodel.comhxxp://hevreman.co.ilhxxp://radiousnice.comhxxp://gaza-hacker.nethxxp://hacker.pshxxp://gaza-hack.infohxxp://gaza-hack.comhxxp://gaza-hack.orghxxp://gaza-hackers.comhxxp://xhackerx.comhxxp://gaza-hacker.comhxxp://metasploit-unleashed.comhxxp://divuae.comhxxp://xensds.comhxxp://e107arabic.comhxxp://h-asiaa.comhxxp://nsamat.comhxxp://for-pal.comhxxp://althbat.comhxxp://islamdahalan.comhxxp://37ob.comhxxp://hamedwayel.comhxxp://iraq-mawal.comhxxp://waleedalshami.comhxxp://fr27.comhxxp://faloja.ushxxp://stylatna.ushxxp://llo9.comhxxp://g-del3.comhxxp://ye7g.comhxxp://ks4-des.comhxxp://5tmat.comhxxp://3rab-moon.comhxxp://nadauae.comhxxp://ya7yati.comhxxp://hayatl.comhxxp://allsaed.comhxxp://asrarmedia.comhxxp://waw-c.comhxxp://f5f5en.comhxxp://w2tube.comhxxp://decor4me.comhxxp://hemo7.comhxxp://gaz2.comhxxp://for-rama.comhxxp://vic-and-ikes.comhxxp://ochotorena.comhxxp://litodelacruz.comhxxp://ignitemonthly.nethxxp://stylepensacola.comhxxp://litocruzxxx.comhxxp://goldencamelph.comhxxp://pensacolabookkeeping.comhxxp://lito2012.comhxxp://appleanddelucamgmnt.comhxxp://jewellery-lito.comhxxp://cocoaccountingservices.comhxxp://pensacolabookkeepers.comhxxp://elsaedps.comhxxp://cocofastlane.comhxxp://globalenergyalliance.comhxxp://g2z4.nethxxp://pauliteweb.comhxxp://a-1specialized.comhxxp://seeyamortgage.comhxxp://debtpollution.comhxxp://losmoles.comhxxp://jerseycityhomesbroker.comhxxp://woofwashers.comhxxp://ignitemonthly.comhxxp://homs-poets.comhxxp://p23x.comhxxp://perfarab.comhxxp://aya-khaled.comhxxp://3alm-a7lam.comhxxp://walazhar.comhxxp://aleys-training.comhxxp://sh-alnoor.comhxxp://enterdig.comhxxp://nshir.comhxxp://shublaq.comhxxp://nahafat.comhxxp://thwane.comhxxp://bb-all.comhxxp://bagdady.comhxxp://a-lawsc.comhxxp://nsgvoic.comhxxp://adsyour.comhxxp://yarmokg.comhxxp://qlpal.comhxxp://krameesh.nethxxp://nialb.nethxxp://3dmaxonline.nethxxp://hmsaat.nethxxp://psstad.comhxxp://elbukhary.nethxxp://gammashare.comhxxp://sawayouth.comhxxp://sadaalnaseem.comhxxp://pro-fhed.comhxxp://sh-elqloob.orghxxp://gazaf.comhxxp://pro-gsm.comhxxp://ofoqm.comhxxp://ah-ra-hi.comhxxp://almehaan.comhxxp://newgaza.comhxxp://ip-center.nethxxp://starsgifts.comhxxp://althikagroup.comhxxp://ids-ps.comhxxp://alhabeel.comhxxp://expodes.nethxxp://3dm3mare.nethxxp://3arabawinews.nethxxp://perfarab.nethxxp://banat2.nethxxp://facearab.nethxxp://azharpharm.comhxxp://artecasa-ps.comhxxp://snam-s.nethxxp://byaadr.comhxxp://t4video.comhxxp://el-eman.comhxxp://usp4.nethxxp://wtn3wtr.comhxxp://wegaza.comhxxp://itcck.comhxxp://tols.ushxxp://w6na1.comhxxp://crypal.comhxxp://mohamed-assaf.comhxxp://black-awadh.comhxxp://b7ar-n.comhxxp://h-m9mm.comhxxp://almnsour.comhxxp://alfjr-aljdid.comhxxp://gazaday.comhxxp://lbee7.comhxxp://n4days.comhxxp://qudssnaks.comhxxp://alhost24.comhxxp://flscool.comhxxp://goldenws.comhxxp://7zoorah.comhxxp://freedom-ship.comhxxp://djz-iq.comhxxp://fine4host.comhxxp://newsawa.comhxxp://forshark.comhxxp://l-voice.comhxxp://ll9x.comhxxp://m-suae.comhxxp://e3lanz.comhxxp://des4x.comhxxp://rap-elemarat.comhxxp://aljazeera-school.comhxxp://aganyna.comhxxp://2lwya.comhxxp://7bobuae.comhxxp://symbian-masters.comhxxp://xn--ggblabcjfq0cxa9oea1b.comhxxp://sh-qlq.comhxxp://t7wani.comhxxp://mujahedhisham.comhxxp://tr-shyo5y.comhxxp://vbu-host.comhxxp://hwawe.comhxxp://saawaa.comhxxp://rapidleecharab.comhxxp://abdullah-alhamami.comhxxp://tiger-a.comhxxp://rap4uae.comhxxp://l3ynk.comhxxp://roo7ii.comhxxp://mwaal.comhxxp://sona3m1.comhxxp://thegreenplains.comhxxp://pro-fahed.comhxxp://fsoft1.comhxxp://mobd3na.comhxxp://t6wery.comhxxp://xn--mgba9ayde0b.comhxxp://9adam.comhxxp://v4-sec.comhxxp://basheerfam.comhxxp://m-alkawari.comhxxp://lhfh1.comhxxp://alrafh.orghxxp://alfaloja1.orghxxp://sm-eyes.comhxxp://n7l7.comhxxp://janetalanwar.comhxxp://world-pulse.comhxxp://academy-expo.comhxxp://krtas.comhxxp://gaza-lenses.comhxxp://arlams.com Sample IPs Read more…

By adminowasp, ago
Oracle NetSuite Sites

Thousands of Oracle NetSuite Sites at Risk of Exposing Customer Information

Thousands of Oracle NetSuite Sites at Risk of Exposing Customer Information Aug 20, 2024Ravie LakshmananEnterprise Security / Data Breach Cybersecurity researchers are warning about the discovery of thousands of externally-facing Oracle NetSuite e-commerce sites that have been found susceptible to leaking sensitive customer information. “A potential issue in NetSuite’s SuiteCommerce Read more…

By adminowasp, ago
hadamanthys Malware

Swiss Army Knife of Information Stealers Emerges

Swiss Army Knife of Information Stealers Emerges The developers of the information stealer malware known as Rhadamanthys are actively iterating on its features, broadening its information-gathering capabilities and also incorporating a plugin system to make it more customizable. This approach not only transforms it into a threat capable of delivering Read more…

By adminowasp, ago