New tools, products, platforms, funding rounds, and company developments in AI security.
Chrome's remote debugging feature (a tool normally used by developers to test their code) can be abused by malware after gaining initial access to a computer, allowing attackers to steal cookies (small files that store login information), spy on user activities, and remotely control the browser without needing administrator permissions.
Attackers are using credentials (login information) that are exposed in plain text to break into systems and access sensitive data. Rather than passively waiting for problems, security teams should actively search their systems for exposed credentials using targeted techniques and knowledge about their infrastructure.
Attack graphs are visual diagrams that show how attackers move through a system, including the actions and TTPs (tactics, techniques and procedures, or the specific methods attackers use) they take along the way. Creating these graphs helps red teams (security professionals simulating attacks) plan operations and communicate results to leadership by telling a clear story without overwhelming people with technical details.
This is an announcement for a published book on red team strategies (offensive security testing methods used to identify vulnerabilities by simulating attacker behavior) and cybersecurity attacks. The 524-page book is divided into two parts: program management for building offensive security programs, and technical tactics and tools for Windows, macOS, and Linux systems.
An article titled 'Pass the Cookie and Pivot to the Clouds' was published in 2600 magazine's Winter edition, discussing a technique called 'Pass the Cookie' (a method where attackers use stolen session tokens to gain unauthorized access to systems). The article is available through bookstores and the 2600 Online Shop, and the author recommends an upcoming red teaming book for those interested in learning more about cybersecurity attack strategies.
This item is a personal reflection on a final-year university project about web application security principles completed approximately 18 years ago. The author describes submitting their security-focused research paper to Michael Howard at Microsoft, who reviewed it.
This post discusses how disabling remote management endpoints can improve an organization's security by reducing attack surface (the total number of entry points an attacker could exploit) and preventing the spread of automated malware. The approach follows zero trust principles, which means treating all network access as potentially risky unless verified.
This is an announcement for a book called 'Cybersecurity Attacks - Red Team Strategies' that teaches red teaming (simulated attack techniques used to test an organization's defenses) tactics and procedures. The book covers both team management aspects and technical content, but differs from typical penetration testing (authorized security testing where professionals try to break into systems to find vulnerabilities) books by focusing less on common tools and more on foundational strategies.
MITRE updated its ATT&CK Framework (a catalog of known hacker techniques and strategies) to include cloud-based attack methods, specifically focusing on stealing web session cookies (small files that store login information) and using them to move laterally (gain access to other systems within a network). The update documents two main techniques: stealing cookies during credential access attacks and using stolen cookies for lateral movement within a system.
Coinbase was attacked using Firefox 0-days (previously unknown security flaws in Firefox) to steal browser session tokens, which are credentials stored in browser data files that let attackers access cloud services like Gmail without needing passwords. The attackers specifically targeted these token files through direct access to browser datastores (the storage locations where browsers save data), which is unusual behavior that could be detected by monitoring which processes access these files.
This article discusses 'Homefield Advantage' as a security concept, meaning that a mature security team should have natural advantages when defending their own systems, similar to how sports teams perform better at home. The author argues that security programs should recognize and leverage these inherent benefits, such as familiarity with their own environment and systems.
This is a disclaimer notice from a blog called WUNDERWUZZI stating that penetration testing (authorized attempts to find security weaknesses in systems) must have proper permission, and that the blog's content is for educational purposes to help people understand security attacks and defenses.
BashSpray is a password spray tool (a script that tests many accounts with common weak passwords to find security gaps) that red teams (security professionals hired to test defenses) can use to identify weak passwords in their organization. The tool works on both Mac and Windows systems, and ideally should be integrated into security response workflows so that affected users and security teams are notified to change passwords and investigate if needed.
This article discusses how to interact with Active Directory (a system that manages users and computers on networks) on macOS computers. It describes three approaches: using macOS's built-in Directory Utility, using Apache Directory Studio (a third-party tool), or writing custom scripts with LDAP (lightweight directory access protocol, the standard way to query directory systems) commands.
Google's login system leaks alternate email addresses to anyone who calls an unauthenticated endpoint (a service that doesn't require you to prove who you are) with just an email address. An attacker could use this to find backup accounts linked to a target email, then use those accounts for phishing (tricking people into giving up passwords) or to take over the main account if the alternate email is set up for password recovery.
Lyrebird is a security tool that takes a screenshot of your desktop and then monitors your computer by using the webcam to photograph anyone who tries to use it while you're away. The tool is designed to catch people who access an unattended workstation, helping you identify if someone has tampered with your computer.
KoiPhish is a relay proxy (a tool that intercepts and forwards network traffic between a user and a target server) designed for phishing attacks. It forwards requests from victims to a real website while modifying links in responses to keep users engaged with the fake site instead of noticing they've been redirected.
This post describes techniques for accessing user accounts and data on macOS systems after gaining root access, including methods to bypass keychain (macOS's password storage system) protections through process injection and debugger attachment. The author notes that macOS has security features like SIP (System Integrity Protection, which prevents debugging of protected system processes) and keychain encryption that make direct access difficult, requiring either the target user's password or creative workarounds like injecting code into running processes.
Attackers can steal authentication cookies (small files that prove you're logged in) from a compromised computer to break into web applications and cloud services, even bypassing multi-factor authentication (extra security checks beyond passwords). This works because cookies remain valid long after authentication is complete and are stored where attackers can find them, either on disk or in the computer's active memory. This technique, called "pass the cookie," is a post-exploitation method (a way attackers move through a system after gaining initial access) that also works with similar tokens like JWTs (JSON web tokens, another way to prove identity).
Fix: The source mentions two mitigations: (1) 'Remove all alternate account associations' and (2) 'Make sure that any alternate account is not your password recovery or 2FA to minimize attack surface.' However, these are user-level workarounds. Google declined to fix the issue itself after review.
Embrace The Red