Industry News

Firefox includes a built-in remote debugging feature that allows attackers to access authentication tokens and cookies from a compromised system. By default, Firefox disables this feature, but malware can enable it by modifying configuration files (user.js or prefs.js) to set specific debugging preferences and remove security prompts that would alert the user.

Port-proxying is a Windows technique that allows a process listening on one network interface (such as localhost, which is only accessible locally) to be exposed on a different network interface. This is useful for scenarios like making a local-only service accessible remotely, forwarding traffic between two network interfaces, or pivoting (moving through a network to access other systems).

A researcher discovered a persistent XSS (cross-site scripting, where an attacker injects malicious code into a web page that runs in other users' browsers) vulnerability in the AWS Console several years ago. The post documents how they found the bug, the techniques they used, and Amazon's response to the discovery.

This is a brief announcement that a security blog called 'Embrace the Red' was ranked as the 10th top penetration testing blog by Feedspot (a blog aggregation service). The blog focuses on offensive security engineering, penetration testing (simulating attacks to find vulnerabilities), and red teaming (groups that act as mock attackers to test defenses).

This article explains how to use built-in OS search features (Windows Search indexing and macOS Spotlight) to quickly hunt for credentials that may be stored in plain text on machines. Rather than manually searching through files, administrators and security teams can query the OS index via command line using PowerShell scripts on Windows or the mdfind command on macOS, which is much faster and can also search binary files.

The Shadowbunny technique uses virtual machines (VMs, software that emulates a complete computer within another computer) during lateral movement (spreading from one compromised system to others) to hide attackers' presence and avoid security detection tools. Real-world attackers, including those behind Ragnar Locker Ransomware (malicious software that encrypts files for extortion), have already employed this method, making it important for security professionals to understand how to detect it.

A security bug jail is a development practice where system owners cannot work on new features if their system has more than a set number of active security vulnerabilities (for example, a limit of 3). This approach prevents security debt (accumulated unfixed flaws) from growing uncontrollably over time by forcing teams to prioritize fixing existing security issues before adding new functionality.

Monte Carlo simulations (statistical methods that use repeated random sampling to model outcomes) can improve red teaming skills by offering fresh perspectives for presenting security findings. Red teaming involves challenging an organization by analyzing its business processes and methodologies, and Monte Carlo simulations have been applied to security programs, threat modeling (the process of identifying potential attacks on a system), and measuring cybersecurity risk.

Phishing campaigns (fake emails designed to trick people into revealing information) produce results that are hard to compare over time because different security teams use different tools and methods. The author recommends tracking a standard set of metrics to make these comparisons meaningful.

A security researcher discovered a vulnerability in Mozilla's infrastructure by researching Firefox's remote debugging features and found that Mozilla uses Phabricator (a web-based platform for code reviews, bug tracking, and storing credentials). The researcher was awarded a $3000 bug bounty for successfully locating exposed credentials through this system.

Cookie Crimes is a known attack technique that exploits Chrome's remote debugging feature (a tool that lets developers control browsers from a distance) to steal cookies (small files that store login information and user data). Because Microsoft's new Edge browser is based on Chromium (the open-source code that powers Chrome), the same Cookie Crimes attack works on Edge with only minor changes, like replacing "chrome.exe" with "msedge.exe".

Chrome's remote debugging feature (a tool normally used by developers to test their code) can be abused by malware after gaining initial access to a computer, allowing attackers to steal cookies (small files that store login information), spy on user activities, and remotely control the browser without needing administrator permissions.

Attackers are using credentials (login information) that are exposed in plain text to break into systems and access sensitive data. Rather than passively waiting for problems, security teams should actively search their systems for exposed credentials using targeted techniques and knowledge about their infrastructure.

Attack graphs are visual diagrams that show how attackers move through a system, including the actions and TTPs (tactics, techniques and procedures, or the specific methods attackers use) they take along the way. Creating these graphs helps red teams (security professionals simulating attacks) plan operations and communicate results to leadership by telling a clear story without overwhelming people with technical details.

This is an announcement for a published book on red team strategies (offensive security testing methods used to identify vulnerabilities by simulating attacker behavior) and cybersecurity attacks. The 524-page book is divided into two parts: program management for building offensive security programs, and technical tactics and tools for Windows, macOS, and Linux systems.

An article titled 'Pass the Cookie and Pivot to the Clouds' was published in 2600 magazine's Winter edition, discussing a technique called 'Pass the Cookie' (a method where attackers use stolen session tokens to gain unauthorized access to systems). The article is available through bookstores and the 2600 Online Shop, and the author recommends an upcoming red teaming book for those interested in learning more about cybersecurity attack strategies.

This item is a personal reflection on a final-year university project about web application security principles completed approximately 18 years ago. The author describes submitting their security-focused research paper to Michael Howard at Microsoft, who reviewed it.

This post discusses how disabling remote management endpoints can improve an organization's security by reducing attack surface (the total number of entry points an attacker could exploit) and preventing the spread of automated malware. The approach follows zero trust principles, which means treating all network access as potentially risky unless verified.

This is an announcement for a book called 'Cybersecurity Attacks - Red Team Strategies' that teaches red teaming (simulated attack techniques used to test an organization's defenses) tactics and procedures. The book covers both team management aspects and technical content, but differs from typical penetration testing (authorized security testing where professionals try to break into systems to find vulnerabilities) books by focusing less on common tools and more on foundational strategies.

MITRE updated its ATT&CK Framework (a catalog of known hacker techniques and strategies) to include cloud-based attack methods, specifically focusing on stealing web session cookies (small files that store login information) and using them to move laterally (gain access to other systems within a network). The update documents two main techniques: stealing cookies during credential access attacks and using stolen cookies for lateral movement within a system.