• VayFul®
  • Posts
  • Learn Android Hacking, POP To RCE, merklemap-cli Tool Spotlight, Fortinet data breach & More!

Learn Android Hacking, POP To RCE, merklemap-cli Tool Spotlight, Fortinet data breach & More!

logo

Cybersecurity — For Security Professionals

Hey! James here. Welcome to VayFul®!

Bringing you the latest insights from the world of cybersecurity.

Today’s edition includes:

  • 🧠 Top Tutorials/learning: Learn Android Hacking, Attack Defend Your DFIR Lab and more!

  • 🔥 Writeups: Interesting vulnerabilities - Strapi CMS RCE and GiveWP POP to RCE!

  • 🛠️ Tools Spotlight: merklemap-cli, encap-attack and more!

  • 📰 Security reads: Fake AppleCare+ Service Scams, Fortinet data breach and more!

Read time: 5 minutes

P.S. If you have any questions or topics you’d like us to cover, just hit reply and let me know. I’d love to hear from you!

Let’s dive in!

🧠 BEST OF TUTORIALS & LEARNING RESOURCES 🧠

This talk by Fabian Faessler (Live Overflow) - he shares tricks on how to get into Android hacking and reverse engineering with practical examples, which can also be adapted to any other topic.

Markus Schober’s video topic "Ransomware Attack Simulation and Investigation for Blue Teamers" discusses essential tools for creating a DFIR lab to execute and investigate realistic cyber attacks. It includes a quick attack analysis and explores useful forensic tools and advanced workflows tailored for professional environments.

This talks about threat modeling and shift left approach as companies increasingly adopt cloud hosting, security flaws in their infrastructure remain a concern. Implementing a shift-left strategy is essential to proactively address these issues.

🔥 INTERESTING WRITEUPS 🔥 

This write-up explores a critical vulnerability in the Strapi framework, specifically focusing on remote code execution (RCE) issues. It details the exploit process, the conditions required for successful attacks, and offers insights into mitigating risks, emphasizing the importance of security in web application development.

This write-up explores a fully functional remote code execution (RCE) issue built from a POP chain. It details out step by step process to achieve RCE.

🛠️ TOOLS SPOTLIGHT 🛠️

MerkleMap CLI is a command-line tool designed for efficient data integrity verification using Merkle trees. It simplifies mapping large datasets, enhancing security and performance in data management. Ideal for developers, this tool offers a user-friendly approach to ensuring data consistency and reliability in various applications.

The Encap Attack is a novel cybersecurity threat that exploits vulnerabilities in encapsulated protocols. This GitHub repository provides tools and insights for understanding and mitigating this attack. It emphasizes the importance of proactive security measures and offers resources for researchers and security professionals to enhance their defenses against emerging threats.

bomctl is a command-line tool designed for streamlined management of Kubernetes resources. It simplifies the creation, deployment, and monitoring of applications, enhancing developer productivity. With a focus on ease of use and robust functionality, bomctl empowers teams to efficiently manage their cloud-native environments and improve operational workflows.

Malwarebytes researchers have uncovered a scam targeting Mac users seeking AppleCare support. Attackers use Google Ads to promote fake AppleCare pages on GitHub, mimicking Apple's branding. Unsuspecting users are lured into calling fraudulent support lines, where scammers exploit social engineering to steal money and personal information.

Fortinet has confirmed that it experienced a breach due to an exposed third-party cloud-based file drive. It has stated that the breach only affects 0.3% of customers.

🎯 FAVOURITE QUOTE OF THE DAY 🎯 

“Arise, awake, and don't stop till you reach your goal.”
- Swami Vivekananda

💡 ABOUT VAYFUL® 💡

Vayful® is a cybersecurity newsletter that curates the best cybersecurity news, research, tools, blogs, talks, tutorials, and learning resources — specially handpicked for security professionals. The content is curated with love by security professionals.

Enjoyed this newsletter? Friends don’t keep good things to themselves - forward this to your friends and have them sign up here!

Did someone forward this email to you? Become a subscriber!

Have feedback or questions? Just hit reply and let us know.