• VayFul®
  • Posts
  • Walmart Customer Scam, New Recon Methods, Hacking GitLab Instances, TrafficSniffer, BrowserSnatch and more!

Walmart Customer Scam, New Recon Methods, Hacking GitLab Instances, TrafficSniffer, BrowserSnatch and more!

Cybersecurity — For Security Professionals

Hey! James here.

Today’s edition includes:

  • 📰 Security news: Walmart Customer Scam,  Resurgence Of TeamTNT and more!

  • 🔥 Blogs: RCE, Privilege Escalation, DOS, and more!

  • 🧠 Top learning: New Methods Of Recon, Hacking Gitlab, and more!

  • 🛠️ Tools Spotlight: TrafficSniffer, BrowserSnatch and more!

First time reading? Sign up here.

📰 TOP SECURITY NEWS 📰 

  • Walmart customers scammed via fake shopping lists, threatened with arrest (Malwarebytes)

  • Storm clouds on the horizon: Resurgence of TeamTNT? (Group-IB)

  • SpaceX, CNN, and The White House internal data allegedly published online. Is it real? (Malwarebytes)

  • We Spent $20 To Achieve RCE And Accidentally Became The Admins Of .MOBI (Watchtowr)

  • Gaining access to anyones browser without them even visiting a website and of course, firebase was the cause (CVE-2024-45489) (Kibty)

  • CVE-2024-41989: Denial-Of-Service vulnerability in the floatformat template filter when input string contains a big exponent in scientific notation - [2142$ Bounty] (HackerOne)

  • Management Console Editor Privilege Escalation to Root SSH Access in GitHub Enterprise Server via RCE in ghe-update-check - [10000$ Bounty] (HackerOne)

🧠 LEARNING RESOURCES 🧠

  • New methods of recon with OrwaGodfather (YouTube)

  • Hacking GitLab Instances For A $5,000 Bounty (2 Examples) (YouTube)

  • A Journey From sudo iptables To Local Privilege Escalation (Shielder)

  • Cracking Active Directory Passwords & MFA Fatigue (YouTube)

🛠️ TOOLS 🛠️

  • TrafficSniffer - Chrome extension that tracks HTTP traffic activity for each tab. (GitHub)

  • BrowserSnatch - A powerful Browser Stealer. (GitHub)

  • FrontSecure is a JavaScript library to enhance the security of your web application's frontend. (npmjs)

  • macOS firewall blocking web browsing after upgrading to Sequoia (Waclaw)

  • Coding with Cursor - I built a Chrome Extension from Scratch (YouTube)

🎯 FAVOURITE QUOTE 🎯 

“The greatest glory in living lies not in never falling, but in rising every time we fall.“
- Nelson Mandela

💡 ABOUT VAYFUL® 💡

Vayful® is a cybersecurity newsletter that curates the best cybersecurity news, research, tools, blogs, talks, tutorials, and learning resources — specially handpicked for security professionals. The content is curated with love by security professionals.

Enjoyed this newsletter? Friends don’t keep good things to themselves - forward this to your friends and have them sign up here!

Did someone forward this email to you? Become a subscriber!

Have feedback or questions? Just hit reply and let us know.