Greeting from Felix
Shift Security Left #5
Hi folks! While lots of people search for a secure life, universe, and everything during Cybersecurity Awareness Month in October, here we focus on security every single day of the year. Let's dive into new interesting stories that will make you learn, (sometimes) laugh, and build more secure software.
Real world
The hacking of Starlink terminals has begun
It cost a researcher only $25 worth of parts to create a tool that allows custom code to run on the satellite dishes. Enjoy the reading!
I've locked myself out of my digital life
Imagine lightning struck your house, and all your phones, laptops and paper documents are burned down. You are trying to restore your accounts, but you don't remember passwords because you use password managers. You can't enter the 2FA code because your phone is gone... Terence Eden made an interesting thought experiment about how all accesses and accounts are connected and intertwined.
Secure Architecture
A threat modeling field guide
This intro to threat modelling by Mike Sass gives bunches of valuable links: starting from the Threat Modeling Manifesto to current & future methodologies and tools.
Vulnerabilities
Technical Advisory — Multiple vulnerabilities in Nuki smart locks
Nuki smart locks allow access to the home without needing to take a key. And now look what an interesting stuff was found inside the Nuki, f. ex. resulting in a fully compromised device. (After being informed by NCC Group, Nuki provided updates about the patching progress of their clients).
Incidents
Hackers no hashing: Randomizing API hashes to evade Cobalt Strike shellcode detection
Hackers could be outsmarting preventive tools by making trivial changes to default settings that come with hacker tooling. Some AV vendors built their detection logic around the presence of artifacts left by these defaults, but a large number of vendors fail to detect them. Here's a Huntress' insight into a bypass and detection technique.
Tool mentioned in the article: APIHashReplace
Tools
It-Depends
It-Depends builds a dependency graph and Software Bill of Materials (SBOM) for packages and arbitrary source code repositories. Use it to enumerate all third-party dependencies for a software package, map them to known security vulnerabilities, and compare the similarity between two packages based on their dependencies.
P.S.
Please do not forget to ask to remove your password :)
Have a nice weekend guys and do not forget to share the newsletter with your friends and colleagues. RTs on Twitter are appreciated too. 🎃 boo ready for more ;)