We take a look at the latest additions to security researchers’ armory
TruffleHog v3 adds support for more than 600 key types
The newest version of TruffleHog has landed with support for more than 600 key types, furthering the tool’s ability to hunt for credential leaks.
Leaked credentials, including secret key pairs, are a serious cybersecurity issue. Keys can be abused to compromise enterprise networks, often more covertly and for longer time periods than the exploit of vulnerabilities in popular software.
PacketStreamer reveals potential hacking behavior
Deepfence has launched PacketStreamer, a new open source tool that captures network traffic from multiple sources to reveal potential hacking behavior.
PacketStreamer sensors collect raw network packets on remote hosts, apply filters, and forward them to a central receiver process where they are written in pcap format. Traffic streams can be compressed or encrypted using Transport Layer Security (TLS).
The company says the sensors impose little performance impact on the remote hosts, and that they can be run on bare-metal servers, on Docker hosts, and on Kubernetes nodes.
Users can then process the pcap file or live feed the traffic to tools such as Zeek, Wireshark, or Suricata, or as a live stream for machine learning models.
GhostTouch reads your phone’s touchscreen without touching it
Some attacks on smartphones require physical access to the device and interactions with the touchscreen. So your phone is more or less safe as long as no one touches it, right?
Wrong, according to a new research paper by security researchers at Zhejiang University, China, and the Technical University of Darmstadt, Germany.
To be presented at the Usenix Security Symposium in July, the paper (PDF) introduces GhostTouch, a type of attack that can execute taps and swipes on the phone’s screen from a distance of up to 40 millimeters.
According to the researchers’ findings, an attacker can use GhostTouch to carry out several types of malicious actions, including initiating calls and downloading malware.
YARAify scans suspicious files against a repository of YARA rules
Security teams have a new tool to hunt for malware, using open source YARA rules.
YARAify can scan files using public YARA rules, integrate public and non-public YARA rules from Malpedia, operated by Germany’s Fraunhofer Institute, and scan using open and commercial ClamAV signatures.
Researchers can set up hunting rules to match both YARA rules and ClamAV signatures, and link YARAify to other tools via APIs.
YOU MIGHT ALSO LIKE Bug Bounty Radar // The latest bug bounty programs for July 2022