Monthly summary of interesting articles, reports and tools for tech experts, covering both offensive and defensive topics.
🔴 Red Team
📝Hacking My Car, and probably yours— Security Flaws in Volkswagen’s App
Vishal discovered security flaws in the My Volkswagen app, allowing unauthorized access to personal and vehicle data using the car’s VIN. He couldn’t set up the app due to a four-digit OTP sent to the previous owner’s phone and was unable to contact them.
Frustrated, Vishal brute-forced the OTP using Burp Suite and a Python script, gaining access to the app. He found serious vulnerabilities, including leaked internal credentials and accessible personal details via VIN. He reported these to Volkswagen’s security team, who responded quickly but took months to fix the issues.
📝Shadow Roles: AWS Defaults Can Open the Door to Service Takeover
The blog post discusses security concerns with default AWS service roles, which are automatically created or recommended during setup and grant overly broad permissions, such as full S3 access. These roles can be exploited to perform administrative actions and break isolation boundaries between services, potentially leading to full account compromise.
The post provides examples of these risks in AWS Glue, SageMaker, and EMR, as well as in open-source projects like Ray. The authors recommend restricting overly permissive access to S3 and auditing AWS roles to minimize risk.
📌 Source: https://www.aquasec.com/blog/shadow-roles-aws-defaults-lead-to-service-takeover/
📝Top Tier Target | What It Takes to Defend a Cybersecurity Company from Today’s Adversaries
SentinelOne shared its experiences of being targeted by various adversaries, including DPRK IT workers, ransomware operators, and Chinese state-sponsored actors. The attacks ranged from job application scams to attempts to access their platform.
SentinelOne emphasized the importance of collaboration between different teams and automation to defend against these threats and prevent infiltration. They also highlighted the growing trend of adversaries exploiting sales processes and the need for security vendors to treat every access vector as part of their attack surface.
🔵 Blue Team
📝‘It’s Not Paranoia If They’re Really After You’: When Announcing Deception Technology Can Change Attacker Decisions – Thinkst Scapes Q1 2025
This research examined how knowledge of deception technologies, like honeypots, affects attacker behavior. Participants used BloodHound to plan attack paths in a simulated network. When aware of decoys, 40% could not create new paths, and alternate paths were longer but stealthier in low-decoy environments. Despite limitations like a small sample size, the study shows how attacker strategies adapt to anticipated deception, offering insights into their mindset and decision-making.
📌 Source: https://thinkst.com/ts/
📝Lumma Stealer: Breaking down the delivery techniques and capabilities of a prolific infostealer
The blog post discusses Lumma Stealer, an infostealer malware used by financially motivated threat actors. It can steal data from browsers and applications, including cryptocurrency wallets, and install other malware. Distribution methods include phishing emails, malvertising, and compromised websites.
Lumma Stealer evades detection by refining techniques and rotating domains, exploiting ad networks, and using cloud services. Microsoft Threat Intelligence tracks its use by ransomware actors. Recommendations to mitigate this threat include strengthening Microsoft Defender for Endpoint and using phishing-resistant authentication.
📝TrailAlerts: Take Control of Cloud Detection in AWS
The author developed TrailAlerts, a serverless cloud-detection tool for AWS users that uses Sigma syntax for alerts.
Adan created TrailAlerts to address repetitive AWS attacks and simplify CloudWatch or EventBridge rule management, offering teams more control without SIEM complexity.
TrailAlerts detects suspicious activities like IAM user creation and simulates attacks with Stratus Red Team, focusing on cost-efficiency and IAM admin persistence detection.
📌 Source: https://medium.com/@adan.alvarez/trailalerts-take-control-of-cloud-detection-in-aws-9e7761f49509
