FreshRSS

🔒
❌ Secure Planet Training Courses Updated For 2019 - Click Here
☷
△ 🔃
There are new available articles, click to refresh the page.
Before yesterdayYour RSS feeds

Four Critical Vulnerabilities Expose HPE Aruba Devices to RCE Attacks

By: Newsroom
HPE Aruba Networking (formerly Aruba Networks) has released security updates to address critical flaws impacting ArubaOS that could result in remote code execution (RCE) on affected systems. Of the 10 security defects, four are rated critical in severity - CVE-2024-26304 (CVSS score: 9.8) - Unauthenticated Buffer Overflow Vulnerability in the L2/L3 Management Service Accessed via

New R Programming Vulnerability Exposes Projects to Supply Chain Attacks

By: Newsroom
A security vulnerability has been discovered in the R programming language that could be exploited by a threat actor to create a malicious RDS (R Data Serialization) file such that it results in code execution when loaded and referenced. The flaw, assigned the CVE identifier CVE-2024-27322 (CVSS score: 8.8), "involves the use of promise objects and lazy evaluation in R," AI application

Critical 'BatBadBut' Rust Vulnerability Exposes Windows Systems to Attacks

By: Newsroom
A critical security flaw in the Rust standard library could be exploited to target Windows users and stage command injection attacks. The vulnerability, tracked as CVE-2024-24576, has a CVSS score of 10.0, indicating maximum severity. That said, it only impacts scenarios where batch files are invoked on Windows with untrusted arguments. "The Rust standard library did not properly escape

GitHub Launches AI-Powered Autofix Tool to Assist Devs in Patching Security Flaws

By: Newsroom
GitHub on Wednesday announced that it's making available a feature called code scanning autofix in public beta for all Advanced Security customers to provide targeted recommendations in an effort to avoid introducing new security issues. "Powered by GitHub Copilot and CodeQL, code scanning autofix covers more than 90% of alert types in JavaScript, Typescript, Java, and

VMware Alert: Uninstall EAP Now - Critical Flaw Puts Active Directory at Risk

By: Newsroom
VMware is urging users to uninstall the deprecated Enhanced Authentication Plugin (EAP) following the discovery of a critical security flaw. Tracked as CVE-2024-22245 (CVSS score: 9.6), the vulnerability has been described as an arbitrary authentication relay bug. "A malicious actor could trick a target domain user with EAP installed in their web browser into requesting and relaying

New Coyote Trojan Targets 61 Brazilian Banks with Nim-Powered Attack

By: Newsroom
Sixty-one banking institutions, all of them originating from Brazil, are the target of a new banking trojan called Coyote. "This malware utilizes the Squirrel installer for distribution, leveraging Node.js and a relatively new multi-platform programming language called Nim as a loader to complete its infection," Russian cybersecurity firm Kaspersky said in a Thursday report. What

Decoy Microsoft Word Documents Used to Deliver Nim-Based Malware

By: Newsroom
A new phishing campaign is leveraging decoy Microsoft Word documents as bait to deliver a backdoor written in the Nim programming language. "Malware written in uncommon programming languages puts the security community at a disadvantage as researchers and reverse engineers' unfamiliarity can hamper their investigation," Netskope researchers Ghanashyam Satpathy and Jan Michael Alcantara&nbsp

New Go-Based JaskaGO Malware Targeting Windows and macOS Systems

By: Newsroom
A new Go-based information stealer malware called JaskaGO has emerged as the latest cross-platform threat to infiltrate both Windows and Apple macOS systems. AT&T Alien Labs, which made the discovery, said the malware is "equipped with an extensive array of commands from its command-and-control (C&C) server." Artifacts designed for macOS were first observed in July

NetworkSherlock - Powerful And Flexible Port Scanning Tool With Shodan

By: Zion3R


NetworkSherlock is a powerful and flexible port scanning tool designed for network security professionals and penetration testers. With its advanced capabilities, NetworkSherlock can efficiently scan IP ranges, CIDR blocks, and multiple targets. It stands out with its detailed banner grabbing capabilities across various protocols and integration with Shodan, the world's premier service for scanning and analyzing internet-connected devices. This Shodan integration enables NetworkSherlock to provide enhanced scanning capabilities, giving users deeper insights into network vulnerabilities and potential threats. By combining local port scanning with Shodan's extensive database, NetworkSherlock offers a comprehensive tool for identifying and analyzing network security issues.


Features

  • Scans multiple IPs, IP ranges, and CIDR blocks.
  • Supports port scanning over TCP and UDP protocols.
  • Detailed banner grabbing feature.
  • Ping check for identifying reachable targets.
  • Multi-threading support for fast scanning operations.
  • Option to save scan results to a file.
  • Provides detailed version information.
  • Colorful console output for better readability.
  • Shodan integration for enhanced scanning capabilities.
  • Configuration file support for Shodan API key.

Installation

NetworkSherlock requires Python 3.6 or later.

  1. Clone the repository: 
    git clone https://github.com/HalilDeniz/NetworkSherlock.git
  2. Install the required packages: 
    pip install -r requirements.txt

Configuration

Update the networksherlock.cfg file with your Shodan API key:

[SHODAN]
api_key = YOUR_SHODAN_API_KEY

Usage

Port Scan Tool positional arguments: target Target IP address(es), range, or CIDR (e.g., 192.168.1.1, 192.168.1.1-192.168.1.5, 192.168.1.0/24) options: -h, --help show this help message and exit -p PORTS, --ports PORTS Ports to scan (e.g. 1-1024, 21,22,80, or 80) -t THREADS, --threads THREADS Number of threads to use -P {tcp,udp}, --protocol {tcp,udp} Protocol to use for scanning -V, --version-info Used to get version information -s SAVE_RESULTS, --save-results SAVE_RESULTS File to save scan results -c, --ping-check Perform ping check before scanning --use-shodan Enable Shodan integration for additional information " dir="auto">
python3 networksherlock.py --help
usage: networksherlock.py [-h] [-p PORTS] [-t THREADS] [-P {tcp,udp}] [-V] [-s SAVE_RESULTS] [-c] target

NetworkSherlock: Port Scan Tool

positional arguments:
  target                Target IP address(es), range, or CIDR (e.g., 192.168.1.1, 192.168.1.1-192.168.1.5,
                        192.168.1.0/24)

options:
  -h, --help            show this help message and exit
  -p PORTS, --ports PORTS
                        Ports to scan (e.g. 1-1024, 21,22,80, or 80)
  -t THREADS, --threads THREADS
                        Number of threads to use
  -P {tcp,udp}, --protocol {tcp,udp}
                        Protocol to use for scanning
  -V, --version-info    Used to get version information
  -s SAVE_RESULTS, --save-results SAVE_RESULTS
                        File to save scan results
  -c, --ping-check      Perform ping check before scanning
     --use-shodan          Enable Shodan integration for additional information

Basic Parameters

  • target: The target IP address(es), IP range, or CIDR block to scan.
  • -p, --ports: Ports to scan (e.g., 1-1000, 22,80,443).
  • -t, --threads: Number of threads to use.
  • -P, --protocol: Protocol to use for scanning (tcp or udp).
  • -V, --version-info: Obtain version information during banner grabbing.
  • -s, --save-results: Save results to the specified file.
  • -c, --ping-check: Perform a ping check before scanning.
  • --use-shodan: Enable Shodan integration.

Example Usage

Basic Port Scan

Scan a single IP address on default ports:

python networksherlock.py 192.168.1.1

Custom Port Range

Scan an IP address with a custom range of ports:

python networksherlock.py 192.168.1.1 -p 1-1024

Multiple IPs and Port Specification

Scan multiple IP addresses on specific ports:

python networksherlock.py 192.168.1.1,192.168.1.2 -p 22,80,443

CIDR Block Scan

Scan an entire subnet using CIDR notation:

python networksherlock.py 192.168.1.0/24 -p 80

Using Multi-Threading

Perform a scan using multiple threads for faster execution:

python networksherlock.py 192.168.1.1-192.168.1.5 -p 1-1024 -t 20

Scanning with Protocol Selection

Scan using a specific protocol (TCP or UDP):

python networksherlock.py 192.168.1.1 -p 53 -P udp

Scan with Shodan

python networksherlock.py 192.168.1.1 --use-shodan

Scan Multiple Targets with Shodan

python networksherlock.py 192.168.1.1,192.168.1.2 -p 22,80,443 -V --use-shodan

Banner Grabbing and Save Results

Perform a detailed scan with banner grabbing and save results to a file:

python networksherlock.py 192.168.1.1 -p 1-1000 -V -s results.txt

Ping Check Before Scanning

Scan an IP range after performing a ping check:

python networksherlock.py 10.0.0.1-10.0.0.255 -c

OUTPUT EXAMPLE

$ python3 networksherlock.py 10.0.2.12 -t 25 -V -p 21-6000 -t 25
********************************************
Scanning target: 10.0.2.12
Scanning IP    : 10.0.2.12
Ports          : 21-6000
Threads        : 25
Protocol       : tcp
---------------------------------------------
Port        Status   Service           VERSION
22  /tcp     open     ssh            SSH-2.0-OpenSSH_4.7p1 Debian-8ubuntu1
21  /tcp     open     telnet         220 (vsFTPd 2.3.4)
80  /tcp     open     http           HTTP/1.1 200 OK
139 /tcp     open     netbios-ssn    %SMBr
25  /tcp     open     smtp           220 metasploitable.localdomain ESMTP Postfix (Ubuntu)
23  /tcp     open     smtp            #' #'
445 /tcp     open     microsoft-ds   %SMBr
514 /tcp     open     shell          
512 /tcp     open     exec           Where are you?
1524/tcp     open     ingreslock     ro   ot@metasploitable:/#
2121/tcp     open     iprop          220 ProFTPD 1.3.1 Server (Debian) [::ffff:10.0.2.12]
3306/tcp     open     mysql          >
5900/tcp     open     unknown        RFB 003.003
53  /tcp     open     domain              
---------------------------------------------

OutPut Example

$ python3 networksherlock.py 10.0.2.0/24 -t 10 -V -p 21-1000
********************************************
Scanning target: 10.0.2.1
Scanning IP    : 10.0.2.1
Ports          : 21-1000
Threads        : 10
Protocol       : tcp
---------------------------------------------
Port        Status   Service           VERSION
53  /tcp     open     domain         
********************************************
Scanning target: 10.0.2.2
Scanning IP    : 10.0.2.2
Ports          : 21-1000
Threads        : 10
Protocol       : tcp
---------------------------------------------
Port        Status   Service           VERSION
445 /tcp     open     microsoft-ds   
135 /tcp     open     epmap          
********************************************
Scanning target: 10.0.2.12
Scanning IP    : 10.0.2.12
Ports          : 21-   1000
Threads        : 10
Protocol       : tcp
---------------------------------------------
Port        Status   Service           VERSION
21  /tcp     open     ftp           220 (vsFTPd 2.3.4)
22  /tcp     open     ssh           SSH-2.0-OpenSSH_4.7p1 Debian-8ubuntu1
23  /tcp     open     telnet          #'
80  /tcp     open     http           HTTP/1.1 200 OK
53  /tcp     open     kpasswd        464/udpcp                     
445 /tcp     open     domain         %SMBr
3306/tcp     open     mysql          >
********************************************
Scanning target: 10.0.2.20
Scanning IP    : 10.0.2.20
Ports          : 21-1000
Threads        : 10
Protocol       : tcp
---------------------------------------------
Port        Status   Service           VERSION
22  /tcp     open     ssh            SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.9

Contributing

Contributions are welcome! To contribute to NetworkSherlock, follow these steps:

  1. Fork the repository.
  2. Create a new branch for your feature or bug fix.
  3. Make your changes and commit them.
  4. Push your changes to your forked repository.
  5. Open a pull request in the main repository.

Contact



Researchers Unmask Sandman APT's Hidden Link to China-Based KEYPLUG Backdoor

By: Newsroom
Tactical and targeting overlaps have been discovered between the enigmatic advanced persistent threat (APT) called Sandman and a China-based threat cluster that's known to use a backdoor referred to as KEYPLUG. The assessment comes jointly from SentinelOne, PwC, and the Microsoft Threat Intelligence team based on the fact that the adversary's Lua-based malware LuaDream and KEYPLUG have

LummaC2 Malware Deploys New Trigonometry-Based Anti-Sandbox Technique

By: Newsroom
The stealer malware known as LummaC2 (aka Lumma Stealer) now features a new anti-sandbox technique that leverages the mathematical principle of trigonometry to evade detection and exfiltrate valuable information from infected hosts. The method is designed to "delay detonation of the sample until human mouse activity is detected," Outpost24 security researcher Alberto Marín said in a technical

CryptoChat - Beyond Secure Messaging

By: Zion3R


Welcome to CryptChat - where conversations remain truly private. Built on the robust Python ecosystem, our application ensures that every word you send is wrapped in layers of encryption. Whether you're discussing sensitive business details or sharing personal stories, CryptChat provides the sanctuary you need in the digital age. Dive in, and experience the next level of secure messaging!

  1. End-to-End Encryption: Every message is secured from sender to receiver, ensuring utmost privacy.
  2. User-Friendly Interface: Navigating and messaging is intuitive and simple, making secure conversations a breeze.
  3. Robust Backend: Built on the powerful Python ecosystem, our chat is reliable and fast.
  4. Open Source: Dive into our codebase, contribute, and make it even better for everyone.
  5. Multimedia Support: Not just text - send encrypted images, videos, and files with ease.
  6. Group Chats: Have encrypted conversations with multiple people at once.

  • Python 3.x
  • cryptography
  • colorama

  1. Clone the repository:

    git clone https://github.com/HalilDeniz/CryptoChat.git

  2. Navigate to the project directory:

    cd CryptoChat

  3. Install the required dependencies:

    pip install -r requirements.txt

bind the server to. --port PORT The port number to bind the server to. -------------------------------------------------------------------------- $ python3 client.py --help usage: client.py [-h] [--host HOST] [--port PORT] Connect to the chat server. options: -h, --help show this help message and exit --host HOST The server's IP address. --port PORT The port number of the server." dir="auto">
$ python3 server.py --help
usage: server.py [-h] [--host HOST] [--port PORT]

Start the chat server.

options:
-h, --help   show this help message and exit
--host HOST  The IP address to bind the server to.
--port PORT  The port number to bind the server to.
--------------------------------------------------------------------------
$ python3 client.py --help
usage: client.py [-h] [--host HOST] [--port PORT]

Connect to the chat server.

options:
-h, --help   show this help message and exit
--host HOST  The server's IP address.
--port PORT  The port number of the server.

secret key for encryption. (Default=mysecretpassword) -------------------------------------------------------------------------- $ python3 clientE.py --help usage: clientE.py [-h] [--host HOST] [--port PORT] [--key KEY] Connect to the chat server. options: -h, --help show this help message and exit --host HOST The IP address to bind the server to. (Default=127.0.0.1) --port PORT The port number to bind the server to. (Default=12345) --key KEY The secret key for encryption. (Default=mysecretpassword)" dir="auto">
$ python3 serverE.py --help
usage: serverE.py [-h] [--host HOST] [--port PORT] [--key KEY]

Start the chat server.

options:
  -h, --help   show this help message and exit
  --host HOST  The IP address to bind the server to. (Default=0.0.0.0)
  --port PORT  The port number to bind the server to. (Default=12345)
  --key KEY    The secret key for encryption. (Default=mysecretpassword)
--------------------------------------------------------------------------
$ python3 clientE.py --help
usage: clientE.py [-h] [--host HOST] [--port PORT] [--key KEY]

Connect to the chat server.

options:
  -h, --help   show this help message and exit
  --host HOST  The IP address to bind the server to. (Default=127.0.0.1)
  --port PORT  The port number to bind the server to. (Default=12345)
  --key KEY    The secret key for encr   yption. (Default=mysecretpassword)
  • --help: show this help message and exit
  • --host: The IP address to bind the server.
  • --port: The port number to bind the server.
  • --key : The secret key for encryption

Contributions are welcome! If you find any issues or have suggestions for improvements, feel free to open an issue or submit a pull request.

If you have any questions, comments, or suggestions about CryptChat, please feel free to contact me:



Beware, Developers: BlazeStealer Malware Discovered in Python Packages on PyPI

By: Newsroom
A new set of malicious Python packages has slithered their way to the Python Package Index (PyPI) repository with the ultimate aim of stealing sensitive information from compromised developer systems. The packages masquerade as seemingly innocuous obfuscation tools, but harbor a piece of malware called BlazeStealer, Checkmarx said in a report shared with The Hacker News. "[BlazeStealer]

TrafficWatch - TrafficWatch, A Packet Sniffer Tool, Allows You To Monitor And Analyze Network Traffic From PCAP Files

By: Zion3R


TrafficWatch, a packet sniffer tool, allows you to monitor and analyze network traffic from PCAP files. It provides insights into various network protocols and can help with network troubleshooting, security analysis, and more.

  • Protocol-specific packet analysis for ARP, ICMP, TCP, UDP, DNS, DHCP, HTTP, SNMP, LLMNR, and NetBIOS.
  • Packet filtering based on protocol, source IP, destination IP, source port, destination port, and more.
  • Summary statistics on captured packets.
  • Interactive mode for in-depth packet inspection.
  • Timestamps for each captured packet.
  • User-friendly colored output for improved readability.
  • Python 3.x
  • scapy
  • argparse
  • pyshark
  • colorama

  1. Clone the repository:

    git clone https://github.com/HalilDeniz/TrafficWatch.git

  2. Navigate to the project directory:

    cd TrafficWatch

  3. Install the required dependencies:

    pip install -r requirements.txt

python3 trafficwatch.py --help
usage: trafficwatch.py [-h] -f FILE [-p {ARP,ICMP,TCP,UDP,DNS,DHCP,HTTP,SNMP,LLMNR,NetBIOS}] [-c COUNT]

Packet Sniffer Tool

options:
-h, --help            show this help message and exit
-f FILE, --file FILE  Path to the .pcap file to analyze
-p {ARP,ICMP,TCP,UDP,DNS,DHCP,HTTP,SNMP,LLMNR,NetBIOS}, --protocol {ARP,ICMP,TCP,UDP,DNS,DHCP,HTTP,SNMP,LLMNR,NetBIOS}
                     Filter by specific protocol
-c COUNT, --count COUNT
                     Number of packets to display

To analyze packets from a PCAP file, use the following command:

python trafficwatch.py -f path/to/your.pcap

To specify a protocol filter (e.g., HTTP) and limit the number of displayed packets (e.g., 10), use:

python trafficwatch.py -f path/to/your.pcap -p HTTP -c 10

  • -f or --file: Path to the PCAP file for analysis.
  • -p or --protocol: Filter packets by protocol (ARP, ICMP, TCP, UDP, DNS, DHCP, HTTP, SNMP, LLMNR, NetBIOS).
  • -c or --count: Limit the number of displayed packets.

Contributions are welcome! If you want to contribute to TrafficWatch, please follow our contribution guidelines.

If you have any questions, comments, or suggestions about Dosinator, please feel free to contact me:

This project is licensed under the MIT License.

Thank you for considering supporting me! Your support enables me to dedicate more time and effort to creating useful tools like DNSWatch and developing new projects. By contributing, you're not only helping me improve existing tools but also inspiring new ideas and innovations. Your support plays a vital role in the growth of this project and future endeavors. Together, let's continue building and learning. Thank you!" 



Operation Rusty Flag: Azerbaijan Targeted in New Rust-Based Malware Campaign

By: THN
Targets located in Azerbaijan have been singled out as part of a new campaign that's designed to deploy Rust-based malware on compromised systems. Cybersecurity firm Deep Instinct is tracking the operation under the name Operation Rusty Flag. It has not been associated with any known threat actor or group. "The operation has at least two different initial access vectors," security researchers

NodeStealer Malware Now Targets Facebook Business Accounts on Multiple Browsers

By: THN
An ongoing campaign is targeting Facebook Business accounts with bogus messages to harvest victims' credentials using a variant of the Python-based NodeStealer and potentially take over their accounts for follow-on malicious activities.  "The attacks are reaching victims mainly in Southern Europe and North America across different segments, led by the manufacturing services and technology

Developers Beware: Malicious Rust Libraries Caught Transmitting OS Info to Telegram Channel

By: THN
In yet another sign that developers continue to be targets of software supply chain attacks, a number of malicious packages have been discovered on the Rust programming language's crate registry. The libraries, uploaded between August 14 and 16, 2023, were published by a user named "amaperf," Phylum said in a report published last week. The names of the packages, now taken down, are as follows:

New Python URL Parsing Flaw Could Enable Command Execution Attacks

By: THN
A high-severity security flaw has been disclosed in the Python URL parsing function that could be exploited to bypass domain or protocol filtering methods implemented with a blocklist, ultimately resulting in arbitrary file reads and command execution. "urlparse has a parsing problem when the entire URL starts with blank characters," the CERT Coordination Center (CERT/CC) said in a Friday

Rust-based Realst Infostealer Targeting Apple macOS Users' Cryptocurrency Wallets

By: THN
A new malware family called Realst has become the latest to target Apple macOS systems, with a third of the samples already designed to infect macOS 14 Sonoma, the upcoming major release of the operating system. Written in the Rust programming language, the malware is distributed in the form of bogus blockchain games and is capable of "emptying crypto wallets and stealing stored password and

PyPI Repository Under Attack: User Sign-Ups and Package Uploads Temporarily Halted

By: Ravie Lakshmanan
The maintainers of Python Package Index (PyPI), the official third-party software repository for the Python programming language, have temporarily disabled the ability for users to sign up and upload new packages until further notice. "The volume of malicious users and malicious projects being created on the index in the past week has outpaced our ability to respond to it in a timely fashion,

Experts Identify Fully-Featured Info Stealer and Trojan in Python Package on PyPI

By: Ravie Lakshmanan
A malicious Python package uploaded to the Python Package Index (PyPI) has been found to contain a fully-featured information stealer and remote access trojan. The package, named colourfool, was identified by Kroll's Cyber Threat Intelligence team, with the company calling the malware Colour-Blind. "The 'Colour-Blind' malware points to the democratization of cybercrime that could lead to an

Researchers Hijack Popular NPM Package with Millions of Downloads

By: Ravie Lakshmanan
A popular npm package with more than 3.5 million weekly downloads has been found vulnerable to an account takeover attack. "The package can be taken over by recovering an expired domain name for one of its maintainers and resetting the password," software supply chain security company Illustria said in a report. While npm's security protections limit users to have only one active email address

Hackers Can Abuse Visual Studio Marketplace to Target Developers with Malicious Extensions

By: Ravie Lakshmanan
A new attack vector targeting the Visual Studio Code extensions marketplace could be leveraged to upload rogue extensions masquerading as their legitimate counterparts with the goal of mounting supply chain attacks. The technique "could act as an entry point for an attack on many organizations," Aqua security researcher Ilay Goldman said in a report published last week. VS Code extensions,

Zerobot Botnet Emerges as a Growing Threat with New Exploits and Capabilities

By: Ravie Lakshmanan
The Zerobot DDoS botnet has received substantial updates that expand on its ability to target more internet-connected devices and scale its network. Microsoft Threat Intelligence Center (MSTIC) is tracking the ongoing threat under the moniker DEV-1061, its designation for unknown, emerging, or developing activity clusters. Zerobot, first documented by Fortinet FortiGuard Labs earlier this month,

KmsdBot Botnet Suspected of Being Used as DDoS-for-Hire Service

By: Ravie Lakshmanan
An ongoing analysis of the KmsdBot botnet has raised the possibility that it's a DDoS-for-hire service offered to other threat actors. This is based on the different industries and geographies that were attacked, web infrastructure company Akamai said. Among the notable targets included FiveM and RedM, which are game modifications for Grand Theft Auto V and Red Dead Redemption 2, as well as

New Agenda Ransomware Variant, Written in Rust, Aiming at Critical Infrastructure

By: Ravie Lakshmanan
A Rust variant of a ransomware strain known as Agenda has been observed in the wild, making it the latest malware to adopt the cross-platform programming language after BlackCat, Hive, Luna, and RansomExx. Agenda, attributed to an operator named Qilin, is a ransomware-as-a-service (RaaS) group that has been linked to a spate of attacks primarily targeting manufacturing and IT industries across

New GoTrim Botnet Attempting to Break into WordPress Sites' Admin Accounts

By: Ravie Lakshmanan
A new Go-based botnet has been spotted scanning and brute-forcing self-hosted websites using the WordPress content management system (CMS) to seize control of targeted systems. "This new brute forcer is part of a new campaign we have named GoTrim because it was written in Go and uses ':::trim:::' to split data communicated to and from the C2 server," Fortinet FortiGuard Labs researchers Eduardo

New RansomExx Ransomware Variant Rewritten in the Rust Programming Language

By: Ravie Lakshmanan
The operators of the RansomExx ransomware have become the latest to develop a new variant fully rewritten in the Rust programming language, following other strains like BlackCat, Hive, and Luna. The latest version, dubbed RansomExx2 by the threat actor known as Hive0091 (aka DefrayX), is primarily designed to run on the Linux operating system, although it's expected that a Windows version will

HSTP - Simple Hyper Service Transfer Protocol On Networks

By: noreply@blogger.com (Unknown)



The protocol aims to develop a application layer abstraction for the Hyper Service Transfer Protocol.

HSTP is a recursion as nature of HSTP. This protocol implements itself as a interface. On every internet connected device, there is a HSTP instance. That's why the adoption is not needed. HSTP already running top of the internet. We have just now achieved to explain the protocol over protocols on heterogeneous networks. That's why do not compare with web2, web3 or vice versa.

Abstract

HSTP is a application representation interface for heterogeneous networks.

HSTP interface enforces to implement a set of methods to be able to communicate with other nodes in the network. Thus serves, clients, and other nodes can communicate with each other with trust based, end to end encrypted way. By the time the node resolution is based on fastest path resolution algorithm I wrote.


Protocol 4 Babies

Story time!

  • Baby crying!
  • Needs milk!
  • Mommy has a problem.
  • Father has a problem.
  • Let's fix this!

A small overview

Think about, we're in the situation of one mother and one father lives a happy life. They had a baby! Suddenly, the mother needed to drink pills regularly to cure a disase. The pill is a poison for the baby. The baby is crying and the mother calls father because he is the only trusted person to help the baby. But the father sometime can not stay at home, he needs to do something to feed the baby. Father heard one milkman has fresh and high quality milks for low price. Father decides to try to talk the milkman, milkman deliver the milk to the father, father carry the milk to the mother. Mother give the milk to the baby. Baby is happy now and the baby sleeps, mother see the baby is happy.

The family never buy the milk from outside, this is the first time they buy milk for the baby: (Mom do not know the number of milkman, milkman do not know the home address)

As steps:

0)  - Baby wants to drink milk.
1)  - Baby cries to the mom.
3)  - Mom see the baby is crying.
4)     - Mom checks the fridge. Mom sees the milk is empty. (Mother is only trusting the Father)
5)        - Mom calls the father.
6)        - Father calls the milkman.
7)        - Milkman delivers the milk to father.
8)        - Father delivers the milk to mom.
9)  - Mom gives the milk to the baby.
10) - Baby drinks the milk.
11) - Baby is happy.
12) - Baby sleeps.
13) - Mother see the baby is happy and sleeps.
14) - In order to be able to contact the milkman again, the mother asks the father to tell her that she wants the milkman to save the address of the house and the mobile phone of the mother.
15)     - Mother calls the father.
16)     - Father calls the milkman.
17)     - Milkman saves the address of the house and the mobile phone of the mother.

Oops, tomorrow baby wakes up and    cries again,
0) - Baby wants to drink milk.
1) - Baby cries to the mom.
2) - Mom see the baby is crying.
3)    - Mom checks the fridge. Mom sees the milk is empty. (Mother is trusting the Father had right decision in the first place by giving the address to the milkman, and the milkman had right decision in the first place by saving the address of the house and the mobile phone of the mother.)
4)    - Mother calls the milkman (Mother is trusting the Father's decision only)
5)    - Milkman delivers the milk to mom.
6) - Mom gives the milk to the baby.
7) - Baby drinks the milk.
8) - Baby is happy.
9) - Baby sleeps.
10) - Mother see the baby is happy and sleeps.
11) - Mother is happy and the mother trust the milkman now.

this document you're reading is a manifest for the internet people to connecting the other people by trusting the service serve the client and the trust only can be maintainable by providing good services. trust is the key, but not enough for survive. the service has to be reliable, consistent, cheap. unless the people will decide to not ask from you again.

So, it's easy right? It's so simple to understand, who are those people in the story?

  • Baby is a client.
  • Mom is a client.
  • Father is a client.
  • Milkman is a server.

also,

  • Baby could be a server in [TIME].
  • Mom is a server for baby.
  • Father is a server for mom.
  • Milkman is a server for father.
  • Milkman is a server for mom.

Baby is in trusted hands. Nothing to worry about. They love you, you will understand when you grow up and have a child.

// Technical step explanation soon, but not that hard as you see.

What is a HSTP?

HSTP is a interface, which is a set of methods that must be implemented by the application layer. The interface is used to communicate with other nodes in the network. The interface is designed to be used in a heterogeneous network.

What is a HSTP node?

HSTP shall be implemented on any layer of network connected devices/environment.

HSTP node could be a TCP server, HTTP server, static file or contract in any chain. One HSTP node is able to call any other HSTP node. Thus the nodes can call each other freely, they can check their system status, and they can communicate with each other.

What kind of abstraction layer for networks?

HSTP is already implemented on language level, by people for people. English is mostly adopted language around the Earth. JavaScript could be known also mostly adopted language for browser environments. Solidity is for EVM-based chains, hyperbees for TCP based networks, etc.

HSTP interface shall be applied between any HSTP connected devices/networks.

  • [Universe] talks to [Universe] via [HSTP]
    • [Kind] universe talks over world.
      • [World] Earth talks with sound frequencies and HSTP.
        • [Country] X sound frequencies on Xish and HSTP.
          • [Community] CommunityX Xish on CommunityXish.
        • [Country] Y talks Yish and HSTP.
        • [Country] Z talks Zish and HSTP.
      • [World] Mars talks with radio frequencies.
        • [Bacteria] UUU-1 talks UUU-1ish and HSTP.
          • Info: UUU-1 can call, universe/kind/world/Earth/X/CommunityX/query
      • [World] Jupiter talks with light frequencies and do not implements HSTP.
        • Info: If the Earth wants to talk with Jupiter, we can add one HSTP to Jupiter proxy on universe.
    • [Kind] universe talks over atoms and HSTP.
      • [Atoms] ... and HSTP.
        • ... and HSTP.
          • [Y] ... and HSTP.
            • Info: [Y] can talk with universe/kind/world/Mars/Bacteria/UUU-1/query
      • [Atoms] ... and HSTP.
        • ... and HSTP.
          • [Y] ... and HSTP.
            • Info: [Y] can talk with universe/kind/world/Mars/Bacteria/UUU-1/query Info: Kind universe can talk with Mars, and Mars also can talk with Kind universe.

What is the purpose of HSTP?

Infinitive scaling options: Any TCP connected device can talk with any other TCP connected device over HSTP. That means any web browser is serve of another HSTP node, and any web browser can call any other web browser.

Uniform application representation interface: HSTP is a uniform interface, which is a set of methods that must be implemented by the application layer.

Heterogeneous networks: Any participant of network is allowing to share the resources with other participants of the network. The resources can be CPU, memory, storage, network, etc.

Conjucation of web versions Since the blockchain technologies calling as web3, people started discussing about the differanciates between the web's. Comparing is a behaviour for incremental numeric system education's mindset. Which one is better: none of them. We have to build systems could talk in one uniform protocol, underneath services could be anything. HSTP is aiming for that.

What are the components of HSTP?

Registry interface Registry interface designed for using on TCP layer, to be able to register top level tld nodes in the network. The first implementation of HSTP TCP relay will resolve hstp/

The registry has two parts of the interface:

  • Register method, which is used to register a new node in the network.
  • Resolve method, which is used to resolve a node in the network.

Registry implementation needs two HSTP node,

  1. Hyperbees
  • Heterogen networks will resolve the registry of RPC, TCP, HTTP, HSTP etc.
  1. Registry.sol on any EVM based chain. (Ethereum, Binance Smart Chain, Polygon, etc.)
  • Registry.sol will resolve the registry of HSTP nodes. That can be relayed over another networks.

Router interface

For demonstration purposes, we will use the following solidity example:

// SPDX-License-Identifier: GNU-3.0-or-later
pragma solidity ^0.8.0;

import "./HSTP.sol";
import "./ERC165.sol";

enum Operation {
    Query,
    Mutation
}

struct Response {
    uint256 status;
    string body;
}

struct Registry {
    HSTP resolver;
}

// HSTP/Router.sol
abstract contract Router is ERC165 {
    event Log(address indexed sender, Operation operation, bytes payload);
    event Register(address indexed sender, Registry registry);
    mapping(string => Registry) public routes;

    function reply(string memory name, Operation _operation, bytes memory payload) public virtual payable returns(Response memory response) {
        emit Log(msg.sender, _operation, payload);
        // Traverse upwards and downwards of the tree.
        // Tries to find the closest path for given operation.
        // If the route is registered on    HSTP node, reply from children node.
        // If the node do not have the route on this node, ask for parent.
        if (routes[name]) {
            if (_operation == Operation.Query) {
                return this.query(payload);
            } else if (_operation == Operation.Mutation) {
                return this.mutation(payload);
            }
        }
        return super.reply(name, _operation, payload);
    }

    function query(string memory name, bytes memory payload) public view returns (Response memory) {
        return routes[name].resolver.query(payload);
    }

    function mutation(string memory name, bytes memory payload) public payable returns (Response memory) {
        return routes[name].resolver.mutation(payload);
    }

    function register(string memory name, HSTP node) public {
        Registry memory registry = Registry({
            resolver: node
        });
        emit Register(msg.sender, registry);
        routes[name] = registry;
    }

    function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) {
        return interfaceId == type(HSTP).interfaceId;
    }
}

HSTP interface

// SPDX-License-Identifier: GNU-3.0-or-later
pragma solidity ^0.8.0;

import "./Router.sol";

// Stateless Hyper Service Transfer Protocol for on-chain services.
// Will implement: EIP-4337 when it's on final stage.
// https://github.com/ethereum/EIPs/blob/master/EIPS/eip-4337.md
abstract contract HSTP is Router {
    constructor(string memory name) {
        register(name, this);
    }

    function query(bytes memory payload)
        public
        view
        virtual
        returns (Response memory);

    function mutation(bytes memory payload)
        public
        payable
        virtual
        returns (Response memory);
}

Example HSTP Node

HSTP node has access to call parent router by super.reply(name, operation, payload) method. HSTP node can also call children nodes by calling this.query(payload) or this.mutation(payload) methods.

A HSTP node can be a smart contract, or a web browser, or a TCP connected device.

Node has full capability of adding more HSTP nodes to the network or itself as sub services.

      HSTP  HSTP
    /    \   /  \
  HSTP   HSTP  HSTP
        /    \
      HSTP  HSTP
    /       /
    HSTP   HSTP
// SPDX-License-Identifier: UNLICENSED
pragma solidity ^0.8.0;

import "hstp/HSTP.sol";

// Stateless Hyper Service Transfer Protocol for on-chain services.
contract Todo is HSTP("Todo") {

    struct ITodo {
        string todo;
    }

    function addTodo(ITodo memory request) public payable returns(Response memory response) {
        response.body = request.todo;
        return response;
    }

    // Override for HSTP.
    function query(bytes memory payload)
        public
        view
        virtual
        override
        returns (Response memory) {}

    function mutation(bytes memory payload)
        public
        payable
        virtual
        override
        returns (Response memory) {
            (ITodo memory request) = abi.decode(payload, (ITodo));
            return this.addTodo(request);
        }
}</   code>

Proposal

Ethereum proposal is draft now, but the protocol has referance implementation Todo.sol.

Awesome web services running top of HSTP

Full list here

Hello world

You can test the HSTP and try on remix now.

How to play with the protocol?

  • Copy the source code below to the https://remix.ethereum.org/
  • Deploy on any EVM based chain.
  • Call the functions and try different network topologies on HSTP.
// SPDX-License-Identifier: UNLICENSED
pragma solidity ^0.8.0;

import "hstp/HSTP.sol";

// Stateless Hyper Service Transfer Protocol for on-chain services.
contract Todo is HSTP("Todo") {

    struct TodoRequest {
        string todo;
    }

    function addTodo(TodoRequest memory request) public payable returns(Response memory response) {
        response.body = request.todo;
        return response;
    }

    // Override for HSTP.
    function query(bytes memory payload)
        public
        view
        virtual
        override
        returns (Response memory) {}

    function mutation(bytes memory payload)
        public
        payable
        virtual
        override
        returns (Response memory) {
            (TodoRequest memory todoRequest) = abi.decode(payload, (TodoRequest));
            return this.addTodo(tod   oRequest);
        }
}

Contribute:

Developer level contribution

  • Write a todo application with HSTP, deploy with remix and test it.
  • Draw example architecture of HSTP (serviceless architecture).

Core level contribution

  • Implement TCP layer HSTP interface on hyperbees, [Universe]
    • hyperbees and HSTP will be the first implementation of HSTP.
    • That will covers the universe phrase of networks. That will bring us full decentralized web on HSTP.
  • Implement RPC layer HSTP interface on Solidity [Web3]
  • Implement complex serviceless architecture on HSTP interface with Solidity [Web3]
  • Implement HTTP layer HSTP interface on JavaScript [Web]

Inspirations:

License

GNU GENERAL PUBLIC LICENSE V3

Core Contributors

Author

Cagatay Cali



Researchers Warn of New Go-based Malware Targeting Windows and Linux Systems

By: Ravie Lakshmanan
A new, multi-functional Go-based malware dubbed Chaos has been rapidly growing in volume in recent months to ensnare a wide range of Windows, Linux, small office/home office (SOHO) routers, and enterprise servers into its botnet. "Chaos functionality includes the ability to enumerate the host environment, run remote shell commands, load additional modules, automatically propagate through

RubyGems Makes Multi-Factor Authentication Mandatory for Top Package Maintainers

By: Ravie Lakshmanan
RubyGems, the official package manager for the Ruby programming language, has become the latest platform to mandate multi-factor authentication (MFA) for popular package maintainers, following the footsteps of NPM and PyPI. To that end, owners of gems with over 180 million total downloads are mandated to turn on MFA effective August 15, 2022. <!--adsense--> "Users in this category who do not

New 'ParseThru' Parameter Smuggling Vulnerability Affects Golang-based Applications

By: Ravie Lakshmanan
Security researchers have discovered a new vulnerability called ParseThru affecting Golang-based applications that could be abused to gain unauthorized access to cloud-based applications. "The newly discovered vulnerability allows a threat actor to bypass validations under certain conditions, as a result of the use of unsafe URL parsing methods built in the language," Israeli cybersecurity firm

Two Key Ways Development Teams Can Increase Their Security Maturity

By: The Hacker News
Now more than ever, organizations need to enable their development teams to build and grow their security skills. Today organizations face a threat landscape where individuals, well-financed syndicates, and state actors are actively trying to exploit errors in software. Yet, according to recent global research, 67% of developers that were interviewed said they were still shipping code they knew

An Easier Way to Keep Old Python Code Healthy and Secure

By: The Hacker News
Python has its pros and cons, but it's nonetheless used extensively. For example, Python is frequently used in data crunching tasks even when there are more appropriate languages to choose from. Why? Well, Python is relatively easy to learn. Someone with a science background can pick up Python much more quickly than, say, C. However, Python's inherent approachability also creates a couple of

New Rust-based Ransomware Family Targets Windows, Linux, and ESXi Systems

By: Ravie Lakshmanan
Kaspersky security researchers have disclosed details of a brand-new ransomware family written in Rust, making it the third strain after BlackCat and Hive to use the programming language. Luna, as it's called, is "fairly simple" and can run on Windows, Linux, and ESXi systems, with the malware banking on a combination of Curve25519 and AES for encryption. <!--adsense--> "Both the Linux and ESXi

Why Developers Hate Changing Language Versions

By: The Hacker News
Progress powers technology forward. But progress also has a cost: by adding new capabilities and features, the developer community is constantly adjusting the building blocks. That includes the fundamental languages used to code technology solutions. When the building blocks change, the code behind the technology solution must change too. It's a challenging and time-consuming exercise that
❌