(⋆❛ ہ ❛⋆)⊃.:☆..:*・☆ JeremyNGalloway

Native Secure Enclave backed ssh keys on MacOS

It turns out that MacOS Tahoe can generate and use secure-enclave backed SSH keys! This replaces projects like https://github.com/maxgoedjen/secretive

There is a shared library /usr/lib/ssh-keychain.dylib that traditionally has been used to add smartcard support to ssh by implementing PKCS11Provider interface. However since recently it also implements SecurityKeyProivder which supports loading keys directly from the secure enclave! SecurityKeyProvider is what is normally used to talk to FIDO2 devices (e.g. libfido2 can be used to talk to your Yubikey). However you can now use it to talk to your Secure Enclave instead!

BIND 9 Cache Poisoning via Unsolicited Answer Records (CVE-2025-40778)

Overview

A vulnerable BIND 9 resolver (version 9.18.39) accepts and caches resource records that were not requested in the original DNS query. An off-path attacker who can race or spoof responses may inject forged address data into the resolver cache. Once poisoned, subsequent clients are redirected to attacker-controlled infrastructure without triggering fresh lookups. The issue is tracked as CVE-2025-40778 and carries a published CVSS v3.1 score of 8.6 (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N).

Affected Software

Product: BIND 9 recursive resolver
Version tested: 9.18.39 (affected)
Known affected ranges:
9.11.0 – 9.16.50

Comprehensive Threat Intelligence Report: Charming Kitten

DFIR and CTI Analysis Date: 2025-10-29

1. Executive Summary

This report provides a comprehensive analysis of the Tactics, Techniques, and Procedures (TTPs), operational tradecraft, and targeting patterns of the threat actor group known as "Charming Kitten." The analysis is based on a leaked dataset of the group's internal documents, logs, and operational reports. The findings indicate a sophisticated and well-organized actor with a clear focus on espionage and disruptive attacks.

A groundbreaking finding from the Episode 4 leak is the direct link between Charming Kitten and the previously distinct threat groups known as "Moses-Staff" and "Qassam". Analysis of the group's internal infrastructure and payment records reveals that these are not separate entities, but rather pseudo-names or campaigns operated by Charming Kitten. This attribution, which has not been publicly documented before, is a critical development in understa

Modify /etc/nginx/nginx.conf file
Modify /etc/nginx/sites-available/site.conf file
Create /etc/nginx/useragent.rule file

Where to find user agent strings?
https://explore.whatismybrowser.com/useragents/explore/software_name/facebook-bot/

Looking for same but for Apache2? Here: https://techexpert.tips/apache/apache-blocking-bad-bots-crawlers/

macOS Internals

Understand your Mac and iPhone more deeply by tracing the evolution of Mac OS X from prelease to Swift. John Siracusa delivers the details.

Starting Points

How to use this gist

You've got two main options:

	cisco:ANYCONNECT.2017
	anyconnect:Anyconnect*3!
	cisco:anyconnect%4012345
	cisco:CISCO.123456!
	cisco:Anyconnect%402025
	cisco:Anyconnect_17
	cisco:CISCO%252
	cisco:ANYCONNECT%2421
	anyconnect:Anyconnect%26123456!
	cisco:ANYCONNECT!2017!

	#!/usr/bin/env python3


	"""
	AWS Identity Collector: Extract Trust and Privilege Data Across Accounts

	This script collects identity and access metadata from one or more AWS accounts,
	including IAM roles, IAM users, SSO (AWS IAM Identity Center) users, and their policies.
	It’s used as a precursor for analyzing trust relationships and admin-equivalent access
	across AWS environments.

	#!/bin/bash

	# Define the main export folder
	export_folder=~/Desktop/iMessages_Export
	mkdir -p "$export_folder"

	# Part 1: Generate the CSV file
	echo "Generating CSV file..."

	sqlite3 ~/Library/Messages/chat.db <<EOF

	# ps -aef \| grep 94
	root 94 2 0 Jun16 ? 00:00:00 [kworker/6:1H]
	root 594 2 0 Jun16 ? 00:00:00 [ipv6_addrconf]
	root 4692 2509 0 01:17 pts/0 00:00:00 grep 94
	root 20394 2 0 Oct08 ? 00:00:20 [kworker/u32:2]
	# mkdir -p spoof/fd; mount -o bind spoof /proc/94; ln -s socket:\[283\] /proc/94/fd/99; ls -la /proc/94/fd
	total 4
	drwxr-xr-x 2 root root 4096 Oct 9 01:16 .
	dr-xr-xr-x 193 root root 0 Jun 16 17:40 ..
	lrwxrwxrwx 1 root root 12 Oct 9 01:16 99 -> socket:[283]