Monthly Archives: April 2018

DAMP

DAMP: Persistence Through Host-based Security Descriptor Modification

Category : Blog

Security Descriptor Modification | Host Based | DAMP

Security Descriptor Modification, host based persistence into DAMP.

This project contains several files that implement host-based security descriptor “backdoors” that facilitate the abuse of various remotely accessible services for arbitrary trustees/security principals.

tl;dr – this grants users/groups (local, domain, or ‘well-known’ like ‘Everyone’) of an attacker’s choosing the ability to perform specific administrative actions on a modified host without needing membership in the local administrators group.

Note: to implement these backdoors, you need the right to change the security descriptor information for the targeted service, which in stock configurations nearly always means membership in the local administrators group.

Security Descriptor

 

Remote Hash Extraction On Demand Via Host Security Descriptor Modification

This is the long overdue follow-up to the “An ACE in the Hole: Stealthy Host Persistence via Security Descriptors” presentation (slides and video) that @tifkin_, @enigma0x3, and I gave at DerbyCon last year. This past weekend we gave a talk at @Sp4rkCon titled “The Unintended Risks of Trusting Active Directory” that explored combining our host-based security descriptor research with the work that @_wald0 and I detailed at Black Hat and DEF CON last year on Active Directory security descriptor backdooring. One of the more interesting case studies at both DerbyCon and Sp4rkCon involved a host-based security descriptor modification primitive that allows indefinite remote retrieval of a machine’s account hash. This post will dive deeply into this approach, the newly released weaponized code that implements it, and the extension allowing for the extraction of local account hashes and domain cached credentials.

Security Descriptors

 

 

Security Descriptor Operations

The Windows API provides functions for getting and setting the components of the security descriptor associated with a securable object. Use the GetSecurityInfo and GetNamedSecurityInfo functions to retrieve a pointer to an object’s security descriptor. These functions can also retrieve pointers to the individual components of the security descriptor: DACL, SACL, owner SID, and primary group SID. Use the SetSecurityInfo and SetNamedSecurityInfo functions to set the components of an object’s security descriptor.

The Windows API provides additional functions for manipulating the components of a security descriptor. For information about working with access control lists (DACLs or SACLs), see Getting Information from an ACL and Creating or Modifying an ACL. For information about SIDs, see Security Identifiers (SIDs).

 

SetSecurityInfo

 

 

Remote Registry:

Add-RemoteRegBackdoor.ps1

Add-RemoteRegBackdoor

Implements a new remote registry backdoor that allows for the remote retrieval of a system’s machine and local account hashes, as well as its domain cached credentials.

RemoteHashRetrieval.ps1

Get-RemoteMachineAccountHash

Abuses the ACL backdoor set by Add-RemoteRegBackdoor to remotely retrieve the local machine account hash for the specified machine.

Get-RemoteLocalAccountHash

Abuses the ACL backdoor set by Add-RemoteRegBackdoor to remotely retrieve the local SAM account hashes for the specified machine.

Get-RemoteCachedCredential

Abuses the ACL backdoor set by Add-RemoteRegBackdoor to remotely retrieve the domain cached credentials for the specified machine.

 

Remote

 

 

Highest Selling Technical Courses of Indian Cyber Security Solutions:

Certified Ethical Hacker Training in Bhubaneswar

Certified Ethical Hacker Training in Bangalore

Ethical Hacking Training in Bangalore

Certified Ethical Hacker Training in Hyderabad

Ethical Hacking Training in Hyderabad

Python Training in Bangalore

Python Training in Hyderabad

Certified Ethical Hacker Certification – C | EH v10

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Testing training

Ethical Hacking  training

Python Programming training

Diploma in Network Security Training

Android Development  training

Secured Coding in Java

Certified Network Penetration Tester 

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 

Cybersecurity services that can protect your company:

Web Security | Web Penetration Testing

Network Penetration Testing – NPT

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery

 

Other Location for Online Courses:

Bhubaneswar

Bangalore

Hyderabad


Top 6 best Linux Distribution for new Linux users

Category : Blog

Linux Distribution

Linux distributions are “easy to use”. Some users may refute this view, but in fact, when it comes to Linux, most people who are not engaged in IT or software development work will be attracted by the easiest user experience.

 

Linux

 

Ubuntu

Ubuntu is an open source operating system first released on October 20, 2004. It is built upon the code base of Debian Linux. It is named after Ubuntu, a South African philosophy which embodies the belief in the bond of sharing which connects all of humanity.

Website: https://www.ubuntu.com/

 

Ubuntu

 

Linux Mint

Mint Linux, also known as Linux Mint, is a Linux distribution for desktop computers. Its design focuses on prioritizing open-source software components, with exceptions for proprietary multimedia software, such as the Adobe Flash plugin. Known as one of the more user-friendly variants, It is comes with many popular free software packages such as LibreOffice, Pidgin, and GIMP, and its default web browser is Firefox.

It is designed to strike a balance between simplicity and elegance. The updated version is numbered so that the user can more clearly understand which updates have the greatest impact on the system. Another benefit of it’s update tool is that it can detect unmodified mirroring and apt problems, as well as options for selecting native images.

Website: https://linuxmint.com/

 

Linux Mint

 

Fedora

Fedora Linux, also known as Fedora, is a Linux variant created by a community of developers known as the Fedora Project. It is owned by the company Red Hat. It was first released in 2003, shortly after Red Hat discontinued its official Linux distribution, Red Hat Linux.

The design focus of Fedora is security and innovation. It has a reputation for integrating the newest changes to operating system technologies as early as possible. Fedora is also noted for implementing SELinux, which enforces mandatory access controls on all files.

Website: https://getfedora.org

 

Fedora

 

PCLinuxOS

First released in 2003, PCLinuxOS (also known as PCLOS) is a variant for desktop and laptop computers. There are several special versions available for download, which come packaged with various desktop environments, including MATE, KDE, and LXDE.

PCLinuxOS implementation of the KDE control center is very easy to use.

Website: http://www.pclinuxos.com/

 

PCLinuxOS

 

Arch Linux

First released in 2002, Arch Linux is a Linux distribution for i686 and x86-64 computer architectures. Its design focuses on simplicity, security, and efficiency. Unlike other operating systems that use discrete versions, its updates on a rolling release model, offering continuous, incremental upgrades to keep the system up-to-date.

Website: https://www.archlinux.org/

 

Arch Linux

 

Manjaro

Manjaro is a user-friendly based on the independently developed Arch operating system. Developed in Austria, France, and Germany, Manjaro provides all the benefits of the Arch operating system combined with a focus on user-friendliness and accessibility. Available in both 32 and 64-bit versions, Manjaro is suitable for newcomers as well as experienced users.

Website: https://manjaro.org/

 

Manjaro

 

 

 

Highest Selling Technical Courses of Indian Cyber Security Solutions:

Certified Ethical Hacker Training in Bhubaneswar

Certified Ethical Hacker Training in Bangalore

Ethical Hacking Training in Bangalore

Certified Ethical Hacker Training in Hyderabad

Ethical Hacking Training in Hyderabad

Python Training in Bangalore

Python Training in Hyderabad

Certified Ethical Hacker Certification – C | EH v10

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Testing training

Ethical Hacking  training

Python Programming training

Diploma in Network Security Training

Android Development  training

Secured Coding in Java

Certified Network Penetration Tester 

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 

Cybersecurity services that can protect your company:

Web Security | Web Penetration Testing

Network Penetration Testing – NPT

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery

 

Other Location for Online Courses:

Bhubaneswar

Bangalore

Hyderabad

 


Geoip attack

Geoip attack map: Cyber security geoip attack map

Category : Blog

Geoip attack map Visualization

Geoip attack   map visualizer was developed to display network attacks on your organization in real time. The data server follows a syslog file, and parses out source IP, destination IP, source port, and destination port. Protocols are determined via common ports, and the visualizations vary in color based on protocol type.

This project would not be possible if it weren’t for Sam Cappella, who created a cyber defense competition network traffic visualizer for the 2015 Palmetto Cyber Defense Competition.

Geoip attack

 

Important of Geoip attack map

This   program relies entirely on syslog, and because all appliances format logs differently, you will need to customize the log parsing function(s). If your organization uses a security information and event management system (SIEM), it can probably normalize logs to save you a ton of time writing regex.

Send all syslog to SIEM.

Use SIEM to normalize logs.

Send normalized logs to the box (any Linux machine running syslog-ng will work) running this software so the data server can parse them.

SIEM

 

Configuration:

  1. Make sure in /etc/redis/redis.conf to change bind 127.0.0.1 to bind 0.0.0.0 if you plan on running the DataServer on a different machine than the AttackMapServer.
  2. Make sure that the WebSocket address in /AttackMapServer/index.html points back to the IP address of the AttackMapServer so the browser knows the address of the WebSocket.
  3. Download the MaxMind GeoLite2 database, and change the db_path variable in DataServer.py to the wherever you store the database.
  4. ./db-dl.sh
  5. Add headquarters latitude/longitude to hqLatLng variable in index.html
  6. Use syslog-gen.py, or syslog-gen.sh to simulate dummy traffic “out of the box.”
  7. IMPORTANT: Remember, this code will only run correctly in a production environment after personalizing the parsing functions. The default parsing function is only written to parse ./syslog-gen.sh traffic.

 

AttackMapServer

 

 

 

Highest Selling Technical Courses of Indian Cyber Security Solutions:

Certified Ethical Hacker Training in Bhubaneswar

Certified Ethical Hacker Training in Bangalore

Ethical Hacking Training in Bangalore

Certified Ethical Hacker Training in Hyderabad

Ethical Hacking Training in Hyderabad

Python Training in Bangalore

Python Training in Hyderabad

Certified Ethical Hacker Certification – C | EH v10

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Testing training

Ethical Hacking  training

Python Programming training

Diploma in Network Security Training

Android Development  training

Secured Coding in Java

Certified Network Penetration Tester 

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 

Cybersecurity services that can protect your company:

Web Security | Web Penetration Testing

Network Penetration Testing – NPT

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery

 

Other Location for Online Courses:

Bhubaneswar

Bangalore

Hyderabad

 


VMware Escapes: A bunch of Red Pills

Category : Blog

VMware

VMware is one of the leaders in virtualization nowadays. They offer VMware ESXi for cloud, and VMware Workstation and Fusion for Desktops (Windows, Linux, macOS).
The technology is very well known to the public: it allows users to run unmodified guest “virtual machines”.
Often those virtual machines are not trusted, and they must be isolated.
VMware goes to a great deal to offer this isolation, especially on the ESXi product where virtual machines of different actors can potentially run on the same hardware. So a strong isolation of is paramount importance.

VMware

 

How VMware works:

In a nutshell it often uses (but they are not strictly required) CPU and memory hardware virtualization technologies, so a guest virtual machine can run code at native speed most of the time.

But a modern system is not just a CPU and Memory, it also requires lot of other Hardware to work properly and be useful.

This point is very important because it will consist of one of the biggest attack surfaces of VMware: the virtualized hardware.

Virtualizing a hardware device is not a trivial task. It’s easily realized by reading any datasheet for hardware software interface for a PC hardware device.

hardware

 

Altough recently lot of VMware blogpost and presentations were released, we felt the need to write our own for the following reasons:

  • First, no one ever talked correctly about our Pwn2Own bugs, so we want to shed light on them.
  • Second, some of those published resources either lack of details or code.

emulate

 

Overall architecture:

complex product like VMware consists of several components, we will just highlight the most important ones, since the VMware architecture design has already been discussed extensively elsewhere.

  • VMM: this piece of software runs at the highest possible privilege level on the physical machine. It makes the VMs tick and run and also handles all the tasks which are impossible to perform from the host ring 3 for example.
  • vmnat: vmnat is responsible for the network packet handling, since VMware offers advanced functionalities such as NAT and virtual networks.
  • vmware-vmx: every virtual machine started on the system has its own vmware-vmx process running on the host. This process handles lot of tasks which are relevant for this blogpost, including lot of the device emulation, and backdoor requests handling. The result of the exploitation of the chains we will present will result in code execution on the host in the context of vmware-vmx.

vmnat

 

Backdoor:

The  so called backdoor, it’s not actually a “backdoor”, it’s simply a mechanism implemented in VMware for guest-host and host-guest communication.

A useful resource for understanding this interface is the open-vm-tools repository by  itself.

Basically at the lower level, the backdoor consists of 2 IO ports 0x5658 and 0x5659, the first for “traditional” communication, the other one for “high bandwidth” ones.

The guest issues in/out instructions on those ports with some registers convention and it’s able to communicate with it running on the host.

backdoor

 

 

 

Highest Selling Technical Courses of Indian Cyber Security Solutions:

Certified Ethical Hacker Training in Bhubaneswar

Certified Ethical Hacker Training in Bangalore

Ethical Hacking Training in Bangalore

Certified Ethical Hacker Training in Hyderabad

Ethical Hacking Training in Hyderabad

Python Training in Bangalore

Certified Ethical Hacker Certification – C | EH v10

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Testing training

Ethical Hacking  training

Python Programming training

Diploma in Network Security Training

Android Development  training

Secured Coding in Java

Certified Network Penetration Tester 

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

 

Cybersecurity services that can protect your company:

Web Security | Web Penetration Testing

Network Penetration Testing – NPT

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery

 

Other Location for Online Courses:

Bhubaneswar

Bangalore

Hyderabad

 


Jackhammer

Jackhammer: Security vulnerability assessment/management tool

Category : Blog

Jackhammer

Jackhammer  is a collaboration tool built with an aim of bridging the gap between Security team vs dev team, QA team and being a facilitator for TPM to understand and track the quality of the code going into production. It could do static code analysis and dynamic analysis with inbuilt vulnerability management capability. It finds security vulnerabilities in the target applications and it helps security teams to manage the chaos in this new age of continuous integration and continuous/multiple deployments.

It completely works on RBAC (Role Based Access Control). There are cool dashboards for individual scans and team scans giving ample flexibility to collaborate with different teams. It is totally built on pluggable architecture which can be integrated with any open source/commercial tool.

Jackhammer uses the OWASP pipeline project to run multiple open source and commercial tools against your code, web app, mobile app, cms (wordpress), network.

 

Jackhammer

 

Features of Jackhammer:

  • Provides unified interface to collaborate on findings
  • Scanning (code / web-app / mobile-app /wordpress / network) can be done for all code management repositories and URLs
  • Scheduling of scans based on 3 intervals # daily, weekly, monthly
  • Advanced false positive filtering
  • Integrate other open source/ commercial/ your custom scanner within few minutes to Jackhammer
  • Realtime notification for scans
  • Publish vulnerabilities to bug tracking systems
  • Keep a tab on statistics and vulnerability trends in your applications
  • Integrates with majority of open source and commercial scanning tools
  • User and roles management giving greater control
  • Configurable severity levels on list of findings across the applications
  • Built-in vulnerability status progression
  • Additional support to upload result from other scanners(14 scanners already supported) and manage the vulnerabilities in Jackhammer
  • Intelligent filtering of vulnerabilities on different criteria to see what is actually needed

 

Scanning

 

Static Code Analysis

Built-in scanning tools support a majority of popular languages such as Java, Ruby, Python, and Nodejs, etc. In addition to security vulnerabilities, it also finds vulnerabilities in deprecated libraries and the applicable publically available CVEs.

For static analysis, this open source tool integrates with Brakeman, Bundler-Audit, Checkmarx, Dawnscanner, FindSecurityBugs, Xanitizer, NodeSecurityProject, PMD and Retire.js. If you are looking to find hard coded secrets/tokens/credentials, then Jackhammer uses Trufflehog. The base of all scans is a Nmap scan. For web application scanning, it uses Arachni and WPScan. Mobile scanning is also supported with Androbugs and Androguard. Not only that, you can also add new scanners within a few minutes. This is a nice user guide which tells you how to do it. Not only that, you can also import results from other scanners such as – Nmap, Burp Suite, ZAP, Nessus, QualysGuard, OpenVAS, Metasploit, Nexpose, Arachni, IBMApp, Fortify, SkipFish, W3af and Acunetix.

 

Static

 

Dynamic Analysis

It can scan all web applications / mobile applications / network / content managmenet system with and without authentication and has a unique way of managing sessions for better identification of vulnerabilities.

 

Dynamic

 

 

 

Highest Selling Technical Courses of Indian Cyber Security Solutions:

Certified Ethical Hacker Training in Bhubaneswar

Certified Ethical Hacker Training in Bangalore

Ethical Hacking Training in Bangalore

Certified Ethical Hacker Training in Hyderabad

Ethical Hacking Training in Hyderabad

Certified Ethical Hacker Certification – C | EH v10

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Testing training

Ethical Hacking  training

Python Programming training

Diploma in Network Security Training

Android Development  training

Secured Coding in Java

Certified Network Penetration Tester 

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 

Cybersecurity services that can protect your company:

Web Security | Web Penetration Testing

Network Penetration Testing – NPT

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery

 

Other Location for Online Courses:

Bhubaneswar

Bangalore

Hyderabad


Pybelt

Pybelt: The hackers tool belt

Category : Blog

Pybelt

Pybelt   is a Python-based hackers tool belt capable of cracking hashes without prior knowledge of the algorithm, scanning ports on a given host, searching for SQLi vulnerabilities in a given URL, verifying that your Google dorks work like they should, verifying the algorithm of a given hash, scanning a URL for XSS vulnerability, and finding usable HTTP proxies.

Pybelt

 

 

Features of Pybelt:

Pybelt is an open source python hacking kit that comes with:

  • Port Scanner
  • SQL Injection scanner
  • Dork Checker
  • Hash Cracker
  • Hash Type Verification
  • Proxy Finder
  • XSS Scanner

hacking kit

 

It is capable of cracking hashes without prior knowledge of the algorithm, scanning ports on a given host, searching for SQLi vulnerabilities in a given URL, verifying that your Google dorks work like they should, verifying the algorithm of a given hash, scanning a URL for XSS vulnerability, and finding usable HTTP proxies.

SQL Injection scanning made easy, just provide a URL and watch it work. Dork checker, have some Dorks you’re not sure of? Go ahead and run the Dork check with the Dork as an argument, it will pull 100 URLs and give you success rate for the Dork. Hash cracking made simple, provide the hash type at the end “:md5, sha256, etc” for a specific hash, or “: all” for all algorithms available on your machine.

 

SQL Injection

 

Usage

Installation:

You can both clone the repository

 

git clone https://github.com/ekultek/pybelt.git

or obtain the most recent launch as a zipper/tar ball here

Once you will have this system put in cd into the listing and run the next command:

 

pip set up -r necessities.txt

This will set up the entire applications wanted libraries and may be capable to be run from there.

###Functionality

 

python pybelt.py -p 127.zero.zero.1

Will run a port scan in your native host

 

python pybelt.py -s http://instance.com/php?id=2

Will run a SQLi scan on the given URL

 

python pybelt.py -d concept?id=55

Will run a Dork test on the given Google Dork

 

python pybelt.py -c 9a8b1b7eee229046fc2701b228fc2aff:all

Will try to crack the hash utilizing all algorithms out there on the pc

 

python pybelt.py -v 098f6bcd4621d373cade4e832627b4f6

Will attempt to confirm the hash sort

 

python pybelt.py -f

Will discover usable proxies

 

python pybelt.py -x http://127.zero.zero.1/php?id=1

Will search the URL for XSS vulnerability

 

Usage

 

 

Highest Selling Technical Courses of Indian Cyber Security Solutions:

Certified Ethical Hacker Training in Bhubaneswar

Certified Ethical Hacker Training in Bangalore

Ethical Hacking Training in Bangalore

Ethical Hacking Training in Hyderabad

Certified Ethical Hacker Certification – C | EH v10

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Testing training

Ethical Hacking  training

Python Programming training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 

Cybersecurity services that can protect your company:

Web Security | Web Penetration Testing

Network Penetration Testing – NPT

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery

 

Other Location for Online Courses:

Bhubaneswar

Bangalore

Hyderabad


Noriben: Portable, Simple, Malware Analysis Sandbox

Category : Uncategorized

Noriben

Noriben   is a Python-based script that works in conjunction with Sysinternals Procmon to automatically collect, analyze, and report on runtime indicators of malware. In a nutshell, it allows you to run your malware, hit a keypress, and get a simple text report of the sample’s activities.

Noriben allows you to not only run malware similar to a sandbox but to also log system-wide events while you manually run malware in ways particular to make it run. For example, it can listen as you run malware that requires varying command line options, or user interaction. Or, to watch the system as you step through malware in a debugger.

Noriben solely requires Sysinternals procmon.exe (or procmon64.exe) to function. It requires no pre-filtering (although it might tremendously assist) because it incorporates quite a few white record gadgets to scale back undesirable noise from system exercise.

Noriben

 

Cool Features of Noriben:

If  you will have a folder of YARA signature information, you’ll be able to specify it with the –yara choice. Every new file create shall be scanned towards these signatures with the outcomes displayed within the output outcomes.

If you will have a VirusTotal API, place it right into a file named “virustotal.api” (or embed immediately within the script) to auto-submit MD5 file hashes to VT to get the variety of viral outcomes.

You can add lists of MD5s to auto-ignore (resembling your entire system information). Use md5deep and throw them right into a textual content file, use –hash to learn them.

You can automate the script for sandbox-utilization. Using -t to automate execution time, and –cmd “pathexe” to specify a malware file, you’ll be able to routinely run malware, copy the outcomes off, after which revert to run a brand new pattern.

YARA

 

Bypassing Anti-Sandboxing

One   common instance to use Noriben is with malware that is VM and Sandbox aware. Throwing the sample into any existing sandbox will most likely result in a report with no artifacts as the malware didn’t run. Some applications look for manual user activity, such as mouse movement and clicking. Other malware may infect the WinHTTP stack and only trigger when a web browser is used. By just launching Noriben in the background, all of the system behavior is logged as the analyst manually controls the system to give the impression of a normal user. Once the file has been detonated, the results can be reviewed as a standard sandbox report.

sandbox

 

Command Line-Based Applications

 

In   rarer cases are malware samples that require command line options in order to run. Launching these executables within a sandbox would immediately fail as the malware does not have the arguments to operate. However, an analyst manually controlling the malware while Noriben is running can quickly gather all system artifacts from various command line options.

command

 

General Attack Artifacts

Even   more interesting, Noriben has been used by pentesters to determine what system artifacts exist when launching an attack against a system or service. By monitoring files created or registry entries modified, a security analyst can determine all artifacts that result from running an attack, a PowerShell command, or a Javascript-based web page.

Javascript

 

Perfect for Malware Analysis on the Road

It’s    commonly a scenario where an analyst may have a proper sandbox environment in a home lab but on the road has only a laptop. In working with various Sales Engineers and Support individuals from security companies, there were many times where they needed an immediate malware answer out of their hotel room. Noriben was designed to be used with little effort, little setup, and little maintenance. Even if you don’t have a dedicated malware VM, any Windows VM will do! Even <a snapshot copy of> your corporate environment!

VM

 

 

Highest Selling Technical Courses of Indian Cyber Security Solutions:

Certified Ethical Hacker Training in Bhubaneswar

Certified Ethical Hacker Training in Bangalore

Ethical Hacking Training in Bangalore

Ethical Hacking Training in Hyderabad

Certified Ethical Hacker Certification – C | EH v10

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Testing training

Ethical Hacking  training

Python Programming training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 

Cybersecurity services that can protect your company:

Web Security | Web Penetration Testing

Network Penetration Testing – NPT

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery

 

Other Location for Online Courses:

Bhubaneswar

Bangalore

Hyderabad

 


Pharos

Pharos – Automated static analysis tools for binary programs

Category : Blog

Pharos

Pharos is a open source, static binary analysis framework that uses the ROSE compiler, developed by Lawrence Livermore National Laboratory for disassembly, control flow analysis, instruction semantics. These features help you automate common reverse engineering tasks with a focus on malicious code analysis. The Pharos framework is made up of the following static binary analysis tools.

 

Pharos

 

Pharos Static Binary Analysis Framework

The Pharos framework is a research project, and the code is undergoing active development. No warranties of fitness for any purpose are provided. While this release provides build instructions, unit tests, and some documentation, much work remains to be done. We’ve tested a few select build configurations, but have not actively tested the portability of the source code. See the installation instructions for more details.

Framework

 

Pharos Static Binary Analysis Tools

APIAnalyzer: The APIAnalyzer is a signature driven tool for finding sequences of API calls with the specified data and control relationships. This capability is intended to be used to detect common operating system interaction parameters such as opening a file, writing to it, and the closing it.

APIAnalyzer

 

OOAnalyzer: OOAnalyzer is a tool for the analysis and recovery of object oriented constructs. It helps you identify object members and methods by tracking object pointers between functions in the program. This tool was previously named “Objdigger” and is being redesigned to use XSB Prolog rules to recover the object attributes. Earlier, ObjDigger used definition-use analysis to identify object pointers, known as this pointers. It accumulates context-free facts that are exported to Prolog for higher-level semantic analysis. When a line of reasoning doesn’t work out, Prolog backtracks and searches for a different solution.

OOAnalyzer

 

CallAnalyzer: Callanalyzer is a tool for reporting the static parameters to API calls in a binary program. It is largely a demonstration of our current calling convention, parameter analysis, and type detection capabilities, although it also provides useful analysis of the code in a program.

CallAnalyzer

 

FN2Yara: FN2Yara is a tool to generate YARA signatures for matching functions in an executable program. Programs that share significant numbers of functions are are likely to have behavior in common.

FN2Yara

 

FN2Hash: FN2Hash is tool for generating a variety of hashes and other descriptive properties for functions in an executable program. Like FN2Yara it can be used to support binary similarity analysis, or provide features for machine learning algorithm.

FN2Hash

 

DumpMASM: DumpMASM is a tool for dumping dis-assembly listings from an executable using the Pharos framework in the same style as the other tools. It has not been actively maintained, and you should consider using ROSE’s standard recursiveDisassemble instead.

DumpMASM

 

PyObjDigger: PyObjDigger is included as a plugin for the IDA Pro Dis-assembler (located at tools/objdigger/ida) to allow you to ingest, view, and modify ObjDigger results directly into IDA Pro. One of the most useful PyObjdigger features is its ability to annotate virtual function calls with clickable labels.

PyObjDigger

 

 

 

 

Highest Selling  Technical Courses of Indian Cyber Security Solutions:

Certified Ethical Hacker Training in Bangalore

Certified Ethical Hacker Training in Bhubaneswar

Ethical Hacking Training in Bangalore

Summer Training for CSE, IT, BCA & MCA Students 

Certified Ethical Hacker Certification – C|EH v10 

Network Penetration Testing training

Ethical Hacking  training

Python Programming training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 

 

 

Cybersecurity services that can protect your company:

 

Web Security | Web Penetration Testing

Network Penetration Testing – NPT

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery

 

Other Location for Online Courses:

Bangalore

Bhubaneswar


Risks of Using Public Wi-Fi

Danger of Using Public WiFi | What You Need to Know – ICSS

Category : Blog

Danger of Using Public WiFi

WiFi users are at risk from hackers, but fortunately there are safeguards against them. The recent explosion of free, public WiFi has been an enormous boon for working professionals. Since these free access points are available at restaurants, hotels, airports, bookstores, and even random retail outlets, you are rarely more than a short trip away from access to your network, and your work. This freedom comes at a price, though, and few truly understand the public WiFi risks associated with these connections.

Along with convenience for the public, public WiFi hotspots can also provide an easy way for identity thieves and cybercriminals to monitor what you’re doing online and to steal your passwords, your personal information, or both. Never assume that a public WiFi network is safe or secure. Remember, these passwords are shared, so anyone nearby can easily hop onto the network and see what you’re doing.

WiFi

 

Tips & Advice:

Risks of Using Public WiFi:

Today many, if not most, people carry some form of Internet-enabled device with them, whether it is a phone, laptop, tablet or some other technology. To get online, and avoid extra expenses by using a cellular connection, However, there are many potential risks involved in using public Wi-Fi. Users are often not aware of exactly whose network they are joining, what data they are sharing or how they may be subject to a cyber attack.

cyber attack

 

Whose network you are joining?

Anyone can set up a wireless hotspot and name it as they wish. By setting their own network name (Service Set Identifier or SSID) to a common or commercially used SSID, someone running a rogue hotspot can attract connections from users who think they are joining a legitimate network. Some devices will automatically join networks with familiar SSIDs.

SSID

 

Which networks are safe

It is safest to assume that no public WiFi is secure. Airports are                                      particularly risky locations due to the high concentration of                                    targets that may not have access to a domestic cellular network and may have an urgent need to get online. Need often outweighs any perceived risk.

Network

 

What are you agreeing to?

If you are asked to accept terms and conditions, ensure you read exactly what you are agreeing to. You may be agreeing to share more with your WiFi supplier than you think.

agreeing

 

 

What data are you sharing?

Any encrypted data sent through a WiFi network can be monitored and collected. You may be potentially giving away information such as passwords, email content and web searches.

encrypted

 

 

Risk & Attacks:

Rogue WiFi Networks:

An attacker set up a honeypot in the form of a free WiFi hotspot in order to harvest valuable data. The attacker’s hotspot becomes the conduit for all data exchanged over the network.

Rogue Wi-Fi Networks

 

 

Man-In-The-Middle (MITM) Attacks:

An attacker compromises a WiFi hotspot in order to insert himself into the communications between the victim and the hotspot, to intercept and modify the data in transit.

MITM

 

Packet Sniffing:

An attacker monitors and intercepts unencrypted data as it travels across an unprotected network.

Packet Sniffing

 

Anyone Can be an Attacker:

The tools required to carry out such an attack can often be easily obtained, therefore an attacker requires little technical experience or skill to carry out his criminal activities.

Attacker

 

Data is a Valuable Commodity:

Attackers can monetise many types of stolen data and therefore they seek information such as online banking credentials, Bitcoin wallets and other sensitive data that can be used in identify fraud.

Data

Safety Considerations:

 

Safety

 

DO’s 

 

  • Use a virtual private network (VPN) to keep
    your data encrypted in transit. They are quick
    and easy to use while providing you
    with privacy and safety.
  • Enable your firewall.
  • Look out for HTTPS in your browser bar – this
    indicates that SSL encryption is active and
    your communication is more likely to be secure.
  • Turn off the automatic connection feature within
    the Wi-Fi settings to prevent your device from
    connecting to public or open Wi-Fi networks
    without your consent.
  • Keep your software patched and updated
  • Use anti-virus software and ensure it is up-to-date

 

vpn

 

DONT’s

 

  • Assume that a Wi-Fi network with a trustworthy SSID is genuine.
  • Share sensitive or personal data over a public Wi-Fi network unless you are sure the connection is secure. i.e. encrypted via HTTPS or a VPN.

 

https

 

 

 

Most Popular Training Courses at Indian Cyber Security Solutions:

 

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

 RHCE  training

CEH V9  training

Diploma in Network Security Training

Secure Coding in Java

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advanced Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

Digital marketing

CCNA training

Android Training

 

Cybersecurity services that can protect your company:

 

Web Security | Web Penetration Testing

Network Penetration Testing – NPT

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery

 

 

 

 


Deep-pwning | Metasploit for machine learning

Category : Blog

Deep-pwning

Deep-pwning is a lightweight framework for experimenting with machine learning models with the goal of evaluating their robustness against a motivated adversary.

Note that deep-pwning in its current state is nowhere close to maturity or completion. It is meant to be experimented with, expanded upon, and extended by you. Only then can we help it truly become the goto penetration testing toolkit for statistical machine learning models.

Deep-pwning

 

Structure:

Researchers have found that it is surprisingly trivial to trick a machine learning model (classifier, clusterer, regressor etc.) into making an objectively wrong decisions. This field of research is called Adversarial Machine Learning. It is not hyperbole to claim that any motivated attacker can bypass any machine learning system, given enough information and time. However, this issue is often overlooked when architects and engineers design and build machine learning systems. The consequences are worrying when these systems are put into use in critical scenarios, such as in the medical, transportation, financial, or security-related fields.

Hence, when one is evaluating the efficacy of applications using machine learning, their malleability in an adversarial setting should be measured alongside the system’s precision and recall.

clusterer

This framework is built on top of Tensorflow, and many of the included examples in this repository are modified Tensorflow examples obtained from the Tensorflow GitHub repository.

All of the included examples and code implement deep neural networks, but they can be used to generate adversarial images for similarly tasked classifiers that are not implemented with deep neural networks. This is because of the phenomenon of ‘transferability’ in machine learning, which was Papernot et al. expounded expertly upon in this paper. This means that adversarial samples crafted with a DNN model A may be able to fool another distinctly structured DNN model B, as well as some other SVM model C.

Tensorflow

 

Components:

Deep-pwning is modularized into several components to minimize code repetition. Because of the vastly different nature of potential classification tasks, the current iteration of the code is optimized for classifying images and phrases (using word vectors).

These are the code modules that make up the current iteration of Deep-pwning:

  1. DriversThe drivers are the main execution point of the code. This is where you can tie the different modules and components together, and where you can inject more customizations into the adversarial generation processes.
  2. Models is where the actual machine learning model implementations are located. For example, the provided lenet5 model definition is located in the model() function within lenet5.py.

Deep-pwning

 

 

Most Popular Training Courses at Indian Cyber Security Solutions:

 

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

 RHCE  training

CEH V9  training

Diploma in Network Security Training

Secure Coding in Java

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advanced Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

Digital marketing

CCNA training

Android Training

 

Cybersecurity services that can protect your company:

 

Web Security | Web Penetration Testing

Network Penetration Testing – NPT

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery

 

 

 


Show Buttons
Hide Buttons