Snow
Forest
Mountains
Snow
Snow

Monthly Archives: May 2018

Jacascript

Remote Code Execution Vulnerability Disclosed in Windows JavaScript Component

Category : Blog

JavaScript Component of Windows found Remote Code Execution Vulnerability

JavaScript (/ˈdʒɑːvəˌskrɪpt/), often abbreviated as JS, is a high-level, interpreted programming language. It is a language which is also characterized as dynamic, weakly typed, prototype-based and multi-paradigm.

JavaScript enables interactive web pages and thus is an essential part of web applications. The vast majority of websites use it, and all major web browsers have a dedicated JavaScript engine to execute it.

A vulnerability exists in the Windows operating system’s JavaScript component that can allow an attacker to execute malicious code on a user’s computer.

Responsible for discovering this bug is Dmitri Kaslov of Telspace Systems, who passed it along to Trend Micro’s Zero-Day Initiative (ZDI), a project that intermediates the vulnerability disclosure process between independent researchers and larger companies.

ZDI experts reported the issue to Microsoft back in January, but Microsoft has yet to release a patch for this vulnerability. Yesterday, ZDI published a summary containing light technical details about the bug.

 

JavaScript

 

JavaScript bug leads to RCE

According to this summary, the vulnerability allows remote attackers to execute malicious code on users’ PCs.

Because the vulnerability affects the JavaScript component (Microsoft custom implementation of JavaScript), the only condition is that the attacker must trick the user into accessing a malicious web page, or download and open a malicious JS file on the system (typically executed via the Windows Script Host —wscript.exe).

“The specific flaw exists within the handling of Error objects in JScript,” ZDI experts explained. “By performing actions in [Javascript], an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process.”

“Due to the sensitivity of the bug, we don’t want to provide too many technical details until a full fix from Microsoft is available,” Brian Gorenc, director of Trend Micro’s Zero Day Initiative, told Bleeping Computer in an email today.

 

vulnerability

 

 

Flaw does not lead to full system compromise

Gorenc told us the vulnerability is not as dangerous as it sounds, as it does not allow a full system compromise.

“The flaw only allows code execution within a sandboxed environment,” Gorenc said. “An attacker would need additional exploits to escape the sandbox and execute their code on the target system.”

The vulnerability has received a 6.8 rating out of 10 on the CVSSv2 severity scale, which is a pretty high score, when compared to most vulnerabilities.

 

Flaw

 

Microsoft is working on a patch

According to Gorenc, a patch is coming. “To the best of our knowledge, Microsoft does still intend to release a fix for this bug. However, they did not complete the fix within the timelines set out in our disclosure policy.”

ZDI usually gives companies 120 days to patch reported flaws before they go public with their advisories. According to a timeline of Microsoft’s replies, the OS maker had a hard time reproducing the proof-of-concept code needed to trigger the vulnerability, losing around 75% of the 120 disclosure timeline, leaving its engineers little time to put together and test a patch in time for May’s Patch Tuesday.

While Microsoft did not provide an exact timeline of when it plans to roll out a patch, a spokesperson confirmed they are working on a fix.

 

ZDI

 

 

Highest Selling Technical Courses of Indian Cyber Security Solutions:

Certified Ethical Hacker Training in Bhubaneswar

Ethical Hacking Training in Bhubaneswar

Certified Ethical Hacker Training in Bangalore

Ethical Hacking Training in Bangalore

Certified Ethical Hacker Training in Hyderabad

Ethical Hacking Training in Hyderabad

Python Training in Bangalore

Python Training in Hyderabad

Python Training in Bhubaneswar

Networking Training in Bangalore

Networking Training in Hyderabad

Networking Training in Bhubaneswar

Advance Python Training in Hyderabad

Advance Python Training in Bangalore

Advance Python Training in Bhubaneswar

Amazon Web Services Training in Hyderabad

Amazon Web Services Training in Bangalore

Amazon Web Services Training in Bhubaneswar

Certified Ethical Hacker Certification – C | EH v10

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Testing training

Ethical Hacking  training

Python Programming training

Android Training in Bangalore

Android Training in Hyderabad

Android Training in Bhubaneswar

Diploma in Network Security Training

Android Development  training

Secured Coding in Java

Certified Network Penetration Tester 

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 

Cybersecurity services that can protect your company:

Web Security | Web Penetration Testing

Network Penetration Testing – NPT

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery

 

Other Location for Online Courses:

Bhubaneswar

Bangalore

Hyderabad


Router

Reboot Your Router to remove VPNFilter

Category : Blog

Router reboot to remove VPNFilter

Router is a networking device that forwards data packets between computer networks. Routers perform the traffic directing functions on the Internet. A data packet is typically forwarded from one router to another router through the networks that constitute an internetwork until it reaches its destination node.

After it was reported that the VPNFilter botnet consisting of over 500,000 routers and NAS devices was taken over by the US government, the FBI issued an advisory stating that users should reboot their routers in order to disrupt the malware.

Unfortunately, as shown by the five phone calls I received today, many people heard the reboot part, but did not read the rest of the recommendations of turning off remote administration, changing passwords, and upgrading to the latest firmware. One step that was not mentioned is the fact that the only way to truly remove VPNFilter is to reset the router to factory defaults.

 

Router

 

What is VPNFilter?

VPNFilter is malware that targets routers and NAS devices in order to steal files, information, and examine network traffic as it flows through the device. When the malware is installed, it will consist of three different stages, with each stage performing specific functions.

Stage 1 is installed first and allows the malware to stay persistent even when the router is rebooted.

Stage 2 allows the attackers execute commands and steal data. This stage also contains a self-destruct ability that essentially makes the router, and thus your network connection, non-functional.

Stage 3 consists of various plugins that can be installed into the malware that allow it to perform different functionality such as sniff the network, monitor SCADA communication, and to communicate over TOR.

For this reason, the FBI has suggested that everyone reboot their router in order to disable Stage 2 and Stage 3 and to also allow the FBI to get a list of infected victims and the types of routers that are affected.

 

VPNFilter

 

Routers that are known to be affected by VPNFilter

According to reports from Cisco, Symantec, and the Security Service of Ukraine, the affected routers are:

  • Linksys E1200
  • Linksys E2500
  • LinkSys WRVS4400N
  • Mikrotik RouterOS Versions for Cloud Core Routers: 1016, 1036, 1072
  • Netgear DGN2200
  • Netgear R6400
  • Netgear R7000
  • Netgear R8000
  • Netgear WNR1000
  • Netgear WNR2000
  • QNAP TS251
  • QNAP TS439 Pro
  • Other QNAP NAS devices running QTS software;
  • TP-Link R600VPN

While the above are the currently known routers that can be infected with VPNFilter, there is no guarantee that they are the only ones. Therefore, everyone should follow the below recommendations to harden and secure their routers regardless of the make and manufacturer.

Linksys

 

Will rebooting the router really remove the VPNFilter infection?

The short answer is yes and no. Rebooting the router will unload the Stage 2 and Stage 3 components of VPNFilter, but Stage 1 will start again after the router reboots. So while the most malicious components will be disabled, VPNFilter will still be present on your device.

The only real way to fully remove this infection is to reset your router back to factory defaults, which will also reboot the router. Unfortunately, this process will require you to setup your router again, add an admin password, and setup any wireless networks that are configured.

 

Rebooting

 

Highest Selling Technical Courses of Indian Cyber Security Solutions:

Certified Ethical Hacker Training in Bhubaneswar

Ethical Hacking Training in Bhubaneswar

Certified Ethical Hacker Training in Bangalore

Ethical Hacking Training in Bangalore

Certified Ethical Hacker Training in Hyderabad

Ethical Hacking Training in Hyderabad

Python Training in Bangalore

Python Training in Hyderabad

Python Training in Bhubaneswar

Networking Training in Bangalore

Networking Training in Hyderabad

Networking Training in Bhubaneswar

Advance Python Training in Hyderabad

Advance Python Training in Bangalore

Advance Python Training in Bhubaneswar

Amazon Web Services Training in Hyderabad

Amazon Web Services Training in Bangalore

Amazon Web Services Training in Bhubaneswar

Certified Ethical Hacker Certification – C | EH v10

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Testing training

Ethical Hacking  training

Python Programming training

Android Training in Bangalore

Android Training in Hyderabad

Android Training in Bhubaneswar

Diploma in Network Security Training

Android Development  training

Secured Coding in Java

Certified Network Penetration Tester 

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 

Cybersecurity services that can protect your company:

Web Security | Web Penetration Testing

Network Penetration Testing – NPT

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery

 

Other Location for Online Courses:

Bhubaneswar

Bangalore

Hyderabad

 

 

 


Oracle Plans to Drop Java Serialization Support, the Source of Most Security Bugs

Category : Blog

Oracle Plans to Drop Java Serialization Support, the Source of Most Security Bugs

Oracle is one of the largest vendors in the enterprise IT market and the shorthand name of its flagship product, a relational database management system (RDBMS) that’s formally called Oracle Database.

Oracle plans to drop support for data serialization/deserialization from the main body of the Java language, according to Mark Reinhold, chief architect of the Java platform group at Oracle.

Serialization is the process of taking a data object and converting it into a stream of bytes (binary format), so it can be transported across a network or saved inside a database, only to be deserialized later and used in its original form.

Because of its convenience, a large number of high-level programming languages support the feature but nowhere has it been more of a headache than in Java, where it’s been at the heart of a constant stream of security flaws.

 

Oracle

 

Reinhold: Serialization was a “horrible mistake”

Reinhold says the Java team is currently working on dropping serialization support for good from the language’s main body, but still provide developers with a plug-in system to support serialization operations if needed via a new framework.

There’s no set date or Java version when Oracle plans to drop serilization, Reinhold said.

But until Oracle does this, companies and project leads that don’t want a developer or a rogue module calling serialization/deserialization functions can prevent this via a “serialization filter” that was added in Java back in 2016, and which will block these operations altogether.

 

Reinhold

 

The serialization/deserialization security problem

Attacks via serialization/deserialization operations have been known for years, in a form or other, but they became everyone’s problem in early 2015 when two researchers — Chris Frohoff and Gabriel Lawrence — found a deserialization flaw in the Apache Commons Collection, a very popular Java application. Researchers from Foxglove Security expanded on the initial work in late 2015, showing how an attacker could use a deserialization flaw in Java applications where developers have incorrectly used the Apache Commons Collection library to handle deserialization operations.

The flaw rocked the Java ecosystem in 2016, as it also affected 70 other Java libraries, and was even used to compromise PayPal’s servers. Organizations such as Apache, Oracle, Cisco, Red Hat, Jenkins, VMWare, IBM, Intel, Adobe, HP, and SolarWinds , all issued security patches to fix their products.

While Java serialization/deserialization security issues were known for a long time, the 2015 Java Apocalypse served as a wake-up call for many companies, and the Java community as a whole, who started paying more attention to how they serialize and later deserialize data.

 

java

 

Serialization bugs have been a big problem for Java

Reinhold told InfoWorld that serialization issues could be very easily responsible for a third or even a half of all known Java flaws.

His assessment is most likely correct. For example, Oracle’s January 2018 security updates fixed 237 vulnerabilities, of which 28.5% addressed unsafe deserialization operations.

The issue is also very widespread across companies. A ShiftLeft report revealed numerous serialization/deserialization flaws across a large number of SaaS vendor SDKs. While Oracle is addressing the issue in Java, serialization also affects other programming environments like .NET, Ruby, and others, where the issue remains dormant.

 

Serialization

 

 

Highest Selling Technical Courses of Indian Cyber Security Solutions:

Certified Ethical Hacker Training in Bhubaneswar

Ethical Hacking Training in Bhubaneswar

Certified Ethical Hacker Training in Bangalore

Ethical Hacking Training in Bangalore

Certified Ethical Hacker Training in Hyderabad

Ethical Hacking Training in Hyderabad

Python Training in Bangalore

Python Training in Hyderabad

Python Training in Bhubaneswar

Networking Training in Bangalore

Networking Training in Hyderabad

Networking Training in Bhubaneswar

Advance Python Training in Hyderabad

Advance Python Training in Bangalore

Advance Python Training in Bhubaneswar

Amazon Web Services Training in Hyderabad

Amazon Web Services Training in Bangalore

Amazon Web Services Training in Bhubaneswar

Certified Ethical Hacker Certification – C | EH v10

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Testing training

Ethical Hacking  training

Python Programming training

Android Training in Bangalore

Diploma in Network Security Training

Android Development  training

Secured Coding in Java

Certified Network Penetration Tester 

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 

Cybersecurity services that can protect your company:

Web Security | Web Penetration Testing

Network Penetration Testing – NPT

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery

 

Other Location for Online Courses:

Bhubaneswar

Bangalore

Hyderabad


System Management Mode

System Management Mode Speculative Execution Attacks

Category : Blog

System Management Mode Speculative Execution Attacks

System Management Mode (SMM, sometimes called ring -2) is an operating mode of x86 central processor units (CPUs) in which all normal execution, including the operating system, is suspended. An alternate software system which usually resides in the computer’s firmware, or a hardware-assisted debugger, is then executed with high privileges.

Discovered a new application of speculative execution attacks, bypassing hardware-based memory protections. Vulnerabilities affecting speculative execution of modern processor architectures were first discovered in 2017 by Jann Horn of Google Project Zero and other security researchers. This class of vulnerabilities allows local unprivileged attackers to expose the contents of protected memory by exploiting the microarchitectural capabilities of modern out-of-order CPUs such as caching, instruction pipeline or speculative execution. We expanded on this method to gain access to the highly privileged System Management Mode (SMM) memory.

 

System Management Mode

 

Impact

Because System Management Mode generally has privileged access to physical memory, including memory isolated from operating systems, our research demonstrates that Spectre-based attacks can reveal other secrets in memory (eg. hypervisor, operating system, or application). Thus far, the Spectre and Meltdown vulnerabilities were demonstrated to affect software, such as operating systems, hypervisors or even applications within protected SGX enclaves. However, the effect on firmware has not previously been shown. While there are many different kinds of firmware present in every system, we wanted to investigate host processor firmware first.

 

Memory

 

The processor executes the main system firmware, often referred to as BIOS or UEFI, when the system boots. Much of this firmware only runs at boot time; however, there is also a portion that runs in parallel with the OS in a special x86 mode known as System Management Mode (SMM). This runtime part of firmware (often referred to as SMI Handler) has long been of interest to security researchers and a target for advanced attackers, since this code has high privileges and operates outside the view of other software including the OS and any security applications.

 

processor

 

These enhanced Spectre attacks allow an unprivileged attacker to read the contents of memory, including memory that should be protected by the range registers, such as System Management Mode memory. This can expose System Management Mode code and data that was intended to be confidential, revealing other System Management Mode vulnerabilities as well as secrets stored in SMM. Additionally, since we demonstrate that the speculative memory access occurs from the context of System Management Mode, this could be used to reveal other secrets in memory as well.

 

enhanced

 

Bypassing System Management Mode Range Registers

Based on the attack scenario above, we ran the following experiment:

  1. We found a conditional branch validating the index into an array in one of the SMI handlers. This index should be the one controlled by the OS-level attacker.
  2. For the sake of a proof-of-concept, it is possible to inject the “vulnerable” function, as in the following example victim_function. The goal of this experiment was to demonstrate the impact of original Spectre attacks on memory protections like range registers.
  3. We triggered the vulnerable code in the SMI handler (by calling SW SMI or other SMM interfaces) with out-of-bounds array access, which caused speculative execution and the loading of data from an arbitrary SMRAM location to the data cache.
  4. We recovered the SMRAM data by measuring access time to different non-SMRAM locations in the data cache using one of the cache timing side-channel techniques.

As a result of running the above experiment, we’ve successfully recovered data that was stored in SMRAM and protected by SMRR. This proof-of-concept exploit is a modified Spectre variant 1 PoC exploit running with kernel-mode privileges.

 

SMRAM

 

 

Highest Selling Technical Courses of Indian Cyber Security Solutions:

Certified Ethical Hacker Training in Bhubaneswar

Ethical Hacking Training in Bhubaneswar

Certified Ethical Hacker Training in Bangalore

Ethical Hacking Training in Bangalore

Certified Ethical Hacker Training in Hyderabad

Ethical Hacking Training in Hyderabad

Python Training in Bangalore

Python Training in Hyderabad

Python Training in Bhubaneswar

Networking Training in Bangalore

Networking Training in Hyderabad

Networking Training in Bhubaneswar

Advance Python Training in Hyderabad

Advance Python Training in Bangalore

Amazon Web Services Training in Hyderabad

Certified Ethical Hacker Certification – C | EH v10

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Testing training

Ethical Hacking  training

Python Programming training

Diploma in Network Security Training

Android Development  training

Secured Coding in Java

Certified Network Penetration Tester 

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 

Cybersecurity services that can protect your company:

Web Security | Web Penetration Testing

Network Penetration Testing – NPT

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery

 

Other Location for Online Courses:

Bhubaneswar

Bangalore

Hyderabad


How To Become White Hat Hacker

Category : Blog

White Hat Hacker –

Learn How to Become

White hat hacker, or ethical hacker, uses penetration testing techniques to test an organization’s IT security and to identify vulnerabilities. IT security staff then uses the results of such penetration tests to remediate vulnerabilities, strengthen security and lower an organization’s risk factors.

Nowadays, the world has experienced fast-paced progress, especially in the IT industry. As a result, the complexity and functionality of technologies rise on the daily basis. However, the more sophisticated the systems and products are, the more people desire to hack into them. In other words, there is a growing number of computer burglars, who generally known as hackers, whose main objective is to get benefits from destroying or harming to various technology products or systems.

 

White hat hacker

 

 

Penetration testing is never a casual undertaking. It involves lots of planning, which includes getting explicit permission from management to perform tests, and then running tests as safely as possible. These tests often involve the very same techniques that attackers use to breach a network for real.

Penetration testing

 

Background and Education Requirements

White hat hacker need to deal of problem solving, as well as communication skills. A white hat hacker also requires a balance of intelligence and common sense, strong technical and organizational skills, impeccable judgement and the ability to remain cool under pressure.

At the same time, white hat hacker needs to think like a black hat hacker, with all their nefarious goals and devious skills and behavior. Some top-rate white hat hacker are former black hat hackers who got caught, and for various reasons decided to leave a life of crime behind and put their skills to work in a positive (and legal) way.

 

Black hat hacker

 

Pertinent Certifications

White hat hacker and security-related IT certifications can help a candidate get a foot in the door, even without copious amounts of hands-on experience.

The intermediate-level CEH credential focuses on system hacking, enumeration, social engineering, SQL injection, Trojans, worms, viruses and other forms of attack, including denial of service (DoS). Candidates must also demonstrate knowledge of cryptography, penetration testing, firewalls, honeypots and more.

The EC-Council recommends a five-day CEH training class for candidates without prior work experience. To do well in the course, students should have Windows and Linux systems administration skills, familiarity with TCP/IP and working knowledge of virtualization platforms.

Becoming certified white hat hacker also involves staying on the legal side of hacking, never engaging in illicit or unethical hacking activities and protecting the intellectual property of others. As part of the certification process, candidates need to agree to uphold the EC-Council’s code of ethics and never associate with unethical hackers or malicious activities.

 

CEH

 

Summing Up

Candidates who show interest in working in InfoSec, along with the appropriate background and a certification or two to start with, should have few problems finding ethical hacking work right away. Over time, you’ll be able to use continuing education and certification to steer your career exactly where you’d like it to go.

 

ethical hacking

 

 

Highest Selling Technical Courses of Indian Cyber Security Solutions:

Certified Ethical Hacker Training in Bhubaneswar

Ethical Hacking Training in Bhubaneswar

Certified Ethical Hacker Training in Bangalore

Ethical Hacking Training in Bangalore

Certified Ethical Hacker Training in Hyderabad

Ethical Hacking Training in Hyderabad

Python Training in Bangalore

Python Training in Hyderabad

Python Training in Bhubaneswar

CCNA Training in Bangalore

CCNA Training in Hyderabad

Networking Training in Bhubaneswar

Advance Python Training in Hyderabad

Advance Python Training in Bangalore

Certified Ethical Hacker Certification – C | EH v10

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Testing training

Ethical Hacking  training

Python Programming training

Diploma in Network Security Training

Android Development  training

Secured Coding in Java

Certified Network Penetration Tester 

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 

Cybersecurity services that can protect your company:

Web Security | Web Penetration Testing

Network Penetration Testing – NPT

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery

 

Other Location for Online Courses:

Bhubaneswar

Bangalore

Hyderabad

 

 


Wireless Network

WiFi (Wireless) Network

Category : Blog

Wireless Network – 

How to Hack

Wireless network is a network that uses radio waves to link computers and other devices together. The implementation is done at the Layer 1 (physical layer) of the OSI model.

Wireless networks are accessible to anyone within the router’s transmission radius. This makes them vulnerable to attacks. Hotspots are available in public places such as airports, restaurants, parks, etc.

 

Wireless Network

 

How to access a wireless network

 You will need a wireless network enabled device such as a laptop, tablet, smartphones, etc. You will also need to be within the transmission radius of a wireless network access point. Most devices (if the wireless network option is turned on) will provide you with a list of available networks. If the network is not password protected, then you just have to click on connect. If it is password protected, then you will need the password to gain access.

 

password

 

Wireless Network Authentication

Since the network is easily accessible to everyone with a wireless network enabled device, most networks are password protected. Let’s look at some of the most commonly used authentication techniques.

 

network

 

How to Crack Wireless Networks

WEP cracking

Cracking is the process of exploiting security weaknesses in wireless networks and gaining unauthorized access. WEP cracking refers to exploits on networks that use WEP to implement security controls. There are basically two types of cracks namely;

Passive cracking– this type of cracking has no effect on the network traffic until the WEP security has been cracked. It is difficult to detect.

Active cracking– this type of attack has an increased load effect on the network traffic. It is easy to detect compared to passive cracking. It is more effective compared to passive cracking.

 

cracking

 

Cracking Wireless network WEP/WPA keys

It is possible to crack the WEP/WPA keys used to gain access to a wireless network. Doing so requires software and hardware resources, and patience. The success of such attacks can also depend on how active and inactive the users of the target network are.

We will provide you with basic information that can help you get started. Backtrack is a Linux-based security operating system. It is developed on top of Ubuntu. Backtrack comes with a number of security tools. Backtrack can be used to gather information, assess vulnerabilities and perform exploits among other things.

 

WEP/WPA

 

Summary

  • Wireless network transmission waves can be seen by outsiders, this possesses many security risks.
  • WEP is the acronym for Wired Equivalent Privacy. It has security flaws which make it easier to break compared to other security implementations.
  • WPA is the acronym for Wi-Fi Protected Access. It has security compared to WEP
  • Intrusion Detection Systems can help detect unauthorized access
  • A good security policy can help protect a network.

security

 

 

Highest Selling Technical Courses of Indian Cyber Security Solutions:

Certified Ethical Hacker Training in Bhubaneswar

Ethical Hacking Training in Bhubaneswar

Certified Ethical Hacker Training in Bangalore

Ethical Hacking Training in Bangalore

Certified Ethical Hacker Training in Hyderabad

Ethical Hacking Training in Hyderabad

Python Training in Bangalore

Python Training in Hyderabad

Python Training in Bhubaneswar

CCNA Training in Bangalore

CCNA Training in Hyderabad

Networking Training in Bhubaneswar

Advance Python Training in Hyderabad

Certified Ethical Hacker Certification – C | EH v10

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Testing training

Ethical Hacking  training

Python Programming training

Diploma in Network Security Training

Android Development  training

Secured Coding in Java

Certified Network Penetration Tester 

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 

Cybersecurity services that can protect your company:

Web Security | Web Penetration Testing

Network Penetration Testing – NPT

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery

 

Other Location for Online Courses:

Bhubaneswar

Bangalore

Hyderabad

 

 


GhostInTheNet

GhostInTheNet: protects Linux from MITM/DOS/scan

Category : Blog

GhostInTheNet

GhostInTheNet is a Ultimate Network Stealther that makes Linux a Ghost In The Net and protects from MITM/DOS/scan.

Properties:

  • Network Invisibility
  • Network Anonymity
  • Protects from MITM/DOS
  • Transparent
  • Cross-platform
  • Minimalistic

Dependencies:

  • Linux 2.4.26+ – will work on any Linux-based OS, including Whonix and RaspberryPI
  • BASH – the whole script
  • root privileges – for kernel controlling

Limitations:

  • You can still be found with VLAN logs if using ethernet or by triangulation/broadcast if using WiFi
  • MAC spoofing won’t work if appropriate mitigations have been taken, like DAI or sticky MAC
  • Might be buggy with some CISCO switches
  • Not suitable for production servers

GhostInTheNet

 

How GhostInTheNet works:

The basic and primary network protocol is ARP for IPv4 and NDP (ICMPv6) for IPv6, located in the link and network layer, provides main connectivity in a LAN.

Despite its utility and simplicity, it has numerous vulnerabilities that can lead to a MITM attack and leak of confidentiality.

Patching of such a widely used standard is a practically impossible task.

A very simple, but at the same time effective solution is to disable ARP and NDP responses on an interface and be very cautious with broadcasting.

Considering the varieties of implementations, this means that anyone in the network wouldn’t be able to communicate with such host, only if the host is willing itself.

The ARP/NDP cache will be erased quickly afterward.

 

ARP/NDP

 

Analysis:

No ARP/NDP means no connectivity, so an absolute stealth and obscurity on the network/link layer.

This protects from all possible DOSes and MITMs (ARP, DNS, DHCP, ICMP, Port Stealing) and far less resource consuming like ArpON.

Such mitigation implies the impossibility of being scanned (nmap, arping).

Besides, it doesn’t impact a normal internet or LAN connection on the host perspective.

If you’re connecting to a host, it will be authorized to do so, but shortly after stopping the communication, the host will forget about you because ARP/NDP tables won’t stay long without a fresh request.

Regarding the large compatibility and cross-platforming, it’s very useful for offsec/pentest/redteaming as well.

 

LAN

 

 

Highest Selling Technical Courses of Indian Cyber Security Solutions:

Certified Ethical Hacker Training in Bhubaneswar

Ethical Hacking Training in Bhubaneswar

Certified Ethical Hacker Training in Bangalore

Ethical Hacking Training in Bangalore

Certified Ethical Hacker Training in Hyderabad

Ethical Hacking Training in Hyderabad

Python Training in Bangalore

Python Training in Hyderabad

Python Training in Bhubaneswar

CCNA Training in Bangalore

CCNA Training in Hyderabad

Networking Training in Bhubaneswar

Certified Ethical Hacker Certification – C | EH v10

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Testing training

Ethical Hacking  training

Python Programming training

Diploma in Network Security Training

Android Development  training

Secured Coding in Java

Certified Network Penetration Tester 

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 

Cybersecurity services that can protect your company:

Web Security | Web Penetration Testing

Network Penetration Testing – NPT

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery

 

Other Location for Online Courses:

Bhubaneswar

Bangalore

Hyderabad


Vulnerability

Vulnerability: New Intel CPU Vulnerabilities Found

Category : Blog

Vulnerability

Vulnerability is a cyber-security term that refers to a flaw in a system that can leave it open to attack. It is may also refer to any type of weakness in a computer system itself, in a set of procedures, or in anything that leaves information security exposed to a threat.

Computer users and network personnel can protect computer systems from vulnerabilities by keeping software security patches up to date. These patches can remedy flaws or security holes that were found in the initial release. Computer and network personnel should also stay informed about current vulnerabilities in the software they use and seek out ways to protect against them.

 

Vulnerability

 

Spectre Next Generation: New Intel CPU Vulnerabilities Found

Following January’s reports of Meltdown and Spectre affecting Intel processors, security researchers found eight new vulnerabilities in Intel processors. As Google Project Zero’s 90-day deadline ends on May 7 for companies’ disclosure of technical details and solutions, the flaws — named Spectre Next Generation or Spectre NG — were characterized as similar to the previous Spectre attack scenarios. Four of the flaws were rated as “high” risk and the rest are of “medium” severity.

Each vulnerability will have their own number in the Common Vulnerability Enumerator (CVE) directory. Intel patches will come in two waves, with one in May and the next in August. Linux developers are working on measures against Spectre as well, while Microsoft is preparing patches for the said vulnerabilities, which they will distribute as optional updates. Further, Microsoft is also offering $250,000 in a bug bounty program for more unknown Spectre-related flaws. Advanced RISC Machine (ARM) CPUs from Japan’s Softbank’s ARM Holdings are speculated to also be affected by these new vulnerabilities, while Advanced Micro Devices’ (AMD) architecture is still being examined.

Intel

 

New information suggested that Intel requested to postpone the publishing of the vulnerabilities’ technical details, and it seems that Google Project Zero agreed to the delay. Due to the number of affected systems, the company is seen having problems getting the patches out in time for May 7 and intends to do the coordinated release of the microcodes on May 21 or July 10 with the details of at least two variants. Likely affected systems include Core processors, Xeon spinoffs, Atom-based Pentium, Atom and Celeron CPUs released since 2013, which affects desktops, laptops, smartphones and other embedded devices. The August 14 patch will likely address the most serious vulnerability affecting cloud environments, and Intel is reportedly releasing hardware and software improvements for other manufacturers and vendors to implement.

 

CPU

 

 

Highest Selling Technical Courses of Indian Cyber Security Solutions:

Certified Ethical Hacker Training in Bhubaneswar

Ethical Hacking Training in Bhubaneswar

Certified Ethical Hacker Training in Bangalore

Ethical Hacking Training in Bangalore

Certified Ethical Hacker Training in Hyderabad

Ethical Hacking Training in Hyderabad

Python Training in Bangalore

Python Training in Hyderabad

Python Training in Bhubaneswar

CCNA Training in Bangalore

CCNA Training in Hyderabad

Certified Ethical Hacker Certification – C | EH v10

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Testing training

Ethical Hacking  training

Python Programming training

Diploma in Network Security Training

Android Development  training

Secured Coding in Java

Certified Network Penetration Tester 

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 

Cybersecurity services that can protect your company:

Web Security | Web Penetration Testing

Network Penetration Testing – NPT

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery

 

Other Location for Online Courses:

Bhubaneswar

Bangalore

Hyderabad

 


DRAKVUF

DRAKVUF: Black-box Binary Analysis

Category : Blog

DRAKVUF

DRAKVUF consists of several plugins, each collecting different aspects of the guests’ execution, like logging system calls or tracking kernel heap allocations.

It is a virtualization based agentless black-box binary analysis system. DRAKVUF allows for in-depth execution tracing of arbitrary binaries (including operating systems), all without having to install any special software within the virtual machine used for analysis.

 

DRAKVUF

Hardware requirements for DRAKVUF

DRAKVUF uses hardware virtualization extensions found in Intel CPUs. You will need an Intel CPU with virtualization support (VT-x) and with Extended Page Tables (EPT). DRAKVUF is not going to work on any other CPUs (such as AMD) or on Intel CPUs without the required virtualization extensions.

 

Hardware

 

Currently available plugins for DRAKVUF:

  • syscalls
  • poolmon
  • objmon
  • exmon
  • filetracer
  • filedelete
  • ssdtmon
  • socketmon

syscalls

The syscalls plugin is responsible for tracking the execution of function-entry-points responsible to handling system calls on Windows and Linux. The function accomplishes this by looping through the Rekall-profile and using a BREAKPOINT trap on each function whose name starts with Nt on Windows and sys_ on Linux.

syscalls

 

Poolmon

The poolmon plugin tracks calls to the ExAllocatePoolWithTag function, which is responsible for allocating objects on the kernel heap in Windows.

The prototype of this function is defined as follows (form MSDN https://msdn.microsoft.com/en-us/library/windows/hardware/ff544520%28v=vs.85%29.aspx):

Poolmon

 

Objmon

The objmon plugin monitors the execution of ObCreateObject. This function is also called when creating common objects in Windows. The ObjectType input defines an index into the Windows 7 type array, currently defining 42 objects.

 

Objmon

 

Exmon

The exmon plugin monitors the execution of KiDispatchException, which is the Windows exception handler function when an exception occurs in either user- or kernel-space. The plugin extracts the information from the TrapFrame input containing the CPU state when the exception occured.

The ReactOS definition of this function is as follows (from http://doxygen.reactos.org/d7/d7f/ntoskrnl_2ke_2amd64_2except_8c_a660d1a46ff201c5861caf9667937f73f.html):

Exmon

 

filetracer

The filetracer plugin monitors the use of _FILE_OBJECT structures by system-calls as well as internal kernel functions used by kernel drivers. With this approach we get a complete view of files being accessed on the system.

 

filetracer

 

Filedelete

The filedelete plugin monitors the execution of NtSetInformationFile and ZwSetInformationFile, which are functions responsible for deleting files (there are some others too, such as NtDeleteFile). When the function is called and the fifth input of the function is FILE_DISPOSITION_INFORMATION (13) the file path is determined by walking the handle table of the process via the DRAKVUF function drakvuf_get_obj_by_handle. Once the address is known, it be extracting using the Volatility plugin dumpfiles.

 

Filedelete

 

SSDTmon

The SSDTmon plugin monitors write-memory accesses to the System Service Descriptor Table used to store pointers to the system call handling functions. If malware hooks this table and redirects system calls, the syscalls plugin is affected as the original function(s) may no longer get called where it originally trapped. If this plugin detects a change, one must assume that the syscall plugin output is no longer complete.

 

SSDTmon

 

Socketmon

The socketmon plugin monitors the usage of TCP and UPD sockets for Windows guests. It requires the creation of a Rekall profile for the tcpip.sys kernel module, which is normally located at C:\Windows\System32\drivers\tcpip.sys. You will need to copy this file to where you will be generating the Rekall profile at. To generate a Rekall profile for it you can use the pdbparse project to obtain the PDB:

 

Socketmon

 

Supported guests:

  • Windows 7 – 8, both 32 and 64-bit
  • Windows 10 64-bit
  • Linux 2.6.x – 4.x, both 32-bit and 64-bit

 

Windows

 

Malware analysis:

DRAKVUF provides a perfect platform for stealthy malware analysis as its footprint is nearly undetectable from the malware’s perspective. While DRAKVUF has been mainly developed with malware analysis in mind, it is certainly not limited to that task as it can be used to monitor the execution of arbitrary binaries.

Malware analysis

 

 

 

Highest Selling Technical Courses of Indian Cyber Security Solutions:

Certified Ethical Hacker Training in Bhubaneswar

Ethical Hacking Training in Bhubaneswar

Certified Ethical Hacker Training in Bangalore

Ethical Hacking Training in Bangalore

Certified Ethical Hacker Training in Hyderabad

Ethical Hacking Training in Hyderabad

Python Training in Bangalore

Python Training in Hyderabad

Python Training in Bhubaneswar

CCNA Training in Bangalore

Certified Ethical Hacker Certification – C | EH v10

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Testing training

Ethical Hacking  training

Python Programming training

Diploma in Network Security Training

Android Development  training

Secured Coding in Java

Certified Network Penetration Tester 

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 

Cybersecurity services that can protect your company:

Web Security | Web Penetration Testing

Network Penetration Testing – NPT

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery

 

Other Location for Online Courses:

Bhubaneswar

Bangalore

Hyderabad

 


Wireless Penetration testing tool

Wireless Penetration Testing Tool

Category : Blog

Wireless Penetration Testing Tool

Wireless penetration testing tool is an important aspect of any security audit project, organizations are facing serious threats from their insecure WiFi network. A compromised wifi puts the entire network at risks. Consider the recent darkhotel attack, where the top business executives were the target.

Penetration testing tool are used as part of a penetration test(Pen Test) to automate certain tasks, improve testing efficiency and the attacker were targeting them by hacking into the insecure hotel WiFI network.

There is the little difference between a network vulnerability assessment tool and WiFi vulnerability scanners, so here is the quick list of the tools that could be very useful while performing WiFi penetration testingand discover issues that might be difficult to find using manual analysis techniques alone. Two common penetration testing tools are static analysis tools and dynamic analysis tools.

Wireless Penetration testing tool

 

Aircrack-ng

Aircrack-ng is a wireless penetration testing tool. It is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, as well as the all-new PTW attack, thus making the attack much faster compared to other WEP cracking tools. In fact, Aircrack-ng is a set of tools for auditing wireless networks.

 

Aircrack-ng

 

Kismet

Kismet is wireless penetration testing tool. It is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. Kismet will work with any wireless card which supports raw monitoring (rfmon) mode, and (with appropriate hardware) can sniff 802.11b, 802.11a, 802.11g, and 802.11n traffic. Kismet also supports plugins which allow sniffing other media such as DECT.

 

Kismet

 

Netstumbler

Netstumbler is a wireless penetration testing tool which is the best known Windows tool for finding open wireless access points (“wardriving”). They also distribute a WinCE version for PDAs and such named MiniStumbler. The tool is currently free but Windows-only and no source code is provided. It uses a more active approach to finding WAPs than passive sniffers such as Kismet or KisMAC.

 

Netstumbler

 

InSSIDer

InSSIDer is a wireless penetration testing tool. It is a wireless network scanner for Windows, OS X, and Android. It was designed to overcome limitations of NetStumbler, namely not working well on 64-bit Windows and Windows Vista. inSSIDer can find open wireless access points, track signal strength over time, and save logs with GPS records.

InSSIDer

 

KisMAC

KisMAC is a wireless penetration testing tool. This popular wireless stumbler for Mac OS X offers many of the features of its namesake Kismet, though the codebase is entirely different. Unlike console-based Kismet, KisMAC offers a pretty GUI and was around before Kismet was ported to OS X. It also offers mapping, Pcap-format import and logging, and even some decryption and deauthentication attacks.

 

KisMAC

 

Bonus Tools

Kali Linux the successor of backtrack linux has most of the tools configured already but if you need to configure the additional tools then it could be done easily. Beyond the tools mentioned above, we have some important and relevant tools:

Reaver-WPS

Reaver performs a brute force attack against an access point’s WiFi Protected Setup pin number. Once the WPS pin is found, the WPA PSK can be recovered and alternately the AP’s wireless settings can be reconfigured.

 

Reaver

 

Fern WiFi Cracker

Fern wifi cracker is a wireless security auditing application that is written in python and uses python-qt4. This application uses the aircrack-ng suite of tools.

 

Fern wifi cracker

 

 

Highest Selling Technical Courses of Indian Cyber Security Solutions:

Certified Ethical Hacker Training in Bhubaneswar

Ethical Hacking Training in Bhubaneswar

Certified Ethical Hacker Training in Bangalore

Ethical Hacking Training in Bangalore

Certified Ethical Hacker Training in Hyderabad

Ethical Hacking Training in Hyderabad

Python Training in Bangalore

Python Training in Hyderabad

Python Training in Bhubaneswar

Certified Ethical Hacker Certification – C | EH v10

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Testing training

Ethical Hacking  training

Python Programming training

Diploma in Network Security Training

Android Development  training

Secured Coding in Java

Certified Network Penetration Tester 

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 

Cybersecurity services that can protect your company:

Web Security | Web Penetration Testing

Network Penetration Testing – NPT

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery

 

Other Location for Online Courses:

Bhubaneswar

Bangalore

Hyderabad