Leaderboard

Today we are going to discuss how to Detect NMAP scan using Snort but before moving ahead kindly read our privious both articles releted to Snort Installation (Manually or using apt-respiratory)and its rule configuration to enable it as IDS for your network. Basically in this article we are testing Snort against NMAP various scan which will help network security analyst to setup snort rule in such a way so that they become aware of any kind of NMAP scanning. Requirement Attacker: Kali Linux (NMAP Scan) Target: Ubuntu (Snort as IDS) Optional: Wireshark (we have added it in our tutorial so that we can clearly confirm all incoming and outgoing packet of network) Let’s Begins!! Identify NMAP Ping Scan As we know any attacker will start attack by identifying host status by sending ICMP packet using ping scan. Therefore be smart and add a rule in snort which will analyst NMAP Ping scan when someone try to scan your network for identifying live host of network. Execute given below command in ubuntu’s terminal to open snort local rule file in text editor. sudo gedit /etc/snort/rules/local.rules Now add given below line which will capture the incoming traffic coming on 192.168.1.105(ubuntu IP) network for ICMP protocol. alert icmp any any -> 192.168.1.105 any (msg: “NMAP ping sweep Scan “; dsize:0;sid:10000004; rev: 1;) Turn on IDS mode of snort by executing given below command in terminal: sudo snort -A console -q -u snort -g snort -c /etc/snort/snort.conf -i eth0 Now using attacking machine execute given below command to identify status of target maching i.e. host is UP or Down. nmap -sP 192.168.1.105 –disable-arp-ping If you will execute above command without parameter “disable arp-ping” then will work as default ping sweep scan which will send arp packets inspite of sending ICMP on targets network and may be snort not able to capture NMAP Ping scan in that sinario, therefore we had use parameter “disable arp-ping” in above command. As I had declaimed above why we are involving wireshark in this tutorial so that you can clearly see the packet sends form attacker network to targets network. Hence in given below image you can notice ICMP request packet as well as ICMP reply packets both are part of network traffic. Come back to over your target machine where snort is capturing all in coming traffic here your will observe that it is generating alert for NMAP Ping Sweep scan. Hence you can block attacker’s IP to protect your network from further scanning. Identify NMAP TCP Scan Now in order to connect with target network, attacker may go with networking enumeration either using TCP Protocol or UDP protocol. Let assume attacker may choose TCP scanning for network enumeration then in that situation we can apply following rule in snort local rule file. alert tcp any any -> 192.168.1.105 22 (msg: “NMAP TCP Scan”; sid:10000005; rev:2; ) Above rule is only applicable for port 22 so if you want to scan any other port then replace 22 from the port you want to scan else you can also use “any” to analysis all ports. Enable NIDS mode of snort as done above. Now again using attacker machine execute the given below command for TCP scan on port 22. nmap -sT -p22 192.168.1.105 From given below image you can observe wireshark has captured TCP packets from 192.168.1.104 to 192.168.1.105 Here you can confirm that our snort is absolutely working when attacker is scanning port 22 using nmap TCP scan and it is showing attacker’s IP from where traffic is coming on port 22. Hence you can block this IP to protect your network from further scanning. Identify NMAP XMAS Scan As we know that TCP communication follows three way handshake to established TCP connection with target machine but sometimes instead of using SYN, SYN/ACK,ACK flag attacker choose XMAS scan to connect with target by sending data packets through Fin, PSH & URG flags. Let assume attacker may choose XMAS scanning for network enumeration then in that situation we can apply following rule in snort local rule file. alert tcp any any -> 192.168.1.105 22 (msg:”Nmap XMAS Tree Scan”; flags:FPU; sid:1000006; rev:1;) Again above rule is only applicable for port 22 which will listen for incoming traffic when packets come from Fin, PSH & URG flags .So if you want to scan any other port then replace 22 from the port you want to scan else you can also use “any” to analysis all ports. Enable NIDS mode of snort as done above. Now again using attacker machine execute the given below command for XMAS scan on port 22. nmap -sX -p22 192.168.1.105 From given below image you can observe that wireshark is showing 2 packets from attacker machine to target machine has been send using FIN, PSH, URG flags. Come back to over your target machine where snort is capturing all in coming traffic here your will observe that it is generating alert for NMAP XMAP scan. Hence you can block attacker’s IP to protect your network from further scanning. Identify NMAP FIN Scan Instead of using SYN, SYN/ACK and ACK flag to established TCP connection with target machine may attacker choose FIN scan to connect with target by sending data packets through Fin flags only. Let assume attacker may choose FIN scanning for network enumeration then in that situation we can apply following rule in snort local rule file. alert tcp any any -> 192.168.1.1045 22 (msg:”Nmap FIN Scan”; flags:F; sid:1000008; rev:1;) Again above rule is only applicable for port 22 which will listen for incoming traffic when packets come from Fin Flags. So if you want to scan any other port then replace 22 from the port you want to scan else you can also use “any” to analysis all ports. Enable NIDS mode of snort as done above. Now again using attacker machine execute the given below command for FIN scan on port 22. nmap -sF -p22 192.168.1.105 From given below image you can observe that wireshark is showing 2 packets from attacker machine to target machine has been send using FIN flags. Come back to over your target machine where snort is capturing all in coming traffic here your will observe that it is generating alert for NMAP FIN scan. Hence you can block attacker’s IP to protect your network from further scanning. Identify NMAP NULL Scan Instead of using SYN, SYN/ACK and ACK flag to established TCP connection with target machine may attacker choose NULL scan to connect with target by sending data packets through NONE flags only. Let assume attacker may choose NULL scanning for network enumeration then in that situation we can apply following rule in snort local rule file. alert tcp any any -> 192.168.1.105 22 (msg:”Nmap NULL Scan”; flags:0; sid:1000009; rev:1;) Again above rule is only applicable for port 22 which will listen for incoming traffic when packets come from NONE Flags. So if you want to scan any other port then replace 22 from the port you want to scan else you can also use “any” to analysis all ports. Enable NIDS mode of snort as done above. Now again using attacker machine execute the given below command for NULL scan on port 22. nmap -sN -p22 192.168.1.105 From given below image you can observe that wireshark is showing 2 packets from attacker machine to target machine has been send using NONE flags. Come back to over your target machine where snort is capturing all in coming traffic here your will observe that it is generating alert for NMAP Null scan. Hence you can block attacker’s IP to protect your network from further scanning. Identify NMAP UDP Scan In order to Identify open UDP port and running services attacker may chose NMAP UDP scan to establish connection with target machine for network enumeration then in that situation we can apply following rule in snort local rule file. alert UDP any any -> 192.168.1.105 any(msg:”Nmap UDPScan”; sid:1000010; rev:1;) Again above rule is applicable for every UDP port which will listen for incoming traffic when packets is coming over any UDP port, so if you want to capture traffic for any particular UDP port then replace “any” from that specific port number as done above. Enable NIDS mode of snort as done above. Now again using attacker machine execute the given below command for NULL scan on port 22. nmap -sU -p68 192.168.1.105 From given below image you can observe that wireshark is showing 2 packets from attacker machine to target machine has been send over UDP Port. Come back to over your target machine where snort is capturing all in coming traffic here your will observe that it is generating alert for NMAP UDP scan. Hence you can block attacker’s IP to protect your network from further scanning. Author: AArti Singh is a Researcher and Technical Writer at Hacking Articles an Information Security Consultant Social Media Lover and Gadgets. Contact here Source: http://www.hackingarticles.in/detect-nmap-scan-using-snort/

In 2015, artist Ai Weiwei was bugged in his home, presumably by government actors. This situation raised our awareness on the lack of research in our community about operating and detecting spying microphones. Our biggest concern was that most of the knowledge came from fictional movies. Therefore, we performed a deep study on the state-of-the-art of microphone bugs, their characteristics, features and pitfalls. It included real life experiments trying to bug ourselves and trying to detect the hidden mics. Given the lack of open detection tools, we developed a free software SDR-based program, called Salamandra, to detect and locate hidden microphones in a room. After more than 120 experiments we concluded that placing mics correctly and listening is not an easy task, but it has a huge payoff when it works. Also, most mics can be detected easily with the correct tools (with some exceptions on GSM mics). In our experiments the average time to locate the mics in a room was 15 minutes. Locating mics is the novel feature of Salamandra, which is released to the public with this work. We hope that our study raises awareness on the possibility of being bugged by a powerful actor and the countermeasure tools available for our protection. Video: https://media.ccc.de/v/34c3-8735-spy_vs_spy_a_modern_study_of_microphone_bugs_operation_and_detection#video&t=0

Fsociety Hacking Tools Pack – A Penetration Testing Framework A Penetration Testing Framework , you will have evry script that a hacker needs Fsociety Contains All Tools Used In Mr Robot Series Menu: Information Gathering Password Attacks Wireless Testing Exploitation Tools Sniffing & Spoofing Web Hacking Private Web Hacking Post Exploitation INSTALL & UPDATE Installation Linux: git clone https://github.com/Manisso/fsociety.git cd fsociety && python fsociety.py [◉] 0 : INSTALL & UPDATE [◉] -> 0 [✓] press 0 [✓] Congratulation Fsociety is Installed ! Installation Windows: [✔] Download python [✓] Download fsociety [✓] Extract fsociety into Desktop [◉]Open CMD and type the following commands: cd Desktop/fsociety-master/ python fsociety.py Usage: https://asciinema.org/a/URj2nvpbYpeJyJe43KlASZ7fz Source: https://github.com/Manisso/fsociety

Ham Radio for Emergency Communications SEPTEMBER 26, 2017 | MARK WAGGONER Get the latest security news in your inbox. Why have an article on Ham Radio on an InfoSec blog? As IT/IS professionals we tend to be some of the most “connected” people in society. We usually have several communication devices within arms reach at any time, and rely on them to constantly update and alert us. Though many of us even work directly with infrastructure, we tend to take it for granted. I’m sure many of us cringe when we have a brief outage - it may wreck your 99.99% uptime. But, what do you do when all that underlying infrastructure is gone, or at least not operational? How do you communicate when you have no internet or cell service? The recent hurricanes have brought this possibility home for a large number of people. Amateur Radio, commonly referred to as Ham Radio, has some answers for this type of dilemma. I’m sure some of you are thinking of an old guy in a shack with some huge, vacuum tube radio and a giant tower with antennas on it. Well, there are some of those around, but there is far more to Amateur Radio, particularly when it comes to Emergency Communications (EMCOM). Let’s start with a quick overview of the Amateur Radio Service. Ham Radio is a huge hobby with considerable width and breadth, as such, I’m going to use lots of generalization and gross simplification. But it starts with passing an exam and being licensed by the FCC. Exams must be taken in person and on paper generally. The American Radio Relay League has a list of exam providers and locations. The exams are based on a published question pool and the fee for the exam is between free and $15. There are three levels of licensing: Technician, General,and Extra that grant the ability to use different allocations of the radio spectrum. The exams are not difficult, they are multiple choice and there are lots of study resources available, including mobile apps. There is no requirement to send Morse Code anymore! Once you pass your test, you do have to wait a few days to get your license and callsign, these are published on the FCC’s website; my entry is here. The Technician license gives you access to Ham Radio Bands in the VHF/UHF range (30mhz - 10ghz). Radio waves in this range are generally line of sight (LoS). You must have an unobstructed path between your transmitter and the receiver at the destination. This is what you have probably experienced with GMRS/FRS radios (which are UHF). In order to extend the range and usefulness of LoS communications, repeaters placed in elevated locations are used. This can be extended even further with the use of linked repeaters. Repeaters do exactly what their name sounds like, they receive your signal and then re-broadcast it. As licensed operators, we also have the ability to use far more power (up to 1500 watts) than the GMRS/FRS radios (about 1 watt). Systems based on these frequency ranges are used for local communications, generally within a metro area. The General license type gives you access to the HF bands (1mhz - 29mhz). In this frequency range the radio waves travel by skywave instead of LoS. This allows you to potentially talk around the world by bouncing radio waves off of the ionosphere. The distance and direction of your communications are heavily dependent on the condition of the ionosphere. Things that affect the ionosphere: Day vs. night, sunspots, solar flares, solar storms. Check out some space weather reports. The Extra license adds some small allocations within the same bands the General has access to. Local For many people, the ability to get in touch with loved ones in their local area after a disaster is their primary concern. Close behind that is getting information on what is going on, what the response to the disaster is. These needs can be addressed with a Technician’s license and equipment that can only operate in the VHF/UHF bands. Most metro areas have linked repeaters systems that are hardened for EMCOM use. This includes a backup power source like a generator with days/weeks worth of fuel or a solar/battery system. During an emergency, traffic on these repeaters may be restricted at times so that your local ARES/RACES organization may be using them for official traffic in response to the disaster. Listening in can give you valuable information about what is going on with relief efforts. In order to be able to take advantage of these systems you are going to need a few things: Radio Power supply Antenna Frequencies Radios for these bands come in two form factors, the handheld HT (Handy Talkie in Ham Radio jargon), and the mobile form factor, about the size of a car stereo. These are usually single mode, FM radios, that are either single or multi-band. Most new Ham’s these days seem to start off with something like the Baofeng UV-5R, for around $20. But, you get what you pay for. Something like the Yaesu FT-60 would probably be a better HT to start out with, at around $150. Handhelds range all the way up to around $600 for the Kenwood TH-D74, which is serious overkill for most people starting out. One of the advantages of handhelds is that they are self-contained (radio, battery, antenna). The disadvantage is that they are low powered (4-8watts typically). My Ham Radio setup, pretty basic but it works. Yaesu FT-817, TyT 9000, BaoFeng UV-82HP, TyT MD-380 Mobile radios are often used as desktop radios as well as mobile. They are generally also single mode and either single or multi-band. These range from cheap Chinese radios (about $100), to high end Japanese ones ($600+). With these radios you will also need an antenna and a 12v power supply. The antenna could span from an outdoor one on a mast, to a mobile antenna mounted in your home, to a roll up style portable antenna. Power supply can be handled by either a purpose built unit, or a suitable battery and charger. The advantage to a mobile setup at home is greater power (40-80 watts), disadvantage for EMCOM is they use more power. While it is certainly possible to use a scanner or SDR (Software Defined Radio) to hunt for frequencies in use in your local area, it is far easier to start with a list you can program into your radio. Sites like www.radioreference.com help with finding local frequencies, also joining a local club can help (I belong to www.papasys.com here in Los Angeles). Please, do not make the mistake of thinking you can buy all this stuff and tuck it away until you need it. It takes practice and experience to effectively communicate with radios and troubleshoot issues. Long Distance Long distance communications via Ham radio is the realm of the HF (High Frequency) bands. Amateurs often use the approximate length of one wave as shorthand to refer to each band. The radios referenced above typically operate on 2m and 70cm bands. HF radios are capable of operating on bands between 160m to 10m. Why I bring this up is that the size of the antenna needed is directly related to the wavelength. Most antennas are either ½ or ¼ wavelength in order to be resonant. So, while a ½ wave antenna for a 2m radio is only about 3 feet long, one for the 40m band is 70 feet long. This can be a serious limiting factor for your use of these bands. There are compromised antennas that are much smaller, but they compromise efficiency for size. The list of requirements for HF EMCOM use is the same as for VHF/UHF: Radio Power supply Antenna Frequencies Radio’s that cover the HF bands are generally much more expensive that for the higher bands. For effective use in an emergency situation, you would probably want a radio that can put out up to 100 watts. Lower power, and price, radios exist, but are not as effective. About the lowest buy in for a new HF rig is about $470 for the Alinco DX-SR8T. At the high end, the cost is $3000 -6,000 for something like the Elecraft K3S. The closest thing to “One Radio to Rule Them All” is the Yaesu FT857D, at around $850. This covers almost all of the bands available and is a solid overall radio. Power supplies are pretty much the same as for VHF radios, you just need to take into consideration power use. A 100 watt radio is going to burn through more amp hours of battery quicker than a 40 watt radio. Solar generators are ideal for getting through multiple days without mains power. Antennas can range from simple wire dipoles, to massive beam antennas, to compact magnetic loop antennas. Frequencies will vary between day (usually 20m band) and night (usually 40m) and from event to event. HF requires practice and experience even more than VHF/UHF. There are so many factors that influence communication on these bands that there is almost no way you could be effective without a considerable amount of hands on experience. Conclusion This is a very brief overview that barely scratches the surface of EMCOM and the Amateur Radio / Ham Radio hobby. I hope that this at least gives a good starting point for people who are interested in communications. Below is a list of further resources by people with far more experience and knowledge than myself if you want to dive deeper into this subject. Links www.hamradio360.com - website and podcasts that cover the full breadth of the hobby in a very accessible way. www.survivaltechnology.net - blog and YouTube channel covering HF emergency and survival communications. www.aredn.org - Amateur radio mesh networking Follow me on Twitter! Sursa: https://www.alienvault.com/blogs/security-essentials/ham-radio-for-emergency-communications

........................................... http://www.radioamator.ro/ ............................................ http://www.radioamator.ro/articole/view.php?id=1164 .............................................

Din cei care ati votat iPhone X.. de curiozitate, il foloseste cineva? Ati facut ceva probe cu facial recognition? Scurt review dupa ceva saptamani/luni de folosinta? OFF: macar setati mutra sa fie cea cand ejaculati.. in caz ca vi-l fura cineva sa trebuiasca sa va faca si o laba..

# PS4 4.05 Kernel Exploit --- ## Summary In this project you will find a full implementation of the "namedobj" kernel exploit for the PlayStation 4 on 4.05. It will allow you to run arbitrary code as kernel, to allow jailbreaking and kernel-level modifications to the system. This release however, *does not* contain any code related to defeating anti-piracy mechanisms or running homebrew. This exploit does include a loader that listens for payloads on port `9020` and will execute them upon receival. You can find fail0verflow's original write-up on the bug [here](https://fail0verflow.com/blog/2017/ps4-namedobj-exploit/), you can find my technical write-up which dives more into implementation specifics ~~here~~ (this is still in progress and will be published within the next few days). ## Patches Included The following patches are made by default in the kernel ROP chain: 1) Disable kernel write protection 2) Allow RWX (read-write-execute) memory mapping 3) Dynamic Resolving (`sys_dynlib_dlsym`) allowed from any process 4) Custom system call #11 (`kexec()`) to execute arbitrary code in kernel mode 5) Allow unprivileged users to call `setuid(0)` successfully. Works as a status check, doubles as a privilege escalation. ## Notes - This exploit is actually incredibly stable at around 95% in my tests. WebKit very rarely crashes and the same is true with kernel. - I've built in a patch so the kernel exploit will only run once on the system. You can still make additional patches via payloads. - A custom syscall is added (#11) to execute any RWX memory in kernel mode, this can be used to execute payloads that want to do fun things like jailbreaking and patching the kernel. - An SDK is not provided in this release, however a barebones one to get started with may be released at a later date. - I've released a sample payload [here](http://www.mediafire.com/file/n4boybw0e06h892/debug_settings.bin) that will make the necessary patches to access the debug menu of the system via settings, jailbreaks, and escapes the sandbox. ## Contributors I was not alone in this exploit's development, and would like to thank those who helped me along the way below. - [qwertyoruiopz](https://twitter.com/qwertyoruiopz) - [Flatz](https://twitter.com/flat_z) - [CTurt](https://twitter.com/CTurtE) - Anonymous E-DB Note: Download ~ https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/43397.zip Source: exploit-db.com

Pavel Lerner, a prominent Russian blockchain expert and known managing director of one of the major crypto-exchanges EXMO, has allegedly been kidnapped by "unknown" criminals in the Ukranian capital of Kiev. According to Ukraine-based web publication Strana, Lerner, 40-year-old citizen of Russia, was kidnapped on December 26 when he was leaving his office in the center of town (located on the Stepan Bandera Avenue). Unknown kidnappers in dark clothes and balaclavas dragged Lerner in their black Mercedes-Benz Vito brand (state number AA 2063 MT) car and drove away in an unknown direction. The information comes from an anonymous source in Ukrainian law enforcement agencies, though multiple investigations are currently underway to find out why and by whom Lerner was kidnapped. Lerner is a recognized IT specialist in Ukraine who led a number of startups related to blockchain technology development and mining operations. Lerner is also the managing director of EXMO, a major UK-based cryptocurrency exchange founded in 2013 and well-known with Russians for accepting ruble payments. Law enforcers in Kiev have begun an investigation and are currently conducting search operation, working out all possible leads in the case which is described as the kidnapping. EXMO's representatives confirmed media reports in a statement to a local crypto journal BitNovosti and appealed for any information that could lead to the finding of Lerner. The company representatives also assured its customers that EXMO operations were not affected by the incident and that Lerner did not have direct access to any cryptocurrency account or other personal data. Lerner case has been considered to be yet another case involving a Russian national with cryptocurrency background. In July this year, Alexander Vinnik, a 38-year-old Russian citizen and operator of cryptocurrency exchange BTC-e, was detained in Northern Greece at the request of US law enforcement authorities. The Greece court in October also ruled to extradite Vinnik to the United States. The US authorities accused Vinnik of crimes related to the hack of Mt. Gox, which was shut down in 2014 following a massive series of mysterious robberies, which totaled at least $375 million in Bitcoin. Via thehackernews.com

BruteSpray Created by: Shane Young/@x90skysn3k && Jacob Robles/@shellfail Inspired by: Leon Johnson/@sho-luv Credit to Medusa: JoMo-Kun / Foofus Networks - http://www.foofus.net Version - 1.6.0 Demo: Description BruteSpray takes nmap GNMAP/XML output and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap. Installation pip install -r requirements.txt On Kali apt-get install brutespray Usage First do an nmap scan with -oG nmap.gnmap or -oX nmap.xml. Command: python brutespray.py -h Command: python brutespray.py --file nmap.gnmap Command: python brutesrpay.py --file nmap.xml Command: python brutespray.py --file nmap.xml -i Examples Using Custom Wordlists: python brutespray.py --file nmap.gnmap -U /usr/share/wordlist/user.txt -P /usr/share/wordlist/pass.txt --threads 5 --hosts 5 Brute-Forcing Specific Services: python brutespray.py --file nmap.gnmap --service ftp,ssh,telnet --threads 5 --hosts 5 Specific Credentials: python brutespray.py --file nmap.gnmap -u admin -p password --threads 5 --hosts 5 Continue After Success: python brutespray.py --file nmap.gnmap --threads 5 --hosts 5 -c Use Nmap XML Output python brutespray.py --file nmap.xml --threads 5 --hosts 5 Interactive Mode python brutespray.py --file nmap.xml -i Supported Services ssh ftp telnet vnc mssql mysql postgresql rsh imap nntp pcanywhere pop3 rexec rlogin smbnt smtp svn vmauthd snmp Changelog v1.6.0 added support for SNMP v1.5.3 adjustments to wordlists v1.5.2 change tmp and output directory behavior v1.5.1 added check for no services v1.5 added interactive mode v1.4 added ability to use nmap XML v1.3 added the ability to stop on success added the ability to reference custom userlists and passlists added the ability to specify specific users & passwords Download: brutespray-master.zip git clone https://github.com/x90skysn3k/brutespray.git Source: https://github.com/x90skysn3k/brutespray

This course looks at web users from a few different perspectives. First, we look at identifying techniques to determine web user identities from a server perspective. Second, we will look at obfuscating techniques from a user whom seeks to be anonymous. Finally, we look at forensic techniques, which, when given a hard drive or similar media, we identify users who accessed that server. Slides: http://opensecuritytraining.info/WebIdentity_files/WebIdentity_all_slides_pptx_1.zip HD video: Sursa: http://opensecuritytraining.info/WebIdentity.html

Investiti in oua. Multumiti-mi mai tarziu.

DELETED

or sa scada, dar nu se vor prabusi.toti cumpara zilele astea pentru ca sunt anuntate parteneriate cu multe monezi in anul 2018 (news & comunicate officiale ), eu vad ripple ajungand la 3$ pana la jumatatea lu' ianuarie. la ora actuala e cea mai buna moneda in care poti investi. e usor sa mananci seminte si sa iti dai cu parerea cand nu ai habar cu ce se mananca...cam asta e definitia romanului.

Cresc acuma, dupa 31.12.2017 se vor prabusi instantaneu. Toata aceasta crestere nu e bazata pe nimic, doar pe zvonuri raspandite pe internet de catre cei care au cumparat si ei la randul lor si tipa pe tot internetul ca ce au cumparat ei e bun si ca va creste ca sa vada lumea si sa cumpere si altii ca sa creasca. Asta una la mana, doi la mana, e sfarsit de an si a fost, si inca mai este, perioada Sarbatorilor. Personal cred ca cei care vor cumpara acum sunt cei care isi vor lua teapa.

Caut persoana care ma poate ajuta sa accesez 2 emailuri