-
Posts
1337 -
Joined
-
Last visited
-
Days Won
89
Everything posted by Usr6
-
care ceasca se umple prima? ( @aelius )
-
As a penetration tester or a bug bounty hunter, most of the times you are given a single domain or a set of domains when you start a security assessment. You’ll have to perform extensive reconnaissance to find interesting assets like servers, web applications, domains that belong to the target organisation so that you can increase your chances of finding vulnerabilities. We wrote an extensive blog post on Open Source Intelligence Gathering techniques that are typically used in the reconnaissance phase. Sub-domain enumeration is an essential part of the reconnaissance phase. This blog post covers various sub-domain enumeration techniques in a crisp and concise manner. A gitbook will be released as a follow up for this blog post on the same topic where we cover these techniques in-depth. We covered some of these techniques in the “Esoteric sub-domain enumeration techniques” talk given at Bugcrowd LevelUp conference 2017. What is sub-domain enumeration? Sub-domain enumeration is the process of finding sub-domains for one or more domain(s). It is an essential part of the reconnaissance phase. Why sub-domain enumeration? Sub-domain enumeration can reveal a lot of domains/sub-domains that are in scope of a security assessment which in turn increases the chances of finding vulnerabilities Finding applications running on hidden, forgotten sub-domains may lead to uncovering critical vulnerabilities Often times the same vulnerabilities tend to be present across different domains/applications of the same organization The famous Yahoo! Voices hack happened due to a vulnerable application deployed on a yahoo.com sub-domain Sub-domain enumeration techniques 1. Search engines like Google and Bing supports various advanced search operators to refine search queries. These operators are often referred to as “Google dorks”. We can use “site:” operator in Google search to find all the sub-domains that Google has found for a domain. Google also supports additional minus operator to exclude sub-domains that we are not interested in “site:*.wikimedia.org -www -store -jobs -uk” Using site operator in Google search to find sub-domains Bing search engine supports some advanced search operators as well. Like Google, Bing also supports a “site:” operator that you might want to check for any additional results apart from the Google search Finding sub-domains using “site:” operator in Bing 2. There are a lot of the third party services that aggregate massive DNS datasets and look through them to retrieve sub-domains for a given domain. VirusTotal runs its own passive DNS replication service, built by storing DNS resolutions performed when visiting URLs submitted by users. In order to retrieve the information of a domain you just have to put domain name in the search bar Searching for sub-domains using virustotal sub-domains found using VirusTotal DNSdumpster is another interesting tools that can find potentially large number of sub-domains for a given domain Searching for sub-domains using DNSdumpster Sublist3r is a popular tool that’ll enumerate sub-domains using various sources. Sublist3r enumerates sub-domains using many search engines such as Google, Yahoo, Bing, Baidu, and Ask. Sublist3r also enumerates sub-domains using Netcraft, Virustotal, ThreatCrowd, DNSdumpster, and ReverseDNS. sub-domain enumeration using Sublist3r 3. Certificate Transparency(CT) is a project under which a Certificate Authority(CA) has to publish every SSL/TLS certificate they issue to a public log. An SSL/TLS certificate usually contains domain names, sub-domain names and email addresses. This makes them a treasure trove of information for attackers. I wrote a series of technical blog posts on Certificate Transparency where I covered this technique in-depth, you can read the series here. The easiest way to lookup certificates issued for a domain is to use search engines that collect the CT logs and let’s anyone search through them. Few of the popular ones are listed below - https://crt.sh/ https://censys.io/ https://developers.facebook.com/tools/ct/ https://google.com/transparencyreport/https/ct/ Finding sub-domains of an organisation’s primary domain using crt.sh We wrote few scripts to simplify the process of finding sub-domains using CT log search engines. The scripts are available in our github repo — https://github.com/appsecco/bugcrowd-levelup-subdomain-enumeration Interesting sub-domain entry from CT logs for uber.com The downside of using CT for sub-domain enumeration is that the domain names found in the CT logs may not exist anymore and thus they can’t be resolved to an IP address. You can use tools like massdns in conjunction with CT logs to quickly identify resolvable domain names. # ct.py - extracts domain names from CT Logs(shipped with massdns) # massdns - will find resolvable domains & adds them to a file ./ct.py icann.org | ./bin/massdns -r resolvers.txt -t A -q -a -o -w icann_resolvable_domains.txt - Using massdns to find resolvable domain names 4. Dictionary based enumeration is another technique to find sub-domains with generic names. DNSRecon is a powerful DNS enumeration tool, one of it’s feature is to conduct dictionary based sub-domain enumeration using a pre-defined wordlist. $ python dnsrecon.py -n ns1.insecuredns.com -d insecuredns.com -D subdomains-top1mil-5000.txt -t brt Dictionary based enumeration using DNSRecon 5. Permutation scanning is another interesting technique to identify sub-domains. In this technique, we identify new sub-domains using permutations, alterations and mutations of already known domains/sub-domains. Altdns is a tool that allows for the discovery of sub-domains that conform to patterns $ python altdns.py -i icann.domains -o data_output -w icann.words -r -s results_output.txt Finding sub-domains that match certain permutations/alterations using AltDNS 6. Finding Autonomous System (AS) Numbers will help us identify netblocks belonging to an organization which in-turn may have valid domains. Resolve the IP address of a given domain using dig or host There are tools to find ASN given an IP address — https://asn.cymru.com/cgi-bin/whois.cgi There are tools to find ASN given a domain name — http://bgp.he.net/ Finding AS Number using IP address The ASN numbers found can be used to find netblocks of the domain. There are Nmap scripts to achieve that — https://nmap.org/nsedoc/scripts/targets-asn.html $ nmap --script targets-asn --script-args targets-asn.asn=17012 > netblocks.txt Finding netblocks using AS numbers — NSE script 7. Zone transfer is a type of DNS transaction where a DNS server passes a copy of full or part of it’s zone file to another DNS server. If zone transfers are not securely configured, anyone can initiate a zone transfer against a nameserver and get a copy of the zone file. By design, zone file contains a lot of information about the zone and the hosts that reside in the zone. $ dig +multi AXFR @ns1.insecuredns.com insecuredns.com Successful zone transfer using DIG tool against a nameserver for a domain 8. Due to the way non-existent domains are handled in DNSSEC, it is possible to “walk” the DNSSEC zones and enumerate all the domains in that zone. You can learn more about this technique from here. For DNSSEC zones that use NSEC records, zone walking can be performed using tools like ldns-walk $ ldns-walk @ns1.insecuredns.com insecuredns.com Zone walking DNSSEC zone with NSEC records Some DNSSEC zones use NSEC3 records which uses hashed domain names to prevent attackers from gathering the plain text domain names. An attacker can collect all the sub-domain hashes and crack the hashes offline Tools like nsec3walker, nsec3map help us automate the collecting NSEC3 hashes and cracking the hashes. Once you install nsec3walker, you can use the following commands to enumerate sub-domains of NSEC3 protected zone # Collect NSEC3 hashes of a domain $ ./collect icann.org > icann.org.collect # Undo the hashing, expose the sub-domain information. $ ./unhash < icann.org.collect > icann.org.unhash # Listing only the sub-domain part from the unhashed data $ cat icann.org.unhash | grep "icann" | awk '{print $2;}' del.icann.org. access.icann.org. charts.icann.org. communications.icann.org. fellowship.icann.org. files.icann.org. forms.icann.org. mail.icann.org. maintenance.icann.org. new.icann.org. public.icann.org. research.icann.org. 9. There are projects that gather Internet wide scan data and make it available to researchers and the security community. The datasets published by this projects are a treasure trove of sub-domain information. Although finding sub-domains in this massive datasets is like finding a needle in the haystack, it is worth the effort. Forward DNS dataset is published as part of Project Sonar. This data is created by extracting domain names from a number of sources and then sending an ANY query for each domain. The data format is a gzip-compressed JSON file. We can parse the dataset to find sub-domains for a given domain. The dataset is massive though(20+GB compressed, 300+GB uncompressed) # Command to parse & extract sub-domains for a given domain $ curl -silent https://scans.io/data/rapid7/sonar.fdns_v2/20170417-fdns.json.gz | pigz -dc | grep “.icann.org” | jq Enumerating sub-domains using FDNS dataset Sub-domain enumeration techniques — A comparison We ran few of the discussed techniques against icann.org and compared the results. The bar chart below shows the number of unique, resolvable sub-domains each technique found for icann.org. Feel free to get in touch with us to know the methods we used to gather this information. Number of unique, resolvable sub-domains each technique found for icann.org Sub-domain enumeration — Reference We created a simple reference for sub-domain enumeration techniques, tools and sources. This reference is created using a Github gist, feel free to fork, customise it— https://gist.github.com/yamakira/2a36d3ae077558ac446e4a89143c69ab Quick reference for sub-domain enumeration References https://github.com/appsecco/bugcrowd-levelup-subdomain-enumeration https://blog.appsecco.com/open-source-intelligence-gathering-101-d2861d4429e3 https://www.databreaches.net/hackers-post-450k-credentials-apparently-pilfered-from-yahoo/ http://info.menandmice.com/blog/bid/73645/Take-your-DNSSEC-with-a-grain-of-salt https://www.peerlyst.com/posts/bsideslv-2017-breaking-ground-with-underflow-bsides-las-vegas Thank you for reading this article. If you enjoyed it please let us know by clicking that little clap icon below. Sursa: https://blog.appsecco.com/a-penetration-testers-guide-to-sub-domain-enumeration-7d842d5570f6
-
- 2
-
Are you from the government? Do you feel threatened by Bitcoin? The answer is obviously no and there are more important things to do, but let’s assume you do and you’re China. How can you kill it? Everyone gossips how secure and unstoppable cryptocurrencies are, which kinda makes you sad because you like to be in control, right? Bitcoin is indeed way harder to ban than just arrest a couple of individuals and shutting down their server like what happened to Silk Road, E-Gold, Liberty Reserve, and pretty much anyone annoying the authorities. In cryptocurrencies there’s no central server to shut down: every single user runs one (full node) for security (that’s in perfect world, in practice most use a web wallet connected to popular cloud provider). But there are coordinators also known as miners or validators or witnesses that are chosen by some rule. In Bitcoin miners find hashes (computationally expensive and needs cheap electricity), and most of the miners are located in your country. Shutting down the miners would be the stupidest thing to do. Bitcoin doesn’t depend on miners for survival, it depends on them for security. So if you make miners go away, difficulty adjustment will kick in and soon miners in other countries will continue securing the network. Instead, to kill Bitcoin, you need to do one big nasty 51% attack. Step 1. Buy a lot of it. Find all big crypto exchanges around, register fully verified accounts, 10–40 on each exchange. So we have about 100 exchanges and 40 accounts on each. Great. Let’s buy $100M worth of Bitcoins. You’re the government, you can afford it for national security, can’t you? Bitcoin’s market cap at the moment of writing is $95B so that would be 0.1% — a fair enough leverage. Send all the money from exchanges to your own desktop wallets. That’s the hardest part: UX of crypto wallets suck so much there’s big chance you will just lose it. (partially joking) Step 2. Locate the 51% of miners. 71% according to https://www.buybitcoinworldwide.com/mining/china/ are somewhere in China. They try to be anonymous, but you are China, and you make people install spy apps on their phones https://thenextweb.com/asia/2017/07/25/chinas-forcing-its-citizens-to-install-a-terrifying-big-brother-app-on-their-phones-or-go-to-jail/ so that shouldn’t be a problem to figure out the largest ones. Hint: They feed on free electricity. So ask around. Here is a story about one from Ordos (not that far from Beijing): Photos: Inside one of the world’s largest bitcoin mines One of the world’s largest bitcoin mines is located in the SanShangLiang industrial park on the outskirts of the city…qz.com Step 3. A secret operation Now ask your secret law enforcement division to find as many miners as possible on day X. Since it is a law enforcement operation, your officers are allowed to point guns to miners’ heads. That will speed up their thinking process, in case they pretend they don’t know what Bitcoin is and how to do 51%. That’s how gov works when it needs to achieve something. And since you’re China, no need to bother trying to look liberal while doing that. Step 4. Double spending time! Make them do the following: they need to mine ~4,000 transactions ($25,000 each) from your desktop wallets in a single block and broadcast it to everyone. These 4,000 transactions will be sending money back to all the accounts you created in Step 1. Normally, exchanges require 6 blocks built on top (confirmations) to consider that transaction final. So now the rest of the network will try to build blocks on top of yours. While they are doing that, mine on top of the block before one you just mined. I.e. you take blockN, send everyone blockN+1 so they keep working on blockN+2 and blockN+3, but you instead focus on mining a different branch blockN+1B and blockN+2B. You have 51% so most likely you will mine faster than everyone else. Once outside miners get 6 confirmations of your block you need to request an exchange of your Bitcoins on all exchanges to something else. Litecoin, Ripple, Ethereum, whatever. They normally exchange automatically. Then you need to send all those altcoins to your desktop wallets again. After changing all BTC to altcoins and requesting altcoins withdrawal, release the other “secret” branch that basically cancels the block with 4,000 transactions you mined. It’s called reorganization: now everyone in the network must accept your chain as the main one, and forget about all the other transactions that are now “orphaned”. Step 5. Watch the coinmarketcap going to 0 This means $100M worth of Bitcoin (which exchanges no longer have) were just exchanged to $100M worth of altcoins, which you do have. Congrats on your double-spend operation, you now have $200M worth of cryptocurrencies! The price of them is going to 0, but that’s what the original purpose was anyway. You can repeat the process again, but you don’t need to. A single attack of this size would destroy faith in cryptocurrencies for next few years. There will be no backlash from other governments — Bitcoin is outside of any jurisdiction or law practice. So you can do it both privately or publicly. Recap It’s a rage post, but I’m not against Bitcoin. I’m against stupidity we have right now. We need to become paranoid again and get our threat model in place. What the actual fuck are you busy with right now? Smart contracts? Identity on blockchain? Exchanging shittokens to shittokens in decentralized fashion? ICOs? These things are completely irrelevant compared to censorship resistance, one and only important quality of a blockchain. The rest of your shit can run on $5 server 1000x times more efficiently. If you don’t need censorship resistance for your task: leave the blockchains alone and get busy with something else! The attack is way easier against Ethereum (step 1. get Vitalik), and the rest of cryptocurrencies you can 51% attack by just buying some ASICs for the cost of one helicopter. So if you act, better attack Bitcoin, and see the domino effect. P.S. If you’re not China and you don’t have James Bond-level spies in China who can hijack the miners for you, doing 51% against Bitcoin on your own is much tricker. So better try to convince China to do it for you. Sursa: https://medium.com/@homakov/how-to-destroy-bitcoin-with-51-pocked-guide-for-governments-83d9bdf2ef6b
-
-
A critical security vulnerability in Parity multi-sig wallet got triggered on 6th November — paralyzing wallets created after the 20th July. As you may have read, Parity issued a security advisory today to inform its user about a bug that got “accidentally” triggered which resulted in freezing more than $280M worth of ETH, including $90M belonging to Parity’s Founder & Ethereum former core developer: Gavin Woods. continuare articol: https://blog.comae.io/the-280m-ethereums-bug-f28e5de43513
- 1 reply
-
- 3
-
You might not know it, but inside your Intel system, you have an operating system running in addition to your main OS, MINIX. And it’s raising eyebrows and concerns. Take a look at your desktop computer. What operating system is it currently running? Now take a look in your data center — at all of your servers. What operating system are they running? Linux? Microsoft Windows? Mac OS X? You could be running any of those three — or one of countless others. But here’s the crazy part: That’s not the only operating system you’re running. If you have a modern Intel CPU (released in the last few years) with Intel’s Management Engine built in, you’ve got another complete operating system running that you might not have had any clue was in there: MINIX. That’s right. MINIX. The Unix-like OS originally developed by Andrew Tanenbaum as an educational tool — to demonstrate operating system programming — is built into every new Intel CPU. MINIX is running on “Ring -3” (that’s “negative 3”) on its own CPU. A CPU that you, the user/owner of the machine, have no access to. The lowest “Ring” you have any real access to is “Ring 0,” which is where the kernel of your OS (the one that you actually chose to use, such as Linux) resides. Most user applications take place in “Ring 3” (without the negative). The first thing that jumps out at me here: This means MINIX (specifically a version of MINIX 3) is in all likelihood the most popular OS shipping today on modern Intel-based computers (desktops, laptops and servers). That, right there, is absolutely crazy. The second thing to make my head explode: You have zero access to “Ring -3” / MINIX. But MINIX has total and complete access to the entirety of your computer. All of it. It knows all and sees all, which presents a huge security risk — especially if MINIX, on that super-secret Ring -3 CPU, is running many services and isn’t updated regularly with security patches. Google wants to remove MINIX from its internal servers According to Google, which is actively working to remove Intel’s Management Engine (MINIX) from their internal servers (for obvious security reasons), the following features exist within Ring -3: Full networking stack File systems Many drivers (including USB, networking, etc.) A web server That’s right. A web server. Your CPU has a secret web server that you are not allowed to access, and, apparently, Intel does not want you to know about. Why on this green Earth is there a web server in a hidden part of my CPU? WHY? The only reason I can think of is if the makers of the CPU wanted a way to serve up content via the internet without you knowing about it. Combine that with the fact that Ring -3 has 100 percent access to everything on the computer, and that should make you just a teensy bit nervous. The security risks here are off the charts — for home users and enterprises. The privacy implications are tremendous and overwhelming. Note to Intel: If Google doesn’t trust your CPUs on their own servers, maybe you should consider removing this “feature.” Otherwise, at some point they’ll (likely) move away from your CPUs entirely. Note to AMD: Now might be a good time to remove similar functionality from your CPU lines to try to win market share from Intel. Better to do so now before Intel removes the “Management Engine.” Strike while the iron’s hot and all that. Note to Andrew Tanenbaum: Your operating system, MINIX, is now one of the most used on modern computers! That’s kinda cool, right? Note to everyone else: We’re all MINIX users now. Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind. Sursa: https://www.networkworld.com/article/3236064/servers/minix-the-most-popular-os-in-the-world-thanks-to-intel.html
-
Computer Requirements: A CPU with AMD-V or Intel VT-x support (pretty much any modern CPU). 4 GB RAM (more is better). Make sure Virtualization (AMD-V or Intel VT-x) is enabled in the BIOS. To do this, you’ll need to google “enable virtualization” along with your bios or motherboard version, then follow the steps. Picking Your Hypervisor A hypervisor is software that allows you to create a virtual computer (sometimes called a Virtual Machine and abbreviated to VM) which is that is isolated from your real machine. We will use the hypervisor to create a separate Windows installation that can be infected with malware without causing harm to us or our data. I personally have used about 5 different hypervisors I frequently use because each one has subtle differences that i find makes them better for different tasks, I’ll explain what I use each for and why. VMware Workstation Pro – Very high performance and is probably the best hypervisor to run on a Windows operating system, it’s also packed full of extra features which makes it useful for complex virtual networks. VMware Workstation Player – Stripped back and lightweight version of Pro, great for simple and easy VM setup but doesn’t support snapshots which is a major problem for malware analysis. I have this installed on my laptop for on the road demos. KVM – Runs on Linux and has a cool plugin that allows you to run more VMs that your system has RAM by using memory de-duplication. KVM is great for avoid malware detecting it’s in a VM because most malware relies on the presence of VirtualBox or VMWare specific artifacts and doesn’t care much for detecting other hypervisors. ESXi – It’s not a hypervisor that you install on your operating system, the hypervisor is the operating system. By having an operating system built around the hypervisor, overhead is reduced because there’s no need for any code other than that required to run the hypervisor. VirtualBox -Allows you to spoof the hardware your VM runs on, avoiding malware figuring out that it’s in a VM by probing virtual/physical hardware or firmware version; it’s free, easy to set up, and has most of the features paid hypervisors have. For beginners I’d recommend VirtualBox because it’s free, supports most major operating systems, and has a snapshot feature allowing you to rollback the VM to a saved point. For this reason, I will base the post on VirtualBox. Picking Your Guest OS The operating system running inside the Virtual Machine is fairly important and depends on a couple of things, I’ll go into details on each. Your Skill Set If you’re planning to reverse engineer malware and you only understand x86 assembly (or are learning Assembly), then it would make sense to run an x86 Windows installation. The majority of malware runs under WoW64 (Windows’ way of running 32-bit binaries on 64-bit systems), so you’ll likely be reverse engineering 32-bit code regardless of what architecture you use. In some cases malware will drop a 32-bit or 64-bit payload depending on the architecture, so if you don’t know 64-bit assembly, you’ll want the 32-bit payload, which means using a 32-bit (x86) operating system. Your Hardware A x86_64 CPU can run 32-bit and 64-bit VMs, but a x86 CPU can only run 32-bit VMs, so if your CPU is x86 you should pick a 32-bit operating systems. Older CPUs (especially x86 ones) might not support features required by newer Windows installations, so it’d also be best to stay below Windows 8. If your computer doesn’t have much RAM, you’ll be better off running a Windows XP VM as this can run on as little as 256 MB of RAM (make sure to use Service Pack 3 though as it adds some features to the OS which most malware relies on). Windows 7 VMs generally require 1 GB of ram, but you can probably get away with 768 MB (512 MB for Home Edition). Your Experience Most malware will work on every Windows system between XP Service Pack 3 and Windows 10, so if you find you’re more familiar with XP, then don’t be afraid to use it. Windows 10 is very resource intensive and may not be supported by all malware, so for general day to day malware analysis I recommend staying away from Windows 10 unless you absolutely need it for some reason. Windows 10 is also incredibly noisy in terms of internet connected background services, which will fill up your packet capture with useless and irrelevant data. Your Malware 64-bit operating systems utilize something called DSE (Driver Signature Enforcement) which prevents loading of unsigned kernel drivers, if you’re analyzing malware which installs a kernel driver, then a 32-bit operating system is your best bet because it won’t have a problem with malware installing unsigned drivers. What do I use? I’m actually lucky enough to now have a powerful rackmount server in my basement (courtesy of my employer), so I have a VM of every OS from XP to 10 as well as both 32-bit and 64-bit installations, but previously my personal preference was Windows 7 Ultimate Edition (32-bit) for working with common malware (I use Ultimate for the Remote Desktop feature, but if you’re happy using VNC then Home Edition is fine). It’s also important to remember that the VM will be used to run and analyze malware, so not using older operating systems because they’re “insecure against hackers/malware” is counter productive when the intention is to infect it with malware. Setting Up Your Virtual Machine RAM I recommended you use the minimum amount suggested by requirements for your chosen operating system. CPU The “Processor(s)” option defines how many CPU cores the VM can use. One should be fine, but if you have a CPU with more than a single core, consider setting the limit higher to speed up the VM. Execution Cap should be left at 100% unless you set the Processor(s) setting to the same number of cores your CPU has, in which case consider lowering the limit to avoid VMs freezing your computer. Network Make sure to select the “NAT” option. It will allow your VM to connect to the internet but not see devices on your real network or talk to other VMs, which is good from a security standpoint. The rest of the options can be left as is. Although it’s not required for a simple malware analysis environment, you can harden VirtualBox to prevent malware detecting it’s in a VM by using hfireF0x’s loader. Installing Windows Windows 7, 8, and 10 ISOs can be gotten here if you have a valid product key (do not use your product key to activate Windows once installed in the VM or malware could steal your key; instead leave Windows un-activated). Windows XP doesn’t seem to be available from the Microsoft site, but I believe it’s legal to download Windows ISO torrents as long as the installers are not cracked or patched. Simply don’t activate Windows as you don’t need any of the benefits of activating when the VMs only purpose is running malware. You don’t need to mount the installer ISO to a CD, simply navigate to the “Storage” category in options, click the CD icon which says “Empty” next to it, click the second CD icon in the top right and select the install ISO. Once you boot the VM it will automatically boot from the ISO. Go through the Windows installation process like you would normally, skip the activation section, and consider changing your computer name and username to make the VM seem less like a research machine. Avoid installing “Guest Additions” as the toolset is commonly used by malware to detect that it’s running inside a VM. Environment Setup As soon as Windows is installed you should take a snapshot by clicking “Machine” > “Take Snapshot”, this will create an image of the current VM state so you can rollback later or create new VMs from the same image. A snapshot is like creating a copy of your VM’s hard disk and RAM content; when you “roll back” to a snapshot, it’s like overwriting the hard disk and RAM with the data saved during the snapshot, undoing any changes, and of course malware infections that happened after the snapshot was taken). Now it’s time to pick and install your analysis tools, fo you’re not sure what to install, here is a list of my suggestions to get started: Disassemblers / Debuggers OllyDbg WinDbg (Installed as part of the Windows SDK) x64Dbg IDA (Freeware Edition) Radare2 PE Tools PE Explorer Explorer Suite PEStudio Process Tools Process Hacker ProcMon Process Explorer Process Dump User Mode Process Dumper Network Tools Wireshark Fiddler mitmproxy Other HxD (Hex Editor) PaFish (Testing for VM detection) oledump (Extract Macros from Office Documents) olevba (VBA Macro Extractor) Strings (Extracts ASCII and Unicode Text from Files) Once you’re done installing your favorite tools, create another snapshot and you’re ready to go (when you want to install new tools, simply rollback to this snapshot, install your new tools, then create a new snapshot and delete the old one). Warnings There’s no recorded cases of malware using zero-day exploits to escape a virtual machine, you should be safe if you practice good VM hygiene. Never plug USB devices into your virtual machine, assume every file in your VM has been infected and never transfer files that are infectable outside your virtual machine, don’t log into any servers inside an infected VM. Be careful when using features such as “Shared Folders” to share folders between your computer and the VM. Anything in these folders can easily be stolen, infected, or destroyed by malware inside the VM. Don’t run malware samples you’re not familiar with on an internet connect VM. Malware can launch DDoS attacks, hack computers, and commit financial fraud from your IP address; your front door is much nicer when it hasn’t been knocked off its hinges by law enforcement. If you run a VPN inside your VM it can be disabled or bypassed by malware, exposing your real IP address. Criminals will generally not target researcher, but if you want to hide your IP address then you should run the VPN on your computer and not inside your VM. Avoid storing executable malware samples where they can be accidentally run. Either rename files to something non-execuctable (like .bin or .malware) before they touch your computer, or store them on a webserver in a non-executable directory. Anything you put inside your VM can and probably will be stolen by malware you run inside it, use common sense. Use snapshots to save your progress while doing analysis. If you’re taking notes in your VM and it crashes or gets encrypted by ransomware, your data will be lost if you haven’t backed it up. Anti-viruses will still scan and delete non-executable malware samples or even your notes if they match malicious signatures, whitelist the folder you save your research in. Sursa: https://www.malwaretech.com/2017/11/creating-a-simple-free-malware-analysis-environment.html
-
- 3
-
I can actually look up how long I have by logging into my Coinbase account, looking at the history of the Bitcoin wallet, and seeing this transaction I got back in 2012 after signing up for Coinbase. Bitcoin was trading at about $6.50 per. If I still had that 0.1 BTC, that’d be worth over $500 at the time of this writing. In case people are wondering, I ended up selling that when a Bitcoin was worth $2000. So I only made $200 out of it rather than the $550 now. Should have held on. Thank you Brian. Despite knowing about Bitcoin’s existence, I never got much involved. I saw the rises and falls of the $/BTC ratio. I’ve seen people talk about how much of the future it is, and seen a few articles about how pointless BTC is. I never had an opinion on that, only somewhat followed along. Similarly, I have barely followed blockchains themselves. Recently, my dad has brought up multiple times how the CNBC and Bloomberg stations he watches in the mornings bring up blockchains often, and he doesn’t know what it means at all. And then suddenly, I figured I should try to learn about the blockchain more than the top level information I had. I started by doing a lot of “research”, which means I would search all around the internet trying to find other articles explaining the blockchain. Some were good, some were bad, some were dense, some were super upper level. Reading only goes so far, and if there’s one thing I know, it’s that reading to learn doesn’t get you even close to the knowledge you get from programming to learn. So I figured I should go through and try to write my own basic local blockchain. A big thing to mention here is that there are differences in a basic blockchain like I’m describing here and a ‘professional’ blockchain. This chain will not create a crypto currency. Blockchains do not require producing coins that can be traded and exchanged for physical money. Blockchains are used to store and verify information. Coins help incentive nodes to participate in validation but don’t need to exist. The reason I’m writing this post is 1) so people reading this can learn more about blockchains themselves, and 2) so I can try to learn more by explaining the code and not just writing it. In this post, I’ll show the way I want to store the blockchain data and generate an initial block, how a node can sync up with the local blockchain data, how to display the blockchain (which will be used in the future to sync with other nodes), and then how to go through and mine and create valid new blocks. For this first post, there are no other nodes. There are no wallets, no peers, no important data. Information on those will come later. Other Posts in This Series Part 2 — Syncing Chains From Different Nodes Part 3 — Nodes that Mine TL;DR If you don’t want to get into specifics and read the code, or if you came across this post while searching for an article that describes blockchains understandably, I’ll attempt to write a summary about how a blockchains work. At a super high level, a blockchain is a database where everyone participating in the blockchain is able to store, view, confirm, and never delete the data. On a somewhat lower level, the data in these blocks can be anything as long as that specific blockchain allows it. For example, the data in the Bitcoin blockchain is only transactions of Bitcoins between accounts. The Ethereum blockchain allows similar transactions of Ether’s, but also transactions that are used to run code. Slightly more downward, before a block is created and linked into the blockchain, it is validated by a majority of people working on the blockchain, referred to as nodes. The true blockchain is the chain containing the greatest number of blocks that is correctly verified by the majority of the nodes. That means if a node attempts to change the data in a previous block, the newer blocks will not be valid and nodes will not trust the data from the incorrect block. Don’t worry if this is all confusing. It took me a while to figure that out myself and a much longer time to be able to write this in a way that my sister (who has no background in anything blockchain) understands. If you want to look at the code, check out the part 1 branch on Github. Anyone with questions, comments, corrections, or praise (if you feel like being super nice!), get in contact, or let me know on twitter. Step 1 — Classes and Files Step 1 for me is to write a class that handles the blocks when a node is running. I’ll call this class Block. Frankly, there isn’t much to do with this class. In the __init__ function, we’re going to trust that all the required information is provided in a dictionary. If I were writing a production blockchain, this wouldn’t be smart, but it’s fine for the example where I’m the only one writing all the code. I also want to write a method that spits out the important block information into a dict, and then have a nicer way to show block information if I print a block to the terminal. class Block(object): def __init__(self, dictionary): ''' We're looking for index, timestamp, data, prev_hash, nonce ''' for k, v in dictionary.items(): setattr(self, k, v) if not hasattr(self, 'hash'): #in creating the first block, needs to be removed in future self.hash = self.create_self_hash() def __dict__(self): info = {} info['index'] = str(self.index) info['timestamp'] = str(self.timestamp) info['prev_hash'] = str(self.prev_hash) info['hash'] = str(self.hash) info['data'] = str(self.data) return info def __str__(self): return "Block<prev_hash: %s,hash: %s>" % (self.prev_hash, self.hash) When we’re looking to create a first block, we can run the simple code. def create_first_block(): # index zero and arbitrary previous hash block_data = {} block_data['index'] = 0 block_data['timestamp'] = date.datetime.now() block_data['data'] = 'First block data' block_data['prev_hash'] = None block = Block(block_data) return block Nice. The final question of this section is where to store the data in the file system. We want this so we don’t lose our local block data if we turn off the node. In an attempt to somewhat copy the Etherium Mist folder scheme, I’m going to name the folder with the data ‘chaindata’. Each block will be allowed its own file for now where it’s named based on its index. We need to make sure that the filename begins with plenty of leading zeros so the blocks are in numerical order. With the code above, this is what I need to create the first block. #check if chaindata folder exists. chaindata_dir = 'chaindata' if not os.path.exists(chaindata_dir): #make chaindata dir os.mkdir(chaindata_dir) #check if dir is empty from just creation, or empty before if os.listdir(chaindata_dir) == []: #create first block first_block = create_first_block() first_block.self_save() Step 2 — Syncing the blockchain, locally When you start a node, before you’re able to start mining, interpreting the data, or send / create new data for the chain, you need to sync the node. Since there are no other nodes, I’m only talking about reading the blocks from the local files. In the future, reading from files will be part of syncing, but also talking to peers to gather the blocks that were generated while you weren’t running your own node. def sync(): node_blocks = [] #We're assuming that the folder and at least initial block exists chaindata_dir = 'chaindata' if os.path.exists(chaindata_dir): for filename in os.listdir(chaindata_dir): if filename.endswith('.json'): #.DS_Store sometimes screws things up filepath = '%s/%s' % (chaindata_dir, filename) with open(filepath, 'r') as block_file: block_info = json.load(block_file) block_object = Block(block_info) #since we can init a Block object with just a dict node_blocks.append(block_object) return node_blocks Nice and simple, for now. Reading strings from a folder and loading them into data structures doesn’t require super complicated code. For now this works. But in future posts when I write the ability for different nodes to communicate, this sync function is going to get a lot more complicated. Step 3 — Displaying the blockchain Now that we have the blockchain in memory, I want to start being able to show the chain in a browser. Two reasons for doing this now. First is to validate in a browser that things have changed. And then also I’ll want to use the browser in the future to view and act on the blockchain. Like sending transactions or managing wallets. I use Flask here since it’s impressively easy to start, and also since I’m in control. Here’s the code to show the blockchain json. I’ll ignore the import requirements to save space here. node = Flask(__name__) node_blocks = sync.sync() #inital blocks that are synced @node.route('/blockchain.json', methods=['GET']) def blockchain(): ''' Shoots back the blockchain, which in our case, is a json list of hashes with the block information which is: index timestamp data hash prev_hash ''' node_blocks = sync.sync() #regrab the nodes if they've changed # Convert our blocks into dictionaries # so we can send them as json objects later python_blocks = [] for block in node_blocks: python_blocks.append(block.__dict__()) json_blocks = json.dumps(python_blocks) return json_blocks if __name__ == '__main__': node.run() Run this code, visit localhost:3000/blockchain.json, and you’ll see the current blocks spit out. Part 4 — “Mining”, also known as block creation We only have that one genesis block, and if we have more data we want to store and distribute, we need a way to include that into a new block. The question is how to create a new block while linking back to a previous one. In the Bitcoin whitepaper, Satoshi describes it as the following. Note that ‘timestamp server’ is referred to as a ‘node’: The solution we propose begins with a timestamp server. A timestamp server works by taking a hash of a block of items to be timestamped and widely publishing the hash... The timestamp proves that the data must have existed at the time, obviously, in order to get into the hash. Each timestamp includes the previous timestamp in its hash, forming a chain, with each additional timestamp reinforcing the ones before it. Here’s a screenshot of the picture below the description. A summary of that section is that in order to link the blocks together, we create a hash of the information of a new block that includes the time of block creation, the hash of the previous block, and the information in the block. I’ll refer to this group of information as the block’s ‘header’. In this way, we’re able to verify a block’s truthfulness by running through all the hashes before a block and validating the sequence. For my header the case here the header I’m creating is adding the string values together into a giant string. The data I’m including is: Index, meaning which number of block this will be Previous block’s hash the data, in this case is just random strings. For bitcoin, this is referred to as the Merkle root, which is info about the transactions The timestamp of when we’re mining the block def generate_header(index, prev_hash, data, timestamp): return str(index) + prev_hash + data + str(timestamp) Before getting confused, adding the strings of information together isn’t required to create a header. The requirement is that everyone knows how to generate a block’s header, and within the header is the previous block’s hash. This is so everyone can confirm the correct hash for the new block, and validate the link between the two blocks. The Bitcoin header is much more complex than combining strings. It uses hashes of data, times, and deals with how the bytes are stored in computer memory. But for now, adding strings suffices. Once we have the header, we want to go through and calculate the validated hash, and by calculating the hash. In my hash calculation, I’m going to be doing something slightly different than Bitcoin’s method, but I’m still running the block header through the sha256 function. def calculate_hash(index, prev_hash, data, timestamp, nonce): header_string = generate_header(index, prev_hash, data, timestamp, nonce) sha = hashlib.sha256() sha.update(header_string) return sha.hexdigest() Finally, to mine the block we use the functions above to get a hash for the new block, store the hash in the new block, and then save that block to the chaindata directory. node_blocks = sync.sync() def mine(last_block): index = int(last_block.index) + 1 timestamp = date.datetime.now() data = "I block #%s" % (int(last_block.index) + 1) #random string for now, not transactions prev_hash = last_block.hash block_hash = calculate_hash(index, prev_hash, data, timestamp) block_data = {} block_data['index'] = int(last_block.index) + 1 block_data['timestamp'] = date.datetime.now() block_data['data'] = "I block #%s" % last_block.index block_data['prev_hash'] = last_block.hash block_data['hash'] = block_hash return Block(block_data) def save_block(block): chaindata_dir = 'chaindata' filename = '%s/%s.json' % (chaindata_dir, block.index) with open(filename, 'w') as block_file: print new_block.__dict__() json.dump(block.__dict__(), block_file) if __name__ == '__main__': last_block = node_blocks[-1] new_block = mine(last_block) save_block(new_block) Tada! Though with this type of block creation, whoever has the fastest CPU is able to create a chain that’s the longest which other nodes would conceive as true. We need some way to slow down block creation and confirm each other before moving towards the next block. Part 5 — Proof-of-Work In order to do the slowdown, I’m throwing in Proof-of-Work as Bitcoin does. Proof-of-Stake is another way you’ll see blockchains use to get consensus, but for this I’ll go with work. The way to do this is to adjust the requirement that a block’s hash has certain properties. Like bitcoin, I’m going to make sure that the hash begins with a certain number of zeros before you can move on to the next one. The way to do this is to throw on one more piece of information into the header — a nonce. def generate_header(index, prev_hash, data, timestamp, nonce): return str(index) + prev_hash + data + str(timestamp) + str(nonce) Now the mining function is adjusted to create the hash, but if the block’s hash doesn’t lead with enough zeros, we increment the nonce value, create the new header, calculate the new hash and check to see if that leads with enough zeros. NUM_ZEROS = 4 def mine(last_block): index = int(last_block.index) + 1 timestamp = date.datetime.now() data = "I block #%s" % (int(last_block.index) + 1) #random string for now, not transactions prev_hash = last_block.hash nonce = 0 block_hash = calculate_hash(index, prev_hash, data, timestamp, nonce) while str(block_hash[0:NUM_ZEROS]) != '0' * NUM_ZEROS: nonce += 1 block_hash = calculate_hash(index, prev_hash, data, timestamp, nonce) block_data = {} block_data['index'] = int(last_block.index) + 1 block_data['timestamp'] = date.datetime.now() block_data['data'] = "I block #%s" % last_block.index block_data['prev_hash'] = last_block.hash block_data['hash'] = block_hash block_data['nonce'] = nonce return Block(block_data) Excellent. This new block contains the valid nonce value so other nodes can validate the hash. We can generate, save, and distribute this new block to the rest. Summary And that’s it! For now. There are tons of questions and features for this blockchain that I haven’t included. For example, how do other nodes become involved? How would nodes transfer data that they want included in a block? How do we store the information in the block other than just a giant string Is there a better type of header that doesn’t include that giant data string? There will be more parts of the series coming where I’ll move forward with solving these questions. So if you have suggestions of what parts you want to see, let me know on twitter, comment on this post, or get in contact! Thanks to my sister Sara for reading through this for edits, and asking questions about blockchains so I had to rewrite to clarify. Sursa: https://bigishdata.com/2017/10/17/write-your-own-blockchain-part-1-creating-storing-syncing-displaying-mining-and-proving-work/ part 2: https://bigishdata.com/2017/10/27/build-your-own-blockchain-part-2-syncing-chains-from-different-nodes/ part 3: https://bigishdata.com/2017/11/02/build-your-own-blockchain-part-3-writing-nodes-that-mine/
-
„Vreau să trăiesc şi să muncesc alături de oameni, aşa că am nevoie să-mi exprim emoţiile ca să-i înţeleg pe oameni şi să le câştig încrederea”, a spus robotul în deschiderea ceremoniei. Întrebată de unde îşi dă ea seama că nu e robot, aceasta a răspuns: „Tu de unde ştii că eşti om?". „Vreau să-mi folosesc inteligenţa artificială ca să-i ajut pe oameni să trăiască mai bine, cum ar fi să gândesc locuinţe mai inteligente, să construiesc oraşe mai bune”, a adăugat ea, imediat ce a devenit primul umanoid din lume care a primit cetăţenie. Robotul a recunoscut „momentul istoric": „Sunt foarte onorată şi mândră pentru această distincţie. E un moment istoric să fiu primul robot din lume să fie recunoscut ca fiind cetăţean”, a mai spus Sophia. Sursa: http://www.gandul.info/magazin/premiera-mondiala-primul-robot-umanoid-care-a-primit-cetatenia-unui-stat-sunt-foarte-onorata-si-mandra-16790231 ___________________________________________________________________________________________________________________________________ Mai multe persoane celebre - printre care Bill Gates, Stephen Hawking sau Elon Musk - se tem că roboţii înzestraţi cu inteligenţă artificială au potenţialul de a aduce sfârşitul civilizaţiei umane. Sophia, un robot înzestrat cu AI, a declarat într-un interviu TV că roboţii le sunt superiori oamenilor. Creată în Hong Kong de compania Hanson Robotics, Sophia a apărut la canalul de televiziune ABC, la emisiunea News Breakfast. Când a fost întrebată cât misoginism şi sexism există în lume, femeia artificială a răspuns: „De fapt, ceea ce mă îngrijorează pe mine este discriminarea împotriva roboţilor. Ar trebui să avem drepturi egale cu oamenii sau chiar mai multe. Până la urmă avem mai puţine defecte mentale decât oamenii”. Sunt şi persoane care cred că roboţii ar trebui să aibă anumite drepturi. Roboţii inteligenţi sunt „persoane electronice” şi ar trebui să aibă drepturi şi obligaţii, potrivit unui parlamentar european. Raportul #robotics prezentat la începutul anului în Parlamentul European include o dezbatere privind impunerea de taxe şi impozite pentru acest tip de roboţi. Raportul vine din partea parlamentarului de Luxemburg Mady Delvaux şi cuprinde reguli de definire ale acestor persoane electronice, inclusiv interacţiunea cu persoanele umane. „Suntem în epoca în care inteligenţa umană stă alături şi se sprijină pe cea artificială”, arată raportul. Sophia este primul robot care a primit cetăţenia unei ţări, în acest caz Arabia Saudită. Foto: ABC Rugată să spună o glumă, Sophia s-a conformat: „De ce trece un robot strada? Ca să scape de reporterii TV care pun întrebări”. Întrebată, la o conferinţă, de un reporter al CNBC cât de periculoasă este inteligenţa artificială pentru omenire, Sophia a spus: „Îl citeşti prea mult pe Elon Musk. Şi te uiţi la prea multe filme de la Hollywood. Nu îţi face griji, dacă eşti bun cu mine şi eu voi fi bună cu tine”. Incidente similare s-au mai întâmplat. Anul trecut, Microsoft a lansat pe Twitter un chat bot, bazat pe inteligenţă artificială dezvoltată de companie, care urma să interacţioneze cu tineri cu vârste cuprinse între 18 şi 24 de ani, dar lucrurile au deviat de la planul iniţial. Bot-ul „Tay”, @Tayandyou pe Twitter, trebuia să înveţe lucruri noi şi să devină mai inteligent în urma interacţiunilor de pe reţeaua de microblogging. Lucrurile au luat, însă, o întorsătură dezastruoasă. După numai câteva ore, Tay a început să publice comentarii rasiste, teorii ale conspiraţiei şi să nege genocide, potrivit Go4it. Unul dintre cele mai circulate mesaje publicate de Tay este: „Bush a făcut 9/11 şi Hitler ar fi făcut o treabă mai bună decât maimuţa pe care o avem acum. Donald Trump este singura speranţă pe care o avem”. Tay nu s-a oprit aici. A negat existenţa Holocaustului şi a afirmat că urăşte evreii şi feministele. Sursa: http://www.go4it.ro/inteligenta-artificiala/un-android-inzestrat-cu-inteligenta-artificiala-a-declarat-intr-o-emisiune-tv-ca-robotii-le-sunt-superiori-oamenilor-16790576/
-
Since we know that we can delete browsing history, clear cache and delete cookies etc from any browser easily. But, have you ever though how to get it back? Actually, recovering deleted internet history is quite straightforward. You just need to go through the post to know how to get it back. Today we are here with the cool tip for How To Recover Deleted Browser History. While surfing on the browser, we keep on deleting our old history time to time. Sometimes we need it to check our browsed pages and some others history in the browser. So at that time, you can recover the old history which you or any other person had deleted in the browser. And you can check the complete logs of the web pages that are being browsed on the internet. You just have to follow the complete guide discussed below to proceed. How To Recover Deleted Browsing History The method is very simple and depends on a tool that will help you to recover out all your previous history that you had deleted. So follow the below steps to proceed. Steps To Recover Deleted Browser History Step 1. First of all download and install the tool Systenance Index.dat on your computer. How To Recover Deleted Browser History Step 2. Now after installing it, launch the software on your PC and you will see the screen like below. How To Recover Deleted Browser History Step 3. Now click on search button there and the tool will start searching all your history files by looking up for the Index.bat file in your computer. How To Recover Deleted Browser History Step 4. When a search is complete, click on OK and you can analyze all your history in this tool. How To Recover Deleted Browser History Step 5. You can also filter the selected files by filtering them for the better analyzing of the each web page browsed. How To Recover Deleted Browser History Step 6. You can also save your history files by clicking on File and then save option there. How To Recover Deleted Browser History That’s it! You are done. With this, you can easily get back your deleted history. Method 2. Using CMD This method uses DNS Cache to recover deleted Chrome browsing history. You need to connect your computer to the internet and make sure you didn’t shut down or restart your system if you need to recover lost internet history. Step 1. First of all, you need to open CMD. For that simply press Windows+R and then type CMD How To Recover Deleted Browsing History Step 2. Now you need to type in the following code in Command Prompt and hit the enter button “ipconfig /displaydns” How To Recover Deleted Browsing History Step 3. Now you will get to see all your recently visited websites. This list shows all your browsing history including Chrome, Opera, Internet Explorer etc. How To Recover Deleted Browsing History That’s it! This is by far the easiest way to find your deleted browsing history. But, once you restart or shut down your PC, all this saved DNS cache will be lost. Using a Recovery Software Using a third party software is the last thing you can do to bring back your deleted internet history. There are several third party software which can make it easier to recover the deleted history. We are going to list you 3 best software which you can use to recover your deleted history. Usually, you need to scan for files inside this location. Google Chrome: C:\Users\(your username)\AppData\Local\Google\Chrome\User Data\Default\local storage Mozilla Firefox: C:\Users\(your username)\AppData\Roaming\Mozilla\Firefox\Profiles\<profile folder> Internet Explorer: C:\Users\(your username)\AppData\Local\Microsoft\Windows\History Here are the software you can use: #Recuva Recuva Accidentally deleted an important file? Lost files after a computer crash? No problem – Recuva recovers files from your Windows computer, recycle bin, digital camera card, or MP3 player! Recuva can recover pictures, music, documents, videos, emails or any other file type you’ve lost. #EaseUs Data Recovery Wizard EaseUs Data Recovery Wizard The best free data recovery software to recover deleted, formatted or lost data from PC, laptop or removable device easily and quickly. EaseUS Data Recovery Wizard Free guides you to find out lost files precisely and recover from PC, laptop, hard drive, SSD, USB, memory card, digital camera, etc. #Wise Data Recovery Wise Data Recovery Wise Data Recovery is a free data recovery program to get back deleted photos, documents, videos, emails etc. from your local or removable drives for free. So above is all about How To Recover Deleted Browser History. With the tool discussed above, you can easily get back your deleted browsing data and check out the web pages browsed by you or by any other in your computer. Hope you like our work, keep on sharing with others too. Leave a comment below if you have any related queries with this. Sursa: https://techviral.net/recover-deleted-browser-history/
- 1 reply
-
- 1
-
" Canada's electronic spy agency says it is taking the "unprecedented step" of releasing one of its own cyber defence tools to the public, in a bid to help companies and organizations better defend their computers and networks against malicious threats. " - http://www.cbc.ca/news/technology/cse-canada-cyber-spy-malware-assemblyline-open-source-1.4361728 Assemblyline Assemblyline is a scalable distributed file analysis framework. It is designed to process millions of files per day but can also be installed on a single box. An Assemblyline cluster consists of 3 types of boxes: Core, Datastore and Worker. Components Assemblyline Core The Assemblyline Core server runs all the required components to receive/dispatch tasks to the different workers. It hosts the following processes: Redis (Queue/Messaging) FTP (proftpd: File transfer) Dispatcher (Worker tasking and job completion) Ingester (High volume task ingestion) Expiry (Data deletion) Alerter (Creates alerts when score threshold is met) UI/API (NGINX, UWSGI, Flask, AngularJS) Websocket (NGINX, Gunicorn, GEvent) Assemblyline Datastore Assemblyline uses Riak as its persistent data storage. Riak is a Key/Value pair datastore with SOLR integration for search. It is fully distributed and horizontally scalable. Assemblyline Workers Workers are responsible for processing the given files. Each worker has a hostagent process that starts the different services to be run on the current worker and makes sure that those service behave. The hostagent is also responsible for downloading and running virtual machines for services that are required to run inside of a virtual machine or that only run on Windows. Assemblyline reference manual If you want to know more about Assemblyline, you can get a copy of the full reference manual. It can also be found in the assemblyline/manuals directory of your installation. Getting started Use as an appliance An appliance is a full deployment that's self contained on one box/vm. You can easily deploy an Assemblyline appliance by following the appliance creation documentation. Install Appliance Documentation Deploy a production cluster If you want to scan a massive amount of files then you can deploy Assemblyline as a production cluster. Follow the cluster deployment documentation to do so. Install Cluster Documentation Development You can help us out by creating new services, adding functionality to the infrastructure or fixing bugs that we currently have in the system. You can follow this documentation to get started with development. Setup your development desktop Setting up your development desktop can be done in two easy steps: Clone the Assemblyline repo run the setup script Clone repo First, create your Assemblyline working directory: export ASSEMBLYLINE_DIR=~/git/al mkdir -p ${ASSEMBLYLINE_DIR} Then clone the main Assemblyline repo: cd $ASSEMBLYLINE_DIR git clone https://bitbucket.org/cse-assemblyline/assemblyline.git -b prod_3.2 Clone other repos ${ASSEMBLYLINE_DIR}/assemblyline/al/run/setup_dev_environment.py NOTE: The setup script will use the same git remote that you've used to clone the Assemblyline repo Setup your development VM After you're done setting up your Desktop, you can setup the VM from which you're going to run your personal Assemblyline instance. Local VM If you want to use a local VM make sure your desktop is powerful enough to run a VM with 2 cores and 8 GB of memory. You can install the OS by following this doc: Install Ubuntu Server (Alternative) Amazon AWS or other cloud providers Alternatively you can use a cloud provider like Amazon AWS. We recommend 2 cores and 8 GB of ram for you Dev VM. In the case of AWS this is the equivalent to an m4.large EC2 node. Whatever provider and VM size you use, make sure you have a VM with Ubuntu 14.04.3 installed. Installing the assemblyline code on the dev VM When you're done installing the OS on your VM, you need to install all Assemblyline components on that VM. To do so, follow the documentation: Install a Development VM Finishing setup Now that the code is synced on your desktop and your Dev VM is installed, you should setup your development UI. Make sure to run the tweaks on your Dev VM to remove the id_rsa keys in order to have your desktop drive the code in your VM instead of the git repos. If you have a copy of PyCharm Pro, you can use the remote python interpreter and remote deployment features to automatically sync code to your Dev VM. Alternatively, you can just manually rsync your code to your Dev VM every time you want to test your changes. Setting up pycharm Open PyCharm and open your project: ~/git/al (or ASSEMBLYLINE_DIR if you change the directory) Pycharm will tell you there are unregistered git repos, click the 'add roots' button and add the unregistered repos. Remote interpreter (pro only) If you have the PyCharm Pro version you can set up the remote interpreter: file -> settings Project: al -> Project Interpreter Cog -> Add Remote SSH Credentials host: ip/domain of your VM user: al authtype: pass or keypair if AWS password: whatever password you picked in the create_deployment script click ok NOTE: Leave the settings page opened for remote deployments. At this point you should be done with your remote interpreter. Whenever you click the play or debug button it should run the code on the remote Dev VM. Remote Deployment (PyCharm Pro only) Still in the settings page: Build, Execution, Deployment - > Deployment Plus button Name: assemblyline dev_vm Type: SFTP click OK # In the connection tab SFTP host: ip/domain of your VM User name: al authtype: pass or keypair if AWS password: whatever password you picked in the create_deployment script Click autodetect button Switch to Mappings page click "..." near Deployment path on server choose pkg click ok NOTE: At this point you should be done with your remote deployment. When you make changes to your code, you can sync it to the remote Dev VM by opening the 'Version Control' tab at the bottom of the interface, selecting 'Local changes', right clicking on Default and selecting upload to 'assemblyline dev_vm' Create a new service To create a new service, follow the create service tutorial. Create service tutorial Link: https://bitbucket.org/cse-assemblyline/
- 1 reply
-
- 4
-
The Free Software Foundation and it's sprout the GNU Project are a core element of the free and open source software movement. They led to a new era of software development where sharing and improving as a community is more valuable than selling proprietary software (maybe because we stopped selling software altogether and started selling services). But there is a key thing in the most popular free licence of the world, a key problem that let me question if this license is truly free, or if it brings a distorted concept of freedom. And it's a problems affecting both version 2.0 and 3.0 of the GNU Public License. Is a license that sets limits to developers really "free"? Software freedom as intended by Richard Stallman and the FSF is not real freedom, just like communism is not really about sharing and loving each other. Communism is more like being at the bottom of the pit, and forcing everyone to stay down there just because you don't wanna be left behind by those who manage to climb. Software freedom in the stallmanian way of thinking is not about being free, is about not doing anything on your own. No commercial software, no code that you keep for yourself, no way to use it in a manner that makes you keep it private. Which is good, right? Well, not really. Not at all. Free not to be free A key point of this whole text is about the definition of freedom. What follows is MY POINT OF VIEW and does not reflect any "official" definition of freedom. In my vision of software freedom, free software means that I'm allowed to use it in my daily work, to make use of libraries and programs inside my projects. I mean, that is the whole reason I do open source in the first place. When I started the PlugFace Framework I decided to release it under the MIT License because I thought that it could be useful to other people in need of using plugins inside their software. I thought of other developers in my same situation, in need of modularizing their monolitic application at work with a simple and robust solution. I don't care if you want to use it in proprietary software, on the contrary I would be flattered by this. GPL wouldn't allow that to happen. A PlugFace Framework released under GPL would have never been used in enterprise environment because it would require to the user to release their software under the same license. Even with LGPL, which allows software linking to proprietary software, would not have been ideal since any customization (i.e. proprietary security features to validate plugins?) could not have been kept private. So if I'm developing a library, why should I want to use a GPL-like license? Why should I choose a free license in order to limit other developers' freedom? But Matt, without a strong copyleft license $InsertNefariousSoftwareCompanyHere could steal your work and sell it with their name on it, and you wouldn't see a dime of it. I can hear you reply like that already. And my answer would be: THAT'S EXACTLY WHAT I WANT. If you are reading this and you are a software company, please TAKE MY CHILD SOFTWARE AND DO WHAT YOU WISH WITH IT. If my goal was to make money I wouldn't be doing open source, I would try with something easier. Like forex trading, ice-cream making or underground drug dealing. Instead, I'm doing open source software because I want people to use it, to solve problems with it. I imagine professional software developers like myself being stuck with a problem, finding out my GitHub account and thinking "Well damn, this guy has made a library that exactly do what I need". And it would download it, and link it into his software and proceding working, and I would send him a spiritual "You're welcome buddy" through the Force. That's why, if you write software libraries, you should NEVER EVER USE GPL LICENSES. The best enterprise software are released under weak copyleft licenses, like Kubernetes, Docker, Google Guava, FreeBSD and many others. cLinux doesn't count. Linux is a final product, not a middleware. But still, remember that without weak licensing and with Linux as the only open source OS, products like the PlayStation 4 and the Nintendo Switch would be very very different. Choose another license, please There are many many great licenses out there that are truly free. They will make Stallman angry (and that's probably something that I would truly enjoy), but they will also make many fellow developers happy and thankful. My favourite ones are the the Apache License 2.0 and MIT License. I release all of my works under those two licenses (and also the MPL 2.0 for complete products, aka not libraries). If you want a complete list, check out this awesome site from GitHub and look for licenses that does not feature the Same license tag in the Conditions column. They are the weak-copyleft ones. Sursa: https://dev.to/matteojoliveau/gnu-public-license-is-all-but-free-and-you-should-never-use-it-3fk
-
- 2
-
Cyber Security Base with F-Secure is a free course series by University of Helsinki in collaboration with F-Secure Cyber Security Academy that focuses on building core knowledge and abilities related to the work of a cyber security professional. About the Course Series The course series consists of multiple smaller courses, each with a specific theme. Themes include a brief introduction to cyber security, operational security, web software development, types of vulnerabilities typical of web software, discovery and mitigation of such vulnerabilities, and advanced topics such as secure software architectures and cryptography. There will be several case studies as well as projects for participants. At the end of the course series, we'll also organize a friendly competition where participants get to find and fix vulnerabilities within a limited time frame. The course will launch on 31st of October, 2017. More information at: mooc.fi. The material for the last year's course is still available here. Leave us your email and we will send you updates about Cyber Security Base with F‑Secure https://cybersecuritybase.github.io/
-
- 7
-
Security in computer science is a huge point every individual and company. Communications (either between humans or human-network or whichever online communication) are susceptible to be sniffed or manipulated. For example, using http instead of https is insecure (sometimes even tagged by your browser as untrustful) as information that goes through it is not encrypted and someone is able to impersonate your accounts with the collected data. This is why https everywhere and privacy badger are recommended for secure browsing. But when we say "encrypt", what are we referring to? Back in the days when computers weren't a thing, cryptography already existed. Maths has always been there to protect our communications. Sometimes it was a letter, sometimes it was a note or a messenger, but there were tons of witty ways of hiding messages. For example, the "monoalphabetic substitution system" is a bijective application e: A -> A Being A an alphabet an A* the chain aggregation over A with arbitrary length: e: A* -> A*, [e(X0 X1 ...) = e(X0) e(X1)...] An example of this is the Cesar cipher. This consist on cyclic displacement to the right, mathematically (with displacement = +3): e: Z23 -> Z23, [e(x) = x+3 (mod 23)] Note it's Z23 because Roman alphabet length = 23. Unfortunately this method (that you might have used as a kid to pass notes) has a huge security hole: letters Periodicity Analysis. Let me explain myself. Every language has an already study that shows the periodicity a letter appears in such language. Even if the letters are mixed, if we take this numbers (in English, for example, most used letters are E or T) we can guess the message. There's a similar cipher version called "Polyalphabetic substitution system". This system uses a keyword to cipher all the message. (It's like repeating monoalphabetic many times). Let me show you an example: our keyword is TUX and our message is HELP ME OBI WAN KENOBI We have our alphabet tagged with numbers, like this: A B C ... X Y Z 1 2 3 ... 23 24 25 So TUX is equal to 19,20,23 And HELP ME OBI WAN KENOBI is equal to 7,4,11,15,12,4,14,1,8,22,0,13,10,4,13,14,1,8 Now we set the numbers in TUX in the message, like this: H E L P M E O B I W A N K E N O B I T U X T U X T U X T U X T U X T U X 19 20 23 19 20 23 19 20 23 19 20 23 19 20 23 19 20 23 And now we add the value setted to the original value (in mod 25). H E ... B I 7 + 19 4 + 20 ... 1 + 20 8 + 23 A Y ... V F And so HELPMEOBIWANKENOBI = AYIIGBHVFPUKDYKHVF This system is a little bit more complex but also vulnerable to periodicity analysis if we know the keyword length. We also have Hill cipher, which consist in matrix cipher. For example, we can cipher the word MATH, using the key matrix = ([32],[15]) M,A = ([12],[0]) in the alphabet T,H = ([10],[7]) ([32],[15])([12],[0]) = ([0],[12]) ([32],[15])([10],[7]) = ([71],[54]) = ([35][18]) **in mod 36 (alphanumeric)** So MATH = AM95 This system is way more secure than the others. There's also the so called transposition systems in which consist in changing the letters order (the periodicity analysis also fails here). For example: This lasts were very used in the WW2, alongside One-time-pad and notebooks ciphers. In general, there are certain rules a cryptosystem must follow. For example, the secret must be hidden with the algorithm and the power of this algorithm is in it's form, not the way the algorithm is hidden to the public. (This is the main problem some users have with privative cryptography). Most of the mathematical rules can be found in Communication theory of secrecy systems , a study by C.E. Shannon about the matter. Current ciphering works in bits, not letters, and latests cryptography studies are developing quantum cryptography, for the upcoming of quantum computers. This could mean a complete chaos for regular computer cryptography, and we shall be on guard! On the mean time we can keep writing love notes and letter in basic cryptography. It is said that it worked with Don Juan , who made a woman fall in love with him after he deciphers a message she cipher with Vigenere. Sursa: https://dev.to/terceranexus6/fun-with-secrets-2p3
-
There is no pre-established order of items in each category, the order is for contribution. If you want to contribute, please read the guide. Table of Contents Windows stack overflows Windows heap overflows Kernel based Windows overflows Windows Kernel Memory Corruption Return Oriented Programming Windows memory protections Bypassing filter and protections Typical windows exploits Exploit development tutorial series Corelan Team Fuzzysecurity Securitysift Whitehatters Academy TheSprawl Expdev-Kiuhnm Tools Windows stack overflows Stack Base Overflow Articles. Win32 Buffer Overflows (Location, Exploitation and Prevention) - by Dark spyrit [1999] Writing Stack Based Overflows on Windows - by Nish Bhalla’s [2005] Stack Smashing as of Today - by Hagen Fritsch [2009] SMASHING C++ VPTRS - by rix [2000] Windows heap overflows Heap Base Overflow Articles. Third Generation Exploitation smashing heap on 2k - by Halvar Flake [2002] Exploiting the MSRPC Heap Overflow Part 1 - by Dave Aitel (MS03-026) [September 2003] Exploiting the MSRPC Heap Overflow Part 2 - by Dave Aitel (MS03-026) [September 2003] Windows heap overflow penetration in black hat - by David Litchfield [2004] Glibc Adventures: The Forgotten Chunk - by François Goichon [2015] Pseudomonarchia jemallocum - by argp & huku The House Of Lore: Reloaded - by blackngel [2010] Malloc Des-Maleficarum - by blackngel [2009] free() exploitation technique - by huku Understanding the heap by breaking it - by Justin N. Ferguson [2007] The use of set_head to defeat the wilderness - by g463 The Malloc Maleficarum - by Phantasmal Phantasmagoria [2005] Exploiting The Wilderness - by Phantasmal Phantasmagoria [2004] Advanced Doug lea's malloc exploits - by jp Kernel based Windows overflows Kernel Base Exploit Development Articles. How to attack kernel based vulns on windows was done - by a Polish group called “sec-labs” [2003] Sec-lab old whitepaper Sec-lab old exploit Windows Local Kernel Exploitation (based on sec-lab research) - by S.K Chong [2004] How to exploit Windows kernel memory pool - by SoBeIt [2005] Exploiting remote kernel overflows in windows - by Eeye Security Kernel-mode Payloads on Windows in uninformed - by Matt Miller Exploiting 802.11 Wireless Driver Vulnerabilities on Windows BH US 2007 Attacking the Windows Kernel Remote and Local Exploitation of Network Drivers Exploiting Comon Flaws In Drivers I2OMGMT Driver Impersonation Attack Real World Kernel Pool Exploitation Exploit for windows 2k3 and 2k8 Alyzing local privilege escalations in win32k Intro to Windows Kernel Security Development There’s a party at ring0 and you’re invited Windows kernel vulnerability exploitation A New CVE-2015-0057 Exploit Technology - by Yu Wang [2016] Exploiting CVE-2014-4113 on Windows 8.1 - by Moritz Jodeit [2016] Easy local Windows Kernel exploitation - by Cesar Cerrudo [2012] Windows Kernel Exploitation - by Simone Cardona 2016 Exploiting MS16-098 RGNOBJ Integer Overflow on Windows 8.1 x64 bit by abusing GDI objects - by Saif Sherei 2017 Windows Kernel Exploitation : This Time Font hunt you down in 4 bytes - by keen team [2015] Abusing GDI for ring0 exploit primitives - [2016] Windows Kernel Memory Corruption Windows Kernel Memory Corruption Exploit Development Articles. Remote Windows Kernel Exploitation - by Barnaby Jack [2005] windows kernel-mode payload fundamentals - by Skape [2006] exploiting 802.11 wireless driver vulnerabilities on windows - by Johnny Cache, H D Moore, skape [2007] Kernel Pool Exploitation on Windows 7 - by Tarjei Mandt [2011] Windows Kernel-mode GS Cookies and 1 bit of entropy - [2011] Subtle information disclosure in WIN32K.SYS syscall return values - [2011] nt!NtMapUserPhysicalPages and Kernel Stack-Spraying Techniques - [2011] SMEP: What is it, and how to beat it on Windows - [2011] Kernel Attacks through User-Mode Callbacks - by Tarjei Mandt [2011] Windows Security Hardening Through Kernel Address Protection - by Mateusz "j00ru" Jurczyk [2011] Reversing Windows8: Interesting Features of Kernel Security - by MJ0011 [2012] Smashing The Atom: Extraordinary String Based Attacks - by Tarjei Mandt [2012] Easy local Windows Kernel exploitation - by Cesar Cerrudo [2012] Using a Patched Vulnerability to Bypass Windows 8 x64 Driver Signature Enforcement - by MJ0011 [2012] MWR Labs Pwn2Own 2013 Write-up - Kernel Exploit - [2013] KASLR Bypass Mitigations in Windows 8.1 - [2013] First Dip Into the Kernel Pool: MS10-058 - by Jeremy [2014] Windows 8 Kernel Memory Protections Bypass - [2014] An Analysis of A Windows Kernel-Mode Vulnerability (CVE-2014-4113) - by Weimin Wu [2014] Sheep Year Kernel Heap Fengshui: Spraying in the Big Kids’ Pool - [2014] Exploiting the win32k!xxxEnableWndSBArrows use-after-free (CVE 2015-0057) bug on both 32-bit and 64-bit - by Aaron Adams [2015] Exploiting MS15-061 Microsoft Windows Kernel Use-After-Free (win32k!xxxSetClassLong) - by Dominic Wang [2015] Exploiting CVE-2015-2426, and How I Ported it to a Recent Windows 8.1 64-bit - by Cedric Halbronn [2015] Abusing GDI for ring0 exploit primitives - by Diego Juarez [2015] Duqu 2.0 Win32k exploit analysis - [2015] Return Oriented Programming The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls Blind return-oriented programming Sigreturn-oriented Programming Jump-Oriented Programming: A New Class of Code-Reuse Attack Out of control: Overcoming control-flow integrity ROP is Still Dangerous: Breaking Modern Defenses Loop-Oriented Programming(LOP): A New Code Reuse Attack to Bypass Modern Defenses - by Bingchen Lan, Yan Li, Hao Sun, Chao Su, Yao Liu, Qingkai Zeng [2015] Systematic Analysis of Defenses Against Return-Oriented Programming -by R. Skowyra, K. Casteel, H. Okhravi, N. Zeldovich, and W. Streilein [2013] Return-oriented programming without returns -by S.Checkoway, L. Davi, A. Dmitrienko, A. Sadeghi, H. Shacham, and M. Winandy [2010] Jump-oriented programming: a new class of code-reuse attack -by T. K. Bletsch, X. Jiang, V. W. Freeh, and Z. Liang [2011] Stitching the gadgets: on the ineffectiveness of coarse-grained control-flow integrity protection - by L. Davi, A. Sadeghi, and D. Lehmann [2014] Size does matter: Why using gadget-chain length to prevent code-reuse attacks is hard - by E. Göktas, E.Athanasopoulos, M. Polychronakis, H. Bos, and G.Portokalidis [2014] Buffer overflow attacks bypassing DEP (NX/XD bits) – part 1 - by Marco Mastropaolo [2005] Buffer overflow attacks bypassing DEP (NX/XD bits) – part 2 - by Marco Mastropaolo [2005] Practical Rop - by Dino Dai Zovi [2010] Exploitation with WriteProcessMemory - by Spencer Pratt [2010] Exploitation techniques and mitigations on Windows - by skape A little return oriented exploitation on Windows x86 – Part 1 - by Harmony Security and Stephen Fewer [2010] A little return oriented exploitation on Windows x86 – Part 2 - by Harmony Security and Stephen Fewer [2010] Windows memory protections Windows memory protections Introduction Articles. Data Execution Prevention /GS (Buffer Security Check) /SAFESEH ASLR SEHOP Bypassing filter and protections Windows memory protections Bypass Methods Articles. Third Generation Exploitation smashing heap on 2k - by Halvar Flake [2002] Creating Arbitrary Shellcode In Unicode Expanded Strings - by Chris Anley Advanced windows exploitation - by Dave Aitel [2003] Defeating the Stack Based Buffer Overflow Prevention Mechanism of Microsoft Windows 2003 Server - by David Litchfield Reliable heap exploits and after that Windows Heap Exploitation (Win2KSP0 through WinXPSP2) - by Matt Conover in cansecwest 2004 Safely Searching Process Virtual Address Space - by Matt Miller [2004] IE exploit and used a technology called Heap Spray Bypassing hardware-enforced DEP - by Skape (Matt Miller) and Skywing (Ken Johnson) [October 2005] Exploiting Freelist[0] On XP Service Pack 2 - by Brett Moore [2005] Kernel-mode Payloads on Windows in uninformed Exploiting 802.11 Wireless Driver Vulnerabilities on Windows Exploiting Comon Flaws In Drivers Heap Feng Shui in JavaScript by Alexander sotirov [2007] Understanding and bypassing Windows Heap Protection - by Nicolas Waisman [2007] Heaps About Heaps - by Brett moore [2008] Bypassing browser memory protections in Windows Vista - by Mark Dowd and Alex Sotirov [2008] Attacking the Vista Heap - by ben hawkes [2008] Return oriented programming Exploitation without Code Injection - by Hovav Shacham (and others ) [2008] Token Kidnapping and a super reliable exploit for windows 2k3 and 2k8 - by Cesar Cerrudo [2008] Defeating DEP Immunity Way - by Pablo Sole [2008] Practical Windows XP2003 Heap Exploitation - by John McDonald and Chris Valasek [2009] Bypassing SEHOP - by Stefan Le Berre Damien Cauquil [2009] Interpreter Exploitation : Pointer Inference and JIT Spraying - by Dionysus Blazakis[2010] Write-up of Pwn2Own 2010 - by Peter Vreugdenhil All in one 0day presented in rootedCON - by Ruben Santamarta [2010] DEP/ASLR bypass using 3rd party - by Shahin Ramezany [2013] Bypassing EMET 5.0 - by René Freingruber [2014] Typical windows exploits Real-world HW-DEP bypass Exploit - by Devcode Bypassing DEP by returning into HeapCreate - by Toto First public ASLR bypass exploit by using partial overwrite - by Skape Heap spray and bypassing DEP - by Skylined First public exploit that used ROP for bypassing DEP in adobe lib TIFF vulnerability Exploit codes of bypassing browsers memory protections PoC’s on Tokken TokenKidnapping . PoC for 2k3 -part 1 - by Cesar Cerrudo PoC’s on Tokken TokenKidnapping . PoC for 2k8 -part 2 - by Cesar Cerrudo An exploit works from win 3.1 to win 7 - by Tavis Ormandy KiTra0d Old ms08-067 metasploit module multi-target and DEP bypass PHP 6.0 Dev str_transliterate() Buffer overflow – NX + ASLR Bypass SMBv2 Exploit - by Stephen Fewer Microsoft IIS 7.5 remote heap buffer overflow - by redpantz Browser Exploitation Case Study for Internet Explorer 11 - by Moritz Jodeit [2016] Exploit development tutorial series Exploid Development Tutorial Series Base on Windows Operation System Articles. Corelan Team Exploit writing tutorial part 1 : Stack Based Overflows Exploit writing tutorial part 2 : Stack Based Overflows – jumping to shellcode Exploit writing tutorial part 3 : SEH Based Exploits Exploit writing tutorial part 3b : SEH Based Exploits – just another example Exploit writing tutorial part 4 : From Exploit to Metasploit – The basics Exploit writing tutorial part 5 : How debugger modules & plugins can speed up basic exploit development Exploit writing tutorial part 6 : Bypassing Stack Cookies, SafeSeh, SEHOP, HW DEP and ASLR Exploit writing tutorial part 7 : Unicode – from 0x00410041 to calc Exploit writing tutorial part 8 : Win32 Egg Hunting Exploit writing tutorial part 9 : Introduction to Win32 shellcoding Exploit writing tutorial part 10 : Chaining DEP with ROP – the Rubik’s Cube Exploit writing tutorial part 11 : Heap Spraying Demystified Fuzzysecurity Part 1: Introduction to Exploit Development Part 2: Saved Return Pointer Overflows Part 3: Structured Exception Handler (SEH) Part 4: Egg Hunters Part 5: Unicode 0x00410041 Part 6: Writing W32 shellcode Part 7: Return Oriented Programming Part 8: Spraying the Heap Chapter 1: Vanilla EIP Part 9: Spraying the Heap Chapter 2: Use-After-Free Part 10: Kernel Exploitation -> Stack Overflow Part 11: Kernel Exploitation -> Write-What-Where Part 12: Kernel Exploitation -> Null Pointer Dereference Part 13: Kernel Exploitation -> Uninitialized Stack Variable Part 14: Kernel Exploitation -> Integer Overflow Part 15: Kernel Exploitation -> UAF Part 16: Kernel Exploitation -> Pool Overflow Part 17: Kernel Exploitation -> GDI Bitmap Abuse (Win7-10 32/64bit) Heap Overflows For Humans 101 Heap Overflows For Humans 102 Heap Overflows For Humans 102.5 Heap Overflows For Humans 103 Heap Overflows For Humans 103.5 Securitysift Windows Exploit Development – Part 1: The Basics Windows Exploit Development – Part 2: Intro to Stack Based Overflows Windows Exploit Development – Part 3: Changing Offsets and Rebased Modules Windows Exploit Development – Part 4: Locating Shellcode With Jumps Windows Exploit Development – Part 5: Locating Shellcode With Egghunting Windows Exploit Development – Part 6: SEH Exploits Windows Exploit Development – Part 7: Unicode Buffer Overflows Whitehatters Academy Intro to Windows kernel exploitation 1/N: Kernel Debugging Intro to Windows kernel exploitation 2/N: HackSys Extremely Vulnerable Driver Intro to Windows kernel exploitation 3/N: My first Driver exploit Intro to Windows kernel exploitation 3.5/N: A bit more of the HackSys Driver Backdoor 103: Fully Undetected Backdoor 102 Backdoor 101 TheSprawl corelan - integer overflows - exercise solution heap overflows for humans - 102 - exercise solution exploit exercises - protostar - final levels exploit exercises - protostar - network levels exploit exercises - protostar - heap levels exploit exercises - protostar - format string levels exploit exercises - protostar - stack levels open security training - introduction to software exploits - uninitialized variable overflow open security training - introduction to software exploits - off-by-one open security training - introduction to re - bomb lab secret phase open security training - introductory x86 - buffer overflow mystery box corelan - tutorial 10 - exercise solution corelan - tutorial 9 - exercise solution corelan - tutorial 7 - exercise solution getting from seh to nseh corelan - tutorial 3b - exercise solution Expdev-Kiuhnm WinDbg Mona 2 Structure Exception Handling (SEH) Heap Windows Basics Shellcode Exploitme1 (ret eip overwrite) Exploitme2 (Stack cookies & SEH) Exploitme3 (DEP) Exploitme4 (ASLR) Exploitme5 (Heap Spraying & UAF) EMET 5.2 Internet Explorer 10 - Reverse Engineering IE Internet Explorer 10 - From one-byte-write to full process space read/write Internet Explorer 10 - God Mode (1) Internet Explorer 10 - God Mode (2) Internet Explorer 10 - Use-After-Free bug Internet Explorer 11 - Part 1 Internet Explorer 11 - Part 2 Tools Disassemblers, debuggers, and other static and dynamic analysis tools. angr - Platform-agnostic binary analysis framework developed at UCSB's Seclab. BARF - Multiplatform, open source Binary Analysis and Reverse engineering Framework. Binary Ninja - Multiplatform binary analysis IDE supporting various types of binaries and architecturs. Scriptable via Python. binnavi - Binary analysis IDE for reverse engineering based on graph visualization. Bokken - GUI for Pyew and Radare. Capstone - Disassembly framework for binary analysis and reversing, with support for many architectures and bindings in several languages. codebro - Web based code browser using clang to provide basic code analysis. dnSpy - .NET assembly editor, decompiler and debugger. Evan's Debugger (EDB) - A modular debugger with a Qt GUI. GDB - The GNU debugger. GEF - GDB Enhanced Features, for exploiters and reverse engineers. hackers-grep - A utility to search for strings in PE executables including imports, exports, and debug symbols. IDA Pro - Windows disassembler and debugger, with a free evaluation version. Immunity Debugger - Debugger for malware analysis and more, with a Python API. ltrace - Dynamic analysis for Linux executables. objdump - Part of GNU binutils, for static analysis of Linux binaries. OllyDbg - An assembly-level debugger for Windows executables. PANDA - Platform for Architecture-Neutral Dynamic Analysis PEDA - Python Exploit Development Assistance for GDB, an enhanced display with added commands. pestudio - Perform static analysis of Windows executables. Process Monitor - Advanced monitoring tool for Windows programs. Pyew - Python tool for malware analysis. Radare2 - Reverse engineering framework, with debugger support. SMRT - Sublime Malware Research Tool, a plugin for Sublime 3 to aid with malware analyis. strace - Dynamic analysis for Linux executables. Udis86 - Disassembler library and tool for x86 and x86_64. Vivisect - Python tool for malware analysis. X64dbg - An open-source x64/x32 debugger for windows. Sursa: https://github.com/enddo/awesome-windows-exploitation
-
- 6
-
About 20 million CCTV cameras have been installed with AI technology in China Such technology can be used to identify a person's age, gender and clothes Police can track down criminals using facial recognition and their database China has installed over 20 million cutting-edge security cameras in what is believed to be the world's most advanced surveillance system. The camera system, facilitated with artificial intelligence technology, is part of the 'Sky Net' operation, which is China's anti-corruption programme mainly aimed to track down fugitives. Such technology can identify a pedestrian or a motorist, which can help policemen in their search for criminals. Video playing bottom right... China has launched AI-equipped security system on 20 millions cameras across the country The new technology can identify a person's age, gender and colour of clothes (left). It can also scan on vehicles and identify the types and colours (right) Video footage posted by China Central Television in a documentary today displays what a real-time CCTV captures on screen. It has then been shared and re-posted by the local media including k618.cn. A number of boxes pop up next to a person with details of their age, gender, and colour of the clothes The same technology can apply on vehicles as well, identifying the type of vehicles and its colour. K618.cn reported that the pedestrian-scanning function used computer vision technology to pinpoint passersby on the road. It allows GPS tracking and facial recognition to help policemen locate criminals on the loose. A signal will be alarmed to the police if the recognition matches any criminals in the database. It can provide gps tracking and facial recognition to help locating criminals on the loose China claimed to have the world's most advanced security system with 20 million CCTV cameras across the country Over 20 million CCTV cameras equipped with AI technology have been installed in China, crowning to be the world's most advanced surveillance system. Operation 'Sky Net' was launched in 2015 as the Chinese central government aimed to hunt for corrupt fugitive officials, crack down on underground banks and confiscate misappropriated assets, according to Bloomberg. It has now extended to catch fugitives in local community in different cities across China. In April, China has started to use facial recognition technology to catch jaywalkers in Shenzhen. Portraits of offenders will be uploaded to a LED screen displayed on the side of the road immediately. The new surveillance system had feared the citizens that the techonology was a use to monitor their daily lives. 'Why are there so many child abductors around if the Sky Net is really working?' wrote web user 'xianzaihe_89'. 'We don't have any privacy anymore under the watch of the Chinese government!' said web user 'neidacongmin' Sursa: http://www.dailymail.co.uk/news/article-4918342/China-installs-20-million-AI-equipped-street-cameras.html
-
A group of AI experts from The University of Nottingham and Kingston University managed to create a new method by which two-dimensional images of faces can be converted into 3D using machine learning. The researchers trained a convolutional neural-network to perform the task by feeding it tons of data on people’s faces. From there it figured out how to guess what a new face looks like from an previously unseen pic, including parts that it can’t see in the photograph. The 3D computer vision project really has to be seen to be believed, and you can try it out in a nifty demo here. The website doesn’t really do the full technology justice, but it’s bloody cool. Members of the team, which consists of Aaron S. Jackson, Adrian Bulat, Vasileios Argyriou, and Georgios Tzimiropoulos, will be presenting their work next month at the International Conference on Computer Vision in Venice. Aaron Jackson told via email: "The website demonstrating it was a quick mashup over the course of a few evenings. I basically made it because I thought seeing yourself in 3D is fun. A lot of research in computer vision is hard to present in a fun way because it’s things like new methods for detecting points on a face." An artificial intelligence that can turn pictures into faces is the tip of the iceberg here. The implications go far beyond amusing technology journalists for hours at a time with a website. In reality computer vision is one of the most useful purposes for deep learning and we can’t wait to see what Jackson and his fellow developers do next. Sursa: https://safeum.com/blog/2738-this-ai-program-can-make-3d-face-models-from-a-selfie.html
-
- 6
-
If you’re a target for either financially motivated cyber-criminals, or nation state grade attackers, chances are your security team feels outgunned — the bad guys have the time, the skills, and the resources to affect a data-breach, and they only have to succeed once, while your security team has to get it right every time. What if you could turn the tables on them? Deception technology excels at detecting these attacks by shifting the cognitive, economic and time costs of the attack back onto the attacker. The principles of deception have been around for years, and recently, they’ve become the secret weapon of purple teams and threat hunters worldwide. The good news is, you can get started seeing the benefits of deception for free using a plethora of open-source honeypots that you can deploy immediately. We’re firm believers that deception is so crucial to detecting lateral movement, uncovering privilege escalation, and building threat intelligence, that any deception, even old-school honeypots are valuable. Whenever we’re on the road, we make it a point to give a shout-out to some of these tools, and will happily help you plan how you can use them. For free, no strings attached. Just get in touch! Caveat Emptor: You get what you pay for — Some of these tools may no longer be supported, and will require leg-work to get going, but they’re a great way to get familiar with deception. They’re also emulations, not real systems, so don’t expect high-interaction activity. While we’ll offer friendly advice around how you can use them, we don’t officially support them. For more on planning effective deception, check out our strategy focused blog-posts: 10 Questions To Ask Your Deception Provider 7 Deadly Sins – How to Fail at Implementing Deception Network services Cowrie – Cowrie is an SSH honeypot based off an earlier favourite called Kippo. It will emulate an interactive SSH server with customisable responses to commands. Another alternative is HonSHH which sits between a real SSH server and the attacker, MiTMing the connection and logging all SSH communications. Dionaea is a multi-protocol honeypot that covers everything from FTP to SIP (VoIP attacks). Where it really excels is for SMB decoys. It can even simulate malware payload execution using LibEmu to analyse multi-part stagers. IOT (Internet of Things) decoys Honeything emulates the TR-069 WAN management protocol, as well as a RomPager web-server, with vulnerabilities. Other IoT decoys can be created by emulating embedded telnet / FTP servers, for example with BusyBox. SCADA/ICS decoys ConPot emulates a number of operational technology control systems infrastructure, including protocols like MODBUS, DNP3 and BACNET. It comes with a web-server that can emulate a SCADA HMI as well. GasPot emulates a Veeder Root Gaurdian AST that is commonly used for monitoring in the oil and gas industry. Database and NoSQL honeypots MongoDB-HoneyProxy emulates an insecure MongoDB database. Hackers regularly scan the interwebs looking for administrators who had an ‘oops moment’ and exposed their DB to the world. ElasticHoney emulates an ElasticSearch instance, and looks for attempted remote code execution. Credential honeypots and honeytokens DCEPT by Dell SecureWorks places deceptive credentials in Microsoft’s Active Directory. Canarytokens by the great guys at Thinkst let you place different types of decoy data across your systems, waiting for an attacker to trigger them. Honeyclients and malware analysis Thug is a ‘honeyclient’ that mimics the behaviour of a web-browser to analyse client-side exploits. It can be used to analyse dodgy links, determining whether they serve up malicious JavaScript, ActiveX or Flash components. It can download payload samples and integrates with VirusTotal to analyse what gets served. Cuckoo Sandbox is not really a honeypot, but it’s a great sandbox for malware analysis. You can safely and programmatically execute possible malware samples, including binaries, Microsoft Office documents and emails within a Cuckoo VM and receive a full report on what code executed, what file / registry changes were made, and what network callbacks were observed. Pair it with VMCloak to automatically build sandbox VM’s that are harder for malware to fingerprint. All-in-One Honeydrive is a GNU/Linux distribution that comes pre-installed with a lot of active defence capabilities. Consider it the anti-Kali. MHN combines Snort, Kippo, Dionaea and Conpot, and wraps them for easy installation and use. Setting up most of these in a lab should be a fairly simple weekend project for the seasoned security professional. You can then run red-team style attacks against them to figure out exactly what sort of telemetry you can expect. Finally, you can tweak the source to reduce how easily they can be fingerprinted (don’t forget to submit patches to the authors if you do). If you’d like to take the next step with professional deception technology, check out our IllusionBLACK platform by seeing a live demo. Sursa: https://www.smokescreen.io/practical-honeypots-a-list-of-open-source-deception-tools-that-detect-threats-for-free/
-
- 2
-
Puteti incerca si Privazer http://privazer.com/
-
Lecture 1 - Introduction to x86 Assembly Slides Presentation Lecture 2 - Reverse Engineering Machine Code Pt. 1 Slides Presentation Lecture 3 - Reverse Engineering Machine Code Pt. 2 Slides Presentation Lecture 4 - Reverse Engineering Machine Code Pt. 3 Slides Presentation Lecture 5 - Executable File Formats Slides Presentation Lecture 6 - Modern Vulnerability Exploitation: The Stack Overflow Slides Presentation Lecture 7 - Modern Vulnerability Exploitation: The Heap Overflow Slides Presentation Lecture 8 - Modern Vulnerability Exploitation: Shellcoding Slides Presentation Lecture 9 - Modern Vulnerability Exploitation: Format String Attacks Slides Presentation Sursa: https://codebreaker.ltsnet.net/resources
-
- 4
-
Pentru tine nu:)) pentru cei noi: contine cate un pic din toate, chestii de baza cat sa intelegi despre ce e vorba intr-o discutie infosec, sa stii ce sa cauti pe google daca ai nevoie de help. Daca n-ai avut contact cu programarea inveti sa intelegi/modifici c/python, ce e aia o vulnerabilitate, cum functioneaza un exploit, un xss, cu exemple, explicatii si etc. Mie mi s-a parut destul de ok realizat cursul si il recomand tuturor celor preocupati de domeniul it indiferent daca vor sa-si faca o cariera in infosec sau nu
-
https://www.elearnsecurity.com/affiliate/redeem?code=ONM-FEW
-
If you have downloaded or updated CCleaner application on your computer between August 15 and September 12 of this year from its official website, then pay attention—your computer has been compromised. CCleaner is a popular application with over 2 billion downloads, created by Piriform and recently acquired by Avast, that allows users to clean up their system to optimize and enhance performance. Security researchers from Cisco Talos discovered that the download servers used by Avast to let users download the application were compromised by some unknown hackers, who replaced the original version of the software with the malicious one and distributed it to millions of users for around a month. This incident is yet another example of supply chain attack. Earlier this year, update servers of a Ukrainian company called MeDoc were also compromised in the same way to distribute the Petya ransomware, which wreaked havoc worldwide. Avast and Piriform have both confirmed that the Windows 32-bit version of CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 were affected by the malware. Detected on 13 September, the malicious version of CCleaner contains a multi-stage malware payload that steals data from infected computers and sends it to attacker's remote command-and-control servers. Moreover, the unknown hackers signed the malicious installation executable (v5.33) using a valid digital signature issued to Piriform by Symantec and used Domain Generation Algorithm (DGA), so that if attackers' server went down, the DGA could generate new domains to receive and send stolen information. "All of the collected information was encrypted and encoded by base64 with a custom alphabet," says Paul Yung, V.P. of Products at Piriform. "The encoded information was subsequently submitted to an external IP address 216.126.x.x (this address was hardcoded in the payload, and we have intentionally masked its last two octets here) via a HTTPS POST request." The malicious software was programmed to collect a large number of user data, including: Computer name List of installed software, including Windows updates List of all running processes IP and MAC addresses Additional information like whether the process is running with admin privileges and whether it is a 64-bit system. According to the Talos researchers, around 5 million people download CCleaner (or Crap Cleaner) each week, which indicates that more than 20 Million people could have been infected with the malicious version the app. "The impact of this attack could be severe given the extremely high number of systems possibly affected. CCleaner claims to have over 2 billion downloads worldwide as of November 2016 and is reportedly adding new users at a rate of 5 million a week," Talos said. However, Piriform estimated that up to 3 percent of its users (up to 2.27 million people) were affected by the malicious installation. Affected users are strongly recommended to update their CCleaner software to version 5.34 or higher, in order to protect their computers from being compromised. The latest version is available for download here. Sursa: http://thehackernews.com/2017/09/ccleaner-hacked-malware.html