Posts

Nmap like you never have before

I find that nmap is a great tool for getting the right kinda data. I have a easy one liner that can save you alot of time. nmap -oN outputfile.txt -iL hosts.txt here are some other tips for nmap. taken from a great blog post https://hackertarget.com/nmap-cheatsheet-a-quick-reference-guide/ Nmap Target Selection Scan a single IP nmap 192.168.1.1 Scan a host nmap www.testhostname.com Scan a range of IPs nmap 192.168.1.1-20 Scan a subnet nmap 192.168.1.0/24 Scan targets from a text file nmap -iL list-of-ips.txt These are all default scans, which will scan 1000 TCP ports. Host discovery will take place. Nmap Port Selection Scan a single Port nmap -p 22 192.168.1.1 Scan a range of ports nmap -p 1-100 192.168.1.1 Scan 100 most common ports (Fast) nmap -F 192.168.1.1 Scan all 65535 ports nmap -p- 192.168.1.1 Nmap Port Scan types Scan using TCP connect nmap -sT 192.168.1.1 Scan using TCP SYN scan (default) nmap -sS 192.168.1.1 Scan UDP ports nmap -sU -p 123,161,162 192.168.1.1 Sca…

Smishing increasing Phishing attacks

Image
Smishing or AKA SMS phishing attacks on the rise. #ModernNetSec On January 26, a new smishing attack targeted users in the Czech Republic. Smishing, or SMS phishing, is a vector attackers use to send SMS messages from supposedly legitimate organizations. These messages persuade users to download a malicious app, to provide private information like bank account or credit card details, or to click on a malicious URL. "In this campaign, the attackers masqueraded as Czech Post, the Czech postal service to get users to download a malicious app containing a full-scale Trojan horse. Once users click the link, they are led to a fake Czech Post web page with a seemingly legitimate address. From there the malware downloads and installs immediately on the mobile device. Since users need to approve the installation of apps from sources other than Google Play, the " http://blog.checkpoint.com/2017/02/09/smishing-threat-unraveling-details-attack/ Here is an example I got this week …

Using hashing to Crack Passwords

Image
This is amazing cutting edge cracking from Standford!

Free IDA Pro Binary Auditing Training Material for University Lectures Note: There are NO true runnable viruses included with this package!

Every wanted free malware analysis training? http://www.binary-auditing.com/

WHAT IS INSIDE...TopicFilesIDA Pro 5.0 (Free)1TOTAL324HLL Mapping 1 (NOT for training, only as reference!)98HLL Mapping 2 (Start here and convert them to C)31Manual Decompilation (Simple exercises)10Algorithm Analysis 1 (Simple math exercises)3Algorithm Analysis 2 (Simple math exercises)6Crash Auditing (more complicated, why crashing?)10File Understanding (Simple to hard Reversemes)31Copy Protection Auditing (Simple to very hard)47Unpacking (Simple exercises)3

Autorun.inf Malware

Image
I though this find was really interesting and wanted to share the post.

Check out this Github link for more details form the source.

https://github.com/Explorer09/usb_vaccine


usb_vaccine.cmd USB malware immunity script and hidden files revealer. Does not remove malware.Must be used in conjunction with an anti-virus program. Download What does it doDetects and removes AutoRun commands for your Command Processor (cmd.exe).Disables AutoRun entirely, for both CD-ROM drives, and USB flash drives. The IniFileMapping method. Most secure.Cleans MountPoints2 registry key, which is the AutoRun cache used by OS, for all users.Disables "Hide extensions for known file types", for security reasons.Show extensions for PIF files, also for security reasons.Restores shortcut arrow icons, that may be removed due to malware's infection (registry hack). Travels through the root directories of all drives (including USB drives and SD/MMC cards), and: deletes all shortcuts, file symbolic links, and …

Virtual Patching and why this method can balance your patching cycles

I have been in various companies and they all have there own system on how they update and patch servers, workstations. One common denominator are out of band patching. Some will allow them to be out of date for 1-2 weeks. But the more agreesive will do out of band patching/scanning to confirm this is mediated. One thing I would like to suggest is virtual patching solutions to reduce the attack surface. Malware bytes offers a Anti-exploit kit for virtually patching these software bugs. Trend Micro also offers a more exspensive IPS module for there Deep security end point protection. They also have a anti-threat exploit stand alone which only does that. Most hackers already know you will patch on patch tuesday or shortly after and when there are out of band vulns. that show up critical they will target large companies that dont fix these glaring issues. Virtual patching will instanting protect your end points.

POS Malware

Image
How are we to ever protect ourselves until we can get these systems with End to End Encryption. This is what Edward Snowden has been preaching for years and its about time we make this a federally audited standard. We need to get this under control.




Here is an interesting read.

http://www.wired.com/2014/11/hacker-lexicon-end-to-end-encryption/