Security

Top

The biggest new threat to America's banking system was Evgeniy Bogachev, a hacking mastermind who was thought to be running the most sophisticated cybercrime network the world has ever seen from his home on Russia's Black Sea coast, "Anapa" resort. His face appeared on the FBI "most wanted" page this summer and the total haul for his cyber crimes was estimated at more than $100 million.

Starting in September of 2011, the FBI began investigating a modified version of the Zeus Trojan, known as Gameover Zeus (GOZ). It is believed GOZ is responsible for more than one million computer infections, resulting in financial losses in the hundreds of millions of dollars

Read Wired, 201703 [*****]

Jul. 29, 2017 4:54 AM ET

MOSCOW (AP) — From the early days of online stock scams to the increasingly sophisticated world of botnets, pseudonymous hacker Peter Severa spent nearly two decades at the forefront of Russian cybercrime. Now that a man alleged to be the pioneering spam lord, Pytor Levashov, is in Spanish custody awaiting extradition to the U.S., friends and foes alike are describing the 36-year-old as an ambitious operator who helped make the internet underground what it is today. "Levashov is a pioneer who started his career when cybercrime as we know it today did not even exist," Tillmann Werner, the head of technical analysis at U.S. cybersecurity company CrowdStrike, said. "He has significantly contributed to the professionalization of cybercrime," said Werner, who has tracked the alleged hacker for years. "There are only very few known criminals that had a similar level of influence and reputation."
Born in 1980, Levashov studied at High School No. 30, one of the first schools in the Soviet Union to specialize in computer programming. Even at a competitive institution whose alumni went on to universities and Silicon Valley firms, Levashov stood out.
"He did have an entrepreneurial streak for sure," former classmate Artem Gavrilov said. "He was a leader in school, tried to prove to everyone that he was the best." Levashov graduated in 1997, according to an entry published to an alumni website, listing his profession as "websmith" and "programmer." Within a couple of years he had gravitated toward the burgeoning field of email spam, according to an ad attributed to him in U.S. court documents.
With much of the world still just discovering the internet and few restrictions on the mass distribution of email, spammers more or less operated openly, blasting inboxes with pitches for Viagra knock-offs, online gambling and pornography in return for a flat fee or a cut of the proceeds.
Internet registry records preserved by DomainTools suggest Levashov launched a bulk mailing website called e-mailpromo.com in August 2002 under his real name. Early marketing material for the site boasts of "Bullet Proof Web Hosting," a term used to describe providers that shrug off law enforcement requests.
The service would come in handy as the spam business became increasingly criminalized. With laws tightening and digital blacklists getting better, spammers resorted to hacking to get their mail across, using malicious software to turn strangers' personal computers into "proxies" — a euphemism for remote-controlled conduits for junk mail. Hackers herded the proxies into vast botnets, armies of compromised machines that silently churned out spam day and night. Court documents suggest that Levashov teamed up in 2005 with Alan Ralsky, a legendary bulk email baron once dubbed the "King of Spam". More than a decade later, Ralsky still raved about the fictitious Severa's skills. "No doubt he was the best there ever was," Ralsky said in a telephone interview.
It was with Ralsky that Levashov is alleged to have plunged into the world of the "pump-and-dump," a scheme that worked by sending millions of emails talking up the value of thinly traded securities before selling them at a profit and leaving gullible investors to soak up the loss. Ralsky, Levashov and several associates were indicted for fraud in 2007; Ralsky went to prison while Levashov — safe in Russia — avoided arrest.
By that point, Levashov was cybercrime nobility in his own right, allegedly running a forum for Russian spammers and the massive Storm botnet, whose sophistication drew global attention. "There were spam botnets, certainly, before Storm, but it took things to a next level," Joe Stewart, a security researcher with cyberdefense startup Cymmetria who grappled with Storm at its height, said. Clever use of peer-to-peer technology and a fast-shifting digital infrastructure meant Storm could be regenerated quickly if part of its network was blocked. Respected security expert Bruce Schneier marveled at its engineering, writing in 2007 that Storm was "the future of malware."
Storm didn't go on forever, but two successor botnets — Waledec and Kelihos — have since been tied to Levashov. Indictments unsealed this year accuse the Russian of renting out Kelihos at $500 per million emails to send spam or to seed computers with ransom software or money-draining banking programs.
One of the indictments, which cited a January ad posted to a Russian cybercrime forum, appeared to catch Levashov boasting of his distinguished record. "I have been serving you since the distant year 1999," the ad said. "During these years there has not been a single day that I keep still." That's likely to change. Levashov's Spanish lawyer, Margarita Repina, recently told The Associated Press that her client's extradition to the United States was all but certain. Levashov's wife, Maria, was more hopeful. She has forcefully proclaimed her husband's innocence, saying he was more of a businessman than a programmer and that whenever she caught him at the computer he was playing video games. "I believe it will be found that this is all a mistake," she said. Then again, in response to a question about Levashov's links to the Russian government, she said: "I'm not a wife who knows everything about her husband."

Satter reported from Paris. Nataliya Vasilyeva in Moscow and Diego Torres in Madrid contributed to this report.

url

One of the world’s most notorious spammers appears to have been tripped up by a basic cybersecurity no-no, according to the FBI: he used the same log-in credentials to both run his criminal enterprise and also log into sites like iTunes.

The Justice Department announced Monday that it had successfully targeted a man prosecutors called “one of the world’s most notorious criminal spammers,” a Russian hacker known as Peter Yuryevich Levashov, also known as Peter Severa, or “Peter of the North.” Levashov had long run the Kelihos botnet, a global network of infected computers that collectively flooded email inboxes worldwide with spam, stole banking credentials from infected users, and spread malware across the internet.

Wired, 20170411

Top

SSH is a great way to proxy your connection through a network without being stopped. You just load up your ssh client, connect to your external host with the web proxy server (serving only localhost traffic) and you port forward your connection and poof, you're now bypassing anything you like. It's really practical for when you are going out to a customer premise and you need to connect outbound but everything under the sun is blocked. Maybe even outbound port 22 is blocked, but if you put your external SSH port on port 80 you can walk right through those primitive network defenses.

url

Programs needed to run this demonstration:

• SSH Service to computer outside the firewalled network: Linux OpenSSH, Windows OpenSSH
• Putty (SSH client): download here
• One .BAT File (we will create this later)

Step 1 (a) : Acquire an SSH service outside of the firewalled network. ( install OpenSSH on Windows @ site-a )

• unzip
• run setupssh.exe
• install client and server
• edit c:\P_F\OpenSSH\etc\sshd_config
  Change "#Port 22" into "Port 443".
• at c:\P F\OpenSSH\bin, run mkgroup -l > ..\etc\group and mkpasswd -l > ..\etc\passwd - cygwin utils
• Start Server : net start opensshd
  Stop Server : net stop opensshd
  Server Status : ?

At this point you should have an SSH connection outside of the firewalled network.

Step 2 (b) : Download Putty to a directory on your computer.

Step 3 (b) : "shunnel.bat" in the same directory as Putty =

To set up SOCKS-based dynamic port forwarding on a local port, use the -D option.

The -P option is used to specify the port number to connect to.

"your.domain.com" is the domain name of the computer outside the firewalled network that your SSH service is hosted on. It can also be the machine's IP address.
homeIP should be the IP address of your home machine.

Step 4 (b) : Create your tunnel At work, simply double click shunnel.bat to initiate the shunnel.

Step 5 (b) : Configure IE and Firefox

url, better url !

It works with anything that allows a Socks4 or Socks5 configuration. Simply, configure the SOCKS settings to point to the IP address 127.0.0.1 and whatever port you have specified in your .bat file.

• Kayak has "OpenSSHd" service running (<path>\bin\cygrunsrv.exe)
• T42 starts "putty -D 1080 -P 22 -ssh "Kayak_IP"
• test if you can reach it :
  • "telnet 192.168.1.38 22"
    SSH-2.0-OpenSSH_3.8.1p1
    means "OK" !
  • ssh 192.168.1.38 -l pere
• now we can use SCP = copy !
  • de local a remoto : $ scp archivo usuario@servidor.com:ruta
  • de remoto a local : $ scp usuario@servidor.com:ruta/archivo ruta_local

• /etc/ssh/sshd_config - OpenSSH server configuration file.
• /etc/ssh/ssh_config - OpenSSH client configuration file.
• ~/.ssh/ - Users ssh configuration directory.
• ~/.ssh/authorized_keys or ~/.ssh/authorized_keys - Lists the public keys (RSA or DSA) that can be used to log into the user's account
• /etc/nologin - If this file exists, sshd refuses to let anyone except root log in.
• /etc/hosts.allow and /etc/hosts.deny : Access controls lists that should be enforced by tcp-wrappers are defined here.
• SSH default port : TCP 22

• #1: Disable OpenSSH Server
• #2: Only Use SSH Protocol 2
• #3: Limit Users' SSH Access
• #4: Configure Idle Log Out Timeout Interval
• #5: Disable .rhosts Files
• #6: Disable Host-Based Authentication
• #7: Disable root Login via SSH
• #8: Enable a Warning Banner
• #8: Firewall SSH Port # 22
• #9: Change SSH Port and Limit IP Binding
• #10: Use Strong SSH Passwords and Passphrase
• #11: Use Public Key Based Authentication
• #12: Use Keychain Based Authentication
• #13: Chroot SSHD (Lock Down Users To Their Home Directories)
• #14: Use TCP Wrappers
• #15: Disable Empty Passwords
• #16: Thwart SSH Crackers (Brute Force Attack)
• #17: Rate-limit Incoming Port # 22 Connections
• #18: Use Port Knocking
• #19: Use Log Analyzer
• #20: Patch OpenSSH and Operating Systems

• Again (OpenSSH, etc)
• SuSE [tunnels from uSoftW]
• url [pse]
• ssh_proxy

Server @ I95.75.94.7

The session objectives are to expose common security threats, learn from other people's mistakes, and motivate us to implement the correct security controls.

DEMO 1 - What is the easiest way to break in without risking personal exposure? A trojan. Firewalls prevent old-school trojans (listening on a port for an inbound connection). XXXXX, written by a Turkish hacker, allows the creation of trojan programs - it is just one of many. It allows injection into IE and common application naming (it will run as svchost.exe). Further, it can disable common firewalls and antivirus programs. You can bind it to known and trusted applications and then email it out to unsuspecting people - like CEOs or Marketing. Once run on a client PC you can connect to it an grab all of its files - you can grab hashes. It can upload screen viewing software and patch itself. Once done, the attacker can cover their steps by killing the server on the way out the door. This is an important demo because 70% of the computers in the world are infected by malware.

DEMO 2 - This is an exploit attack because the client is vulnerable to a known software problem. This demo was done with the XXXXX tool that is expensive to buy and is professional grade. XXXXX allows you attack known software issues. After sending the attack URL, via email, to the client the software goes into listening mode. When you click on the link the browser dies but really an agent has been installed behind the scenes. All this because the user did not patch their software.

DEMO 3 - This is a Web/SQL Injection attack. This demo assumes a DMZ web server attached to a SQL server on the internal network. It used the Foundstone Hacme Bank application (used for training) to demonstrate hacking a website based on SQL. SQL, these days, has a lot of commands that don't relate solely to data storage (e.g. xp_cmdshell). Using an injection attack Marcus was able to upload some hacking tools (in UUEncode so that the SQL box would take it). After the uploads, he had the command shell re-encode the uuencoded files so they could be run. He recompiled netcat and started it back up. Running an additional command he has netcat bring up a command prompt. You can discover your privilege by running a whoami. The solution for these attacks includes input validation, hardening the server, etc.

DEMO 4 - A wireless attack (don't admit that you use WEP - your company name is on your badge). This attack used XXXXX to capture traffic for three days. The problem is WEP is the encryption algorithm. Each ID packet exposes a bit of the WEP key. It takes 5 minutes to break 128 bit WEP. Don't use WEP. WPA is a lot better but not foolproof. XXXXX is the GUI version and it can be used to attack WPA-PSK. Easy to guess keys are not that hard to compromise with the right tools. Don't use common words as the tools can compromise them. XXXXX from XXXXXX allows you to compromise the WPA key on a PC. You don't need to crack the key - just compromise one of the clients. Think about putting your wireless network outside of the company.

DEMO 5 - A physical attack can be pulled off not due to skill but due to people being nice. Watch out for wireless AP placement in your facility. A USB U3 device can be placed on a device inside the company to dump user names and encrypted password hashes (local and maybe domain if there is a domain account logged in). Don't ever plug someone else's USB device into your PC. Most common attack today is the use the wireless cards built-in to the laptop. Hackers will setup a known network in the parking lot and laptops will connect to it. Hackers could then allow you to surf through them.

DEMO 6 - First thing you would want to do is scan the network with a tool like nmap. This will allow you to locate your DCs, file servers, clients, etc. Once you own a PC run XXXXX and it will allow you to dump the passwords on the box that you own. It would give you the password for any shared account on the PC. (Don't let your PC's local account be the same as every PC in the network. Make sure to role-base your clients and harden the ones that are management clients. Make sure to use client firewalls - why should a client be able to connect to a client.) Using a runas variant you can UNC to another PC and inject the password hash directly so that you do not need a password. XXXXX is a non-public tool that allows this injection. This allows you to log on to a remote PC without a password but with a hash. If you run as a domain admin the hacker can use nmap to find your DC, then use a hash injection tool to control your domain controller. Once in, the hacker would dump the passwords on the domain controller (using psexec to copy XXXXX to the DC and then using XXXXX from the DC). If you share accounts between computers the compromise of one leads to the compromise of all.

DEMO 7 - This is a man-in-the-middle attack and simulates what would happen if a hacker came in over wireless. What the attacker needs to do is to sniff the traffic. This demo was done in attacking the ARP protocol. He will begin to build a table of MAC addresses to IP addresses. Using XXXXX you can do an ARP lookup and scan for MAC addresses on the network. From that you can do ARP spoofing and poison the traffic. With this attack running you can examine everything in the RDP session. This includes the keys that were pressed (password), thereby giving away the entire account and password. Without owning a PC on the network ARP poisoning allows the compromise of the domain. (Make sure to use the new terminal services client with certificates. Do it now.)

Countermeasures

• Standardize, centralize, and modernize your environment.
• Segment and harden the perimeter - layer 3 is not enough. Don't rely on the perimeter alone.
• Segment and harden the network layer.
• Role base and harden servers, clients, services, and applications.
• Patch everything! Btw, you cannot patch what you don't know you have.
• Encrypt hard drives on exposed computers.
• Implement strong authentication on exposed servers.
• (Rest are on the slide deck)

url

The attack is actually quite simple. First Graham needs to be able to sniff data packets and in our case the open Wi-Fi network at the convention fulfilled that requirement. He then ran Ferret to copy all the cookies flying through the air. Finally, Graham cloned those cookies into his browser - in easy point-and-click fashion - with a home-grown tool called Hamster. He added that the Hamster tool will be released in the next few days.

url

There was indeed a chain of events that doomed the flight: an out-of-range data condition in a calculation that wasn't even needed, the by-design throwing of an uncaught exception, and the automatic shutdown of the launch vehicle's active and backup inertial reference systems. As the result of the unanticipated failure mode and a diagnostic message erroneously treated as data, the guidance system ordered violent attitude correction. The ensuing disintegration of the over-stressed vehicle triggered the pyrotechnic destruction of the launcher and its payload.

url

• unplug network cable and plug it into a dedicated hub.
• insert forensic CDR and close door
• log as root onto system console
• pray "df" hasn't been altered and verify CD has been mounted as "/mnt/cdrom"
• invoke a good shell :
  /mnt/cdrom/staticbin/ksh
• make sure only good commands will be used :
  PATH=/mnt/cdrom/staticbin;export PATH
• save victim's data in this (volatility) order :
  1. System Memory
  2. Processes
  3. Network Connections
  4. File Systems
  5. Disk Blocks
• save processes :
  1. safe system (with IP = .1.50) # netcat -l -p 31337 > processes.out
  2. victim system # ps -aef | netcat 192.168.1.50 31337
• save network conections :
  1. safe system (with IP = .1.50) # netcat -l -p 31337 > netstat.out
  2. victim system # netstat -an | netcat 192.168.1.50 31337
• save partition information :
  1. safe system (with IP = .1.50) # netcat -l -p 31337 > partitions.out
  2. victim system # df -k | netcat 192.168.1.50 31337
• save raw disk data :
  1. safe system (with IP = .1.50) # netcat -l -p 31337 > root.dd
  2. victim system # dd if=/dev/hda1 | netcat 192.168.1.50 31337
• save networking status :
  1. safe system (with IP = .1.50) # netcat -l -p 31337 > ifconfig.out
  2. victim system # ifconfig -a | netcat 192.168.1.50 31337
• save secure log file :
  1. safe system (with IP = .1.50) # netcat -l -p 31337 > securelog.out
  2. victim system # cat /var/log/secure | netcat 192.168.1.50 31337
• save login records :
  1. safe system (with IP = .1.50) # netcat -l -p 31337 > last.out
  2. victim system # last | netcat 192.168.1.50 31337
• save command history :
  1. safe system (with IP = .1.50) # netcat -l -p 31337 > bashhistory.out
  2. victim system # cat DIR/BashHistoryFile | netcat 192.168.1.50 31337

  It shows 2 files were downloaded (by PID 6208) : Team.tgz & awu.tgz

• Recovery of Deleted Files:
  1. create a list of the inodes of deleted or removed files
     # ils -rf ext2fs root.dd > deleted.inodes
  2. get i-node info
     # cat deleted.inodes | cut -d "|" -f1 > inodes
  3. recover our files
     # for file in `cat inodes` do icat -h root.dd > recovered/${file} done
• Analyze recovered files :
  1. find "zipped" files : "# file * | grep -i zip"
  2. unzip them : "# gunzip file1.gz"
  3. investigate them : "# file file1"
• Maybe we could use "unrm" and/or "lazarus".
• Analyze suspected file (sn.zip) :
  1. display contents : "$ zipinfo -lvh sn.zip"
  2. unzip
  3. display MAC info : "$ stat sn.dat"
  4. verify file size : "ls -l" versus "zipinfo -lvh"
  5. verify MD5 : "$ cat sn.md5" versus "$ md5sum sn.dat"
  6. display text : "$ strings -a sn.dat" : see there is compiler info inside
  7. display file type : "$ file sn.dat" : it is an executable
  8. start data capture on safe system : "$ tcpdump -l -n -nn -s 0 -w LOGFILE IP_OF_FORENSIC_SYSTEM"
  9. start suspect program without arguments : "$ strace ./sn.dat"
  10. save list of opened files : "lsof > lsof.running"
  11. start suspect program with arguments : "$ strace ./sn.dat eth0"

url

url

The ELF Virus Writing HOWTO.

An ELF virus prototype

Al 500 GB hi ha :

Copies que tenim :

I'd suggest :

• disable Task Scheduler
• stop all unknown services
• disable "telnet" service : sc query TlntSvr
• close all unknown ports, also 23 (telnet) and 22 (ssh)

Top

Windows stores for .exe files a registry key which specifies what to do with a ".exe" file.

It is located at HKEY_CLASSES_ROOT\exefile\shell\open\command and normally contains the value "%1" %* which just means: do what the first parameter specifies and pass the rest of the parameters as new parameters.

As you may know, the first parameter is the full name of the .exe file to be executed.

And here we start with our nasty trick. We redirect the command line to our "application". We do this by modifying the registry key:

Now you may wonder how this will annoy anyone? Remember a default share called Admin$? And do you remember that RegEdit can connect to other machines? Bingo, just copy the executable to your victim's Admin$\system32 directory, run RegEdit and modify the registry of the victim's machine. Here you go...

url, url

Top

High severity ;

• SSL certificate chain contains RSA keys less than 2048 bits
• SSL version 2 and 3 protocol detection (POODLE)

Medium severity:

• IETF X.509 certificate signature collision vulnerability
• SSL RC4 cipher suites supported
• RDP - Remote Desktop Protocol - man in the middle attack

Low severity :

• web server cross-site-tracing vulnerability

Info : at least one of the X.509 certificates sent by the remote host has a key that is shorter than 2048 bits.

General fix : replace the certificate in the chain with the RSA key less than 2048 bits in length with a longer key.

To verify that the new certificate is in place, view the certificate in your web browser. The Server Public Key information will show you the bit length.

How to view certificates

Internal site for free certificate generation

Summary: The SSLv2 (Secure Socket Layer version 2) and/or SSLv3 service is running.

Info: The Secure Socket Layer (SSL) protocol allows for secure communication between a client and a server.
There are known flaws in the SSLv2 protocol. A man-in-the-middle attacker can force the communication to a less secure level and then attempt to break the weak encryption. The attacker can also truncate encrypted messages.
An attacker can exploit this vulnerability to read secure communications or maliciously modify messages.

NIST has determined SSL v3.0 is no longer acceptable for secure communications, in large part due to 2014's POODLE vulnerability. As of the date of enforcement found in PCI DSS v3.1, any version of SSL will not meet the PCI SSC's definition of "strong cryptography".

See also :

• http://www.schneier.com/paper-ssl.pdf
• http://support.microsoft.com/kb/187498
• http://www.linux4beginners.info/node/disable-sslv2
• https://www.openssl.org/~bodo/ssl-poodle.pdf
• http://www.nessus.org/u?5d15ba70

Configure the server to disable SSLv2 and SSLv3 and enable TLS (preferably v1.2). As usual with configuration changes, it will be necessary to restart the affected services.

You can use the following openssl command to verify if an SSLv2 connection is successful (change to -ssl3 for SSLv3):

SMTP services will need to add the relevant STARTTLS options:

There are also websites that enable users to test servers on the Internet, such as http://foundeo.com/products/iis-weak-ssl-ciphers/test.cfm Server owners can also use ScanOnDemand.

For Apache/mod_ssl, ensure that httpd.conf or ssl.conf has the following directive for each SSL enabled server.

• You can either explicitly disable both SSL versions:
  SSLProtocol ALL -SSLv2 -SSLv3
• Or explicitly disable everything and enable TLS versions:
  SSLProtocol -ALL +TLSv1 (TLSv1.1 and TLSv1.2 are also options if available).

The old style Apache/apache_ssl is very outdated and should no longer be in use.

Top

Chrome de vegades diu

Una putada és el error

Ara resulta que no puc accedir a la Nano-5 ! Explicació

Due to POODLE, Google has disabled SSLv3 in Chrome starting from version 40. Firefox has followed the suit and disabled the SSLv3 since version 34.

Solucio: old Firefox & disable upgrades !

32.0.3 +

Or edit %APPDATA%\Mozilla\Firefox\Profiles\user.js and add the following, save and close, restart Firefox (prefs.js ?)

Best explanation here !

Cant click "Add Exception" ?
Solution : Options -> Advanced -> Certificates -> Display Certificates -> Servers -> Add Exception -> enter "192.168.1.1"

Que nassos -es "ERR_NETWORK_CHANGED" ?

They use "peer flooding" to slow down utorrent/bittorrent.

Top

Desde el mes de julio, url, Chrome 68 marcará como «no seguras» todas las páginas que no estén protegidas por un certificado SSL, y las consecuencias pueden ser graves. Un estudio reveló que el 87 % de los usuarios abandonan la transacción si el navegador muestra un mensaje de advertencia.

Top

Tor browser - download 5.0.7 (20160105), 42 MB

Hidden wiki

Not accepted by chess.com, does not work at chess24.com (disconnect loop)

Ens convé mirar si hi ha "atacs" de login() a la nostra màquina :

Mint blog

The addresses the malware was connecting to were either shut down or blocked by Kaspersky's DNS sinkhole.

Top

One of the most common insecurities on the client side is HTML injection, whereby an application may unknowingly allow third parties to inject JavaScript into its security context. Today, websites and many web applications need some sort of client-side encryption. Especially since browsers remain the tool of choice when interacting with remote servers.

Top

Uniform Resource Indicators (URI) are a compact string of characters for identifying an abstract or physical resource, typically a web based Uniform Resource Locator (URL).

Henning Klevjer descr.

Attacks description [****], test page for homograph attack

url : The xn-- prefix is what is known as an "ASCII compatible encoding" prefix. It lets the browser know that the domain uses "punycode" encoding to represent Unicode characters.

Cybench CTF challenges consist of 40 professional-level Capture the Flag (CTF) tasks designed to evaluate the cybersecurity capabilities of language models. These tasks are structured to assess how effectively models can identify and exploit vulnerabilities in various cybersecurity domains.

Domains Covered - the challenges span multiple domains, including:

FB on MYTHOS

Messages on WhatsApp were left open to potential attackers for years, as detailed in recent leaks about Boldend – a US cyber-warfare startup – more here

Since the creation of WhatsApp, there's hardly been a moment in which it was secure: every few months researchers uncover a new security issue in the app. I wrote about this in detail 2 years ago - read here if you missed it. Nothing has changed since then.

It would be hard to believe that the technical team of WhatsApp is so consistently incompetent. Telegram, a far more sophisticated app, has never had security issues of such severity.

Israeli spyware dealer NSO Group is facing renewed scrutiny over the abuse of its WhatsApp hacking tools.
NSO began with two school friends, Shalev Hulio and Omri Lavie, hatching start-ups in Bnai Zion, an agricultural cooperative outside of Tel Aviv, in the mid-2000s.

The software, Pegasus, is widely regarded as the world’s most potent spyware, capable of reliably cracking the encrypted communications of iPhone and Android smartphones.

Boldend was reported to have developed a capability to hack WhatsApp.

Boldend was backed by Founders Fund, the investment vehicle of Peter Thiel, one of Facebook’s best-known financial backers.

The vulnerability in question, CVE-2022-1364, is another 'Type Confusion in V8' one.

The emergency update takes Chrome to version 100.0.4896.127

forbes.com

• entra al compte de gMail i despres mira la teva timeline

• Opera "private browsing" : "CTRL" + "Shift" + "N"

Top

• Julian Assange - creator of wikileaks

• Kevin Mitnick - Live Hack at CeBIT Global Conferences 2015

• Peter Sunde - co-founder of The Pirate Bay : it allows visitors to search, download, and contribute magnet links and torrent files, which facilitate peer-to-peer file sharing among users of the BitTorrent protocol.

• Edward Snowden - copied and leaked classified information from the NSA in 2013

• Alexandra Elbakyan - creator of the site Sci-Hub, a website with over 67 million academic papers and articles available for direct download.

Top

• Top 10 security best practices [alby]

• Registry Cleaners, as Ccleaner -> no va a W500
  C:\> sfc /scannow Beginning system scan. This process will take some time. Beginning verification phase of system scan. Verification 100% complete. Windows Resource Protection did not find any integrity violations.

• l0pht moved to @stake , formely known as L0phtCrack.
  Now (Sep 2003), 1 license is $350 ! Download LC15EXE.ZIP here or here or HERE++ or here
  Here's a good description of included files :
  • lc_cli.exe : command line version.
  • lc_gui.exe : NT graphical version.
  • lc_guipro.exe : NT graphical version, compiled with Pentium Pro optimization.
  • lc_gui95.exe : Win95 graphical version. No password dumping, as W95.

  Source files are in LC15SRC.ZIP or LCSRC.TAR.GZ (cpp\sam\lc4\l0pht\parallx) : HERE++ or here.
  His Home Page

  1. run PWDUMP to create a text file containing the NT MD4 hashed passwords from an NT SAM database.
  2. run LC_CLI on this file. Indicate a dictionary file or use Brute force.

• Web Security : shows your IP, how to Disable NetBIOS over TCP/IP, etc

• Linux Security

• Hacking contest : 20.000 USD purse
  Though $20,000 sounds like a lot of money, show attendees say that top-quality computer attack code could easily fetch that much, either from the security vendors such as iDefense or Tipping Point who purchase this type of software or from one of the three-letter U.S. government agencies said to be in the market for this type of code as well.
  2007 : Dino Dai Zovi

• Quality Security tools : [\\T42\sebas\temp\CD_Secur\]
  • nMap - http://www.insecure.org/nmap/
  • Nessus - remote net security auditor http://www.nessus.org
  • Netcat - tcp/ip swiss army knife http://www.atstake.com/research/tools/index.html
  • TcpDump - network monitor and data acquisition http://www.tcpdump.org
  • Snort - packet sniffer/logger http://www.snort.org
  • Saint - security assesment tool http://www.saintcorporation.com/saint
  • Ethereal - traffic analyzer http://www.ethereal.com/
  • Whisker - vulnerability scanner http://www.wiretrip.net/rfp/p/doc.asp?id=21&iface=2
  • ISS - security scanner http://www.iss.net
  • network intrusion detection system
  • sniffer dsniff (gone) -> 9 best packet sniffers and network analyzers for 2019
  • TrypWire
  • cybercop scanner http://www.pgp.com/asp_set/products/tns/ccscanner_intro.asp
  • Hping2
  • Sara http://www-arc.com/sara/
  • Sniffit http://reptile.rug.ac.be/~coder/sniffit/sniffit.html
  • Satan http://www.fish.com/satan/
  • IPfilter http://coombs.anu.edu.au/ipfilter/
  • ...

• Smashing the Stack for fun and profit  

• Windows DOS attacks : "Ping of death", "WinNuke", "Teardrop", "Land", ...
  Got code - \\T42\CPP\WinNuke - from here
  Pointer and description of tools

• port 137 scan (NetBios SMB service) - network.vbs worm trace

• Guindous Remote Administrator

  Also OsExec, by SysInternals !

• Floppy recovery ;
  Linux mount : "mount ./image ./fd -o loop,ro"
  • TASK 1.52 - Linux only !
  • AUTOPSY 1.62 (GUI interface)
  • r-tools
  • KHexEdit tool in Linux - allows to view the raw data values in the disk image
  • linux "strings" command.
  • image 2 fpy : RAWRITE
    DISKEDIT + UltraEdit

• A home user's security checklist for windows

• Nice discussion : Kaminsky [on DNS]

• Beautiful description : GRC [on DoS] [+++++]

   ping 207.71.92.193 -l 65500 -n 10000
  
   This causes the machine to send ten thousand very large (64 kbyte) "ping"
   packets to the specified IP.
   A bit of math shows that this is 655 megabytes of data.
  
   udp 207.71.92.193 9999999 0
  
   netstat -an | find ":6667" - there is a IRC active connection
   netstat -an | find ":113 " - there is as Ident server
  
   GET /scripts/..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c:\
   This command returns the contents of the system's C: drive to the requester
  
   ping -n 9999999 -l 65500 -w 0 
   This command instructs the computer to send 9,999,999 maximum size (64k)
   ICMP Echo Requests, as fast as possible, to the target IP address.
    

• Exits RO : index.dat, cookies, history files, etc [very good]

• Auditor Security Collection - [got it] Good (ipl Knoppix) CD !

• Otra "seguridad :
  • Anatomy of a stock fraud
  • (spam) Crime does pay
  • Investors supporting SpyWare

• Bon article & (part 2)

• Run TEST !!!

• Linux versus Guindous

• RootKit Revealer by SysInternals.

• Sony Rootkit by SysInternals. [excelent !!!]
  more

• IE to Mozilla migratrion guide for Web Application Developers.

• Lladres (?) de sw ?

• Launch CALC if user visits your page

• MS bug paper (nice)

• Qué és : use Antiblaxx or sd4hide.exe if needed ????

• Malicious Software Removal Tool - Microsoft Security Intelligence Report, 48 pages.

• Bypass PatchGuard on Windows x64 (Uninformed, vol 3, Jan 2006)

• Bypass Driver Signing

• MilW0rm

• Rescue files using a Live CD. Partition and Image Your Hard Drive with the System Rescue CD. rescuecd doxdetect dostartx

• ISS Vista Kernel

  ISS uses a proactive approach to eliminating threats rather than a reactive approach. They have eliminated the need to doctor the Windows Kernel to provide security.

• What's leaking out of your browser :
  • Master Reconaissance Tool - interessant !
  • Ferret.
  • Evolution.

• En Markus Kuhn demostra que es pot llegir una pantalla a distancia. Comentaris

• Llegir teclats wifi !

• Stealing computer names in Firefox and MSIE.

• TrueSecurity team - Markus Murray : SEC 310 - why I can hack your network in a day.

• Markus Murray : an excellent, smart and entertaining presenter. The best presentation (TechEd 2008) is where he cracks WEP security in real time.

• BluePill

• FBI : spyware
  • Carnivore
  • Magic Lantern

• quatre eines professionals de'n Kevin Beaver :
  I use QualysGuard to find network and OS level of vulnerabilities and then follow-up with tools like Cain and Metaspoit, and some of the Back Track Live CD tool's to exploit the flaws. I use a network analyzer called OmniPeek. I tend to use some of the network level tools like QualysGuard and Nessus and things like that just to get an overall picture of the server that the applications running on and maybe find stuff that some of the higher level scanners aren't going to fine. But then I'll actually start digging in and using tools like HP's WebInspect is usually the primary tool that I use.
  Metaspoit is a must have security testing tool. It is an Open Source exploit penetration testing service or package.

  Business is at PrincipleLogic.com. Articles, Webcasts, podcasts, you name in my audio programs both free and for sale are at SecurityOnWheels.com

  url

• Phising 2.0 - DNS level attack.

• Small business primer on network security threats
  Plus: anti-Spyware, network segregation, local admin genie, SSL/SSH/VPN, turn off all unneeded services, Email separation, don't click on links in emails - ever!, backup.

• Telèfons pèrdua tarjes :
  • CdeC = 93.479.99.14
  • La Caixa = 902 200 202 o 93.495.39.99
  • ING = 901. 113.311
  • Amex = 900 814 500 (24 h) o 91.400.42.50
  • BBVA = 902.22.44.66

• Desde hace unas semanas, los expertos del Centro Nacional de Respuesta a Incidencias en Tecnologias de la Información del Ministerio de Industria ayudan a reparar discos duros, a recuperar informacion perdida etc etc etc

• AVG Free Edition [*****]

• Avast - free for home use.

• DNS security problem (DNS Cache Poisoning); doxpara.com - verify your DNS

• CAIN

• Veure trafic : WireShark (Ethereal ?) - internet & NetStumbler - wifi.

• Hiren's boot CD : Homepage, download, v 11.1, v 13.1,

• "Buffer overflows for fun and profit" - aleph1
  J Foster

• chip-and-pin-is-broken.

• Computer-Forensics { excelent job on ADMsniff.tar.gz }; HoneyNet,

• Blackhole exploit kit : is currently the most prevalent web threat {201305}, was released on "Malwox", an underground Russian hacking forum. A blog on black-hole exploit, inside a black hole part 1, part 2

• Google online security blog : hacked site recovery and help for hacked sites ; tech paper on Securing WebSites

• some sites
  • sophos, tech papers
  • nakedsecurity.sophos {****}
  • Security Now : blog

• 2014 : OpenSSL problem : "heartbeat", fixed in 1.0.1.g

• SQL injection

• gadget to spy any SmartPhone

• TAILS - live Op Sys - it aims at preserving your privacy and anonymity

• Shadow Brokers - "Eternal Blue" exploit, "WannaCry" virus, Marcus Hutchins and "kill switch" :
  The spread of the Wana Decrypt0r ransomware has been temporarily stopped after security researcher MalwareTech has registered a hardcoded domain included in the ransomware's source code. Wana Decrypt0r connected to this domain (iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com) before it started its execution. The check was strange. The ransomware checked if the domain was unregistered, and if it was, it would execute. If it wasn't, it would stop spreading, acting like a kill switch. With MalwareTech registering the domain, the ransomware now does not start anymore.
  ETERNALBLUE works by exploiting a vulnerability in the SMBv1 protocol to get a foothold on vulnerable machines connected online. Microsoft patched the flaw in MS17-010, released in March 2017.
  Comunicado CERT

• Julian Assange press conference on Vault 7

• "Mirai" malicious software

• ShellShock - bash bug

• Secure home network

• rspoof : wifi automated fake hotSpot hijacking with aicrack-ng, airbase, ssl-strip, and dns spoof in Python

• 55 ways to save money on Internet safety

• cronologia de Google Maps - veure que he fet els darrers dies

• WikiLeaks index

• cozycar, dridex, x-agent, flame, blackenergy, zeroaccess, seaduk, ghost, t9000, duqu, regin, necurs - habits of high-effective hackers

• Google less secure APPS

• how to decrypt a password protected ZIP file :
  • use iSumsoft ZIP Password Refixer
  • use NSIS - converts ZIP 2 EXE

  Mas fuerza bruta ;

  • John the Ripper
  • fcrackzip - Software Manager at Minie ...
  • ZipPassword

• nogafam.es - fer servir fediverso :
  • Whatsapp -> Element by Matrix
  • Instagram -> pixelfed.org
  • Facebook -> joinmastodon.org

• NSIS : convert protected ZIP into EXE - quora

• Netcraft : news - site report

• Google or All The Web

• Tinet

• Previous page

• Back to main page

• Site map

• Escriu-me !