Tuesday, 12 June 2018

Bloodhound


BloodHound White on Red Logo

Bloodhound was developed by cyber-security experts Andrew Robbins Rohan Varsakar and Will Schroeder now. It is a post exploitation tool it is used to gather information and find paths once the attacker infiltrates into the network by pawning one low privilege machine first you would need to run bloodhound PowerShell script on the compromised computer it will automatically gather information and push it directly into the neo4j database next for analysis log in to bloodhound desktop application from here one can easily figure out a lot of stuff like properties of a node direct and derived relationships among nodes and user transitive relationships and most importantly the discovery of  exploitation paths to hire privileged nodes bloodhound makes it extremely easy for a red team to escalate his privileges by providing an exploitation path but by seeing the same path in advance a blue team can secure the network which makes bloodhound for both red and blue teams

Wednesday, 1 February 2017

URI TERROR ATTACK & KASHMIR PROTEST THEMED SPEAR PHISHING EMAILS TARGETING INDIAN EMBASSIES AND INDIAN MINISTRY OF EXTERNAL AFFAIRS

An  attack campaign was carried out where attackers used the Uri terror attack and Kashmir protest themed spear phishing emails to target officials in the Indian Embassies and Indian Ministry of External Affairs (MEA). In order to infect the victims, the attackers distributed spear-phishing emails containing malicious word document which dropped a malware capable of spying on infected systems. The email purported to have been sent from legitimate email ids. The attackers spoofed the email ids associated with Indian Ministry of Home Affairs to send out email to the victims. Attackers also used the name of the top-ranking official associated with Minister of Home affairs in the signature of the email, this is to make it look like the email was sent by a high-ranking Government official associated with Ministry of Home Affairs (MHA).
To know more about it click the link  URI TERROR ATTACK & KASHMIR PROTEST THEMED SPEAR PHISHING EMAILS TARGETING INDIAN EMBASSIES AND INDIAN MINISTRY OF EXTERNAL AFFAIRS



Wednesday, 10 February 2016

Inside the mind of a hacker

“Black-hat hackers have a very different mentality, and unless you put yourself in “that” mindset, you can’t understand it.” – says a software engineer and a former hacker, Cal Leeming.

Tuesday, 1 September 2015

Hacking Challenge 1 (Accepted and completed )

The challenge includes an image hosting web service that has various design vulnerabilities. You must enumerate the various web service features and find an exploitable vulnerability in order to read system hidden files.





                                                

Friday, 14 August 2015

CAN YOU REALLY WIPE A MOBILE DEVICE REMOTELY?

Sometimes the user may be asked to sign a usage policy, which includes the right to remotely wipe the device if lost or stolen. Hence, corporate data cached on the mobile doesn’t get exposed.
Sounds pretty secure, doesn’t it.
There are a few problems with this though:
First, as a result of tracking technologies such as ‘Find my iPhone’ thieves are already using RF shielded forensic bags to stop any GSM or Wi-Fi signals being received by it. That stops the police tracking the phone, but also means that you can’t wipe it remotely.
Hopefully the thief just wants to sell the phone after wiping it, but what if they’re more interested in the data on it, or have stolen it to order?
If we are asked to seize a phone as part of a legitimate forensic investigation, it immediately goes in an RF shielded bag. When starting to work on it, we un-bag it in a Faraday cage in the office. No phone or data signal, no ability to wipe it.
RF shielded bag
Some policies force a remote wipe automatically if the device hasn’t ‘checked in’ for a while. Great idea, but if the ‘check in’ timespan is longer than it takes for the PIN to be cracked, then you have a problem. My next point is very relevant to this:
Second, many businesses enforce policy on the device using Exchange or an MDM product. If it’s just an enforced policy, then PIN length becomes very important for security, as does the hardware and software version of the phone.
I’ve talked about this before, but upping the PIN length to 6 or 8 digits can make a huge difference. If you can slow down a PIN crack long enough for the user to report the theft, lock the domain account and manage the incident, you have a chance. Older phone hardware (e.g. < iPhone 4S) and older operating system software versions can render even longer PINs useless.
Think carefully about which phone hardware and software versions you allow to connect to Exchange or your MDM.
Third, what if the mobile user jailbreaks their phone? This can present a major security issue, as the mobile device security can be almost completely removed by the user, often unintentionally, just because they want to install cracked apps for free. Jailbreak frameworks have tools available (e.g. xCon) to prevent you detecting that the device has been jailbroken.
Fourth, you might think that by changing the users domain credentials and connecting to their replacement phone, that you’ve closed the incident. In the case of Android, having cracked the phone PIN, one might load an app containing malware to the Google Play store, then install it to the phone. It syncs with Google Play, the user configures and re-syncs their new phone, and the malware now installs on to their new phone. A persistent attack…
Don’t connect any mobile devices to Exchange without giving really serious thought to the risks. Senior execs can apply a lot of pressure to make it happen, yet often have the most sensitive data in their mail accounts.



Saturday, 1 August 2015

NAT

Inside local address: This would be the address of your workstation and all the other devices assigned IP address within your LAN.

Inside Global address: This is your globally route-able IP address that NAT provides the translations to and from.

Outside Global address: This is the destinations globally route-able IP address that represents a web server or a network on the Internet etc.

Outside Local address: This address is the IP of an outside host as it appears to you, the local user.