Tag: detect

Detection, Firewall

How to detect Web Application Firewalls

WAFW00F – Web Application Firewall Detection Tool – identifies and fingerprints Web Application Firewall (WAF) products. To do its magic, WAFW00F does the following: > Sends a normal HTTP request and analyses the response; this identifies a number of WAF solutions. > If that is not successful, it sends a number of (potentially malicious) HTTP …

C

Detect Debugger Present in C

IsDebuggerPresent if(IsDebuggerPresent()) ExitProcess(0);if(IsDebuggerPresent()) ExitProcess(0); CheckRemoteDebuggerPresent //.. BOOL IsDbgPresent = 0; //.. CheckRemoteDebuggerPresent(GetCurrentProcess(), &IsDbgPresent); if(IsDbgPresent) ExitProcess(0);//.. BOOL IsDbgPresent = 0; //.. CheckRemoteDebuggerPresent(GetCurrentProcess(), &IsDbgPresent); if(IsDbgPresent) ExitProcess(0); Using the PEB __asm { mov eax, fs:[30h] mov eax, [eax + 68h] mov NtGlobalFlags, eax }   if(NtGlobalFlags & 0x70) ExitProcess(0);__asm { mov eax, fs:[30h] mov eax, [eax + 68h] …

C

How to determine whether specific processes are running or not

Let’s see how we can check if specific processes are already running in the system and then decide what we would like to do (exit for example). Useful links CreateToolhelp32Snapshot Process32First Process32Next //.. static char* const ProcessesNotAllowed[] = { "blahblah1", "blahblah2" }; //.. void CheckIfProcsRunning() { PROCESSENTRY32 pe; HANDLE h; int i = 0; int …

Microsoft SQL Server

Check for null passwords in Sql Server

One of the many ways to secure SQL Server is to review all passwords. You must also check for null passwords and if you locate any, change them. To list all users with null passwords, execute the following sql command: USE master GO   SELECT name, password FROM syslogins WHERE password IS NULL;use master go …

Detection, Microsoft Windows, Monitor, Network

Detect suspicious internet connections in Windows

Some times antiviruses are not enough. If you suspect that you are infected of some kind of spyware but your anti-virus, anti-malware, anti-anything are not able to detect it (this can happen) inspect internet connections made from your pc to external ips!   1st way Open command line with administrative rights and execute the command: …

C#

Get antispyware name in Windows using C#

To detect installed anti-spyware’s name in Windows we need ManagementObjectSearcher class. To use it, we have to add a reference to the namespace System.Management. try { ManagementObjectSearcher mos = null; if (Environment.OSVersion.Version.Major > 5) { mos = new ManagementObjectSearcher(@"\" + Environment.MachineName + @"rootSecurityCenter2", "SELECT * FROM AntiSpywareProduct"); } else { mos = new ManagementObjectSearcher(@"\" + …

C#

Get firewall name in Windows using C#

To detect installed firewall’s name in Windows we need ManagementObjectSearcher class. To use it, we have to add a reference to the namespace System.Management. try { ManagementObjectSearcher mos = null; if (Environment.OSVersion.Version.Major > 5) { mos = new ManagementObjectSearcher(@"\" + Environment.MachineName + @"rootSecurityCenter2", "SELECT * FROM FirewallProduct"); } else { mos = new ManagementObjectSearcher(@"\" + …

C#

Get antivirus name on Windows using C#

To detect antivirus name in Windows we need ManagementObjectSearcher class. To use it, we have to add reference in the project to the namespace System.Management. try { ManagementObjectSearcher mos = null; //Windows Vista/7/8 if (Environment.OSVersion.Version.Major > 5) { mos = new ManagementObjectSearcher(@"\" + Environment.MachineName + @"rootSecurityCenter2", "SELECT * FROM AntivirusProduct"); } //Windows XP else { …

MITM, Tools

Detect arp spoofing

ArpON is a portable handler daemon that make ARP protocol secure in order to avoid the Man In The Middle attack through ARP Spoofing, ARP Cache Poisoning or ARP Poison Routing (APR) attacks. It blocks also the derived attacks by it, which Sniffing, Hijacking, Injection, Filtering & co attacks for more complex derived attacks, as: …