Tag: hacking

Rootkits

Open source Windows kernel driver loader

Windows kernel driver loader If you write Windows kernel drivers, this GUI-based tool will allow you to register your kernel driver easily, by creating a new System service and makes it easy for you to start your driver without rebooting, during the development stage of your project. Tech stack C/C++ QT 5 (Visual Studio 2015 …

Hacking, Malware

Some notes on rootkits – Part 1

Rootkit major features Maintain access Conceal existence through stealth Rootkit types User-mode Kernel-mode User-mode rootkit main injection techniques Windows hooks CreateRemoteThread + LoadLibrary() CreateRemoteThread + WriteProcessMemory() Hooking techniques Import Address Table hooking Inline function hooking Rings Ring 3 – user-mode Ring 0 – kernel-mode Ring -1 – hypervisor Bridging the rings SYSENTER System call Interrupt …

Hacking, Malware

Some notes on malware – Part 2

Keyloggers Software based. Hardware based. User/Kernel based. Windows/Linux based. Hook based. Typical install locations This is rather a long list, a few examples follow: Windows Application Data\Microsoft\ System\filename.dll Program Files\Internet Explorer\filename.dll Program Files\Movie Maker\filename.dll All Users Application Data\filename.dll Temp\filename.dll Linux /bin/login /bin/.login /bin/ps /etc/ /etc/rc.d/ /tmp/ /usr/bin/.ps /usr/lib/ /usr/sbin/ /usr/spool/ /usr/scr/ Local Drives installation Malware …

Hacking, Malware

Some notes on malware – Part 1

The Motivation Behind Malware these days This is rather a long list but it can be narrowed down to the following: Steal sensitive data (identity theft, illegal immigration, terrorism, drug trafficking, blackmail, etc). Banking fraud (credit card fraud, etc). Spamming. Espionage. Advertisements/Click fraud. Medical insurance fraud. Money. Propagation Techniques Social Engineering (emails, spamming, phishing, office …

OWASP, Penetration Testing

OWASP Secure Headers

OWASP Secure Headers Project involves setting headers from the server is easy and often doesn’t require any code changes. Once set, they can restrict modern browsers from running into easily preventable vulnerabilities. OWASP Secure Headers Project intends to raise awareness and use of these headers. – https://www.owasp.org/index.php/OWASP_Secure_Headers_Project Response Headers * HTTP Strict Transport Security (HSTS) …

Penetration Testing

Exploits – Advisories

Offensive Security’s Exploit Database Archive The Exploit Database – ultimate archive of Exploits, Shellcode, and Security Papers. Packet Storm Security Exploits and Advisories A list of exploits, advisories, tools and more. Securityfocus Vulnerabilities Search for vulnerabilities. National Vulnerability Database NVD is the U.S. government repository of standards based vulnerability management data represented using the Security …

OSINT

OSINT – Part 3

Information gathering types Passive During passive information gathering you should never send any type of traffic directly to the target. Passive I.G. allows the greatest amount of anonymity. Active During active information gathering you are sending requests to remote services and receiving responses based on the service type. This method includes, but is not limited …

OSINT

OSINT – Part 2

Open-source intelligence (OSINT) is intelligence collected from publicly available sources. In the intelligence community (IC), the term “open” refers to overt, publicly available sources (as opposed to covert or clandestine sources); it is not related to open-source software or public intelligence. OSINT includes all publicly accessible sources of information, such as: – Media – Web-based …

Metasploit

Setup Metasploit Database

Try reconfigure Metasploit dpkg-reconfigure metasploit-frameworkdpkg-reconfigure metasploit-framework Start postgresql systemctl start postgresql.servicesystemctl start postgresql.service Initialize database msfdb initmsfdb init Run metasploit msfconsolemsfconsole Connect to database db_connect -y /usr/share/metasploit-framework/config/database.ymldb_connect -y /usr/share/metasploit-framework/config/database.yml Rebuild cache db_rebuild_cachedb_rebuild_cache Run postgresql at startup systemctl enable postgresql.servicesystemctl enable postgresql.service