PRINT
PRINT
SEND MAIL
SEND MAIL

Month: February 2018

EXPLOIT-COLLECTORHomeCountermeasuresbitdefendergandcrab

Bitdefender Releases FREE GandCrab Ransomware Decryption Tool

The latest ransomware kicking everyone’s ass is Gandcrab which has infected an estimated 50,000 computers, fortunately for the victims, Bitdefender has released a free Gandcrab ransomware decryption tool as a part of the No More Ransom Project. There’s nothing particularly notable about the ransomware itself other than it combines two existing exploit kits to compromise people and it takes payment in Dash, which is a privacy coin, rather than Bitcoin (which is a first as far as I know). Read the rest of Bitdefender…

EXPLOIT-COLLECTORHomeHacking Toolsquickjacksamy

Quickjack – Advanced Clickjacking & Frame Slicing Attack Tool

Quickjack is an intuitive, point-and-click tool for performing advanced and covert clickjacking and frame slicing attacks. It also allows you to easily perform clickjacking, or steal “clicks” from users on many websites, forcing the user to unknowingly click buttons or links (for example the Facebook Like button) using their own cookies. Quickjack By placing the auto-generated code on any site, you can obtain thousands of clicks quickly from different users, or perform targeted attacks by luring a victim to a specific URL. Read the…

HomeHacking Tools

BootStomp – Find Android Bootloader Vulnerabilities

BootStomp is a Python-based tool, with Docker support that helps you find two different classes of Android bootloader vulnerabilities and bugs. It looks for memory corruption and state storage vulnerabilities. Note that BootStomp works with boot-loaders compiled for ARM architectures (32 and 64 bits both) and that results might slightly vary depending on angr and Z3’s versions. This is because of the time angr takes to analyze basic blocks and to Z3’s expression concretization results. Read the rest of BootStomp – Find Android Bootloader…

TUTORIALS

Pentesting in the Real World: Gathering the Right Intel

This is the first in a series of blog topics by penetration testers, for penetration testers, highlighting some of the advanced pentesting techniques they'll be teaching in our new Network Assault and Application Assault certifications, opening for registration this week. For more information, check out the training page at www.rapid7.com/services/training-certification/penetration-testing-training.jsp So you're starting a pentest. Or you finally get to try out the hands-on part of the Network Assault class. You're probably eager to fire up Metasploit and start pwning, but before you can,…

HomeCountermeasureshttpsSSL

Google Chrome Marking ALL Non-HTTPS Sites Insecure July 2018

Google is ramping up its campaign against HTTP only sites and is going to mark ALL Non-HTTPS sites insecure in July 2018 with the release of Chrome 68. It’s a pretty strong move, but Google and the Internet, in general, has been moving in this direction for a while. It started with suggestions, then forced SSL on all sites behind logins, then mixed-content warnings, then showing HTTP sites are not-secured and now it’s going to be outright marked as insecure. Read the rest of…

TUTORIALS

How to Create a Virtual Hacking Lab

Download VMware Workstation or Player The best way to practice hacking is within a virtual environment. Essentially, you set up a hacking system, such as Kali Linux, and some victims to exploit. Ideally, you would want multiple operating systems (Windows XP, Vista, 7, and 8, as well as a Linux flavor) and applications so that you can try out a variety of hacks. Virtual machines and a virtual network are the best and safest way to set up a hacking lab. There are several virtualization systems out…

TUTORIALS

How to Hack Web Browsers with BeEF

Start Cooking BeEF BeEF is built into Kali Linux, and it can be started as a service and accessed via a web browser on your localhost. So let's start by firing up Kali and cooking a bit of BeEF. Start the BeEF service by going to "Applications" -> "Kali Linux" -> "System Services" -> "BeEF" -> "beef start." Step 2Opening a Browser to BeEF The BeEF server can be accessed via any browser on our localhost (127.0.0.1) web server at port 3000. To access its…

TUTORIALS

Exploit Pack: Using Windows as a Hacking Platform

Download & Install Java The first step, of course, is to download and install Exploit Pack. As I mentioned above, it is written in Java, so it is requisite that you have Java 8 installed. You can go to Oracle's website and download Java 8 for your architecture. Since I will be working on a 64-bit Windows 7 system, I downloaded the Windows x64 Java, as circled in the screenshot below. Of course, if you are using a different architecture, make certain to download the Java…

TUTORIALS

How to Find the Exact Location of Any IP Address

Fire Up Kali & Open a Terminal The first step, of course, is to fire up our our trusty Kali system, or in this case, any Linux distribution. Then, open a terminal. Note: Be cautious of the formatting below for commands. The formatting of this article will create big space gaps since it stretches lines out to fit the margins. This is because of long URLs that try to fit themselves on a separate line. Large spaces equals just one space, so keep that in mind. Refer…