PRINT
PRINT
SEND MAIL
SEND MAIL

Month: March 2018

TUTORIALSCTF Challenges

Hack the Box Challenge: Arctic Walkthrough

Hello friends!! Today we are going to solve another CTF challenge “Arctic” which is categories as retried lab presented by Hack the Box for making online penetration practices. Solving challenges in this lab is not that much easy until you don’t have some knowledge of vulnerability assessment. Let start and learn how to analysis any vulnerability in a network then exploit it for retrieving desired information. Level: Intermediate Task: find user.txt and root.txt file in victim’s machine. Since these labs are online accessible therefore they have static IP. The IP of Arctic…

ToolsSecurity FeedsAPT

Your new friend, KLara

While doing threat research, teams need a lot of tools and systems to aid their hunting efforts – from systems storing Passive DNS data and automated malware classification to systems allowing researchers to pattern-match a large volume of data in a relatively short period of time. These tools are extremely useful when working on APT campaigns where research is very agile and spans multiple months. One of the most frequently used tools for hunting new variants of malware is called YARA and was developed…

Security FeedsIndustrial threatsCyberespionageICSIndustrial control systemsindustrial softwareIoTMalware StatisticsSecurity PoliciesSpearphishing

Threat Landscape for Industrial Automation Systems in H2 2017

For many years, Kaspersky Lab experts have been uncovering and researching cyberthreats that target a variety of information systems – those of commercial and government organizations, banks, telecoms operators, industrial enterprises, and individual users. In this report, Kaspersky Lab Industrial Control Systems Cyber Emergency Response Team (Kaspersky Lab ICS CERT) publishes the findings of its research on the threat landscape for industrial automation systems conducted during the second half of 2017. The main objective of these publications is to provide information support to global…

EXPLOIT-COLLECTORHomeHacking Newscambridge analytica

Cambridge Analytica Facebook Data Scandal

One of the biggest stories of the year so far has been the scandal surrounding Cambridge Analytica that came out after a Channel 4 expose that demonstrated the depths they are willing to go to profile voters, manipulate elections and much more. It’s kicking off in the UK and the US and Mark Zuckerberg has had to come out publically and apologise about the involvement of Facebook. This goes deep with ties to elections and political activities in Malaysia, Mexico, Brazil, Australia and Kenya.…

TUTORIALS

LeakVM – Research & Pentesting Framework For Android, Run Security Tests Instantly

LeakVM: Run security tests instantly.Why LeakVM:LeakVM fast security test on Android, by skipping the time-consuming build pen-testing laboratories, you can test on real devices or virtual devices. LeakVM makes researchers and pen-testers more productive since they can run the test on real time and with zero knowledge on malware develop or attacks.Our technology uses the same techniques used in criminal software, but in a controlled environment, you always have control over the SDK, our product, gives you a real approach against real malware and…

Information GatheringEXPLOIT-COLLECTORHomeHacking Toolsinfo gatheringinformation gathering tool

GetAltName – Discover Sub-Domains From SSL Certificates

GetAltName it’s a little script to discover sub-domains that can extract Subject Alt Names for SSL Certificates directly from HTTPS websites which can provide you with DNS names or virtual servers. It’s useful in a discovery phase of a pen-testing assessment, this tool can provide you with more information about your target and scope. Features of GetAltName to Discover Sub-Domains Strips wildcards and www’s Returns a unique list (no duplicates) Works on verified and self-signed certs Domain matching system Filtering for main domains and…

Security FeedsMalware DescriptionsPublicationsATMFinancial malware

Goodfellas, the Brazilian carding scene is after you

There are three ways of doing things in the malware business: the right way, the wrong way and the way Brazilians do it. From the early beginnings, using skimmers on ATMs, compromising point of sales systems, or even modifying the hardware of processing devices, Latin America has been a fertile ground for collecting credit and debit cards en masse. Brazil started the migration to EMV cards in 1999 and nowadays almost all cards issued in the country are chip-enabled. A small Java-based application lives…

Security FeedsSecurity PoliciesInternet of Things

Time of death? A therapeutic postmortem of connected medicine

#TheSAS2017 presentation: Smart Medicine Breaches Its “First Do No Harm” Principle At last year’s Security Analyst Summit 2017 we predicted that medical networks would be a titbit for cybercriminals. Unfortunately, we were right. The numbers of medical data breaches and leaks are increasing. According to public data, this year is no exception. For a year we have been observing how cybercriminals encrypt medical data and demand a ransom for it. How they penetrate medical networks and exfiltrate medical information, and how they find medical…

EXPLOIT-COLLECTORHomeHacking Toolsddos

Memcrashed – Memcached DDoS Exploit Tool

Memcrashed is a Memcached DDoS exploit tool written in Python that allows you to send forged UDP packets to a list of Memcached servers obtained from Shodan. This is related to the recent record-breaking Memcached DDoS attacks that are likely to plague 2018 with over 100,000 vulnerable Memcached servers showing up in Shodan. What is Memcached? Memcached is an in-memory key-value store for small chunks of arbitrary data (strings, objects) from results of database calls, API calls, or page rendering. Read the rest of…