PRINT
PRINT
SEND MAIL
SEND MAIL

Month: June 2018

Automate SSHCommand LineFirecallNEW TOOLSSSH

Firecall – Automate SSH Communication With Firewalls, Switches, Etc.

by Black Hat Sec

Automate SSH communication with firewalls, switches, etc.DescriptionThese scripts are designed to automate sending commands to a Cisco ASA firewall. The intended purpose here is to eliminate the need to manually log in to a firewall to make changes. This code can be run directly via command line or it can be incorporated into other scripts. These scripts were created with automation/orchestration in mind - if done securely, these scripts could ingest security intelligence data to automatically block malicious IPs based on certain criteria.ConfigurationRun bash…

Read More Firecall – Automate SSH Communication With Firewalls, Switches, Etc.
penetration testingTUTORIALS

3 Ways Extract Password Hashes from NTDS.dit

by Black Hat Sec

Hello friends!! Today we are going to discuss some forensic tool which is quite helpful in penetration testing to obtain NTLM password hashes from inside the host machine. As we know while penetration testing we get lots of stuff from inside the host machine and if you found some files like NTDS.dit and system hive then read this article to extract user information from those files. Impacket-secretsdump Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing…

Read More 3 Ways Extract Password Hashes from NTDS.dit
AkerBastion HostElk StackFreeipaJumpboxJumpserverNEW TOOLSSSHSSH Gateway

Aker – SSH Bastion/Jump Host/Jumpserver

by Black Hat Sec

Aker is a security tool that helps you configure your own Linux ssh jump/bastion host. Named after an Egyptian mythology deity who guarded the borders, Aker would act as choke point through which all your sysadmins and support staff access Linux production servers. Aker SSH gateway includes a lot of security features that would help you manage and administer thousands of Linux servers at ease. For a detailed look check our WikiMotivationI couldn't find an open source tool similar to CryptoAuditor and fudo, such…

Read More Aker – SSH Bastion/Jump Host/Jumpserver
CTF ChallengesTUTORIALS

Hack The Blackmarket VM (CTF Challenge)

by Black Hat Sec

BlackMarket VM presented at Brisbane SecTalks BNE0x1B (28th Session) which is focused on students and other InfoSec Professional. This VM has total 6 flags and one r00t flag. Each Flag leads to another Flag and flag format is flag {blahblah}. Download it from here. VM Difficulty Level: Beginner/Intermediate Penetrating Methodology Network Scanning (Nmap, netdiscover) Information gathering: Abusing web browser for the 1st flag Generate dictionary (Cewl) FTP brute-force (hydra) FTP login for the 2nd flag SQL injection for the 3rd flag Blackmarket login for the…

Read More Hack The Blackmarket VM (CTF Challenge)
Log CleanerLog KillerNEW TOOLSPHP

Log Killer – Clear All Your Logs In (Linux/Windows) Servers

by Black Hat Sec

Log Killer is tool for [Linux/Windows] Servers. This tool will delete all your logs, just download the tool and run it on the server, if your server OS is Windows download the batch file but, if your server Linux then you should run the php script.ScreenShotsWindows (batch file): Linux :Video: Download Log-killer

Read More Log Killer – Clear All Your Logs In (Linux/Windows) Servers
Cyber ThreatsTOP 10 STORIES

Surge in cryptocurrency mining hacks blamed on risky smartphone apps

by Black Hat Sec

A cryptocurrency mining virus that hijacks computers and smartphones after they visit websites has surged in the last three months, thanks to risky smartphone apps and infected webpages. View Full Story ORIGINAL SOURCE: The Telegraph The post Surge in cryptocurrency mining hacks blamed on risky smartphone apps appeared first on IT SECURITY GURU.

Read More Surge in cryptocurrency mining hacks blamed on risky smartphone apps
Cyber ThreatsTOP 10 STORIES

PROPagate Code Injection Technique Detected in the Wild for the First Time

by Black Hat Sec

Security firm FireEye has detected that malware authors have deployed the PROPagate code injection technique for the first time inside a live malware distribution campaign. View Full Story ORIGINAL SOURCE: Bleeping Computer The post PROPagate Code Injection Technique Detected in the Wild for the First Time appeared first on IT SECURITY GURU.

Read More PROPagate Code Injection Technique Detected in the Wild for the First Time
Cyber ThreatsTOP 10 STORIES

UK Government Sets Minimum Cybersecurity Standard

by Black Hat Sec

The UK government has launched a new cybersecurity standard designed to set a baseline of mandatory security outcomes for all departments. The Minimum Cyber Security Standard announced this week presents a minimum set of measures which all government departments will need to follow, although the hope is that they will look to exceed these at all times. View Full Story ORIGINAL SOURCE: Infosecurity Magazine The post UK Government Sets Minimum Cybersecurity Standard appeared first on IT SECURITY GURU.

Read More UK Government Sets Minimum Cybersecurity Standard
Cyber ThreatsTOP 10 STORIES

Ticketmaster ‘warned of hack attack in April by Monzo’

by Black Hat Sec

Ticketmaster was warned in April that it had been the victim of a hack attack, digital bank Monzo has claimed. Ticketmaster had previously said it did not know about the breach until June and had then acted quickly to inform “all relevant authorities”. View Full Story ORIGINAL SOURCE: BBC The post Ticketmaster ‘warned of hack attack in April by Monzo’ appeared first on IT SECURITY GURU.

Read More Ticketmaster ‘warned of hack attack in April by Monzo’