njRAT Malware – remote control malware

njRAT_goedist

My buddy Aamir Lakahni wrote a cool post on how to setup a njRAT (remote access toolkit). The original post can be found at drchaos.com via HERE.

Warning: The ideas, concepts and opinions expressed in this blog are intended to be used for educational purposes only. The misuse of the information from this article can result in criminal charges brought against the persons in question. Refer to the laws in your province/country before accessing, using,or in any other way utilizing these materials.

One of the most popular malware tools being used today is a RAT (remote access toolkit) named njRAT. Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (1 vote cast)

The Best Cyber Security Talks of 2014

Hacking1

My buddy Aamir Lakhani from dcchaos.com put together a list of the best cyber security talks of 2014. The rankings and opinions are purely his own. Some of these were based on technical knowledge, others were entertaining, and lastly some of these are a shout out to my friends and colleagues. You can find the original post HERE.

Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Enable SSH on Kali Linux

My buddy Aamir Lakhani wrote a good post on how to enable SSH on Kali Linux. He also has other tips for using Kali Linux found on his blog www.drchaos.com. Below is the post however you can find the original HERE

Kali Linux does not come with SSH enabled. SSH is the preferred method of remote management for most Linux based systems. Secure Shell (SSH) is a cryptographic network protocol for secure data communication, remote command-line login, remote command execution, and other secure network services between two networked computers. It connects, via a secure channel over an insecure network, a server and a client running SSH server and SSH client programs. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Sweet Orange Web Exploit Kit

orange

Aamir Lakhani wrote a very interesting article on a malware exploitation kit known as Sweet Orange. It is becoming very popular in underground markets and possibly the next Black Hole. The original article can be found HERE

Sweet Orange is a popular exploit kit making it rounds as one of the latest and most popular exploit kits. It can affect the latest Windows operating systems, including Windows 8.1 and Windows 7. It can also exploit newer versions of Internet Explorer, Firefox, and Google Chrome. According to Webroot, “What’s particularly interesting about the Sweet Orange web malware exploitation kit is that just like the Black Hole exploit kit, its authors are doing their best to ensure that the security community wouldn’t be able to obtain access to the source code of the kit, in an attempt to analyze it. They’re doing this, by minimizing the advertising messages posted on invite-only cybercrime-friendly web communities, and without offering any specific details, demos or screen shots unless the potential buyer directly contacts the seller and has a decent reputation within the cybercrime ecosystem”. Continue reading

VN:F [1.9.22_1171]
Rating: 4.5/5 (2 votes cast)

The Fappening: A Wake-Up Call for Cloud Users

Sarah Williams wrote a great article on my buddies blog about a recent breach in cloud security storage that exposed naked photographs of famous actors. The original post can be found at drchaos’s website HERE

The-Fappening

The Cloud storage option is fast becoming one of the most popular and effective methods of storing essential data that you definitely can’t afford to lose. From small to medium-sized business, cloud storage has helped owners save time and money in their businesses when it comes to IT.

But exactly how safe is the cloud? Though most reliable cloud service providers have cutting edge security, many IT experts say the cloud system is not entirely safe. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Raspberry Pi As A Hacking Arsenal

IMG_0473

One really cool tool that I’ve had a lot of fun playing with is the Raspberry Pi. My buddy Aamir Lakhani and I recently went under contract for our second book covering how to run Kali Linux on a Raspberry Pi to perform various penetration testing scenarios. Here is a basic overview of the Raspberry Pi used as a security tool. The book should be out early next year.

For those that haven’t heard of a Raspberry Pi, it’s a small computer that is dirt cheap and can be imaged for just about anything. Continue reading

VN:F [1.9.22_1171]
Rating: 2.8/5 (5 votes cast)

Shellshock / Bash bug – 22 year internet vulnerability could be the biggest yet

My buddy Aamir Lakhani posted about the recent Shellshock / Bash bug based on his research. Its a fantastic post and original is located HERE.

Security researcher, Stephane Schazelas found a major vulnerability that allows attackers to execute and run code in bash shell.

A shell is found on most UNIX, Linux, and Mac operating systems. Users interact it with it through the terminal program. It is the place to input and run commands for the operating system, as well as accept basic programming for the system. In other words, it is the command line. It is used for management, administrative, and productivity purposes.

Bash is the shell, or command language interpreter, for the GNU operating system. The name is an acronym for the ‘Bourne-Again SHell’, a pun on Stephen Bourne, the author of the direct ancestor of the current Unix shell sh, which appeared in the Seventh Edition Bell Labs Research version of Unix.

Bash-installed-from-netcraft Continue reading

VN:F [1.9.22_1171]
Rating: 3.5/5 (2 votes cast)

Recon-ng – advanced reconnaissance framework

Starting-recon-ng-1024x621My buddy Aamir Lakhani wrote about a cool reconnaissance tool called recon-ng. This tool can automate researching a target using multiple sources. The original post can be found HERE

Reconnaissance techniques are the one of the first steps penetration testers practice when learning how to exploit systems for vulnerabilities. Traditional reconnaissance techniques are used to gather intelligence, define scope, and identifying weaknesses. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)