β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦What is memory forensics?
1) Memory forensics is a forensic analysis of a computer's memory dump.
Its main use is to investigate sophisticated computer attacks that are stealthy enough not to leave data on a computer's hard drive.
2) Therefore, memory (RAM) must be analyzed for forensic information.
Necessary requirements
Instruments:
Volatility
Redline
Caploader
2) Command:
vol.py -f <memory_image> βprofile = <profile> envars | findstr COMPUTERNAME
3) Windows has many environment variables for starting processes that can retrieve reference data such as OS, TEMP, windir, Path ... and the currently used hostname will be stored in a variable named COMPUTERNAME.
4) You can view environment variables through Power Shell.
Command:
Get-ChildItem Env
5) Get a list of processes
Tool: Volatility
Command:
vol.py -f <file_image> βprofile == <profile_name> pslist
pslist: Finds and views a doubly linked list of processes and displays a summary of the data.
6) This method usually cannot show you terminated or hidden processes.
psscan: Scans for _EPROCESS objects rather than relying on a linked list.
7) This plugin can also find terminated and unrelated (hidden) processes.
psxview: finds processes using alternative process lists, so you can refer to different sources of information and identify malicious inconsistencies.
8) Extract hashes
Now, using the virtual offset SYSTEM and SAM, we can extract the hashes:
D: \ volatility> vol.py -f ch2.dmp βprofile = Win7SP1x86 hashdump -y 0x8b21c008 -s 0x9aad6148> hashes.txt
Volatility Foundation Volatility Framework 2.6.1
Let's take a look at the hashes.txt file:
Administrator: 500: aad3b435b51404eeaad3b435b51404ee: 31d6cfe0d16ae931b73c59d7e0c089c0 :::
Guest: 501: aad3b435b51404eeaad3b435b51404ee: 31d6cfe0d16ae931b73c59d7e0c089c0 :::
John Doe: 1000: aad3b435b51404eeaad3b435b51404ee: b9f917853e3dbf6e6831ecce60725930 :::
9) now crack hash with John
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦What is memory forensics?
1) Memory forensics is a forensic analysis of a computer's memory dump.
Its main use is to investigate sophisticated computer attacks that are stealthy enough not to leave data on a computer's hard drive.
2) Therefore, memory (RAM) must be analyzed for forensic information.
Necessary requirements
Instruments:
Volatility
Redline
Caploader
2) Command:
vol.py -f <memory_image> βprofile = <profile> envars | findstr COMPUTERNAME
3) Windows has many environment variables for starting processes that can retrieve reference data such as OS, TEMP, windir, Path ... and the currently used hostname will be stored in a variable named COMPUTERNAME.
4) You can view environment variables through Power Shell.
Command:
Get-ChildItem Env
5) Get a list of processes
Tool: Volatility
Command:
vol.py -f <file_image> βprofile == <profile_name> pslist
pslist: Finds and views a doubly linked list of processes and displays a summary of the data.
6) This method usually cannot show you terminated or hidden processes.
psscan: Scans for _EPROCESS objects rather than relying on a linked list.
7) This plugin can also find terminated and unrelated (hidden) processes.
psxview: finds processes using alternative process lists, so you can refer to different sources of information and identify malicious inconsistencies.
8) Extract hashes
Now, using the virtual offset SYSTEM and SAM, we can extract the hashes:
D: \ volatility> vol.py -f ch2.dmp βprofile = Win7SP1x86 hashdump -y 0x8b21c008 -s 0x9aad6148> hashes.txt
Volatility Foundation Volatility Framework 2.6.1
Let's take a look at the hashes.txt file:
Administrator: 500: aad3b435b51404eeaad3b435b51404ee: 31d6cfe0d16ae931b73c59d7e0c089c0 :::
Guest: 501: aad3b435b51404eeaad3b435b51404ee: 31d6cfe0d16ae931b73c59d7e0c089c0 :::
John Doe: 1000: aad3b435b51404eeaad3b435b51404ee: b9f917853e3dbf6e6831ecce60725930 :::
9) now crack hash with John
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
On the internet, personal information and medical records of 300,000 Muscovites recovering from coronavirus were found
#Leaks
#Leaks
Forwarded from UNDERCODE NEWS
Calculated cruelty: When the algorithm makes decisions instead of public bodies.
#Technologies #Analytiques
#Technologies #Analytiques
Forwarded from UNDERCODE NEWS
A blow to Cellcom: Expon in advanced negotiations with Pelephone for a network sharing agreement.
#international
#international
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How Password Tracking to Protect Against Hacks Works in iOS 14 ?
1) Monitoring passwords in Safari
If iCloud Keychain is configured to automatically enter passwords in mobile apps and web apps, Safari will alert you of cracked passwords when you visit the site. If you use iCloud Keychain to automatically enter logins and passwords on sites in this browser, after logging in, the browser will warn you about the need to change the password on the site:
>βThis password appeared in a data breach, which increases the risk of this account being compromised. You must change your password immediately. "
βThe iPhone can create a complex password for you. Do you want to change the password for [site name] "?
2) If you click on the "Change password on the site" button, a window will open in the "Passwords" menu in the system settings. Here you can enter and change the password on the site or use the "Forgot your password?" Command, depending on the options available on the site. iCloud Keychain will help you choose a strong password.
If the site has an option to sign in with an Apple account, it is suggested that you do just that instead of having iCloud Keychain automatically generate a password. Your Apple ID will be used to sign in to your account. This will limit the amount of information the site collects about you.
3) Monitoring passwords in settings
If you don't want to wait for a warning about vulnerable passwords from Safari, for which you need to sign in to your account on the site, you can open system preferences and see security recommendations. This way you can take action before it's too late. It's also useful if you store passwords in the iCloud Keychain but don't use it for automatic data entry, so you won't get warnings in Safari.
Open the "Passwords" section in the system settings. Or you can tell Siri to "Open Passwords." Use Face ID, Touch ID, or PIN to sign in.
4) After logging into your account, you will see an option to auto-complete passwords. Here you can choose iCloud Keychain or another password manager like LastPass to automatically enter your username and password. Below this option and before the list of accounts, you will see security recommendations. Open them up.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How Password Tracking to Protect Against Hacks Works in iOS 14 ?
1) Monitoring passwords in Safari
If iCloud Keychain is configured to automatically enter passwords in mobile apps and web apps, Safari will alert you of cracked passwords when you visit the site. If you use iCloud Keychain to automatically enter logins and passwords on sites in this browser, after logging in, the browser will warn you about the need to change the password on the site:
>βThis password appeared in a data breach, which increases the risk of this account being compromised. You must change your password immediately. "
βThe iPhone can create a complex password for you. Do you want to change the password for [site name] "?
2) If you click on the "Change password on the site" button, a window will open in the "Passwords" menu in the system settings. Here you can enter and change the password on the site or use the "Forgot your password?" Command, depending on the options available on the site. iCloud Keychain will help you choose a strong password.
If the site has an option to sign in with an Apple account, it is suggested that you do just that instead of having iCloud Keychain automatically generate a password. Your Apple ID will be used to sign in to your account. This will limit the amount of information the site collects about you.
3) Monitoring passwords in settings
If you don't want to wait for a warning about vulnerable passwords from Safari, for which you need to sign in to your account on the site, you can open system preferences and see security recommendations. This way you can take action before it's too late. It's also useful if you store passwords in the iCloud Keychain but don't use it for automatic data entry, so you won't get warnings in Safari.
Open the "Passwords" section in the system settings. Or you can tell Siri to "Open Passwords." Use Face ID, Touch ID, or PIN to sign in.
4) After logging into your account, you will see an option to auto-complete passwords. Here you can choose iCloud Keychain or another password manager like LastPass to automatically enter your username and password. Below this option and before the list of accounts, you will see security recommendations. Open them up.
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
What has to be done nowadays? Similar diagnostics for non-vulnerability and penetration checking
#Analytiques
#Analytiques
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How to determine which services to restart on a Linux system:
1) Use the needrestart utility to determine which services need to be restarted after an upgrade.
2) Install the needrestart utility.
$ sudo apt install needrestart
3) Let's display the summary using the command line.
$ sudo needrestart --help
needrestart 3.4 - Restart daemons after library updates.
4) Check what needs to be restarted using convenient output:
$ sudo needrestart -b
NEEDRESTART-VER: 3.4
NEEDRESTART-KCUR: 4.19.0-8-amd64
NEEDRESTART-KEXP: 4.19.0-9-amd64
NEEDRESTART-KSTA: 3
NEEDRESTART-SVC: exim4.service
NEEDRESTART-SVC: postgresql@11-main.service
5) Verify what needs to be restarted using human-readable output (requires user interaction).
$ sudo needrestart -u NeedRestart :: UI :: stdio -rl
6) Restart the services.
$ sudo needrestart -u NeedRestart :: UI :: stdio -ra
7) Again, check if you need to restart.
$ sudo needrestart -b
NEEDRESTART-VER: 3.4
NEEDRESTART-KCUR: 4.19.0-8-amd64
NEEDRESTART-KEXP: 4.19.0-9-amd64
NEEDRESTART-KSTA: 3
8) Reboot your operating system and check if you need to restart.
$ sudo needrestart -b
NEEDRESTART-VER: 3.4
NEEDRESTART-KCUR: 4.19.0-9-amd64
NEEDRESTART-KEXP: 4.19.0-9-amd64
NEEDRESTART-KSTA: 1
9) $ sudo needrestart -u NeedRestart :: UI :: stdio -rl
Scanning processes ...
Scanning linux images ...
Running kernel seems to be up-to-date.
No services need to be restarted.
No containers need to be restarted.
No user sessions are running outdated binaries.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How to determine which services to restart on a Linux system:
1) Use the needrestart utility to determine which services need to be restarted after an upgrade.
2) Install the needrestart utility.
$ sudo apt install needrestart
3) Let's display the summary using the command line.
$ sudo needrestart --help
needrestart 3.4 - Restart daemons after library updates.
4) Check what needs to be restarted using convenient output:
$ sudo needrestart -b
NEEDRESTART-VER: 3.4
NEEDRESTART-KCUR: 4.19.0-8-amd64
NEEDRESTART-KEXP: 4.19.0-9-amd64
NEEDRESTART-KSTA: 3
NEEDRESTART-SVC: exim4.service
NEEDRESTART-SVC: postgresql@11-main.service
5) Verify what needs to be restarted using human-readable output (requires user interaction).
$ sudo needrestart -u NeedRestart :: UI :: stdio -rl
6) Restart the services.
$ sudo needrestart -u NeedRestart :: UI :: stdio -ra
7) Again, check if you need to restart.
$ sudo needrestart -b
NEEDRESTART-VER: 3.4
NEEDRESTART-KCUR: 4.19.0-8-amd64
NEEDRESTART-KEXP: 4.19.0-9-amd64
NEEDRESTART-KSTA: 3
8) Reboot your operating system and check if you need to restart.
$ sudo needrestart -b
NEEDRESTART-VER: 3.4
NEEDRESTART-KCUR: 4.19.0-9-amd64
NEEDRESTART-KEXP: 4.19.0-9-amd64
NEEDRESTART-KSTA: 1
9) $ sudo needrestart -u NeedRestart :: UI :: stdio -rl
Scanning processes ...
Scanning linux images ...
Running kernel seems to be up-to-date.
No services need to be restarted.
No containers need to be restarted.
No user sessions are running outdated binaries.
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
Demonstration experiment of search and reservation of work facilities will start in January next year, NTT Com and other three parties.
#international
#international
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦# οΈβ£ What is HMAC (Hach-based Message Authentication Code) ?
A message is data, text, image, or whatever we want to authenticate.
The message is verified for authenticity with the key by hashing them.
2) Key
The key is used by both parties to authenticate the message.
As stated earlier, the message and the key are used together and the hash value is calculated.
3) Hash function
The hash function is used to compute a hash value that is unique.
The hash function can be sha1, sha256, or use a different algorithm.
4) Encryption and Hashing. Difference and application
π¦How to create an HMAC using OpenSSL ?
We can use the OpenSSL tool to generate some HMAC or hash value.
We will use the echo and openssl commands.
We will also use sha256 as our hash algorithm.
We will provide data or messages to the HMAC and then haveh it using the -hmac switch and mysecretkey as shown :
$ echo -n "secretmessage.txt" | openssl dgst -sha256 -hmac "mysecretkey"
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦# οΈβ£ What is HMAC (Hach-based Message Authentication Code) ?
Hach-based Message Authentication Code or HMAC is used to authenticate a message using hash functions.1) Message
Message authentication is an important mechanism in cybersecurity and is used to authenticate a message.
There are different ways and mechanisms for message authentication.
A message is data, text, image, or whatever we want to authenticate.
The message is verified for authenticity with the key by hashing them.
2) Key
The key is used by both parties to authenticate the message.
As stated earlier, the message and the key are used together and the hash value is calculated.
3) Hash function
The hash function is used to compute a hash value that is unique.
The hash function can be sha1, sha256, or use a different algorithm.
4) Encryption and Hashing. Difference and application
π¦How to create an HMAC using OpenSSL ?
We can use the OpenSSL tool to generate some HMAC or hash value.
We will use the echo and openssl commands.
We will also use sha256 as our hash algorithm.
We will provide data or messages to the HMAC and then haveh it using the -hmac switch and mysecretkey as shown :
$ echo -n "secretmessage.txt" | openssl dgst -sha256 -hmac "mysecretkey"
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ WORDPRESS HACKING PDFs AND VIDEOS :
https://secure360.org/wp-content/uploads/2018/05/Hacking-WordPress_S360-TC-2018_Bob-Weiss.pdf
https://owasp.org/www-pdf-archive//Dan_Catalin_VASILE_-_Hacking_the_Wordpress_EcoSystem.pdf
https://blogsitestudio.com/wp-content/uploads/woocommerce_uploads/2017/04/Secure-Your-WordPress-Website-1491859920.pdf
https://www.youtube.com/watch?v=0UfPkYH6Da4
23 MIN
https://www.youtube.com/watch?v=l77AgiphUQo
2h
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ WORDPRESS HACKING PDFs AND VIDEOS :
https://secure360.org/wp-content/uploads/2018/05/Hacking-WordPress_S360-TC-2018_Bob-Weiss.pdf
https://owasp.org/www-pdf-archive//Dan_Catalin_VASILE_-_Hacking_the_Wordpress_EcoSystem.pdf
https://blogsitestudio.com/wp-content/uploads/woocommerce_uploads/2017/04/Secure-Your-WordPress-Website-1491859920.pdf
https://www.youtube.com/watch?v=0UfPkYH6Da4
23 MIN
https://www.youtube.com/watch?v=l77AgiphUQo
2h
β β β Uππ»βΊπ«Δπ¬πβ β β β