Categories
Uncategorized

How to Automate Pentesting with Ansible ( PART 1- Installation & Configuration)

Add Your Heading Text Here

Share it:

In this day and age, devops tools such as Ansible has made it quite possible for security engineers to automate penetration testing. Although it is quite possible to do the same task with bash shell scripting, it becomes tedious when security engineers are supposed to test hosts on different distributions (such as Suse, CentOS and Redhat) .  We can use ansible to pentest different Linux distributions in the same environment using playbooks.

Today we will focus on how to install ansible on a controller machine in preparation for the main task ahead. There is no need to install ansible on the remote server ( i.e managed machine) we will connect to shortly.

There are several ways of installing ansible. You can choose to install ansible by compiling source code into the usr/local directory, use apt-get utility of Ubuntu or yum or dnf utility of CentOS  to install ansible binary program or install ansible using pip.

For this tutorial, we will install ansible on the controller machine using apt-get and configure it afterwards.

Open your terminal and type the following code:

apt-get install ansible  

Usually ansible is installed into the /etc directory. i.e system configuration directory. After you have installed ansible on your Linux machine, type the following command at the terminal:

cd /etc/ansible 

Inside the ansible directory, type the command below to view files in the ansible directory:

ls ansible  

Open the file ‘hosts’ and assign hostname(s) or IP address(es) of remote server you intend to pentest. The ‘host’ file is an inventory file which contains IP address(es) of web servers, database or other infrastructure ansible needs to connect to via ssh. You can choose to open it with any text editor.

leafpad hosts

Now enter the IP address(es) or hostname(s) of remote server(s)  in the format below. Please don’t try to connect to the IP address because it is not valid.

Next, save and close the hosts file. Open the file ‘ansible.cfg’ to make minimal changes. Because we don’t to connect to remote servers  passwordless, uncomment host key_checking by ansible by deleting the # sign beside host key_checking

Now save and close ansible.cfg file.

Finally,  let’s check whether we have configured ansible correctly by connecting to remote server using the ping module. The command below simply tells ansible to connect to the ip address(you must replace the place holder with a valid IP address) using the ping module (i.e -m ping). In addition, -k flag prompts user2 for password before connecting to the target.

ansible   -m  ping -k -u user2

BAM!  Ansible is working correctly. Tomorrow, We will illustrate how we can automate information gathering of a target with ansible.

#ISA_informs

#ISA_ltd 

Categories
Uncategorized

Turning Your Smartphone Into a Spyware Zoo

Add Your Heading Text Here

Share it:
Sometimes even a completely innocent-looking site with a good reputation can be harmful — criminals may find and exploit a vulnerability. For example, they can use the site for drive-by attacks, causing each visitor to download a file automatically (and unwittingly) as soon as they get to the site. For example, Android users interested in current events in the Middle East are at risk of getting a whole menagerie — ZooPark spyware — on their phones.  
 
The current, fourth version of this Trojan can steal almost any information from your smartphone, from contacts to call logs and info you enter by keyboard. Here is the list of data that ZooPark can collect and send to its owners:  
 
 
  • Contacts
  • User account information
  • Call history
  • Call audio recordings
  • Text messages
  • Bookmarks and browser history
  • Browser search history
  • Device location
  • Device information
  • Information on installed apps
  • Any files from the memory card
  • Documents stored on the device
  • Information entered using the on-screen keyboard
  • Clipboard information
  • App-stored data (for example, data from messaging apps such as Telegram, WhatsApp, and imo, or the Chrome browser)

In addition, ZooPark can take screenshots and photos, and record videos on command. For example, it can take a picture of the phone’s owner from the front camera and send it to its command center. 

ZooPark Trojan spyware is used for targeted attacks — in other words, it’s not sent out randomly to ensnare just anyone; it aims for a specific audience. As we said, the criminals behind ZooPark target those who are interested in specific topics — in this case, Middle Eastern politics.  

How To Avoid a Zoo:   

  •        Update your operating system and important apps as updates become available. Many safety issues can be solved by installing updated versions of software.  
  •       Use mobile antivirus software to block suspicious links and apps.

Source: Kaspersky Lab Blog

Categories
Uncategorized

SynAck Ransomware Hunts Enterprise Windows Users

Add Your Heading Text Here

Share it:

SynAck is a ransomware noted for demanding $3,000 from users before decrypting users’ files. Before encrypting a user’s files, SynAck ensures it has access to its important file targets by killing some processes that would otherwise keep the files in use and off limits.

The victim sees the ransom note, including contact instructions, on the logon screen. Unfortunately, SynAck uses a strong encryption algorithm, and no flaws have been found in its implementation, so there is no way yet to decrypt the encrypted files.

SynAck is distributed mostly by Remote Desktop Protocol brute force, which means it’s mostly targeted at business users. The limited number of attacks thus far — all of them in the USA, Kuwait, and Iran — bears out this hypothesis.

How SynAck Ransomware Operates:

It  employs a rather complicated Process Doppelgänging technique.  It is the first ransomware seen in the wild to do so. Process Doppelgänging was first presented at Black Hat 2017 by security researchers.

The technique “Process Doppelgänging” relies on some features of the NTFS file system and a legacy Windows process loader that exists in all Windows versions since Windows XP, letting developers create fileless malware that can pass off malicious actions as harmless, legitimate processes.

Before SynAck start to encrypt files on users’ machine, it checks if it’s installed in the right directory. If it’s not, it doesn’t run — that’s an attempt to avoid detection by the automatic sandboxes various security solutions use.

Secondly, SynAck checks if it’s installed on a computer with a keyboard set to a certain script — in this case, Cyrillic — in which case it also does nothing.

Tips to Avoid Ransomware:

  •  If you do not use Windows Remote Desktop in your business processes, disable it.
  • Back up your data regularly. Store backups on separate media not permanently connected to your network or to the Internet.

Source: Kaspersky Lab Blog 

Categories
Uncategorized

DIFFERENCE BETWEEN SSL CERTIFICATES

Add Your Heading Text Here

Share it:

Today we are going to learn the difference between the three main types of SSL certificates. Before we proceed to illustrate the difference between the three main types, let’s find out what’s SSL.

SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browserThis link ensures that all data passed between the web server and browsers remain private and integral.

IS SSL IS SECURE OR ANOTHER WAY TO CALM USER’S FEAR?   

Although SSL is used by major payment platforms such as MasterCard, AmericanExpress, SlydePay, and others to inform users that their activities such as money transaction are not being monitored by malicious users. However, you have heard of how malicious users break into secured websites daily to steal users’ credentials.

Thus, SSL is a way of informing users to trust you with their credentials or data. But in details, you should not actually trust them but be willing to abide by basic cybersecurity rules.

THREE MAIN TYPES OF SSL CERTIFICATES:

Extended Validation Certificate:

EV certificates are trusted by browsers and most expensive in comparison to the other types. Only legal entities that have provided all required documents can obtain this extended certificate. This type of certificate shows the name of organisation as well as location to appear in green in  the address bar, next to a padlock.

Organization Validation Certificate:

If a website has a DV or OV certificate, the browser displays a gray or green padlock with the word SECURE and the letters HTTPS in the address bar. Organization Validation certificate simply means connection to the domain is secure and it actually belongs to the organisation.

Domain Validation Certificate:

For  Domain Validation certificate, an individual must show or prove they own the domain. This certificate allows  secure connection to be established. It does not reveals  information about the organization to which it belongs. Moreover, no documents from an individual are required to issue it.

#ISA_informs

#ISA_ltd

Categories
Uncategorized

Time to Patch Your Drupal Sites

Add Your Heading Text Here

Share it:

Source:  thehackernews.com

Categories
Uncategorized

How Hackers Rely On Vulnerable Routers to Distribute Android Banking Trojan

Add Your Heading Text Here

Share it:

Source:  thehackernews.com

Categories
Uncategorized

Does Malware Comes From Porn Sites ?

Add Your Heading Text Here

Share it:

There is indeed a risk of infection on porn sites and adult content apps, but that’s also true for sites completely unrelated to porn.

Possibly the most common advice for avoiding computer viruses is to avoid adult sites. You’ve probably heard the tropes — dogs, fleas, porn, viruses. But is there any truth to them? Let’s investigate.

To state the obvious, adult content is rather popular. A report by SimilarWeb suggests that three of the world’s 20 most visited sites are porn-related.

Two of them are breathing down the necks of front runners Facebook, YouTube, and search giants Google and China’s Baidu.

And sandwiched between Instagram and Yandex, in 14th place, is PornHub. We were amazed to learn that in 2017 the site got a staggering 28.5 billion hits. That’s more than 81 million a day!

Cybercriminals are not overly bothered about other people’s business models. The popularity of XXX sites has not gone unnoticed.  Every now and then they hack porn resources or the advertising platforms that host banners on them .

Now, malicious porn sites do exist — sites created to defraud or infect visitors. But they tend to be small-scale, not well-known. And then there are players and other apps for viewing adult content that phish for data.

You can avoid dangers on porn sites by doing the following:

Although we have provided solutions to avoid malware on porn sites, for safety reasons we advise you not to browse on porn sites.

Source: Kaspersky Labs

Categories
Uncategorized

Flaw in Microsoft Allows Hackers to Steal Your Windows Password

Add Your Heading Text Here

Share it:

  • Apply the Microsoft update for CVE-2018-0950, if you have not yet.
Categories
Uncategorized

Microsoft Office 365 Gets Built-In Ransomware Protection

Add Your Heading Text Here

Share it:

 

File Recovery and Anti-Ransomware

 

  • Files Restore—Microsoft Office 365 now allows users to restore entire OneDrive to a previous point in time within the last 30 days. This feature can be used to recover files from an accidental mass delete, file corruption, ransomware, or any catastrophic event.
  • Ransomware detection & recovery—Office 365 had also introduced a new security feature that detects ransomware attacks and alerts you through an email, mobile, or desktop notification while helping you restore your OneDrive to a point before the malware compromised files.

Source: thehackernews.com

Categories
Uncategorized

New Zenis ransomware encrypts files and deletes backups

Add Your Heading Text Here

Share it:

Zenis ransomware is a rare example of crypto-malware. Researchers still cant figure out clearly how this ransomware works. This malware does not only encrypts files but deletes backups too.

Zenis affect devices by exploiting Remote Desktop services. Once inside, it begins to encrypt data using AES cryptography.

Whilst encrypting data, Zenis ransomware renames files and appends Zenis-<2_chars>. file extension. Apart from data encryption, it deletes shadow volume copies, disable startup repair, and clear event logs.

Zenis also searches for files that are associated with backups and deleted them immediately.

Zenis ransomware gets into the machines by exploiting  Remote Desktop services connected to the internet directly.

We recommend connecting Remote Desktop Services to the internet via VPN with a strong password. Also, it is quite safer to have anti-malware solution on public-facing machines.

#ISA_informs

#ISA_ltd