Posts

Vulnerability Exploitation Techniques

Post exploitation involves securing ana elevating the control on target machine Few post exploitation process/techniques to achieve above are mentioned below Uploading File/Tools Elevating privileges Installing backdoor Cleaning up evidence of attack Expand attack to additional network or system. Keep visiting....for more...

Huge "PETYA" Cyber Attack

A new Ransomware attack has been detected and is in progress. Few information is available right now ; the investigation is still in progress. This alert will be updated when further information will be available. Description *********** Several information report this ransomware as a variant of Petya and Misha (also known as GoldenEye). The actual main targets are in Ukraine and Russia. Only few sample have been recently detected in France. There are verified facts: - it uses EternalBlue as an attack vector (CVE-2017-0143 [3]) - spreading via SMB post-exploitation Post-exploitation, the ransomware perform the following actions:  * downloads the main binary at hxxp://185[.]165[.]29[.]78/~alex/svchost[.]exe  * clears the windows event log using Wevtutil (wevtutil cl Setup & wevtutil cl System & wevtutil cl Security & wevtutil cl Application & fsutil usn deletejournal /D %c:) - writes a message to the raw disk partition - reboot the syste

Application Security Architecture

Image
Hi All, Lets review this below mentioned security architecture, it is just broad level concept and requires each boxes to be explained, which we will explore in coming posts. Keep coming for more updates.

PCI Critical NON-Filtered Ports

It's PCIDSS Time Now Well we all know, digital payments are now a craze across all streams, so PCIDSS becomes a mandatory clause towards achieving and maintaining cyber security. Here is a list of some ports which are listed as non filtered as per PCIDSS 1-tcpmux 3-compressnet 7-echo 9-discard 13-daytime 17-qotd 19-chargen 20-ftp-data 21-ftp 22-ssh 23-telnet 24-priv-mail 26-rsftp 33-dsp 37-time 42-nameserver 43-whois 49-tacaos 53-domain 70-gopher 79-finger 80-http 81-hosts2-ns 82-xfer 83-mit-ml-dev 84-ctf Keep coming back for more cyber security insights

Internal Security Testing

Security testing with hackers view is very important to understand the security challenges. External PT/Security is important, but internal security testing is also important to check if the network gets compromised, then what can be maximum impact in system. Lets go straight to internal security testing checklist Gather Information and Footprinting exercise Do network assessments Scan for ports and services Find out dangerous services running Perform credential VA to find critical challenges Scan for malwares and trojans using specific plugin ids Identify password related challenges in VA Specially search scan results to find root credentials, admin credentials, blank passwords, passwords never expire, default passwords Find out where audit trails not enabled Specially target DB servers for password violations Try password cracking using any dictionary  or hybrid attacks and if allowed go for brute force attacks Do firewall analysis to check for ports allowed  Check

Application Security - The big loophole

Application Security  is a big loophole specially in terms of developing an application. In today's context many applications are pure codes taken from GIT HUB and pushed to production with little or no code change, except some naming conventions to reflect the business names. Developers are in a hurry to get the production business running, assuming hackers will not steal data as law does not permit the same. In digitization, even it is impossible to identify possible data breaches. It's all in a state of mind, that we are secure, till hackers hits us. Whitehats can secure you, with continuous scans and best part is, we hack in an ethical way.