Offensive Operating Against SysMon, Carlos Perez – Paul’s Security Weekly #577

Carlos Perez delivers the Technical Segment on How to Operate Offensively Against Sysmon. He talks about how SysMon allows him to create rules, and track specific types of tradecraft, around process creation and process termination. He dives into network connection, driver loading, image loading, creation of remote threats, and more! Full Show NotesVisit our website: […]
The post Offensive Operating Against SysMon, Carlos Perez – Paul’s Security Weekly #577 appeared first on Security Weekly.

Link: http://feedproxy.google.com/~r/securityweekly/Lviv/~3/ZcUh9FtxQUc/

How to Recover from a Hacked Website Event?

Any fellow webmaster you may ask who is beyond…

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

Link: http://feedproxy.google.com/~r/ehacking/~3/Kw-EjSXTHXg/how-to-recover-from-hacked-website-event.html

Parrot Security 4.2.2 – Security GNU/Linux Distribution Designed with Cloud Pentesting and IoT Security in Mind

Updated kernel and core packagesParrot 4.2 is powered by the latest Linux 4.18 debianized kernel with all the usual wireless patches.A new version of the Debian-Installer now powers our netinstall images and the standard Parrot images.Firmware packages were updated to add broader hardware support, including wireless devices and AMD vega graphics.AppArmor and Firejail profiles were adjusted to offer a good compromise of security and usability for most of the desktop and CLI applications and services.Important destkop updatesParrot 4.2 now provides the latest libreoffice 6.1 release, Firefox 62 and many other important updates.Desktop users will also find useful the inclusion of default .vimrc and .emacs config files with syntax highlight and line number columns.Important tools updatesArmitage was finally updated and fixed, and the “missing RHOSTS error” was fixed.We also imported the latest Metasploit 4.17.11 version. Wireshark 2.6, hashcat 4.2, edb-debugger 1.0 and many many other updated tools.New documentation portalThe new documentation portal can be visited here https://www.parrotsec.org/docs. feel free to contribute and expand the documentation by sending a push request on https://dev.parrotsec.org/parrot/documentation.Download Parrot Security 4.2.2

Link: http://feedproxy.google.com/~r/PentestTools/~3/WPraQ7XFZiU/parrot-security-422-security-gnulinux.html

Spykeyboard – Keylogger Which Sends Us The Data To Our Gmail

This is a script which allows us to generate an undetectable keylogger which sends the captured keys to our gmail mail. Once we generated our keylogger in our kali linux we would have to pass the .py file to a windows machine to convert it to an .exe. The tool is under development.Install module in linux and windows:pip install keyboardCompile to .exeDownload Spykeyboard

Link: http://feedproxy.google.com/~r/PentestTools/~3/Tx81M3bygOo/spykeyboard-keylogger-which-sends-us.html

Rootstealer – X11 Trick To Inject Commands On Root Terminal

This is simple example of new attack that using X11. Program to detect when linux user opens terminal with root and inject intrusive commands in terminal with X11 lib.Video of Proof of conceptThe proposal of this video is use the tool rootstealer to spy all gui windows interactions and inject commands only in root terminal. This approach is util when attacker need to send a malicious program to prove that user is vulnerable to social engineering. Force root command in terminal with lib X11 is a exotic way to show the diversity of weak points.Install# apt-get install libX11-dev libxtst-dev# cd rootstealer/sendkeys; Edit file rootstealer/cmd.cfg and write your command to inject.Now you can take that following:# make; cd .. #to back to path rootstealer/ # pip intall gior# pip install girRun the python script to spy all windows gui and search window with “[email protected]" string in title.$ python rootstealer.py &Note: If you prefers uses full C code… to use simple binary purposes… you can uses rootstealer.c$ sudo apt-get install libwnck-dev$ gcc -o rootstealer rootstealer.c `pkg-config –cflags –libs libwnck-1.0` -DWNCK_I_KNOW_THIS_IS_UNSTABLE -DWNCK_COMPILATION$ ./rootstealer &Done, look the video demo, rootstealer force commands only on root terminal…MitigationDon’t trust in anyone. https://www.esecurityplanet.com/views/article.php/3908881/9-Best-Defenses-Against-Social-Engineering-Attacks.htmAlways when you enter by root user, change window title:# gnome-terminal –title="SOME TITLE HERE"This simple action can prevent this attack.TestsTested on Xubuntu 16.04Download Rootstealer

Link: http://feedproxy.google.com/~r/PentestTools/~3/-M-T8gOTCIc/rootstealer-x11-trick-to-inject.html

PXE Boot Attacks – Tradecraft Security Weekly #27

Network administrators often utilize Pre-boot Execution Environment (PXE) to rapidly deploy new systems on a network easily. Golden system images can be created with all the software and settings already in place for new systems. In this episode of Tradecraft Security Weekly Beau Bullock (@dafthack) discusses some of the potential attack vectors surrounding PXE boot […]
The post PXE Boot Attacks – Tradecraft Security Weekly #27 appeared first on Security Weekly.

Link: http://feedproxy.google.com/~r/securityweekly/Lviv/~3/OpK71gbmKRk/

OSINT & External Recon Pt. 2: Contact Discovery – Tradecraft Security Weekly #26

During the reconnaissance phase of a penetration test being able to discover employee names and email addresses of an organization is extremely important. It is also important to do so as stealthily as possible. Using open-source techniques and tools it is possible to enumerate employee names and email addresses at an organization. In this episode […]
The post OSINT & External Recon Pt. 2: Contact Discovery – Tradecraft Security Weekly #26 appeared first on Security Weekly.

Link: http://feedproxy.google.com/~r/securityweekly/Lviv/~3/7sBjsWQHGms/