Category: Forensics Weekly Executive Summmaries

Writing a Basic Port Scanner in Python

(By: Guy Nguyen-Phuoc on October 16, 2020) INTRODUCTION Port Scanning is the art of looking for open ports on a host or system. When you visit a website, you are allowing information to traverse through a port. In this case port 80 (http) or 443 (https). In addition to the above case, we have SSH […]

Metamorfo Banking Trojan Reappears to Steal your Credentials with Keylogger.

What is it? Banking Trojan  Dubbed as? Metamorfo Introduction: According to Threatpost, Metamorfo, a banking trojan malware known for targeting Brazilian companies back in 2018 is now expanding to other countries, and is targeting online banking users across the world. This includes countries like the United States, Canada, Peru, Chile, Brazil, Spain, Mexico, and Ecuador. […]

Escaping Metasploit – vsFTPd 2.3.4

(By: Guy Nguyen-Phuoc on Apr 19, 2019) Introduction Metasploit is a fantastic tool, whether it is out in the field or through learning the ropes of exploitation. Its streamlined process of well-known exploitation methods eases the burden of pentesters, cutting exploitation from 30-minute affairs to five minutes. However, in doing so many beginners who overly […]

Smash The Stack: An Introduction

(By: Guy Nguyen-Phuoc on March 13, 2019) INTRODUCTION: Buffer Overflows have been the bane of cyber security for more than 45 years. With no sign of stopping, fledgling security researchers should be familiar with the concept. However, concepts such as: a Stack, Buffer, and Memory Addresses might be lacking when most guides simply show how […]

Forensics Summary for Week of February 9, 2018

Stealthy Magnetic Fields Able to Exfiltrate Data Through Faraday Cages Malware Name: MAGNETO (PoC) and ODINI (PoC) Researchers at Ben-Gurion of the Negev Cyber Security Research Center in Israel have published a report showing that magnetic fields can be used to exfiltrate data from an air-gapped computer containing certain malware. They developed two proof-of-concept (PoC) […]

Weekly Executive Summary for Week November 24, 2017

Blocking Phase: The final phase in the ORB application uses a python library called python-iptables. Iptables is a tool used to manage netfilter, which is used for packet filtering and manipulation in Linux. Rules are created and packets are matched based on their contents and actions are taken based on these rules.   Source: n0where Every […]

Weekly Executive Summary for Week November 17, 2017

Monitoring Phase: Socket: Python library used for Low-level networking interfaces. The socket library is used to open a raw socket and sniff network traffic on the network. Once network packets and headers are captured, struct, another python library is used to format and interpret the byte code that TCP and UDP packets are stored as. […]

Weekly Executive Summary for Week November 10, 2017

Scanning Phase: Netdisco: Python 3 library is used to discover local devices and services. This library is used to power Home Assistant; which is an open-source home automation platform that is used to track and control all Internet of Things (IoT) devices at home and automate certain controls. [cc lang=”python” width=”100%” tab_size=”4″] import time from […]

Weekly Executive Summary for Week November 02, 2017

What has it been dubbed? REMCOS | Remote Control & Surveillance Software     What does it do? According to researchers at Fortinet and The New Jersey Cybersecurity & Communications Integration Cell (NJCCIC), Remote Control & Surveillance Software (REMCOS) Remote Administration Tool (RAT) was first discovered being sold in hacking forums in the second half […]

Taking advantage of the 4-way handshake

What is the 4-way handshake? The 4-way handshake is an amendment to the original 802.11 standard to address security problems in WEP, which was implemented as Wi-Fi Protected Access II (WPA2). Method designed so that an access point (AP) or authenticator, and a wireless client or supplicant can individually prove that each other know the […]