Category: Forensics Weekly Executive Summmaries

Writing a Basic Port Scanner in Python

INTRODUCTION Port Scanning is the art of looking for open ports on a host or system. When you visit a website, you are allowing information to traverse through a port. In this case port 80 (http) or 443 (https). In addition to the above case, we have SSH (port 22), FTP (port 21), DNS (port […]

Metamorfo Banking Trojan Reappears to Steal your Credentials with Keylogger.

What is it? Banking Trojan  Dubbed as? Metamorfo Introduction: According to Threatpost, Metamorfo, a banking trojan malware known for targeting Brazilian companies back in 2018 is now expanding to other countries, and is targeting online banking users across the world. This includes countries like the United States, Canada, Peru, Chile, Brazil, Spain, Mexico, and Ecuador. […]

Escaping Metasploit – vsFTPd 2.3.4

Introduction Metasploit is a fantastic tool, whether it is out in the field or through learning the ropes of exploitation. Its streamlined process of well-known exploitation methods eases the burden of pentesters, cutting exploitation from 30-minute affairs to five minutes. However, in doing so many beginners who overly rely upon Metasploit lose critical foundational skills […]

Smash The Stack: An Introduction

Part 1 Prerequisites: Virtual Machine This Document will use Kali Linux (2019.1) Visual Studio Code will be used, feel free to use VIM URLS Kali Linux (torrent, VMWare): https://images.offensive-security.com/virtual-images/kali-linux-2019.1-vm-amd64.7z.torrent Visual Studio Code: https://go.microsoft.com/fwlink/?LinkID=760868 HASHES (SHA256) Kali Linux (VMWare): e4c6999edccf27f97d4d014cdc66950b8b4148948abe8bb3a2c30bbc0915e95a VS Code: c492f27036cb499b5c962e9ac89e1438c78af88bd26d01b851c54d5ba192f730 INTRODUCTION: Buffer Overflows have been the bane of cyber security for more than […]

Forensics Summary for Week of February 9, 2018

Stealthy Magnetic Fields Able to Exfiltrate Data Through Faraday Cages Malware Name: MAGNETO (PoC) and ODINI (PoC) Researchers at Ben-Gurion of the Negev Cyber Security Research Center in Israel have published a report showing that magnetic fields can be used to exfiltrate data from an air-gapped computer containing certain malware. They developed two proof-of-concept (PoC) […]

Weekly Executive Summary for Week November 24, 2017

Blocking Phase: The final phase in the ORB application uses a python library called python-iptables. Iptables is a tool used to manage netfilter, which is used for packet filtering and manipulation in Linux. Rules are created and packets are matched based on their contents and actions are taken based on these rules.   Source: n0where Every […]

Weekly Executive Summary for Week November 17, 2017

Monitoring Phase: Socket: Python library used for Low-level networking interfaces. The socket library is used to open a raw socket and sniff network traffic on the network. Once network packets and headers are captured, struct, another python library is used to format and interpret the byte code that TCP and UDP packets are stored as. […]

Weekly Executive Summary for Week November 10, 2017

Scanning Phase: Netdisco: Python 3 library is used to discover local devices and services. This library is used to power Home Assistant; which is an open-source home automation platform that is used to track and control all Internet of Things (IoT) devices at home and automate certain controls. [cc lang=”python” width=”100%” tab_size=”4″] import time from […]

Weekly Executive Summary for Week November 02, 2017

What has it been dubbed? REMCOS | Remote Control & Surveillance Software     What does it do? According to researchers at Fortinet and The New Jersey Cybersecurity & Communications Integration Cell (NJCCIC), Remote Control & Surveillance Software (REMCOS) Remote Administration Tool (RAT) was first discovered being sold in hacking forums in the second half […]

Taking advantage of the 4-way handshake

What is the 4-way handshake? The 4-way handshake is an amendment to the original 802.11 standard to address security problems in WEP, which was implemented as Wi-Fi Protected Access II (WPA2). Method designed so that an access point (AP) or authenticator, and a wireless client or supplicant can individually prove that each other know the […]