Archive | February, 2015

Google Expands Pwnium Year Round With Infinite Bounty

Use Netsparker


There are various bug bounty programs, with Google being one of the forerunners in the field – Twitter was late to the party just joining in September 2014.

The latest development is that Google is stopping the annual Pwnium hack fest aimed at the Chromium project to stop bug hoarding, which makes Pwnium essentially a never ending hack-fest that anyone can submit to at any time.

Google Expands Pwnium Year Round With Infinite Bounty

Which makes sense for Google really, they get the bugs faster – with the chances that multiple people have spotted the same bugs (including the blackhat market), the sooner they fix stuff the better.

Google is vastly expanding its popular annual Pwnium hack fest, by allowing hackers to vie try for limitless amounts of cash every day of the year. The contest was previously held once a year at the CanSecWest conference in Canada, with millions in cash on offer to hackers who can take the shine off its Chromium project.

The Choc factory now wants hackers to submit their bad bugs and exploit code as soon as it surfaces, rather than hold it off for the one-day event. Chrome security hacker philanthropist Tim Willis says the “never-ending Pwnium” will cut down barriers for entry and incentives for bug hoarding.

“We’ve received some great entries over the years, but it’s time for something bigger,” Willis says. “Starting today, Pwnium will change its scope significantly, from a single-day competition held once a year at a security conference to a year round, worldwide opportunity for security researchers.


It seems like Google is willing to invest quite a lot of money in this, and the security of the browser. Also they’re probably banking on the fact most of the major bugs have already been found and paid out on – so they shouldn’t take too much of a hit.

And they can pay out over the year, rather than all on one day. Hey who am I kidding, they have more money than the GDP of many small countires – this is nothing to them.

“For those who are interested in what this means for the Pwnium rewards pool, we crunched the numbers and the results are in: it now goes all the way up to $∞ million.”

That infinity million was grounded by the top reward for any one bug being US$50,000, the lowest offering US$500. He says hackers with “Pwnium-quality” bug chains would likely hoard the report to claim a cash reward at the risk that code changes may require them to rework their efforts. Hackers too requested that they be able to report whenever they like through the Chrome Vulnerability Reward Program, Willis said.

Willis did not specifically rule out the one day CanSecWest contest although it appeared likely.

The infinite dollars is not for one bug though, it’s a theoretical amount if you discovered infinite different bugs in Chrome, you could get that much (with a cap at $50,000 maximum bounty for each single bug).

With the lowest being $500, that means for a mid-range bug you could be looking at a decent sum of money, worth a crack if it’s up your street skillset wise.

Source: The Register

Posted in: Exploits/Vulnerabilities

Topic: Exploits/Vulnerabilities


Latest Posts:


Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.


VScan – Open Source Vulnerability Management System

The New Acunetix V12 Engine


VScan is an open source Vulnerability Management System designed to make it easier for an organization to track vulnerability resolution and ensure anything found in their infrastructure is fixed.

VScan was created as after a vulnerability assessment it can sometimes be difficult to track the implementation of a security improvement program, so this tool can help you measure your progress and simplify the process of fixing any problems found.

VScan - Open Source Vulnerability Management System

Basically what you want to know is, how many vulnerabilities did we have before? And how many do we have now?

So that’s where VScan comes in, basically it’s a web front end for Nessus (or whatever else you want to plug in on the back end) and gives you scanning capabilities to online commercial scanners like Acunetix Online Vulnerability Scanner, with the ability to omit (false positives) or recheck issues after they’ve been fixed.

You can download VScan here:

VScan-BH_Arsenal.tar.gz

Or read more here.

Posted in: Countermeasures, Security Software

Topic: Countermeasures, Security Software


Latest Posts:


Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.


Windows Credentials Editor (WCE) – List, Add & Change Logon Sessions

The New Acunetix V12 Engine


Windows Credentials Editor (WCE) is a security tool to list logon sessions and add, change, list and delete associated credentials (ex.: LM/NT hashes, plaintext passwords and Kerberos tickets).

This tool can be used, for example, to perform pass-the-hash on Windows, obtain NT/LM hashes from memory (from interactive logons, services, remote desktop connections, etc.), obtain Kerberos tickets and reuse them in other Windows or Unix systems and dump cleartext passwords entered by users at logon.

Windows Credentials Editor (WCE) - List, Add & Change Logon Sessions

WCE is a security tool widely used by security professionals to assess the security of Windows networks via Penetration Testing. It supports Windows XP, 2003, Vista, 7, 2008 and Windows 8.

Features

  • Perform Pass-the-Hash on Windows
  • ‘Steal’ NTLM credentials from memory (with and without code injection)
  • ‘Steal’ Kerberos Tickets from Windows machines
  • Use the ‘stolen’ kerberos Tickets on other Windows or Unix machines to gain access to systems and services
  • Dump cleartext passwords stored by Windows authentication packages

WCE is aimed at security professionals and penetration testers. It is basically a post-exploitation tool to ‘steal’ and reuse NTLM hashes, Kerberos tickets and plaintext passwords which can then be used to compromise other machines. Under certain circumstances, WCE can allow you to compromise the whole Windows domain after compromising only one server or workstation.

You can download WCE here:

WCE v1.42beta (32-bit)
WCE v1.42beta (64-bit)

Or read more here.

Posted in: Hacking Tools, Password Cracking, Windows Hacking

Topic: Hacking Tools, Password Cracking, Windows Hacking


Latest Posts:


Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.


Facebook Launches ThreatExchange – Security Clearinghouse API

Use Netsparker


So Facebook has launched ThreatExchange, a social network for information security intelligence and cyberthreat sharing, how apt. They have signed up some fairly heavyweight partners from the get go with Bitly, Dropbox, Pinterest, Tumblr, Twitter and Yahoo! being involved initially.

With those kind of names, it’s a sure bet more people will jump on the bandwagon fairly shortly.

Facebook Launches ThreatExchange - Security Clearinghouse API

So yah, it’s gonna be successful – but is it going to be useful? ThreatExchange is an application programming interface that builds on Facebook’s internal threat system called ThreatData – which is basically a social system to share bad URLs and dangerous domains.

Facebook is teaming up with other big names on the interwebs to create a security information sharing portal, dubbed ThreatExchange*, which went live on Wednesday.

ThreatExchange is billed as a platform that enables security professionals to “share threat information more easily, learn from each other’s discoveries, and make their own systems safer”.

Facebook said that it’s built in a set of privacy controls so that “participants can help protect any sensitive data by specifying who can see the threat information they contribute.”

Threats like malware, spam and phishing typically go after multiple targets. Sharing threat intelligence improves collective defence against the bad guys, who are already collaborating, the argument goes.

The US Cyber Intelligence Sharing and Protection Act (CISPA), which allows private companies to share customer information with the NSA and others in the name of cybersecurity, has repeatedly failed to clear legislative hurdles.

Under that latest attempt to revive the proposed law, announced by President Obama last month, corporations and government would be obliged to share information about possible computer security vulnerabilities in order to make everyone more secure. The idea sounds like a winner but the problem is that organisations taking part will also pass on customer information to law enforcement, after taking “reasonable” steps to anonymise it. In return, they get threat intelligence from the Feds about the attack landscape.


Collaboration does work tho and with one of the biggest online entities leading it, the amount of data that this exercise should yield will be fairly impressive. What they’ve build is an API on top of ThreatData basically which allows access to the data in the system, and probably allows you to feed in bad URLs as well.

Business wise, should they giving this data away for free? Why not I say.

Privacy activists are dead against the idea, partly because experience has shown it’s very difficult to anonymise data in practice, as well as because of more general fears that information sharing represents another way for the NSA to hoover up yet more data into its vast data centre.

Groups like the Electronic Frontiers Foundation advocate use of information sharing hubs as an alternative. Facebook’s social network for threat sharing fits into that mould, when viewed from a charitable perspective. On the other hand, Facebook has a long history of shifting its privacy goalposts, at least with information supplied by consumers – and this makes the social network a mite difficult to trust.

Head honcho Mark Zuckerberg famously labelled early Facebookers “dumb fucks” for sharing their personal info on his network – which, let’s not forget, exists to allow its customers (i.e. advertisers) to sling better-targeted adverts at consumers.

Maybe Facebook is coming at ThreatExchange from a different angle. In fairness, other web 2.0 firms have already been convinced to collaborate with Facebook on ThreatExchange.

Early partners for ThreatExchange include Bit.ly, Dropbox, Pinterest, Tumblr, Twitter, and Yahoo. Facebook said that it expect new partners to jump on board as the platform grows. Information sharing has been going on in an ad-hoc basis in certain industries, particularly banking, for many years. Yet sharing e-mail and spreadsheets is too ad-hoc and inconsistent. It’s difficult to verify threats, to standardise formats, and for each company to protect its sensitive data. Commercial options can be expensive and many open standards require additional infrastructure, according to Facebook.

Facebook aims to plug the gap in existing approaches with builds on its internal ThreatData system to create a social platform designed for sharing indicators such as bad URLs and domains. Facebook is at pains to emphasise that it’s really serious about privacy, at least when it comes to the operation of ThreatExchange.

For the majority of netizens, this is good stuff – who doesn’t want to see less spam on Facebook and have malware threats auto-squashed? It’s a pretty healthy move for the Internet in general. I’m just interesting to see if anything else is going to spin off from this.

From the sign-up page, it seems like there’s an option to publish/push your own threat feed into ThreatExchange as well (hence the Exchange name I guess) so it’ll be interesting to see what happens from here on in.

Source: The Register

Posted in: Countermeasures, Security Software

Topic: Countermeasures, Security Software


Latest Posts:


Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.


Droopescan – Plugin Based CMS Security Scanner

Use Netsparker


Droopescan is a plugin-based CMS security scanner that that will help you with identifying issues with several CMSs, mainly Drupal & Silverstripe.

Droopescan aims to be the most accurate by default, while not overloading the target server due to excessive concurrent requests. Due to this, by default, a large number of requests will be made with four threads; change these settings by using the –number and –threads arguments respectively.

Droopescan - Plugin Based CMS Security Scanner

There are various other tools which perform similar functions such as CMS identification and issue detection:

WhatWeb – Identify CMS, Blogging Platform, Stats Packages & More
BlindElephant – Web Application Fingerprinter
wig – WebApp Information Gatherer – Identify CMS
Web-Sorrow v1.48 – Version Detection, CMS Identification & Enumeration
Wappalyzer – Web Technology Identifier (Identify CMS, JavaScript etc.)
WPScan – WordPress Security/Vulnerability Scanner

Droopescan is able to perform four kinds of tests:

  • Plugin checks: Performs several thousand HTTP requests and returns a listing of all plugins found to be installed in the target host.
  • Theme checks: As above, but for themes.
  • Version checks: Downloads several files and, based on the checksums of these files, returns a list of all possible versions.
  • Interesting url checks: Checks for interesting urls (admin panels, readme files, etc.)

Installation

Installation is easy using pip:

Manual installation is as follows:

The master branch corresponds to the latest release (what is in pypi). Development branch is unstable and all pull requests must be made against it.

You can download Droopescan following the instructions above or read more here.

Posted in: Hacking Tools, Web Hacking

Topic: Hacking Tools, Web Hacking


Latest Posts:


Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.


Anthem Hacked – US Health Insurance Provider Leaks 70 Million Records

The New Acunetix V12 Engine


Anthem Hacked! Everyone is screaming, I was like WTF is Anthem? Turns out it’s part of the 2nd largest health insurance provider in the US (Wellpoint) after United Healthcare – so it’s a pretty big deal with an estimated 70 Million people on its books.

Anthem Hacked - US Healthcare Provider Leaks Millions of Records

Of course according to them, “Anthem was the target of a very sophisticated external cyber attack” – yah, probably just a phishing e-mail or something right?

Hackers have invaded the servers of Anthem, a health insurer used by tens of millions of Americans, and stolen social security numbers, employment records, personal contact details and more. A veritable treasure trove for identity thieves.

Anthem, the US’s second biggest health insurer with about 70 million people on its books across the country, admitted late on Wednesday, Pacific time, that it has been comprehensively ransacked by criminals. Tens of millions of records are likely to have been obtained illegally as a result of the hack, Anthem warned.

If your plan is branded Anthem Blue Cross; Anthem Blue Cross and Blue Shield; Blue Cross and Blue Shield of Georgia; Empire Blue Cross and Blue Shield; Amerigroup; Caremore; Unicare; Healthlink; or DeCare, you are at risk – your data may have been taken by thieves.

Former Anthem customers are just as affected, we’re told. Jackpot.

The health giant, based in Indianapolis, has hired infosec biz Mandiant to work out which customers have had their files accessed. According to this official FAQ, “no diagnosis or treatment data was exposed” nor any credit card information.

It is not clear when the company’s databases were infiltrated nor precisely when the compromise was detected – just that it was discovered some time last week. Staff with high-level access to the IT systems have had their passwords reset, and those using single-factor authentication locked out, we’re told.

People whose records were slurped by the hackers will be warned by mail in the following days. Anthem is offering free credit and identity-theft monitoring cover to those hit by the network security breach.


If the statement by Anthem is true though, it’s not THAT bad for them as they haven’t lost any payment details (credit card numbers etc.) or any medical records. But identity theft wise it’s quite bad as they’ve lost names, social security numbers, addresses, contact details and so on.

As usual there’s no details on what actually went down, was this really a hack? Database compromise? Deep system access? Or access via vendor, or disgruntled employee? Not sure if we’ll ever get to learn more – but it’s happened.

As yet, no one is saying publicly who is behind the attack nor how they managed to infiltrate Anthem’s networks. The insurer says it is “doing everything it can to ensure there is no further vulnerability to its database warehouses.”

Register staff are among those at risk: Anthem Blue Cross is our healthcare insurer in California. Tonight, we received this email from Anthem CEO Joseph Swedish:

Anthem Blue Cross was the target of a very sophisticated external cyber attack. These attackers gained unauthorized access to Anthem’s IT system and have obtained personal information from our current and former members such as their names, birthdays, medical IDs/social security numbers, street addresses, email addresses and employment information, including income data.

Based on what we know now, there is no evidence that credit card or medical information (such as claims, test results or diagnostic codes) were targeted or compromised.

“Anthem’s own associates’ personal information – including my own – was accessed during this security breach. We join you in your concern and frustration, and I assure you that we are working around the clock to do everything we can to further secure your data,” the chief exec added.

“I want to personally apologize to each of you for what has happened, as I know you expect us to protect your information.”

Indeed we did. Popping a huge healthcare insurer was only a matter of time: the data will be worth a pretty penny, and all of it sitting there, conveniently in one place, just waiting to be seized.

They have set up a dedicated website http://www.anthemfacts.com/ (that doesn’t even have a TITLE tag..) for some info or call 1-877-263-7995 – the FBI is already investigating. Maybe it was the Koreans?

We shall keep our ears open for developments on this as it’s a BIG leak – it’d be great to get some technical details of what went down.

Source: The Register

Posted in: Privacy, Web Hacking

Topic: Privacy, Web Hacking


Latest Posts:


Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.