Archive | August, 2015

Tiger – Unix Security Audit & Intrusion Detection Tool


Tiger is a Unix security audit tool that can be use both for auditing and as an intrusion detection system. It supports multiple Unix platforms and it is free and provided under a GPL license. Unlike other tools, Tiger needs only POSIX tools and is written entirely in shell language.

Tiger has some interesting features that merit its resurrection, including a modular design that is easy to expand, and its double edge, it can be used as an audit tool and a host intrusion detection system tool.

Tiger - Unix Security Audit & Intrusion Detection Tool

Free Software intrusion detection is currently going many ways, from network IDS (with Snort), to the kernel (LIDS, or SNARE for Linux and Systrace for OpenBSD, for example), not mentioning file integrity checkers (many of these: aide, integrit, samhain, tripwire…) and logcheckers (even more of these, check the Log Analysis pages). But few of them focus on the host-side of intrusion detection fully.

Tiger complements these tools and also provides a framework in which all of them can work together. Tiger is not a logchecker, nor it focused in integrity analysis. It does “the other stuff”, it checks the system configuration and status. Read the manpage for a full description of checks implemented in Tiger. A good example of what Tiger can do is, for example, check_findeleted, a module that can determine which network servers running in a system are using deleted files (because libraries were patched during an upgrade but the server’s services not restarted).


There are other similar tools, but most of them focus on privilege escalation:

LinEnum – Linux Enumeration & Privilege Escalation Tool
Lynis v1.6.0 Released For Download – Linux Security Auditing Tool
unix-privesc-check – Unix/Linux User Privilege Escalation Scanner

You can download Tiger here:

tiger-3.2.3.tar.gz

Or read more here.

Posted in: Countermeasures, Linux Hacking, Security Software

Topic: Countermeasures, Linux Hacking, Security Software


Latest Posts:


truffleHog - Search Git for High Entropy Strings with Commit History truffleHog – Search Git for High Entropy Strings with Commit History
truffleHog is a Python-based tool to search Git for high entropy strings, digging deep into commit history and branches. This is effective at finding secrets accidentally committed.
AIEngine - AI-driven Network Intrusion Detection System AIEngine – AI-driven Network Intrusion Detection System
AIEngine is a next-generation interactive/programmable Python/Ruby/Java/Lua and Go AI-driven Network Intrusion Detection System engine with many capabilities.
Sooty - SOC Analyst All-In-One CLI Tool Sooty – SOC Analyst All-In-One CLI Tool
Sooty is a tool developed with the task of aiding a SOC analyst to automate parts of their workflow and speed up their process.
UBoat - Proof Of Concept PoC HTTP Botnet Project UBoat – Proof Of Concept PoC HTTP Botnet Project
UBoat is a PoC HTTP Botnet designed to replicate a full weaponised commercial botnet like the famous large scale infectors Festi, Grum, Zeus and SpyEye.
LambdaGuard - AWS Lambda Serverless Security Scanner LambdaGuard – AWS Lambda Serverless Security Scanner
LambdaGuard is a tool which allows you to visualise and audit the security of your serverless assets, an open-source AWS Lambda Serverless Security Scanner.
exe2powershell - Convert EXE to BAT Files exe2powershell – Convert EXE to BAT Files
exe2powershell is used to convert EXE to BAT files, the previously well known tool for this was exe2bat, this is a version for modern Windows.


Windows 10 Privacy – Just Installed? Read This


So no big surprise here but there’s some issues with the default settings in regards to Windows 10 Privacy, if you run through the express install without customizing settings the defaults a little suspect.

Windows 10 Privacy - Just Installed? Read This

A lot of Windows 7 and Windows 8 users have already opted in to the automatic (and free) upgrade to the latest operating system from Microsoft – Windows 10, so I would imagine this effects a lot of people.

Here’s a quick FYI: if you installed Windows 10, and in a rush to try out Microsoft’s new operating system, you clicked through the default settings without looking, you may want to look again.

If you value your privacy, or have a distrust of Microsoft, you probably want to make sure some or all of the settings are flipped to off. These include things like sending “typing and inking” data to Microsoft’s servers, and letting apps identify you by your unique advertising ID number.

Your physical whereabouts and your web browser history, plus your contacts and calendar records, are also phoned home to Redmond. Your PC will even let other computers download updates from it, and potentially share your Wi-Fi network with strangers.

There’s a handy guide to the settings you need to look out for during the install and afterwards. On an installed system, find the Settings app and select Privacy to see all the controls.

You probably want to turn Cortana off, unless you find it really useful, and don’t forget to opt-out of personalized ads (more info here).

Some of the features, which are on by default, have their uses: for example, SmartScreen is supposed to stop you from downloading malware or visiting websites known to be infecting PCs, assuming you’re using Internet Explorer and apps from the Windows Store. And sending odd-looking executable files to Windows Defender so they can be scanned for malware improves security for everyone using Windows 10.


So yah, no surprise it’s phoning home to Redmond – but the amount of data shared might be more than you are comfortable with, especially coming from Windows 7 (which doesn’t really share anything). I can’t say I’m familiar enough with Windows 8 to comment on its privacy settings or issues.

Here’s the guide to the settings and how to protect yourself – https://fix10.isleaked.com/

But the company tells the press: “Windows does not collect personal information without your consent. To effectively provide Windows as a service, Microsoft gathers some performance, diagnostic and usage information that helps keep Windows and apps running properly. Microsoft uses this information to identify problems and develop fixes.”

Yes, these are interesting features – perhaps even useful. It would be fantastic, though, if there was more information upfront about the services before we decide to enable them, as opposed to forcing them on us and hoping we won’t notice or care. We’re all adults, and we know what it feels like when someone is trying to pull a fast one on us.

And Windows 10 feels like it’s trying to pull a fast one on a lot of us.

Before the Microsoft apologists get too upset, there are similar defaults in OS X and some flavors of Linux. Google Android and Chrome are also pretty aggressive with your data. It always pays to check the default settings.

As mentioned, it’s also not super uncommon and we reported on the Mac OS X Yosemite Spotlight Privacy issue before, Chrome, Android and certain versions of Linux also phone a fair amount of data home.

As always, check the defaults and ensure you choose the settings that protect you to a degree you’re comfortable with.

Source: The Register

Posted in: Privacy

Topic: Privacy


Latest Posts:


truffleHog - Search Git for High Entropy Strings with Commit History truffleHog – Search Git for High Entropy Strings with Commit History
truffleHog is a Python-based tool to search Git for high entropy strings, digging deep into commit history and branches. This is effective at finding secrets accidentally committed.
AIEngine - AI-driven Network Intrusion Detection System AIEngine – AI-driven Network Intrusion Detection System
AIEngine is a next-generation interactive/programmable Python/Ruby/Java/Lua and Go AI-driven Network Intrusion Detection System engine with many capabilities.
Sooty - SOC Analyst All-In-One CLI Tool Sooty – SOC Analyst All-In-One CLI Tool
Sooty is a tool developed with the task of aiding a SOC analyst to automate parts of their workflow and speed up their process.
UBoat - Proof Of Concept PoC HTTP Botnet Project UBoat – Proof Of Concept PoC HTTP Botnet Project
UBoat is a PoC HTTP Botnet designed to replicate a full weaponised commercial botnet like the famous large scale infectors Festi, Grum, Zeus and SpyEye.
LambdaGuard - AWS Lambda Serverless Security Scanner LambdaGuard – AWS Lambda Serverless Security Scanner
LambdaGuard is a tool which allows you to visualise and audit the security of your serverless assets, an open-source AWS Lambda Serverless Security Scanner.
exe2powershell - Convert EXE to BAT Files exe2powershell – Convert EXE to BAT Files
exe2powershell is used to convert EXE to BAT files, the previously well known tool for this was exe2bat, this is a version for modern Windows.


FruityWifi – Wireless Network Auditing Tool


FruityWifi is an open source wireless network auditing tool, it allows the user to deploy advanced attacks by directly using the web interface or by sending messages to it. Initially, the application was created to be used with the Raspberry-Pi, but it can be installed on any Debian based system.

FruityWifi - Wireless Network Auditing Tool


Tested in Debian, Kali Linux, Kali Linux ARM (Raspberry Pi), Raspbian (Raspberry Pi), Pwnpi (Raspberry Pi), Bugtraq.

What Does FruityWifi Wifi Audit Tool do?

With the new version, it is possible to install external modules. This functionality gives the user more flexibility and the FruityWifi can be customized. The modules can be added or removed anytime using the online repository.

Now it is possible to use FruityWifi combining multiple networks and setups:

  • Ethernet <--> Ethernet,
  • Ethernet <--> 3G/4G,
  • Ethernet <--> Wifi,
  • Wifi <--> Wifi,
  • Wifi <--> 3G/4G, etc.

Within the new options on the control panel, we can change the AP mode between Hostapd or Airmon-ng allowing to use more chipsets like Realtek.

It is possible to customize each one of the network interfaces which allows the user to keep the current setup or change it completely. It also has a new interface, new modules, Realtek chipsets support, Mobile Broadband (3G/4G) support, a new control panel, and more.

FruityWifi Wifi Audit Tool Modules


FruityWifi is based on modules making it more flexible. These modules can be installed from the control panel to provide FruityWifi with new functionalities.

  • Hostapd Karma
  • URLsnarf
  • DNSspoof
  • Kismet
  • Squid (code injection capabilities)
  • SSLstrip (code injection capabilities)
  • nmap
  • mdk3
  • ngrep
  • Captive Portal
  • Nessus
  • Ettercap
  • Tcpdump
  • AutoSSH
  • Supplicant
  • 3G/4G

You can download FruityWifi here:

FruityWifi-v2.4.zip

Or read more here.

Posted in: Wireless Hacking

Topic: Wireless Hacking


Latest Posts:


truffleHog - Search Git for High Entropy Strings with Commit History truffleHog – Search Git for High Entropy Strings with Commit History
truffleHog is a Python-based tool to search Git for high entropy strings, digging deep into commit history and branches. This is effective at finding secrets accidentally committed.
AIEngine - AI-driven Network Intrusion Detection System AIEngine – AI-driven Network Intrusion Detection System
AIEngine is a next-generation interactive/programmable Python/Ruby/Java/Lua and Go AI-driven Network Intrusion Detection System engine with many capabilities.
Sooty - SOC Analyst All-In-One CLI Tool Sooty – SOC Analyst All-In-One CLI Tool
Sooty is a tool developed with the task of aiding a SOC analyst to automate parts of their workflow and speed up their process.
UBoat - Proof Of Concept PoC HTTP Botnet Project UBoat – Proof Of Concept PoC HTTP Botnet Project
UBoat is a PoC HTTP Botnet designed to replicate a full weaponised commercial botnet like the famous large scale infectors Festi, Grum, Zeus and SpyEye.
LambdaGuard - AWS Lambda Serverless Security Scanner LambdaGuard – AWS Lambda Serverless Security Scanner
LambdaGuard is a tool which allows you to visualise and audit the security of your serverless assets, an open-source AWS Lambda Serverless Security Scanner.
exe2powershell - Convert EXE to BAT Files exe2powershell – Convert EXE to BAT Files
exe2powershell is used to convert EXE to BAT files, the previously well known tool for this was exe2bat, this is a version for modern Windows.