Archive | June, 2017

Fake News As A Service (FNaaS?) – $400k To Rig An Election


This is pretty interesting, the prices for Fake News as a Service have come out after some research by Trend Micro, imagine that you can create a fake celebrity with 300,000 followers for only $2,600.

Fake News As A Service (FNaaS?) - $400k To Rig An Election

Now we all know this Fake News thing has been going on for a while, and of course, if it’s happening, some capitalist genius is going to monetize it and offer it as a professional service.

Fake news has come to be associated with political intrigue but the same propaganda techniques are also abused by cybercriminals, according to a study by Trend Micro.

The techniques and methods used to spread fake news and manipulate public opinion have a wide range of objectives and even a price list.

Cybercriminals produce, market and monetise fake news in underground markets. The scope of a campaign and intended target affect pricing. For example, campaigns aimed to spark street protests are priced at $200,000 while discrediting a journalist would cost $55,000 and creating a fake celebrity (with 300,000 followers) costs a more modest $2,600.

A year-long campaign to influence election outcomes is available for just $400,000, the study says. Whether such listings are in themselves an attempt at disinformation is certainly debatable. US intel agencies, Western politicians and security firms are nigh-on unanimous that attempts to influence the US presidential election last year were the work of the Kremlin. For example, UK defence secretary Sir Michael Fallon recently said the Kremlin is “weaponising misinformation” as part of a sustained campaign that goes beyond alleged meddling in the presidential election.


You can read the full 77 page report by Trend here: The Fake News Machine [PDF]

It’s insightful to see the types of services that are available, and how they are categorised. Now I’ve known about social media manipulation for many years (fake likes, followers, YouTube views and so on) but to see this kind of Fake News at scale, as a service is something new to me.

Fake news services typically involve the creation of fake social media profiles and groups; developing the fake content itself; driving likes and retweets for dissemination; and building legitimate-looking news sites. All these steps are designed to set up and sustain false narratives.

For an additional fee, multiple news sites can be purchased which cross reference each other to add more authenticity to the fake news campaign, the report reveals.

Chinese, Russian, Middle Eastern and English underground marketplaces offer fake news services of one type or another. Regional differences exist.

For example, in China, fake advertorials can be purchased for as little as ¥100 (£11), while in Russia 35,000 rubles (£483) will buy your video two minutes on the YouTube homepage.

The report also details an example of the dissemination of fake news, including the cynical abuse of the recent Manchester bombing attack. Mexican journalists were falsely listed in galleries as bombing victims in what’s thought to be an attack by a drug cartel. These fake victim pics were subsequently promoted through social media.

Unfortunately there’s no technical solution to thwart this, it’s purely about education. If people don’t fact check, cross check and verify sources before disseminating them this whole Fake News situation is just going to get worse and worse.

I feel like it had a serious impact on both Brexit and the Trump election, and it’s likely to stay very relevant in any large scale World events as so many people now base their opinions on what they see online.

Source: The Register

Posted in: Legal Issues, Social Engineering

Topic: Legal Issues, Social Engineering


Latest Posts:


Vulhub - Pre-Built Vulnerable Docker Environments For Learning To Hack Vulhub – Pre-Built Vulnerable Docker Environments For Learning To Hack
LibInjection - Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)
LibInjection is a C library to Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) through lexical analysis of real-world Attacks.
Grype - Vulnerability Scanner For Container Images & Filesystems Grype – Vulnerability Scanner For Container Images & Filesystems
Grype is a vulnerability scanner for container images and filesystems with an easy to install binary that supports the packages for most major *nix based OS.
APT-Hunter - Threat Hunting Tool via Windows Event Log APT-Hunter – Threat Hunting Tool via Windows Event Log
APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs.
GitLab Watchman - Audit Gitlab For Sensitive Data & Credentials GitLab Watchman – Audit Gitlab For Sensitive Data & Credentials
GitLab Watchman is an app that uses the GitLab API to audit GitLab for sensitive data and credentials exposed internally, this includes code, commits, wikis etc
GKE Auditor - Detect Google Kubernetes Engine Misconfigurations GKE Auditor – Detect Google Kubernetes Engine Misconfigurations
GKE Auditor is a Java-based tool to detect Google Kubernetes Engine misconfigurations, it aims to help security & dev teams streamline the configuration process


credmap – The Credential Mapper


Credmap is an open source credential mapper tool that was created to bring awareness to the dangers of credential reuse. It is capable of testing supplied user credentials on several known websites to test if the password has been reused on any of these.

credmap - The Credential Mapper

It is not uncommon for people who are not experts in security to reuse credentials on different websites; even security savvy people occasionally reuse credentials.

Credmap takes a username and/or e-mail, and a password as input and it attempts to login on a variety of known websites to verify if these credentials have been reused on any of them.


Usage

Examples

You can download credmap here:

credmap-master.zip

Or read more here.

Posted in: Hacking Tools, Password Cracking Tools, Privacy

Topic: Hacking Tools, Password Cracking Tools, Privacy


Latest Posts:


Vulhub - Pre-Built Vulnerable Docker Environments For Learning To Hack Vulhub – Pre-Built Vulnerable Docker Environments For Learning To Hack
LibInjection - Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)
LibInjection is a C library to Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) through lexical analysis of real-world Attacks.
Grype - Vulnerability Scanner For Container Images & Filesystems Grype – Vulnerability Scanner For Container Images & Filesystems
Grype is a vulnerability scanner for container images and filesystems with an easy to install binary that supports the packages for most major *nix based OS.
APT-Hunter - Threat Hunting Tool via Windows Event Log APT-Hunter – Threat Hunting Tool via Windows Event Log
APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs.
GitLab Watchman - Audit Gitlab For Sensitive Data & Credentials GitLab Watchman – Audit Gitlab For Sensitive Data & Credentials
GitLab Watchman is an app that uses the GitLab API to audit GitLab for sensitive data and credentials exposed internally, this includes code, commits, wikis etc
GKE Auditor - Detect Google Kubernetes Engine Misconfigurations GKE Auditor – Detect Google Kubernetes Engine Misconfigurations
GKE Auditor is a Java-based tool to detect Google Kubernetes Engine misconfigurations, it aims to help security & dev teams streamline the configuration process


LazyDroid – Android Security Assessment Tool


Lazydroid is a tool written as a bash script to facilitate some aspects of an Android Security Assessment.

LazyDroid - Android Security Assessment Tool

Features

It provides some common tasks such as:

  • Set the debug flag of an application to true
  • Set the backup flag of an application to true
  • Re-Build the application
  • Re-Sign the application
  • Smart log extraction of an application
  • Extract the APK of an application installed from Google Play
  • Download any mobile folder (/sdcard/, application data folder, other)
  • Compare two different snapshots of the same folder
  • Insert Frida gadget in the APK (for example when the phone is not or cannot be rooted, and thus Frida server cannot be run)

Installation

Lazydroid requires Linux or Mac OS to run and the next tools installed:

  • apktool
  • jarsigner
  • adb
  • aapt (Android Asset Packaging Tool, part of the SDK)
  • your keystore and alias
  • Frida Agent (pip install frida)

Usage

To run lazydroid.sh the steps would be the following:

You can download LazyDroid here:

LazyDroid-master.zip

Or read more here.

Posted in: Hacking Tools

Topic: Hacking Tools


Latest Posts:


Vulhub - Pre-Built Vulnerable Docker Environments For Learning To Hack Vulhub – Pre-Built Vulnerable Docker Environments For Learning To Hack
LibInjection - Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)
LibInjection is a C library to Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) through lexical analysis of real-world Attacks.
Grype - Vulnerability Scanner For Container Images & Filesystems Grype – Vulnerability Scanner For Container Images & Filesystems
Grype is a vulnerability scanner for container images and filesystems with an easy to install binary that supports the packages for most major *nix based OS.
APT-Hunter - Threat Hunting Tool via Windows Event Log APT-Hunter – Threat Hunting Tool via Windows Event Log
APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs.
GitLab Watchman - Audit Gitlab For Sensitive Data & Credentials GitLab Watchman – Audit Gitlab For Sensitive Data & Credentials
GitLab Watchman is an app that uses the GitLab API to audit GitLab for sensitive data and credentials exposed internally, this includes code, commits, wikis etc
GKE Auditor - Detect Google Kubernetes Engine Misconfigurations GKE Auditor – Detect Google Kubernetes Engine Misconfigurations
GKE Auditor is a Java-based tool to detect Google Kubernetes Engine misconfigurations, it aims to help security & dev teams streamline the configuration process


OneLogin Hack – Encrypted Data Compromised


The OneLogin hack is blowing up now it seems like whoever got access can also decrypt encrypted customer data which is just about AS BAD as it can get for a password/identity management service.

OneLogin Hack - Encrypted Data Compromised

Now I’m a HUGE supporter of password management tools as I’ve mentioned many times here, so anyone who signed up for this one – sorry.. I recently switched to Dashlane, which seems great – and now I’m recommending that so I hope it’s as safe as they claim.

Identity management outfit OneLogin has revealed it’s suffered a security incident that’s seen “unauthorized access to OneLogin data in our US data region”, but has offered rather scarier information in different documents.

The company blog describes only “unauthorized access”. In emails sent to customers seen by The Reg the company adds news that “customer data was potentially compromised.” And on a registration-required support page the threat is described as follows:

“All customers served by our US data center are affected; customer data was compromised, including the ability to decrypt encrypted data.”
Decrypt data? Woah! That’s a bit more than mere unauthorized access.

OneLogin’s blog does say that customers have been told what to do in the wake of the attack and the email we’ve seen does “strongly advise” customers to visit support page to which we have linked.


So a service got hacked? No big deal right? Some user data got leaked though, oh well that’s not that common. Sadly that’s not where it ends, OneLogin has said the attackers have the ability to decrypt encrypted data.

WHAT? How does that even happen, does that mean the keys were right there on the server with the data? that’s just insanity.

The company says it is “working with an independent security firm to determine how the unauthorized access happened and verify the extent of the impact of this incident.” In the email to customers it adds that it can’t reveal all, due to the involvement of law enforcement agencies. The blog says the company is “actively working to determine how best to prevent such an incident from occurring in the future and will update our customers as these improvements are implemented.”

OneLogin offers a single sign-on and other authentication management services it says gives “employees, customers and partners with secure access to your cloud and company apps on any device.”

It’s not the only such outfit: The Register in no way suggests that the likes of Okta, VMware and Citrix have been attacked, but notes all offer single-sign-on across lots of cloudy apps and are therefore obviously a tasty target for criminals who want to get their hands on lots of credentials with one hit.

So this company claiming to provide secure access has been totally owned, doesn’t give you much confidence does it?

They are also hiding behind claims of law enforcement involvement to avoid sharing more details about the breach. We shall have to see if anything comes out in the future (which from past experience is highly unlikely).

Source: The Register

Posted in: Cryptography, Exploits/Vulnerabilities, Privacy, Web Hacking

Topic: Cryptography, Exploits/Vulnerabilities, Privacy, Web Hacking


Latest Posts:


Vulhub - Pre-Built Vulnerable Docker Environments For Learning To Hack Vulhub – Pre-Built Vulnerable Docker Environments For Learning To Hack
LibInjection - Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)
LibInjection is a C library to Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) through lexical analysis of real-world Attacks.
Grype - Vulnerability Scanner For Container Images & Filesystems Grype – Vulnerability Scanner For Container Images & Filesystems
Grype is a vulnerability scanner for container images and filesystems with an easy to install binary that supports the packages for most major *nix based OS.
APT-Hunter - Threat Hunting Tool via Windows Event Log APT-Hunter – Threat Hunting Tool via Windows Event Log
APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs.
GitLab Watchman - Audit Gitlab For Sensitive Data & Credentials GitLab Watchman – Audit Gitlab For Sensitive Data & Credentials
GitLab Watchman is an app that uses the GitLab API to audit GitLab for sensitive data and credentials exposed internally, this includes code, commits, wikis etc
GKE Auditor - Detect Google Kubernetes Engine Misconfigurations GKE Auditor – Detect Google Kubernetes Engine Misconfigurations
GKE Auditor is a Java-based tool to detect Google Kubernetes Engine misconfigurations, it aims to help security & dev teams streamline the configuration process


EtherApe – Graphical Network Monitor


EtherApe is a graphical network monitor for Unix modelled after etherman. Featuring link layer, IP and TCP modes, it displays network activity graphically. Hosts and links change in size with traffic. Colour coded protocols display.

EtherApe - Graphical Network Monitor


It supports Ethernet, FDDI, Token Ring, ISDN, PPP, SLIP and WLAN devices, plus several encapsulation formats. It can filter traffic to be shown and can read packets from a file as well as live from the network.

Plug it into the management or span port of your switch and get a real-time graphical flow of what’s going on in your network.

Features of EtherApe Graphical Network Monitor

  • Network traffic is displayed graphically. The more “talkative” a node is, the bigger its representation.
  • Node and link color shows the most used protocol.
  • User may select what level of the protocol stack to concentrate on.
  • You may either look at traffic within your network, end to end IP, or even port to port TCP.
  • Data can be captured “off the wire” from a live network connection, or read from a tcpdump capture file.
  • Live data can be read from ethernet, FDDI, PPP, SLIP and WLAN interfaces, plus several other incapsulated formats (e.g. Linux cooked, PPI).
  • The following frame and packet types are currently supported: ETH_II, 802.2, 803.3, IP, IPv6, ARP, X25L3, REVARP, ATALK, AARP, IPX, VINES, TRAIN, LOOP, VLAN, ICMP, IGMP, GGP, IPIP, TCP, EGP, PUP, UDP, IDP, TP, ROUTING, RSVP, GRE, ESP, AH, EON, VINES, EIGRP, OSPF, ENCAP, PIM, IPCOMP, VRRP; and most TCP and UDP services, like TELNET, FTP, HTTP, POP3, NNTP, NETBIOS, IRC, DOMAIN, SNMP, etc.
  • Data display can be refined using a network filter using pcap syntax.
  • Display averaging and node persistence times are fully configurable.
  • Name resolution is done using standard libc functions, thus supporting DNS, hosts file, etc.
  • Clicking on a node/link opens a detail dialog showing protocol breakdown and other traffic statistics.
  • Protocol summary dialog shows global traffic statistics by protocol.
  • Node summary dialog shows traffic statistics by node.
  • Node statistics export to XML file.
  • A single node can be centered on the display and several user-choosen nodes can be arranged in a inner circle with other nodes around.
  • An alternative display mode arranges nodes in “columns”.
  • Scrollkeeper/rarian-compatible manual integrated with yelp.

Requirements of Etherape

Before you download Etherape Graphical Network Monitor, you may want to verify that the following packages are installed on your system — they are required in order to compile:

  • The libpcap packet capture library, available from the Lawrence Berkeley National Laboratory.
  • GTK+, available from the GTK+ site. Version 2.12 or above is needed.
  • Libglade 2, available from ftp://ftp.gnome.org/pub/GNOME/sources/libglade
  • Gnome, available from the Gnome site. Version 2 is needed.
  • The standard resolver library (exact name varies with OS and distribution)

There are other tools related to network monitoring you can check out like:

PBNJ – Network Architecture Monitoring Tool
The Dude – Automatic Network Discovery & Layout Tool
Bro – Passive Open-Source Network Traffic Analyzer

You can download Etherape here:

etherape-0.9.15.tar.gz

Or read more here.

Posted in: Networking Hacking Tools

Topic: Networking Hacking Tools


Latest Posts:


Vulhub - Pre-Built Vulnerable Docker Environments For Learning To Hack Vulhub – Pre-Built Vulnerable Docker Environments For Learning To Hack
LibInjection - Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)
LibInjection is a C library to Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) through lexical analysis of real-world Attacks.
Grype - Vulnerability Scanner For Container Images & Filesystems Grype – Vulnerability Scanner For Container Images & Filesystems
Grype is a vulnerability scanner for container images and filesystems with an easy to install binary that supports the packages for most major *nix based OS.
APT-Hunter - Threat Hunting Tool via Windows Event Log APT-Hunter – Threat Hunting Tool via Windows Event Log
APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs.
GitLab Watchman - Audit Gitlab For Sensitive Data & Credentials GitLab Watchman – Audit Gitlab For Sensitive Data & Credentials
GitLab Watchman is an app that uses the GitLab API to audit GitLab for sensitive data and credentials exposed internally, this includes code, commits, wikis etc
GKE Auditor - Detect Google Kubernetes Engine Misconfigurations GKE Auditor – Detect Google Kubernetes Engine Misconfigurations
GKE Auditor is a Java-based tool to detect Google Kubernetes Engine misconfigurations, it aims to help security & dev teams streamline the configuration process


maltrail – Malicious Traffic Detection System


Maltrail is a malicious traffic detection system, utilizing publicly available (black)lists containing malicious and/or generally suspicious trails, along with static trails compiled from various AV reports and custom user-defined lists, where trail can be anything from domain name (e.g. zvpprsensinaix.com for Banjori malware), URL (e.g. http://109.162.38.120/harsh02.exe for known malicious executable), IP address (e.g. 185.130.5.231 for known attacker) or HTTP User-Agent header value (e.g. sqlmap for automatic SQL injection and database takeover tool).

maltrail - Malicious Traffic Detection System

Also, it uses (optional) advanced heuristic mechanisms that can help in the discovery of unknown threats (e.g. new malware).


Features

  • Uses multiple public blacklists (alientvault, autoshun, badips, sblam etc)
  • Has extensive static trails for identification (domain names, URLs, IP addresses or User-Agent values)
  • Optional heuristic mechanisms for detection of unknown threats
  • Based on Traffic -> Sensor <-> Server <-> Client Architecture
  • Web reporting interface

Installation

You can download maltrail here:

maltrail-master.zip

Or read more here.

Posted in: Countermeasures, Malware, Security Software

Topic: Countermeasures, Malware, Security Software


Latest Posts:


Vulhub - Pre-Built Vulnerable Docker Environments For Learning To Hack Vulhub – Pre-Built Vulnerable Docker Environments For Learning To Hack
LibInjection - Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)
LibInjection is a C library to Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) through lexical analysis of real-world Attacks.
Grype - Vulnerability Scanner For Container Images & Filesystems Grype – Vulnerability Scanner For Container Images & Filesystems
Grype is a vulnerability scanner for container images and filesystems with an easy to install binary that supports the packages for most major *nix based OS.
APT-Hunter - Threat Hunting Tool via Windows Event Log APT-Hunter – Threat Hunting Tool via Windows Event Log
APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs.
GitLab Watchman - Audit Gitlab For Sensitive Data & Credentials GitLab Watchman – Audit Gitlab For Sensitive Data & Credentials
GitLab Watchman is an app that uses the GitLab API to audit GitLab for sensitive data and credentials exposed internally, this includes code, commits, wikis etc
GKE Auditor - Detect Google Kubernetes Engine Misconfigurations GKE Auditor – Detect Google Kubernetes Engine Misconfigurations
GKE Auditor is a Java-based tool to detect Google Kubernetes Engine misconfigurations, it aims to help security & dev teams streamline the configuration process