Saturday, 14 May 2016

Top E-Books To Learn Hacking


Top E-Books To Learn Ethical Hacking

As a starter everyone has faced problems where to start learn Ethical Hacking from? Same goes for me, when i started learning Ethical Hacking, i got confused as which was worth reading, so that i dont end up wasting my time. As per my experience i have shortlisted few books which i found very interesting. 

Ethical Hacking & Penetration Testing Guide by Rafay Baloch

 This Book is written by a very well known Ethical Hacker from Pakistan, Rafay Baloch. Rated as top 5 Ethical Hackers in the world in this current time, this book by Rafay will explain you everything in starting from scratch to leaving you in a stage where you would research everything on your own.
This book would let you know how actually a Penetration Testing takes place and also how to create a documented report after doing any testing. This is a complete guide to know everything you need to, from Information Gathering to Web Application Pentesting, everything is explained in detail in this book keeping in mind that the user has no idea or previous background in hacking or programming, focusing on understand the basic terminology of Linux and operating systems

The Hacker PlayBook 2 - Practical guide to penetration testing

This book written by Peter Kim, has everything you need to know, filled with depth information but as a new comer one would find it difficult to understand the terms used in this book and would require a proper research to understand the basic terminology.
But the content provided in this book is truly informational by all means. This book covers previous vulnerabilities and also explains on how that work for the better understanding on how the "Hack" works.

Hacking - The Art Of Exploitation - 2nd Edition

This book Jon Erickson is for absolute beginners, helping the new comers to understand the concept very easily and efficiently. This book focuses on programming, shellcodes and exploitation concepts and would make you understand it very clearly and is regarded as one of the best books in these fields.

The Basics of hacking & penetration testing ( Syngress Basic Series )

This book by Patrick Engebretson covers all basic fundamentals of Ethical Hacking , Penetration testing, thinking that the user has null knowledge about hacking. This book covers step-by-step guide to information gathering, scanning, exploitation and then writing reports.

The Web Application Hacker's Handbook - 2nd Edition

This book by Dafydd Stuttard & Marcus Pinto is mainly focused on Web Application Pentesting but has a very good content if one wants to start Web App Pentesting. Covering the basic terminology on how the web works and teaching the basics of HTTP and all information related to it, this book would in the end leave you at a stage where you could start web application pentesting on higher scale.

Conclusion : In the end i would like to say that no matter which book you choose if you dont give yourself the enough practicals even the best book wouldn't help you in any means or whatsoever.

Wednesday, 20 April 2016

Venom - An Automated Script To Generate Shellcode



Venom - Automated Shellcode Generator 


As a Pentester everyone has gone through a phase of using Metasploit and creating a payload using "msfvenom", but also faced problems as people often get confused on writing the codes down inorder to create the payload. Venom The Automated Shellcode Generator - Script originally built by a team named SSA - Suspicious Shell Activity is the thing anyone would need to generate the payload easily.

How is Venom Helpful ?


Venom is one stop script for any user to get the shellcode generated without having to type down all the technical information, helping the noobs to understand on how the shellcode is basically generated at the back-end.

The Payloads 


As of Version 1.0.11 Venom provides a total of 16 Shellcodes that can be generated in various formats such as C, Python, Ruby, Dll, Msi, Hta-Psh. This script runs the msfvenom in the background and generates the payload automatically as desired by the user which makes the work very simple.

The Dependencies


One good factor with Venom is that it automatically installs the dependencies if not found on your system, making it easier to anyone who is new to Pentesting. The list of Dependencies required by Venom are listed below :

  • Zenity
  • Metasploit
  • GCC ( Compiler )
  • Py-Installer
  • Mingw-32
  • Pyherion.py
  • PES-Crambler.exe
  • Apache2
  • Wine
  • Winrar
  • vbs-obfuscator
  • encrypt_polarSSl
  • Ettercap


Platforms Tested


Venom - Automated Shellcode Generator has been tested successfully on various platforms and as far now hasn't created any kind of bugs. 
  • Ubuntu
  • Debian
  • Linux Arch

How To Use


  • cd venom/aux
  • bash setup.sh
  • ./venom.sh
  • [ For Update ] cd venom ( git pull origin master ) 
You can Download Venom - Automated Shellcode Generator 1.0.11 From Here : Download Link


Disclaimer : The Author/Blog does not hold any responsibility for any kind of usage of  Venom. Attacking the target without providing prior notice is completely Illegal.

Saturday, 16 April 2016

After Apple, Microsoft Sues Federal Government


2 months ago, we heard about Apple Inc. vs Federal government legal issues over the privacy of the user in San Bernandino, California, and we are now noted with the Microsoft's same debate, following the former's path. 


The tech giant, Microsoft, has sued the Federal Government, for accessing the consumers' data and other personal stuff like e-mails, without their prior notice. The government has been pointed out for illegally sneak-peaking in the privacy of consumers, exploiting the user's basic right of privacy and putting the data into the voids of huge vulnerability. 


Microsoft has claimed that the government has already issued over 2,000 secret warrants for the information seizure. The government's exact motive behind the violation of user's right is still unknown, as they had been asking Microsoft to secretly disclose all the users information and data, by using the Electronic Communications Privacy Act (ECPA). Aware of the customer's right to free speech, Microsoft didn't respond to all these warrants yet, and hence, filed a lawsuit on the government. 


As the company says, the majority of those warrants have come with no expiration dates, explaining that Microsoft can never reveal their customers about their personal information being exposed. Also, Microsoft believes that this move by Federal government is completely unconstitutional and unethical of seizing the information without notifying their respective owners. It is a major hole in their privacy and it should not be practiced.


"People do not give up their rights when they move their private information from physical storage to the cloud," reads the lawsuit. "The government has targeted all the stored information over the cloud storage of Microsoft's users."


Obviously, the windows users are not at all happy with government tactics of using personal information for secret investigations. And so, Microsoft's choose-the-right-side decision has been appreciated widely. The lawsuit was filed on Thursday in a federal court in Seattle.
 

The Chief Legal Officer of the company, Brad Smith conceded the similarity of Apple's war and Microsoft's lawsuit. "Just as Apple was the company in the last case and we stood with Apple," Mr. Smith stated, "we expect other tech companies to stand with us."


In February, we witnessed the lawsuit filed on the FBI over the same grounds by Apple. The case was about decryption of iPhone of a shooter from San Bernandino, who killed 14 people and injured around 2 dozens, which Apple denied to do. The company stood tall against the odds in maintaining the privacy of its user, and Microsoft supported their this decision.


Who will win the legal case is still a big question. Considering the fact that Apple turned the lawsuit in its favor, chances are very high of Microsoft, riding on the same ship. But whosoever wins it, the users' privacy is their first right, and exploiting a human right makes no sense, neither for any secret research, nor for any other purpose.

Wednesday, 13 April 2016

Facebook's Virtual Reality - Why Privacy Is At Stake



Facebook's Virtual Reality - Why Privacy Is At Stake


Facebook took over the Virtual Reality Firm Oculus back in 2014 for $2B.  As Virtual Reality being the next big thing in technology, everyone's pretty happy about this interesting gadget, it has also raised a lot of concerns in terms of security and user's privacy, yet again the reason being " Facebook ". 

Facebook's Virtual Reality Firm, Oculus is fighting to combat suspicions which was raised by its Privacy Policy and Terms of Service, which says that it will spy on user's activity and pass on the information to third parties.

The privacy policy warns the users about the “information automatically collected about you when you use our services”, including “information about your physical movements and dimensions when you use a virtual reality headset” which may be used “to send you promotional messages and content and otherwise market to you”.

It was first highlighted by news site UploadVR, which pointed out that “an ad executive at Coke, for instance, could tell just how long you stared at the Coke bottle cleverly placed inside your favorite game as an in-game ad and use that data to better place it in the game for you next time.


Oculus ( Facebook ) owns the Creative Contents

 

If you ever create something using Facebook's Virtual Reality Oculus , the Terms of Service say that you surrender all rights to that work and that Oculus can use it whenever it wants, for whatever purposes, now that's one way to mess up with user's privacy and content by Oculus, which means Facebook.

Here's a point in their Terms and Services which indicates  

  • By submitting User Content through the Services, you grant Oculus a worldwide, irrevocable, perpetual (i.e. lasting forever), non-exclusive, transferable, royalty-free and fully sub-licensable (i.e. we can grant this right to others) right to use, copy, display, store, adapt, publicly perform and distribute such User Content in connection with the Services. You irrevocably consent to any and all acts or omissions by us or persons authorized by us that may infringe any moral right (or analogous right) in your User Content.
 Basically, if you create something and then blast it out into the world using the pipelines that Oculus provides, the company can use it—and they don’t have to pay you for using it. Oculus can use it even if you don’t agree with its use. Oculus does not go as far as saying that it owns the content—but it can does want access to it in ways that some creators might find intrusive.

This probably doesn’t matter much if you’re using the device as a gaming platform, but with a new type of device that’s out there, there are a whole range of unforeseen uses. Based on the Terms of Service, a creative developer could make a piece of interactive artwork that Oculus could then use for an Oculus ad without the artist’s permission which would be scary for anyone's hard-work as it would clearly violate something known as 'Copyright'.

Who knows what else VR might allow people to create. But to do so—at least initially with the Oculus Rift—you might lose out on exclusivity with your work, something that’s important for writers, developers, artists and probably anyone from whatever field they belong to, as whatever they "create" is of no use because Facebook's Virtual Reality can use it at any point of time they want.


Oculus would collect all the data while you're using it.

Here are some points from the terms of service document :


  • Information about your interactions with our Services, like information about the games, content, apps or other experiences you interact with, and information collected in or through cookies, local storage, pixels, and similar technologies (additional information about these technologies is available at https://www.oculus.com/en-us/legal/cookies-pixels-and-other-technologies/
  • Information about how you access our Services, including information about the type of device you’re using (such as a headset, PC, or mobile device), your browser or operating system, your Internet Protocol (“IP”) address, and certain device identifiers that may be unique to your device;
     
  • Information about the games, content, or other apps installed on your device or provided through our Services, including from third parties;
     
  • Location information, which can be derived from information such as your device’s IP address. If you’re using a mobile device, we may collect information about the device’s precise location, which is derived from sources such as the device’s GPS signal and information about nearby WiFi networks and cell towers
  • Information about your physical movements and dimensions when you use a virtual reality headset.
Furthermore, the information that they collect can be used to directly market products to you:
  • To market to you. We use the information we collect to send you promotional messages and content and otherwise market to you on and off our Services. We also use this information to measure how users respond to our marketing efforts.
 Now this is scary, isn't it? As shown above the Facebook's Virtual Reality can collect the data such as how you move and how you look, the company can use your location and log your activity, and it can even do so automatically.
Given that Facebook owns Oculus, it’s not surprising that the Terms of Service also include language that allows the company to monetize your experience: that is, after all, what the Facebook platform has been historically extremely good at, messing up with user's privacy and data.

Oculus clarified some of the language in their policy for us: they confirmed that they do not claim ownership of any content and IP that is created through Oculus’s services, but they do permit the company to license content
  • Users and content developers own all the content and IP they create using Oculus services. We are not taking ownership. Our terms of service give Oculus a license to user created content so we can enable a full suite of current and future products and services on our platform, like sharing a piece of Virtual Reality content with a friend. People continue to own the rights to the content and can do whatever they like with it outside of our platform. This is very clear in our terms: “Unless otherwise agreed to, we do not claim any ownership rights in or to your user content.”
Though the Virtual Reality Company has said that it is not sharing any such information with Facebook, it still didn't please anyone as everyone's in doubt with many pointing out that it simply restates the same rights that concerned people before.

As everyone's aware of Facebook sharing it's user's data to Government agencies it would well be a very big concern as whether this data would be shared which would be collected from this Virtual Reality Company  




Sunday, 10 April 2016

Why WhatsApp's End To End Encryption Isn't Completely Secure

 

 

End To End Encryption ?

 

WhatsApp has recently added encryption to its messenger service app which created a lot of applauds for them restricting outside interference and also removing attacks such as MITM and Sniffing, but is it really secure ? Reports suggest that in the new encryption of WhatsApp which it is going to offer they have the right to hold down to large amount of data message at a time. 

If you have gone through the Privacy Terms of WhatsApp it clearly says that the company might store  "the date, time and recipient of messages sent to the service"  Micah Lee revealed this in a tweet mentioning with a picture which had the lines from Privacy Terms of WhatsApp. However WhatsApp has denied that it wouldn't store any messages on their server at any point, which still for me is doubt full as Facebook  being their Parent Company.



Does it Encrypt Everything?

 

The information that WhatsApp is able to see would defiantly invite a lot of attackers as they can see the time stamp, the recipient and the sender and also the Government can request all the data at any point of time at their will.

The new encryption system that WhatsApp has come out with has taken almost one and a half years to come. They tied up with Open Whispers Systems to create this encryption system. 

However people are still not convinced with its encryption though WhatsApp has introduced its End To End Encryption its parent company Facebook is still suspect in terms of data safety. 


Facebook's Role in "Encryption"



Reports from White House showed that Facebook also collects data from all its users and shares it with the Government was a very big concern when WhatsApp was taken over by the company.

However,
WhatsApp founder, Jan Koum, wrote at the time that, “If partnering with Facebook meant that we had to change our values, we wouldn’t have done it. Instead, we are forming a partnership that would allow us to continue operating independently and autonomously,” he said. Our fundamental values and beliefs will not change. Our principles will not change. Everything that has made WhatsApp the leader in personal messaging will still be in place.”


There has been a series of security holes in the WhatsApp system and many of them are documented. Dutch security expert, Bass Bosscherrt, said flaws were present in the messenger app which could be used by rogue elements in the society allowing them to create rogue apps such as WhatsApp Plus. He also explained the security flaws of WhatsApp indicating that the problems were there even before Facebook had purchased the company.

What can User do ? ( Alternative )

  
Users can look forward to any Cross Platform Messaging App known as Telegram which is much more secure than any Messaging app present at this very day. Features like secret chat and Two factor Authentication make it more secure keeping all other Instant Messaging App aside. 

Hack Trivia also made a comparison video for WhatsApp v/s Telegram on which one is better to make you understand that how Telegram could beat WhatsApp on any given day in probably everything.   



 

This article was written by Siddharth Sinha

He is an Ethical Hacker | Information Security Researcher  | Internet Activist and Hacktivist.

Follow :  Facebook | Twitter 

Tuesday, 5 April 2016

Types Of Ransomware - Names And Description


Name Also Known As Description
ACCDFISA Anti Cyber Crime Department of Federal Internet Security Agency Ransom First spotted early 2012; Encrypts files into a password-protected; Cybercriminals behind this ransomware asks payment thru Moneypak, Paysafe, or Ukash to restore the files and unlock the screen; Known as a multi-component malware packaged as a self-extracting (SFX) archive; May come bundled with third party applications such as Sdelete and WinRAR
ANDROIDOS_LOCKER First mobile ransomware spotted; Uses Tor, a legitimate service that allows anonymous server connections; Users with mobile devices affected by this malware may find the files stored in their mobile device rendered useless and held for ransom
CRIBIT BitCrypt Similar to CRILOCK with its use of RSA-AES encryption for target files; Version 1 uses RSA-426; Version 2 uses RSA-1024; Appends the string bitcryp1 (for version 1) and bitcrypt2 (for version 2) to the extension name of the files it encrypts
CRILOCK CryptoLocker Employs Domain Generation Algorithm (DGA) for its C&C server connection; October 2013 - UPATRE was found to be the part of the spam mail that downloads ZBOT, which further downloads CRILOCK
CRITOLOCK Cryptographic locker Uses advanced encryption standard (AES-128) cryptosystem; The word Cryptolocker is written in the wallpaper it uses to change an affected computer's wallpaper
CRYPAURA PayCrypt Encrypts files and appends the corresponding email address contact for file decryption; PayCrypt version appends .id-{victim ID}-paycrypt@aol.com to files it encrypts
CRYPCTB Critroni, CTB Locker, Curve-Tor-Bitcoin Locker Encrypts data files; Ensures there is no recovery of encrypted files by deleting its shadow copies; Arrives via spam mail that contains an attachment, actually a downloader of this ransomware; Uses social engineering to lure users to open the attachment; Uses Tor to mask its C&C communications
CRYPDEF CryptoDefense To decrypt files, it asks users to pay ransom money in bitcoin currency
CRYPTCOIN CoinVault Encrypts files and demands users to pay in bitcoin to decrypt files; Offers a one-time free test to decrypt one file
CRYPTFILE Uses unique public key generated RSA-2048 for file encryption and also asks users to pay 1 bitcoin to obtain private key for decrypting the files
CRYPWALL CryptoWall, CryptWall, CryptoWall 3.0, Cryptowall 4.0 Reported to be the updated version of CRYPTODEFENSE; Uses bitocin currency as mode of payment; Uses Tor network for anonymity purposes; Arrives via spam mail, following UPATRE-ZBOT-RANSOM infection chain; CryptoWall 3.0 comes bundled with FAREIT spyware; Cryptowall 4.0 encrypts file name of files it encrypts and follows an updated ransom note, it also comes from spam as a JavaScript attachment, and may be downloaded by TROJ_KASIDET variants
CRYPTROLF Shows troll face image after file encryption
CRYPTTOR Changes the wallpaper to picture of walls and asks users to pay the ransom
CRYPTOR batch file ransomware Arrives thru DOWNCRYPT; A batch file ransomware capable of encrypting user files using GNU Privacy Guard application
DOWNCRYPT batch file ransomware Arrives via spam email; Downloads BAT_CRYPTOR and its components such as a decoy document
VIRLOCK VirLock, VirRansom Infects document files, archives, and media files such as images
PGPCODER Discovered in 2005; first ransomware seen
KOLLAH One of the first ransomware that encrypts files using certain extension names; Target files include Microsoft Office documents, PDF files, and other files deemed information-rich and relevant to most users; Adds the string GLAMOUR to files it encrypts
KOVTER Payload of the attack related to YouTube ads that lead to the Sweet Orange exploit kit
MATSNU Backdoor that has screen locking capabilities; Asks for ransom
RANSOM Generic detection for applications that restrict the users from fully accessing the system or encrypts some files and demands a ransom in order to decrypt or unlock the infected machine
REVETON Police Ransom Locks screen using a bogus display that warns the user that they have violated federal law; Message further declares the user's IP address has been identified by the Federal Bureau of Investigation (FBI) as visiting websites that feature illegal content
VBUZKY 64-bit ransomware; Attempts to use Shell_TrayWnd injection; Enables TESTSIGNING option of Windows 7
CRYPTOP Ransomware archiver Downloads GULCRYPT and its components
GULCRYPT Ransomware archiver Archives files with specific extensions; Leaves a ransom text file containing the instructions on who to contact and how to unpack the archives containing user's files
CRYPWEB PHP ransomware Encrypts the databases in the web server making the website unavailable; Uses HTTPS to communicate with the C&C server; Decrypt key is only available in the C&C server
CRYPDIRT Dirty Decrypt First seen in 2013 before the emergence of Cryptolocker
CRYPTORBIT Detection for images, text, and HTML files which contain ransom notes that are indicators of compromised (IOC)
CRYPTLOCK TorrentLocker Poses as CryptoLocker; newer variants display crypt0l0cker on the affected computer; uses a list of file extensions that it avoids encrypting, compared to usual ransomware that uses a list of file extensions to encrypt - this allows CRYPTLOCK to encrypt more files while making sure the affected computer still runs, ensuring users know that their files are encrypted and access to the Internet to pay the ransom is still present
CRYPFORT CryptoFortress Mimics TorrentLocker/CRYPTLOCK user interface; Uses wildcards to search for file extensions; encrypts files in shared folders
CRYPTESLA TeslaCrypt User interface is similar to CryptoLocker; encrypts game-related files; Versions 2.1 and 2.2 appends encrypted files with .vvv and .ccc; Version 3.0 has an improved encryption algorithm and appends .xxx, .ttt, and .mp3 to files it encrypts
CRYPVAULT VaultCrypt Uses GnuPG encryption tool; downloads hacking tool to steal credentials stored in web browsers; uses sDelete 16 times to prevent/hinder recovery of files; has a customer support portal; is a batch script crypto-ransomware
CRYPSHED Troldesh First seen in Russia; added English translation to its ransom note to target other countries; aside from appending .xtbl to the file name of the encrypted files, it also encodes the file name, causing affected users to lose track of what files are lost
SYNOLOCK SynoLocker Exploits Synology NAS devices' operating system (DSM 4.3-3810 or earlier) to encrypt files stored in that device; has a customer support portal
KRYPTOVOR Kriptovor Part of a multi-component infection; aside from its crypto-ransomware component, it has an information stealing component that steals certain files, processes list, and captures desktop screenshot; uses an open source Delphi library called LockBox 3 to encrypt files
CRYPFINI CryptInfinite, DecryptorMax Arrives via spam with macro attachment, the spam mail usually pretends to be a job application linked to a Craigslist post; Appends .crinf files
CRYPFIRAGO Uses Bitmessage for communication with its creators; Appends .1999 or .bleep to files it encrypts
CRYPRADAM Radamant May arrive via exploit kits; Appends .rdm to files it encrypts
CRYPTRITU Ransom32 Known as the JavaScript ransomware
CRYPBOSS CrypBoss Appends .crypt to files it encrypts
CRYPZUQUIT Zuquitache, Fakben Known as the ransomware-as-a-service (RaaS) malware
CRYPDAP PadCrypt Has live chat support for affected users; Arrives via spam
CRYPHYDRA HydraCrypt Based on leaked source code of CrypBoss; Arrives via spam
LOCKY Locky Renames encrypted files to hex values; Appends .locky to files it encrypts; Arrives via spam with macro-embedded .DOC attachment, similar to the arrival of DRIDEX malware
CERBER Cerber Encrypts the file name and appends it with .cerber; Drops a .VBS file that makes the computer speak to the victim
CRYPSAM SAMSAM Uses exploits on JexBoss open source server application and other Java-based application platforms to install itself in targeted Web application servers
PETYA Petya  Causes blue screen and displays its ransom note at system startup

To Know more about Ransomware - Click Here
Source : http://www.trendmicro.com/vinfo/us/security/definition/Ransomware

Tuesday, 29 March 2016

Best VPN For Android | Betternet | Droid VPN | Tunnel Bear || App Review ||



A virtual private network (VPN) extends a private network across a public network, such as the Internet. It enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network, and thus benefit from the functionality, security and management policies of the private network.

We look at the Best VPN ( Virtual Private Network ) available for Android. We have shortlisted three VPN's i.e Betternet, Droid VPN and Tunnel Bear. See what are the PROs / CONs and Hidden Features of Betternet, Droid VPN and Tunnel Bear which will make it easier for you to decide which is the Best VPN for Android.

In this App Review by Hack Trivia we take you through the Performance, Working and Speed Over Network of Betternet, Droid VPN and Tunnel Bear.