What is Wireshark?

  What is Wireshark?

Wireshark is the most common network protocol analyzer. In addition to being a free and an open source packet following the terms of the GNU General Public License(GPL), we mainly use it when it comes to network troubleshooting, analysis, software and communications protocol development, and education. It shows its user what is happening on their network at a microscopic level. A majority of commercial and non-profit organizations, government agencies, and educational institutions use Wireshark.

History:

In 1998 Gerald Combs, a computer science graduate of the University of Missouri-Kansas City, started a project and named it Ethereal. It was the basic foundation of Wireshark. having this name since 2006 when Combs started to work with CACE Technologies while holding the copyright of most of the project’s code. The rest of the code was opened for any modification under the GPL Terms. Then, volunteer contributions of network experts around the universe added to the project, making it as famous and widely used as it is nowadays.

Because Combs did not own the Ethereal trademark he decided to change its name into Wireshark. It was not until 2010 when Riverbed Technology purchased CACE Technologies to become the main sponsor of Wireshark. There are several contributors –around 600 authors– to this product; still, Combs is the essential responsible for maintaining the overall code and executing new version releases of Wireshark.

Wireshark won several awards for its vital role in today’s network security. It got an award for the Most Important Open-Source App of All-Time by eWeek. Moreover, it won the Editor’s Choice award from PC Magazine. In addition, Insecure.Org network security tools survey ranked as a top packet sniffer.

The functionality of Wireshark:

Similar to tcpdump, a common packet analyzer, Wireshark allows us to analyze network packets but with the aid of a graphical front-end and some extra integrated sorting and filtering options. A Network Interface Controller(NIC) is put into this mode if it does support promiscuous mode. This is usually in order to visualize all the traffic on the interface not merely the interface’s configured addresses and broadcast/multitask traffic.

However, to get the entire network traffic, other techniques such as port mirroring and network taps are utilized. This is done along with using the promiscuous mode on a port. This is attributed to the fact that a port does not necessarily get all the network traffic.

Wireshark 1.4 and later has the ability to put wireless network interface controllers into monitor mode. If some packets are captured by a remote machine and sent to Wireshark, protocols of type TZSP or OmniPeek’s protocol – where OmniPeek is another packet analyzer- are analyzed at the time they were captured on their remote machines.

What features does Wireshark include?

In fact, Wireshark offers a large set of features. In the following points, I will attempt to summarize the features that

Wireshark offers:

  • Wireshark is a network analyzer that inspects Hundreds of protocols.
  • It allows both offline analysis and live captures.
  • It could run on diverse operating systems such as Microsoft Windows, Linux, macOS, Sun Solaris, and several other platforms.
  • A graphical user interface (GUI) is supported using QT widget toolkit, which enables us to browse captured network data, or in the non-GUI version, TTY-mode TShark utility could be utilized for the same purpose as well.
  • It offers sufficient Voice over Internet Protocol(VoIP) analysis. We can even play the media flow when decoding such captured traffic.
  • Wireshark uses pcap to capture packets.
  • It generates Capture files in gzip format, which is easily decompressed.
  • Such captured files could be programmatically edited or altered to the “editcap” programming with the help of some command-line switches.
  • It allows the traffic capturing of Raw Universal Serial Bus(USB).
  • Wireshark is able to capture packets from ns OPNET Modeler, NetSim, and some other network simulation tools.
  • It supports Read/Write of many capture file formats such as tcpdump (libpcap) which is the native network trace file format, Pcap NG, Catapult DCT2000, Cisco Secure IDS iplog, Microsoft Network Monitor, Network General Sniffer, Sniffer Pro, NetXray, Network Instruments Observer, NetScreen snoop, Novell LANalyzer, RADCOM WAN/LAN Analyzer, Shomiti/Finisar Surveyor, Tektronix k12xx, Visual Networks Visual UpTime, WildPacketsEtherPeek/TokenPeek/AiroPeek and several other formats.
  • It reads Live Data through different means such as Ethernet IEEE 802.11, PPP/HDLC, ATM, loopback, Bluetooth, FDDI, and many others.
  • The decryption is supported for many protocols including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2.
  • Application of Coloring rules to the packet list allows for quick and easy analysis. See section Color Coding for further details.
  • One can ensure that only the triggered traffic becomes analyzed by applying particular filters, timers, and other settings.
  • XML, PostScript, CSV or plain text are all the types that output is exported and formatted.

Security Policies:

In general, there is no need for certain security privileges to allow us to utilize neither Wireshark or TShark. Nowadays, only requires to have tcpdump or dumpcap, given special privileges, and run on a machine to capture traffic with no need for any further privileges for the user.

But how can a superuser grant the aforementioned required privileges to a user? The answer basically lies in the fact that tcpdump or dumpcap which come with Wireshark should have special privileges for them to capture packets into a file. This file would require the opening of Wireshark for analysis with seriously restricted privileges. Even wireless networks could harness Aircrack wireless security tools and capture IEEE 802.11 frames to further read the resulting tcpdump dumpcap files with running Wireshark afterward.

Why do we need to restrict the users from privileges to freely run Wireshark and use its tools? This is basically because capturing traffic calls an enormous number of protocol dissectors, which could most probably arise a network security risk. Since there is a potential of finding a bug in one of these dissectors and thereby exploiting it, this puts the entire security system at a great risk. That is why running Ethereal/Wireshark in the past required superuser privileges for one to be responsible for what can potentially be affected.

Filtering Packets:

Sometimes we need to capture specific traffic packets such as traffic which a program sends when phoning home. While a large number of captured packets in a network, one has to close down all other applications using the network in order to get some specific traffic type. At this point emerges the importance of Wireshark’s filters. At the top of the window, there is a filter box at which we can simply type a certain filter name in order to apply this filter and then we should click Apply, or press Enter alternatively. For instance, to see only DNS packets, we type “DNS” in the filter box. Wireshark helps auto-complete a filter name while writing its name in the filter box.

Color Coding:

The colors Green, Blue, and Black distinguish the type of captured packets. Conventionally, green color indicates Transmission Control Protocol (TCP) traffic. Dark blue, on the other hand, is Name System (DNS) traffic, whereas light blue demonstrates User Datagram Protocol (UDP) traffic. Black shows TCP packets with problems such as being out-of-order.

References:

https://en.wikipedia.org/wiki/Wireshark

https://www.howtogeek.com/104278/how-to-use-wireshark-to-capture-filter-and-inspect-packets/amp/

https://www.wireshark.org/

https://wiki.wireshark.org/

http://sectools.org/

https://www.quora.com/unanswered/What-security-policies-can-you-check-using-Wireshark

Elsewhere, check out my other post about Metaspoilt.

 

Pentester Candidate Program – January 2018

Pentester Candidate Program January 2018

On the 20th  of January 2018, Strategic Security will launch the Pentester Candidate Program. This program is designed to satisfy the basic requirements of a penetration tester. The program will cover the most common technical and soft skill requirements. Top candidates will later receive job interviews for a remote penetrating testing job. This is through partnership with several penetration testing firms

Top candidates may receive interview opportunities for a cleared penetration testing position. This is more so for those with a US Security Clearance and who live in either the DC, Maryland or Virginia areas.

This is the real chance more so for those who REALLY want to become pentesters. It is the perfect combination of hands-on training, mentorship, and a real job opportunity.

Pentester opportunity just ahead

What is covered in the pentester program?

This program is hard, though rewarding. It will cover the following subject areas:
  • Command-Line Kung Fu
    • Linux Command-Line Fundamentals
    • Windows Command-Line Fundamentals
  • Network Penetration Testing
    • Scoping a penetration test
    • Performing a Penetration Test
    • Reporting penetration test findings
  • Web Application Penetration Testing
    • Scoping a web application penetration test
    • Performing a web application penetration test
    • Reporting web application penetration test findings
  • Python For InfoSec Professionals
    • Log parsing with Python
    • Pcap parsing with Python
    • Network testing with Python
    • Web App testing with Python
  • Preparing for a job as a Penetration Tester
    • Resume assistance
    • Assistance with building a portfolio based on this program
    • Mock interview
    • Interviews with up to 10 Penetration Testing firms for top candidates
    • Interviews with up to 5 DoD contractors for top cleared candidates

Pentester tools.

What is the actual class schedule?

January classes

https://infosecaddicts.com/next-level-metasploit/
    + 22nd and 24th of January 2018 from 7pm to 9pm ($200 if purchased separately)

https://infosecaddicts.com/python-infosec-professionals/
    + 29th and 31st of January 2018 from 7pm to 9pm ($200 if purchased separately)

 

February classes

https://infosecaddicts.com/cyberwar-advanced-offensive-cyber-operations/
    + 5th and 7th of February 2018 from 7pm to 9pm ($200 if purchased separately)

https://infosecaddicts.com/linux-infosec-professionals-comptia/
    + 12th and 14th of February 2018 from 7pm to 9pm ($200 if purchased separately)

https://infosecaddicts.com/powershell-infosec-professionals/
    + 19th and 21st of February 2018 from 7pm to 9pm ($200 if purchased separately)

https://infosecaddicts.com/exploit-development/
    + 26th and 28th of February 2018 from 7pm to 9pm ($200 if purchased separately)

 

March classes

https://infosecaddicts.com/burp-suite-workshop/
    + 5th and 7th of March 2018 from 7pm to 9pm ($200 if purchased separately)

https://infosecaddicts.com/linux-infosec-professionals-comptia/
    + 12th and 14th of March 2018 from 7pm to 9pm ($200 if purchased separately)

https://infosecaddicts.com/next-level-metasploit/
    + 19th and 21st of March 2018 from 7pm to 9pm ($200 if purchased separately)

https://infosecaddicts.com/network-pentesting-night-school/
    + 26th and 28th of March 2018 from 7pm to 9pm ($200 if purchased separately) 

How is the pentester program delivered?

Candidates will receive a set of tasks each Monday. They are to complete the tasks by Sunday at midnight EST. The tasks include:
  • Reading
  • Watching videos
  • Lab exercises to perform

On Saturdays from 4-6pm EST, a live online training session/QA period will be held.

What are the prerequisites for the pentester program?

This program is more about desire. More so, it is about work ethic and ability to work in a team environment. Although Technical ability is important, it is not the most required attribute. That being said, candidates should have:
  • Familiarity with both Windows, Linux, and VMWare
  • Familiarity with basic programming concepts
  • Ability to commit 8-12 hours per week to the program

What do you receive?

  • Access to the training program
  • Weekly group mentoring sessions with Joe McCray
  • Monthly chances to speak with hiring managers and team leads. These are managers from security consulting firms. This will happen for each month of the program
  • Log book of all of your labs. This is a technical walk-through document demonstrating your proficiency to companies you interview with
  • A letter of reference from Joe McCray
  • Top candidates are guaranteed interviews with consulting firms and DoD contracting companies.

Candidates will have a chance to take ANY and AS MANY classes that they want from InfoSec Addicts. This will come as part of this program. Most notably, as many as 20 classes are held per month.

This program will run for 3 months. It will run from the month of January up to the month of March 2018. Interviews for top candidates will occur later in the month of March 2018.

Please fill out the form below to sign up for this program.

$300.00Select options

 

 

pentester

PowerShell For InfoSec Professionals

PowerShell For InfoSec Professionals 2018

The simple fact is if you are going to be attacking or defending modern environments with newer operating systems (Windows 10, Server 2016) – you need Powershell!

There is no getting around it, and the sooner you drink the Powershell Koolaid the better InfoSec Professional you will be.

PowerShell

What will we be doing you ask – check this out:

 

Fundamentals:

  • Simple programming fundamentals
  • Cmdlets
  • Variables
  • WMI Objects

 

Security tasks with Powershell:

  • PowerShell Tool Development
  • PCAP Parsing and Sniffing
  • Malware Analysis

 

Pentesting tasks:

  • Ping Sweeping
  • Port Scanning
  • Enumerating Hosts/Networks
  • Download & Execute
  • Parsing Nmap scans
  • Parsing Nessus scan

 

 

Tool development:

  • Programming logic for security tasks
  • Tool structure
  • …..and of course, integrating with Metasploit, and other security tools

PowerShell

Students will receive

  • 20 hours of CPEs
  • Courseware slides
  • Lab Manual

Class Videos

Each class will be recorded and made available to the students via email. So you can keep up with the class even if you have to miss time or even a whole day.

 

 

 

Support

Each student will receive access to an InfoSec Addicts Group for the class. Groups are where students can ask questions outside of the regular class hours, work with other students on lab exercises, homework, and challenges.

A class mentor is assigned to the InfoSec Addicts Group to answer questions (allow one day for responses).

Similarly, a Customer Relationship Manager is assigned to the class to manage questions and support issues.

 

Class Schedule

19th and 21st of February 2018 from 7pm to 9pm EST

Fill out this form below to sign up for the class.

$200.00Select options

 

Unlimited classes:

If you know that you are interested in this class as well as other InfoSec classes then you should consider the unlimited classes package for $49.99 per month. You can find out more about it by clicking on the link below:

https://infosecaddicts.com/unlimited-classes/

 

NOTE: Due to Joe McCray’s travel and work schedule (ex: short notice consulting/training engagements or changes to those engagements) classes may reschedule or cancel. In these situations a refund will NOT be granted as the class will re-run the following week, or additional days will be added to the class schedule to make up for this.

CYBERWAR: Advanced Offensive Cyber Operations

CYBERWAR: Advanced Offensive Cyber Operations

I’m writing this post to let you know that the new night class version of CyberWar: Advanced Offensive Cyber Operations course which is ready to go. I’d l love if you’d signup for this class – This is one superb class! Offensive Cyber Operations Here is the CyberWar: Advanced Offensive Cyber Operations course outline.

Advanced Scanning & Enumeration

Attack Methodology

Identifying vulnerabilities

Using NMap NSE scripts

Writing your own NMap NSE scripts

Advanced Metasploit

Auxiliary modules

Post modules

Writing your own Auxiliary modules

Writing your own Post modules

Attacking Web Apps & Databases

Attacking Web Apps (ASPX, and PHP)

Web App – Tricky SQL Injections

Dealing with Web Application Firewalls

Attacking Big Data Solutions

 

Final Mission:

Students will attack the servers in the lab environment. These servers are much harder to penetrate than standard servers in the typical production environment. Similarly, these vulnerabilities are difficult to exploit (on purpose) – this particular class is designed with several complex targets to help students prepare for the OSCP exam network challenge certification.

Lab Network Access

Strategic Security now has a penetration tester’s target practice lab environment. Targets in the lab network will change on the 1st of every month. Students have the option to purchase 1 or 3 months access to the lab environment. Offensive Cyber Operations Students will receive

  • 30 hours of CPEs
  • Several virtual machines
  • Courseware slides
  • Lab Manual
  • Lab access

Class Videos

Students will receive all class recordings via their emails. This will help them keep up with the class even if they have to miss time or even a whole day.

Support

Each student will have access to an InfoSec Addicts Group (infosecaddicts.com) for the class. Groups are where students can ask questions outside of the regular class hours. Additionally, this is where they can work with other students on lab exercises, homework, and challenges. A Strategic Security class mentor will be assigned to the InfoSec Addicts Group to answer questions (allow one day for responses). Likewise, a Customer Relationship Manager will get assigned to the class to manage questions and support issues.

Class Schedule

4th and 6th of June 2018 from 7pm to 9pm EST

 

Class Cost

The class cost is $200 with 1 month of lab access.

 

Register to attend the class:

Fill out this form to sign up for the class.

$200.00Select options

Unlimited classes:

If you know that you are interested in this class as well as other InfoSec classes then you should consider the unlimited classes package for $49.99 per month. You can find out more about it by clicking on the link below:

https://infosecaddicts.com/unlimited-classes/

 

NOTE: Due to Joe McCray’s travel and work schedule (ex: short notice consulting/training engagements or changes to those engagements) classes may reschedule or cancel. In these situations a refund will NOT be granted as the class will re-run the following week, or additional days will be added to the class schedule to make up for this.

How to understand phishing scams?

 

So, what about phishing scams?

Phishing is one of the most common social engineering attacks that has risen these days.

The following list provides some a few social engineering scams executed via phishing:

  1. Banking Link Scam:

An email could be simply sent to you to trick you to reveal some important information about yourself. Even a phony link to your bank may be sent to you such that you start to believe it is sent from your actual bank. Then, you will be tempted to enter your user-name and password. In 2015, a campaign named Carbanak was able to get about around a billion dollars from over 30 countries. This information was found by Kaspersky.

What happened exactly is that spear phishing was highly depended on. As a result, workstations got infected through the help of their own employees. Hackers were capable of tunneling deeper into the bank’s systems, taking control over employee stations. This for sure allowed them to manage to transfer cash, operate ATMs in a remote manner, get the information changed for different accounts, and do some other playful tricks on the accounts.

The problem which occurred at that time was essentially due to a phishing email sent to some employees as if it was one of their colleagues who actually sent it. However, there was a malicious code right behind the scenes. It was able to spread from there widely. In the meantime, everything that happened on the victims’ machines was recorded by the attackers for future use. When proper time came, the attackers could basically understand everything in the system and get to know what things go where. This made it pretty easy for them when it came to doing several transactions among which was the ATM hits. In addition to that, inflating bank balances then siphoning off that amount was something on the scene such that an account balance for a customer might go from $20,000 to $100,000 and the $80,000 were basically the earnings of the hacker.

 

  1. Fax Notice Scam:

A phony link to a phony fax is all that it is. However, the damage is huge when it occurs to your computer as a result. This type of scams actually appears significantly when it comes to dealing with companies that greatly rely on faxes. Firms that heavily utilize faxes are exemplified by document management firms, title companies, and other companies for insurance and other financial services.

 

  1. Dropbox Link Scam:

Even Dropbox has its surprises with regards to scams. Some security incidents occurred through the year 2014. In one of the cases, what happened is that there was a phishing email sent to victims, asking them to click on a fake link to reset their Dropbox password. After clicking the link, users were led into a page where they were prompted that their browser is out of date and they need to update it. There was a button were users were supposed to press to run their update. However, this was the trigger for a Trojan in the Zeus family of malware. Additionally, there was another phishing attack that used Dropbox. Emails were sent to victims apparently having some Dropbox links. On clicking on such links, malicious software like “CryptoWall” ransomware got into the systems.

 

  1. Court Secretary Complaint Link Scam:

This is another phony link which is meant to trick a customer who falls as a victim of phishing. It is a link that confirms a customer’s complaint. For instance, a phishing email of that sort may include a sort of prediction that a consumer is willing to complain about something very soon. The one who sends the email apparently attempts to grasp the problems that the customer has to further work on them. Using this kind of phishing was in fact very common for quite some time.

 

  1. Facebook Message Link Scam:

This type of phishing trick mainly appears at the time of death time of a celebrity. A link is sent through Messenger or shared through different pages that daisies will be pushed up from the computer through a click on the proposed link.

One vivid example of this occurred when Robin Williams died. Unfortunately, a phishing message through Facebook was greatly widespread among different users tempting them to open a link to watch the Robin Williams goodbye video. The phishing message was really to the point such that even they added more flavor to the title of the link to indicate that it is an exclusive video of Williams saying goodbye through his cell phone. When the link was clicked on by the user, they were driven into a bogus BBC website page which had nothing but some bad links leading to scam online surveys.

How is it possible for an attacker to attract more victims to the counterfeit website?

There are in fact many methods utilized by an attacker to get more victims to visit the fake website. Among these methods, the following four tricky methods exist:

  1. The phishing website gets shortened to the minimum appropriate length by the attacker.
  2. The URL gets several shares on social media websites such as WhatsApp and Viber. It is more likely that people will have the incentive to get through these phishing links there because there is no shared awareness of computer security among the users of these social groups.
  3. Social Engineering is mostly used here such that people will fall into the trap and open the links.
  4. URLs are sent by the attackers to the victims through emails especially from female names.

 

Sources

https://digitalguardian.com/blog/social-engineering-attacks-common-techniques-how-prevent-attack

Hacking GMail Using Phishing Method and Prevention

 

What is the History of Honeypots?

 

There are several ways in which researchers and developers can work to protect the software that they write. Some are proactive, like code reviews and regression testing, while others are reactive, like the pwn2own contest where new vulnerabilities are used to exploit browsers. Some tools can take on aspects of both; one class of these tools are honeypots. The term honeypot was first presented by Lance Spitzner in 1999 in a paper titled To Build a Honeypot.

 

What is the history of honeypots?

Essentially, the motivation behind the name honeypots is derived from the honeypots existing in the actual real life. As we already know, such honeypots should be resourceful of desirable things which is the honey to someone who is a child or nest of ants for instance. This honeypot could be really useful to get this person lured out. When it comes to computer honeypots, it is no different at all. The same concept applies such that a tempting target exists and becomes attractive for an attacker who finds himself tempted to exploit the target and perform his desired attack in between.

Spitzner was the first one to bring the word honeypot to the field of computer science. However, the ideology was proposed since the mid-1980s. Since then, there has been some research on how attacks are performed on systems to have their devastating effects on different organizations. In January 1991, Bill Cheswick wrote the following comments regarding his time at AT&T Bell Laboratories. He was trying to find out reasons or logs for attacks, as he explains in the following comments:

On Sunday evening, January 20, I was riveted to CNN like most people. A CNN bureau chief in Jerusalem was casting about for a gas mask. I was quite annoyed when my terminal announced a security event: 22:33 finger attempt on berferd A couple of minutes later someone used the debug command to submit commands to be executed as root – he wanted our mailer to change our password file!

These statements show how Cheswick managed to understand the commands issued by a remote attacker. He was even able to manipulate the attacker through replying to him with some modified responses on the same day. However, on the following day, Cheswick started working with his team on creating a chroot environment where they can play with the attacker and even make the attacker play there. The following words show what he did exactly as he narrated:

I wanted to watch the cracker’s keystrokes, to trace him, learn his techniques, and warn his victims. The best solution was to lure him to a sacrificial machine and tap the connection. … We constructed such a chroot “Jail” (or “roach motel”) and rigged up logged connections to it through our firewall machine. … A little later Berferd [the attacker] discovered the Jail and rattled around in it. He looked for some programs that we later learned contained his favorite security holes. To us, the Jail was not very convincing, but Berferd seemed to shrug it off as part of the strangeness of our gateway. Berferd spent a lot of time in our Jai

The attacker was recognized by Cheswick for several months. Nonetheless, the attacker was kept there inside the honeypot until Cheswick shut it down. During that time,  several attempts were made by the attacker to try to attack several other computer networks. The benefit from all his attempts lied mainly in the fact that administrators were able to find out the weak points in their networks where attacks were possible to be made. If it weren’t for the honeypot, Cheswick with his team of network administrators would not have been able to detect all of these flaws in the network of his organization. Furthermore, they were capable of recognizing where the source of the attack was. It was, in fact, coming from a Sweden guy who had a knack for subverting the system he was on. He should have had an account to do his bad deed.

Then, in 1997, Deception Toolkit 0.1 got released by Fred Cohen. This was basically like an introduction to how the structure of a honeypot should look like. Therefore, in the following year, CyberCop Sting honeypot got released to become the first commercially produced honeypot ever. In the same year, BackOfficer Friendly got released as well. It was actually a free software that was easy to use and configure. This version operated perfectly under the Microsoft Windows operating system platform. It was the beginning of increasing publicity of honeypots across the world. This is simply because a tremendous amount of people knew about it and tried it that year. Honeynet then started in 1999. It was after BlackOfficer when people became more attracted to the new trend of honeypots. There were several other papers that were written to tackle this technology and discuss new efficient implementations of honeypots. As a result, the general knowledge of people increased greatly because of the many releases and applications.

The usage of honeypots to capture any malicious activities, malicious software on the internet, detect it and raise awareness about any new threats occurred between 2000 and 2001. Since this year, honeypots became popular with organizations which cared about computer security. They implemented honeypots in their networks such that they could detect any malicious traffic going through their network and hence get their network security improved as a whole. Since 2002 till now, the concept of honeypots became familiar to the professionals in the field of computer security. Researchers and professionals worked on improving the functionalities of honeypots. Many more features were added to honeypots until their benefits became considerable for businesses and companies.

 

Resources:

http://www.diva-portal.org/smash/get/diva2:327476/fulltext01

https://www2.cs.arizona.edu/~collberg/Teaching/466-566/2012/Resources/presentations/2012/topic12-final/report.pdf

 

Offensive Cyber Expert Bundle

Do you really want to be the guy or girl that can just flat out hack! I’m talking about where it just doesn’t matter what’s in front of you – you know that you can figure it out.

It doesn’t matter if you are up against Linux, Windows Server 2016, SharePoint, web apps, or custom apps where you need to modify public exploit code to attack them.

If that’s what you want to be then this is the course bundle for you.

For today only you can purchase this entire class bundle for only $200 – just click the add to cart below:

$200.00Select options

 

linux

Being proficient in Linux in the InfoSec world today is an absolute must. This is the class that you absolutely want to take to not only get familiar with Linux but to learn how to use Linux to perform InfoSec tasks instead of just the basics of the operating system.

 

For today only you can purchase this entire class bundle for only $200 – just click the add to cart below:

$200.00Select options

 

powershell

Just like with Linux being proficient in PowerShell in the InfoSec world today is an absolute must because all of the Microsoft technologies today heavily utilize PowerShell. This is the class that you absolutely want to take to not only get familiar with PowerShell but to learn how to use PowerShell to perform InfoSec tasks.

 

For today only you can purchase this entire class bundle for only $200 – just click the add to cart below:

$200.00Select options

 

Offensive Cyber Operations
Offensive PowerShell with Cyber Range

This is the class where the rubber meets the road. This is the class where you put it all on the line and find out what works in the real world and what doesn’t. The Cyber Range is a full blown modern Windows environment (Windows Server 2016, Active Directory 2016, and SharePoint 2016 multi server farm)

 

For today only you can purchase this entire class bundle for only $200 – just click the add to cart below:

$200.00Select options

 

Exploit development

This is a fun class. 64bit exploit development. Learn how to write exploits, learn how to modify public exploit to suit your needs.

 

For today only you can purchase this entire class bundle for only $200 – just click the add to cart below:

$200.00Select options

 

 

Unlimited classes:

If you know that you are interested in this class as well as other InfoSec classes then you should consider the unlimited classes package for $49.99 per month. You can find out more about it by clicking on the link below:

https://infosecaddicts.com/unlimited-classes/

NOTE: Due to Joe McCray’s travel and work schedule (ex: short notice consulting/training engagements or changes to those engagements) classes may reschedule or cancel. In these situations a refund will NOT be granted as the class will re-run the following week, or additional days will be added to the class schedule to make up for this.

Offensive PowerShell with Cyber Range

Offensive PowerShell class with Cyber Range

On the 24th of February from 10am EST to 4pm  EST we will run the first online Offensive PowerShell course with our new Cyber range. The Cyber Range is a full blown modern Windows environment (Windows Server 2016, Active Directory 2016, and SharePoint 2016 multi server farm).

powershell

Here is your chance to use what you learned in the PowerShell class, and get a chance to use all of the popular PowerShell tools such as:

 

Cyber Range

Students will receive cyber range access on the 22nd of February and maintain access to the new cyber range until the end of March.

Support

Each student will receive access to an InfoSec Addicts Group for the class. Groups are where students can ask questions outside of the regular class hours, work with other students on lab exercises, homework, and challenges.

A class mentor is assigned to the InfoSec Addicts Group to answer questions (allow one day for responses).

Similarly, a Customer Relationship Manager is assigned to the class to manage questions and support issues.

Class Schedule

This class is going to run on Saturday the 24th of February from 10am EST to 4pm EST.

 

Class Cost

The class cost is regularly $500, but you can get it for $200 if you sign up before February 19th.

Fill out this form to sign up for the class.

$200.00Select options

 

Unlimited classes:

If you know that you are interested in this class as well as other InfoSec classes then you should consider the unlimited classes package for $49.99 per month. You can find out more about it by clicking on the link below:

https://infosecaddicts.com/unlimited-classes/

 

NOTE: Due to Joe McCray’s travel and work schedule (ex: short notice consulting/training engagements or changes to those engagements) classes may reschedule or cancel. In these situations a refund will NOT be granted as the class will re-run the following week, or additional days will be added to the class schedule to make up for this.

What is Honeyspot?

 

What are Wireless Honeypots?

There are different types of honeypot system that are commonly used as well. They are called wireless honeypots. Getting a wireless honeypot deployed in a network is mainly used for the sake of capturing the behavior of a system which resides inside a wireless network. Information and statistics about such behavior and activities could be easily gathered from such honeypots. Wireless connections contain both the technology of IEEE 802.11 and some other similar technologies like Bluetooth for instance.

Why do we use Wi-Fi honeypots?

We are basically into using Wi-Fi honeypots to track any malicious activity on the target network. To elaborate more, using some access points, a wired network, and some open-to-attack computers could simply lead to obtaining a Wi-Fi structure, right? In this structure, Wi-Fi networks are really vulnerable to enormous amounts of attacks, which urges the need for a Wi-Fi honeypot that could simple be capable of getting any unauthorized traffic captured and getting some questions answered about the possibility of catching wardriving and hackers which are collecting their forces to attack a wireless network and get it compromised.

 

What is Honeyspot? 

Honeyspot is, in fact, the name of a wireless honeypot project which got the original support from Honeynet, the Spanish project. This project is in fact considered to be the most famous honeypot projects when it comes to wireless honeypots. The reason why it has this strange name lays back in the two terms Honeypot, which is the basic idea of wireless honeypots, and hotspot, which is the basic idea of a wireless network.

The rationale beyond this honeyspot project is basically to monitor an attacker while he tries to act maliciously against a wireless network to know his behavior and actions. The traffic going through such honeyspot is only the malicious traffic. On the other hand, since any professional and experienced attacker is capable of identifying whether it is, in fact, a real system or it is a fake honeypot, it is no different when it comes to honeyspot project where same experienced attackers could recognize and distinguish between honeyspot and real systems. The way in which a honeyspot appears matter to convince the majority of attackers that it is a real system. There should be many similarities between the real system and a honeyspot system.

The aim that the team of the honeyspot project had in mind is that they needed to understand attack types, ideas that an intruder has about the system, his logic, and how he approaches the system for his purposes. The benefit of getting much information about the attack is huge such that attack should be completely identified to further prevent any similar attacks in the future. Using this collected information and data about the attack, it becomes easy to understand many flaws that WEP wireless connections have, and for sure how attackers think about that and how they try to exploit such vulnerabilities. All of the IP address spoofing, hacking of web session, and spoofing of a MAC address become all recognized and identified using Honeyspot project. Special approaches to get the clients of a wireless network hacked are also understandable with the help of the Honeyspot project. The result of all of this information and understandings, the existence of much more secured systems become achievable.

There is, in fact, a special network architecture that works best with the Honeyspot project.

The architecture consists of the following components:

  1. There has to be a Wi-Fi access point (WAP) to which clients can have access to and connect to it. An attacker is also able to connect to the WAP. This is the main source of internet connection for all its clients.
  2. There are on the other hand the wireless clients (WC) who seems to be utilizers of the network in the first place to gain access to the internet connection provided using WAP. However, all of these clients are not actual devices, and they can connect to the honeyspot network. If these clients are not real, then why on earth we have them in the first place? The basic answer to this question is that we mainly need to create traffic in the fake system. We want to show the attacker that there is traffic going through the wireless honeyspot as incoming and outcoming traffic. This gives the attacker a sense that he is attacking a real system, not a fake one. Consequently, he becomes tempted to attack the network through initially monitoring such traffic with the use of his monitoring tools used for the attack.
  3. There is also what is referred to as WMON which is a wireless monitor module. In this module, traffic gets captured such that any information about the network traffic could be retrieved and monitored. This assists security administrators in getting to understand the attacks and get information about it. This shows how important this module is.
  4. Another module exists, having the name of WDA which refers to wireless data analysis module. The work of this module mainly depends on the work of WMON in the first place. This module takes part with the administrators in the process of getting to analyze the captured traffic. Now you can see why this module relies heavily on the WMON module. While capturing data happens by WMON module, WDA comes to analyze and examine this traffic. The mechanism goes like the following: when WMON captures the records of traffic, it saves them and then sends them directly to WDA to make sense of this traffic through analyzing it to get important information from it.
  5. Finally, the last module is named WI module. This module is, in fact, a wired structure which is optional in the architecture used for honeyspot, meaning that it could exist or not in the architecture without having to worry about any problems. The idea is basically that this network structure may be designed to have a wired connection structure as well as the wireless connection. This just gives a slightly different aspect to the usual network structure used for honeyspot.

 

Resources:

http://www.diva-portal.org/smash/get/diva2:327476/fulltext01

https://www2.cs.arizona.edu/~collberg/Teaching/466-566/2012/Resources/presentations/2012/topic12-final/report.pdf

 

How to Hack Gmail using Phishing Method

 

In fact, a key answer to the proposed question in this article’s title is Wapka. So what is Wapka? It is a free platform for website creation. By using it, Gmail id, browser and IP address of a victim could be all sent. Through this website, a phishing website could be created easily without any much knowledge about PHP or MySql.

 

What do I have to get before getting into the steps?

You have to be aware of the following points before starting the steps which are to be discussed later on in this article:

1. You have to have an email account to be able to register on Wapka

2. You have to be knowledgeable of HTML to some extent.

3. You have to be knowledgeable of Gmail to some extent.

4. You also should be somehow aware of website creation.

5. You have to have a victim as a target for this attack.

 

What are we about to do now?

We are to create a website that looks exactly like Gmail mobile website. Then, we will receive the victim’s passwords, email id, IP address and browser information, through our email id.

 

Let’s discuss the detailed steps now:

1. Open the Wapka website and get a new account registered on the website.

2. Now, get logged into your new account and navigate through the Site List to create a new one.

3. Type the name of the site, noting that all characters should be in the range of characters a to z  and numbers 0 to 9. Special characters are not allowed.

For example, you can create a username:  newgmail21 and make it @wapka.mobi

4. After clicking “submit”, this should drive you to a screen with two options: either an Admin Mode or User Mode. You should click on “Admin Mode”.

5. A blank page should now appear, which is simply your site to which you have done nothing so far. To start editing your site, click on the link:: EDIT SITE(#):: This link is at the lower rightmost corner of the screen.

6. Click on the Mail form out of all the options which appear to you now.

7. A new screen will appear. You should uncheck “Enable CAPTCHA pictures”.

Now, click “submit”. Also, remember not to set it admin mode.

8. To make your email id as the destination where the victim’s details will be sent, you need to do the following:

A. Navigate through the site list and click with the cursor on your website name. Without                    choosing the Admin Mode, you need to scroll down and hit “Source code viewer”

B. Inside the box, you should type the link to your site. There should appear a screen with some code, search for the word “value=” and take note of the number right beside it.

C. Make the mail form hidden the Admin mode. This could be simply done through the next step, but this is after getting the value=’XXXX..” code.

D. Now click on your site, then choose the Admin mode. You should have a blank site again like what happened before, and now you should also click on “Edit Site”. Afterwards, click on              “Users”.

E. Click now on items visibility, and then you should select X from the drop-down menu.

F. Now, download the following code from this link:

https://www.hacking-tutorial.com/tools/subscribers/index.php?id=hckgml

G. Click on your site again and press the Admin Mode. Now, you should press Edit site and choose “WML/XHTML code”. You should now make use of the code you have just downloaded; copy paste it into this section of WML/XHTML code.

I. Remember to get the value=”XXX..” in the code replaced by the one you extracted just now.

9. Now the phishing website is ready as a design, appearance, and even functionalities. Any victim’s details should now get sent to your email which you used while registering on the Wapka website. The email will be received from [email protected] The details that will be sent should include: User-name and password With IP Address and Browser used by the victim.

10. Congratulations! You can now hack the Gmail account. Well done.

 

Where can’t I use Wapka?

There are two locations where the use of Wapka is impossible:

1. Facebook: any Wapka URLs get blocked by Facebook before sharing them. That’s because people on Facebook try to save their clients to the most possible levels.

2. India: the government there blocked the use of this website inside the country. Even surfing the website is impossible inside India. However, they forgot how a proxy site could do all the magic as mentioned earlier no matter whether the website is blocked in a country or not.

 

How can one prevent himself/herself from getting hacked through Gmail phishing?

1. First of all, you’ve got to make sure that the URL starts with “https” in the URL bar. This ascertains that it is a Google site.

2. If there is a link which refers to any “Free Offer, Free Lottery, Free Insurance, Free Net” etc., it is very highly recommended not to click on the link because it may be a phishing site. This is so common on social media websites such as Whatsapp, or even text SMS messages.

3. Don’t press links sent to you in the email just because a girl has sent it to you. This is actually one of the commonly used phishing methods to trick male guys and motivate them to open the link. This method is one of the trickiest methods of social engineering.

4. So, in a nutshell, try not to get yourself into social engineering to avoid being a victim of phishing in general and Gmail Phishing in particular.

 

Sources

https://www.hacking-tutorial.com/hacking-tutorial/hacking-gmail-using-phishing-method-and-prevention/#sthash.4LzmArQ2.RNipUpcm.dpbs

 

FREE Exploit Development webinar on the 22nd of February at 1pm EST

Exploit developmentIn this FREE webinar Joe McCray will cover the fundamentals of exploit development and modifying public exploit code on penetration tests. This webinar is designed for people with little to no exploit development or programming experience.

This webinar will be held on the 22nd of February at 1pm EST

Click the link below to sign up for this webinar:

https://attendee.gotowebinar.com/register/5628748955745369601

 

Free Advanced Network Penetration Testing webinar

network penetration testingIn this FREE webinar Joe McCray will cover the fundamentals of the network penetration testing, and how to perform basic penetration testing tasks. This webinar is designed for people with little to no network penetration testing experience.

This webinar will be held on the 1st of February at 1pm EST

Click the link below to sign up for this webinar:

https://attendee.gotowebinar.com/register/6831470640505615106

network penetration testing

Free Python For InfoSec Professionals webinar

Python
Python

In this FREE webinar Joe McCray will cover the fundamentals of programming, and how an InfoSec Professional can use Python to perform common IT Security tasks. This webinar is designed for people with little to no programming experience.

This webinar will be held on the 25th of January at 1pm EST

Click the link below to sign up for this webinar:

https://attendee.gotowebinar.com/register/7329340500678816770

Free Introduction to Metasploit webinar

Metasploitable

In this FREE webinar Joe McCray will cover the basics of Metasploit, and how to perform common penetration testing tasks with it. This webinar is designed for people with little to no penetration testing experience.

This webinar will be held on the 18th of January at 1pm EST

Click the link below to sign up for this webinar:

https://attendee.gotowebinar.com/register/6619596948856358146

Metasploit