Ethical hacking : Top 12 best websites to learn hacking

  • Exploit DB: An archive of exploits and vulnerable software by Offensive Security. The site collects exploits from submissions and mailing lists and concentrates them in a single database.
  • Hacked Gadgets: A resource for DIY project documentation as well as general gadget and technology news.
  • SecTools.Org: List of 75 security tools based on a 2003 vote by hackers.
  • Phrack Magazine: Digital hacking magazine.
  • The Hacker News: The Hacker News — most trusted and widely-acknowledged online cyber security news magazine with in-depth technical coverage for cybersecurity.
  • NFOHump: Offers up-to-date .NFO files and reviews on the latest pirate software releases.
  • HackRead: HackRead is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance, and Hacking News with full-scale reviews on Social Media Platforms.
  • Metasploit: Find security issues, verify vulnerability mitigations & manage security assessments with Metasploit. Get the worlds best penetration testing software now.
  • Packet Storm: Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers.
  • SecurityFocus: Provides security information to all members of the security community, from end users, security hobbyists and network administrators to security consultants, IT Managers, CIOs and CSOs.
  • KitPloit: Leading source of Security Tools, Hacking Tools, CyberSecurity and Network Security.
  • Hakin9: E-magazine offering in-depth looks at both attack and defense techniques and concentrates on difficult technical issues.
沒有留言:

Thousand Ways To Backdoor A Windows Domain (Forest)

When the Kerberos elevation of privilege (CVE-2014-6324 / MS14-068) vulnerability has been made public, the remediation paragraph of the following blog post made some waves:
http://blogs.technet.com/b/srd/archive/2014/11/18/additional-information-about-cve-2014-6324.aspx

"The only way a domain compromise can be remediated with a high level of certainty is a complete rebuild of the domain."

Personally, I agree with this, but .... But whether this is the real solution, I'm not sure. And the same applies to compromised computers. When it has been identified that malware was able to run on the computer (e.g. scheduled scan found the malware), there is no easy way to determine with 100% certainty that there is no rootkit on the computer. Thus rebuilding the computer might be a good thing to consider. For paranoids, use new hardware ;)

But rebuilding a single workstation and rebuilding a whole domain is not on the same complexity level. Rebuilding a domain can take weeks or months (or years, which will never happen, as the business will close before that).

There are countless documented methods to backdoor a computer, but I have never seen a post where someone collects all the methods to backdoor a domain. In the following, I will refer to domain admin, but in reality, I mean Domain Admins, Enterprise Admins, and Schema Admins.


Ways to backdoor a domain

So here you go, an incomplete list to backdoor a domain:

  • Create a new domain admin user. Easy to do, easy to detect, easy to remediate
  • Dump password hashes. The attacker can either crack those or just pass-the-hash. Since KB2871997, pass-the-hash might be trickier (https://technet.microsoft.com/library/security/2871997), but not impossible. Easy to do, hard to detect, hard to remediate - just think about service user passwords. And during remediation, consider all passwords compromised, even strong ones.
  • Logon scripts - modify the logon scripts and add something malicious in it. Almost anything detailed in this post can be added :D
  • Use an already available account, and add domain admin privileges to that. Reset its password. Mess with current group memberships - e.g. http://www.exploit-db.com/papers/17167/
  • Backdoor any workstation where domain admins login. While remediating workstations, don't forget to clean the roaming profile. The type of backdoor can use different forms: malware, local admin, password (hidden admin with 500 RID), sticky keys, etc.
  • Backdoor any domain controller server. For advanced attacks, see Skeleton keys 
  • Backdoor files on network shares which are commonly used by domain admins by adding malware to commonly used executables - Backdoor factory
  • Change ownership/permissions on AD partitions - if you have particular details on how to do this specifically, please comment
  • Create a new domain user. Hide admin privileges with SID history. Easy to do, hard to detect, easy to remediate - check Mimikatz experimental for addsid
  • Golden tickets - easy to do, hard to detect, medium remediation
  • Silver tickets - easy to do, hard to detect, medium/hard remediation
  • Backdoor workstations/servers via group policy
    • HKEY_LOCAL_MACHINE\ Software\ Microsoft\ Windows\ CurrentVersion\ RunOnce,
    • scheduled tasks (run task 2 years later),
    • sticky-keys with debug
  • Backdoor patch management tool, see slides here
[Update 2017.01.10]


Other tricks

The following list does not fit in the previous "instant admin" tips, but still, it can make the attackers life easier if their primary foothold has been disabled:

  • Backdoor recent backups - and when the backdoor is needed, destroy the files, so the files will be restored from the backdoored backup
  • Backdoor the Exchange server - get a copy of emails
  • Backdoor workstation/server golden image
  • Change permission of logon scripts to allow modification later
  • Place malicious symlinks to file shares, collect hashes via SMB auth tries on specified IP address, grab password hashes later
  • Backdoor remote admin management e.g. HP iLO - e.g. create new user or steal current password
  • Backdoor files e.g. on shares to use in SMB relay
  • Backdoor source code of in-house-developed software
  • Use any type of sniffed or reused passwords in new attacks, e.g. network admin, firewall admin, VPN admin, AV admin, etc.
  • Change the content of the proxy pac file (change browser configuration if necessary), including special exception(s) for a chosen domain(s)  to use proxy on malicious IP. Redirect the traffic, enforce authentication, grab password hashes, ???, profit.
  • Create high privileged users in applications running with high privileges, e.g. MSSQL, Tomcat, and own the machine, impersonate users, grab their credentials, etc. The typical pentest path made easy.
  • Remove patches from servers, change patch policy not to install those patches.
  • Steal Windows root/intermediate CA keys
  • Weaken AD security by changing group policy (e.g. re-enabling LM-hashes)
Update [2015-09-27]: I found this great presentation from Jakob Heidelberg. It mentions (at least) the following techniques, it is worth to check these:
  • Microsoft Local Administrator Password Solution
  • Enroll virtual smart card certificates for domain admins

Forensics

If you have been chosen to remediate a network where attackers gained domain admin privileges, well, you have a lot of things to look for :)

I can recommend two tools which can help you during your investigation:

Lessons learned

But guess what, not all of these problems are solved by rebuilding the AD. One has to rebuild all the computers from scratch as well. Which seems quite impossible. When someone is creating a new AD, it is impossible not to migrate some configuration/data/files from the old domain. And whenever this happens, there is a risk that the new AD will be backdoored as well.

Ok, we are doomed, but what can we do? I recommend proper log analysis, analyze trends, and detect strange patterns in your network. Better spend money on these, than on the domain rebuild. And when you find something, do a proper incident response. And good luck!

Ps: Thanks to Andrew, EQ, and Tileo for adding new ideas to this post.

Check out the host backdooring post as well! :)
More articles
  1. Pentest Jobs
  2. Hacker
  3. Pentest Dns Server
  4. Hacker Language
  5. Hacking Process
  6. Hacker Tools
  7. Pentest Firewall
  8. Pentest Software
  9. Pentest Cyber Security
  10. Hacker Computer
  11. Pentest Windows 7
  12. Hacking Gif
  13. Pentest Book
  14. Hacking Wifi
  15. Pentest Environment
  16. Pentest Training
沒有留言:

DOWNLOAD BLACKMART ANDROID APP – DOWNLOAD PLAYSTORE PAID APPS FREE

Android made endless possibilities for everyone. It introduced a platform where are millions of apps that a user can download and buy depending on their needs. You're thinking about Google PlayStore, yes I am also talking about Google PlayStore. It's categorized app collection depending on every niche of life. Few of them are free and some of them are paid. Most of the paid apps are only charges small cost in between $2 to $8, but few apps are highly costly that make cost over $50 even, which is not possible for every user to buy and get benefit from it. So, here I am sharing a really useful app, that can make every Google PlayStore app for you to download it for free. You can download any paid app that may even cost about $50. It's totally free. Download blackmart Android app and download google play store paid apps freely.

DOWNLOAD BLACKMART ANDROID APP – DOWNLOAD PLAYSTORE PAID APPS FREE

  • It's extremely easy to use.
  • It has a Multilingual option for a global user experience.
  • The app doesn't ask for any payments.
  • Capable to download full of downloadable applications.
  • Super fast in downloading and installation.
Related articles
沒有留言:

Administración Remota De Servidores Desde Android

Sería muy util poder administrar todos nuestros servidores desde la palma de la mano.

Sin embargo una shell linux, no es viable en el teclado de un teléfono incluso de un tablet, sobretodo porque hay que escribir muchos símbolos, por ejemplo el guión, y estos teclados están pensados más bien para texto.

Pues bien, de esta necesidad surgió la aplicación SSHControl:


SSHControl

Esta problematica la he solucionado a base de utilizar nevegadores y estructurar los outputs para no acumular excesiva información en la pantalla.

- Navegador de ficheros
- Navegador de procesos
- Navegador de conexiones
- Navegador de logs
- Navegador de drivers de kernel

Esto permite administrar múltiples servidores con un solo dedo :)

Controlar la seguridad de sus servidores ahora es bastante sencillo y ágil, por ejemplo con solo hacer un "tap" encima de un usuario, podemos ver sos procesos asociados, con hacer otro tap en un proceso podemos kilearlo, ver mas info etc ..
Con hacer un tap encima de una apliacción, vemos sus conexiónes, con un tap en una conexión podemos agregar una regla de filtrado en el firewall, etc ..


En la siguiente versión habilitaré la opción de "Custom Commnands", la cual es muy util,
cada administrador o usuario linux, tiene una serie de comandos que repite con mucha frecuencia,
bien pues esta opción permite pre-programar estos comandos habituales, de manera que puedes lanzarlos con un simple tap.

En el roadmap tengo pensadas nuevas funcionalidades muy útiles :)

Aqui os dejo algunas capturas de pantalla:







Related news
沒有留言:

November 2019 Connector

OWASP
Connector
November 2019

COMMUNICATIONS


Letter from the Vice-Chairman

Dear OWASP Community, 

Preparation for next year's conferences is underway. I had the pleasure of meeting people from our community at a recent ISACA Ireland event where I had an OWASP stand. I also had lots of swag to give away, loads left which I plan to share out amongst the community. 

I was on a call recently with both WIA leadership and a number of individuals looking to broaden our diversity reach, forming DIA (diversity in AppSec). This was a positive call and I look forward to reviewing their proposal under the committee 2.0 operating model.

I'd like to thank our volunteers, chapter and project leaders for making OWASP what it is today. We wouldn't have a foundation without you. We always want to make things better, to this end, it would be great if you could fill out the following feedback form.

Thank you, 
Owen Pendlebury, Vice-Chairman

FROM THE EXECUTIVE DIRECTOR


As we wind down 2019, we are planning lots of new opportunities to get involved with OWASP next year. The current working draft of the 2020 Operating Plan can be found on our staging site for our new website which is planned to launch next month.
 
Some of the highlights for 2020:
  • Quarterly Town Hall meetings.
  • Two Project Summits - the first in February 2020
  • Pilot single-day AppSec Days worldwide to offer local training and community.
We are also set to further increase the transparency of the daily workings of OWASP through our Staff Projects page. The pages linked there will always be a work in progress; some of which today are still only templates but still a great resource to know what's going on at OWASP.

All of this which adds to our Global and Regional Events, ongoing local chapter support, and other member activities. Our plans are ambitious and we look forward to your continued support this and every month as we look to better secure the web.



OWASP Foundation Global AppSec Event Dates for 2020

Global AppSec Dublin, June 15 - 19, 2020
(Formerly known as AppSec EU)
Sponsorship is now available
Call for Papers & Call for Training December 2019
 
Global AppSec San Francisco, October 19 - 23, 2020
(Formerly known as AppSec US)
CFP &  CFT February 2020

** Visit our website for future announcements.**
NEW OWASP Project Summit - Winter 2020
February 2020 in Cancun, Mexico
 
The OWASP Foundation will host a three-day working session for FIVE selected projects in Cancun, Mexico, February 2020. Arrival day will be Wednesday the 19th and departures will be the 23rd. Projects must apply and then get selected to participate. The application process will require project meeting goals, work plans, key contributors, and expected attendance. The OWASP Foundation Officers Group will make the final selection. For more information click here

You can also email Emily Berman Global Events Director or Harold Blankenship Director of Technology and Projects.
Announcing a New Opportunity to become part of a Global AppSec Program Team
 
Conference Program Teams are constituted for each Global AppSec event and consists of members of OWASP members and staff. The selection of team members is based on subject-matter expertise and a balanced representation of the OWASP community. For planning purposes, team members shall reside on the continent of the Global AppSec for which they serve. Teams are constituted no later than six months prior to the Global AppSec event.

To apply to become a member of the Conference Program Team click here.


 
We are so excited to announce that both the London OWASP and WIA community have been asked to speak at BlackHat Europe 2019 on Wednesday 4 December at the EXCEL London.   Andra Lezza is leading the panel of women to "Share insights gained at different stages of their careers to help other women in the field."  Thank you, Andra, for leading the initiative and also to Sonya Moisset, Bibi Sanjarani, Katy Anton and Lauren Chiesa for volunteering to be part of the panel.  Also from the OWASP Community and a London Chapter Leader Sam Stepanyan and Paul Harragan.  Sam and Pau will be presenting a more in-depth demo on the OWASP Nettacker.  Good luck to all the speakers have a great conference.

I would like to encourage all of the OWASP community that will be attending BlackHat Europe to please make every effort to attend and support our fellow OWASP members Wednesday, 4 December 2019. (Click to view the schedule details.)

OWASP Members don't forget you are eligible for € 200.00 discount, email marketing@owasp.org for code to use when registering.


BlackHat Europe has extended an invitation to our London WIA community  to  lead a panel to "Share insights gained at different stages of their careers that could help other women in the field."  Thank you to Andra Lezza for leading this initiative and Sonya Moisset, Bibi Sanjarani, Katy Anton and Lauren Chiesa for volunteering to be part of the panel and to contribute.  Good luck I am sure your session will be a huge success.

BlackHat Europe 2019 London at EXCEL London
2019 December 2-5 
The OWASP Booth 1015
Business Hall December 4 & 5 
December 4, 10:30 AM - 7:00 PM
December 5: 10:00 AM - 4:00 PM

EVENTS 

You may also be interested in one of our other affiliated events:


REGIONAL EVENTS
Event DateLocation
German OWASP Day 2019 December 10, 2019 Karlsruhe, Germany
AppSec California 2020 January 21 - 24, 2020 Santa Monica, CA
OWASP New Zealand Day 2020 February 20 - 21, 2020 Auckland, New Zealand
OWASP Seasides March 3 - 5, 2020 Panjim Goa, India
SnowFROC 2020 March 5, 2020 Denver, CO
AppSec Morocco & Africa 2020 June 4 - 5, 2020 Rabat, Morocco

GLOBAL PARTNERSHIP EVENTS
Event Date Location
BlackHat Europe 2019 December 2 - 5, 2019 London

PROJECTS


As the foundation moves toward the migration of the OWASP web presence from the old wiki site to our new Github-hosted home, some of you may still have questions regarding what to move and how to move it. Essentially, if you have a chapter page or project page and you have not migrated it to the new website, that would be first. Steps on what to do and what is needed can be found at https://www2.owasp.org/migration There are also some minor instructions on the default project or chapter page itself. And if you are wondering where that page is located, you can go to https://github.com/OWASP and type your chapter name in the repository search bar. If your project or chapter is not there, contact me. Lastly, there are a number of excellent examples already done by other leaders (also linked on the migration page).

And, as a precaution, you should click over into the 'Settings' of your repository and then click the 'Collaborators & teams' link on the left menu and check to make sure that the usernames added to Collaborators match what you expect.  Having someone you do not know edit your web page without your knowledge is no longer the expected behavior.

Some resources, mostly for projects, have been uploaded to the OWASP Site Theme Repository and can be linked to via the /assets/image/common/<file> URL.

After your chapter or project page is done, there is a www-community repository which would include any files from the wiki that are not currently in a project or chapter or board/staff policy area.  For instance, there are pages there for GSoC and XSS and CSRF.  A list of the top pages that need to be migrated can be found attached to one of the TODO cards on our website migration Trello board which you are invited to join if you want to help migrate loose pages and/or perform some automation work.

Our current plan can be found on the Website Relaunch project page.

PROJECT ANNOUNCEMENT

As part of OWASP's participation in Google's Season of Docs, the ZAP project has had Nirojan Selvanathan (@sshniro)  working on API documentation.  The first iteration of the documentation is now live.  It includes Java, Python, and shell
example snippets all presented in a responsive and accessible design which we will continue to build on in the future.

Big thanks to Nirojan for his efforts on this wonderful initiative!
Congratulations and thanks to Google Open Source for helping to bring the open-source and technical writer communities together!

COMMUNITY

 
Welcome to our New OWASP Chapters

Colombo, Sri Lanka
Des Moines, IA
Harrisburg, PA
Louisville, KY
Monterrey, Brazil
Moscow, Russia


 
Contributor Corporate Members
 

 
*Ads and logos are not endorsements and reflect the messages of the advertiser only. *
Join us
Donate
Our mailing address is:
OWASP Foundation 
1200-C Agora Drive, #232
Bel Air, MD 21014  
Contact Us
Unsubscribe






This email was sent to *|EMAIL|*
why did I get this?    unsubscribe from this list    update subscription preferences
*|LIST:ADDRESSLINE|*

沒有留言:
訂閱: 文章 (Atom)