S.C. tax breach began when employee fell for spear phish. November 21, 2012 A targeted phishing email delivered to an employee at the South Carolina Department Revenue opened the door for attackers to exfiltrate Social Security numbers and other personal data belonging to millions of residents, according to a report prepared by a forensic firm that investigated the mega breach. Mandidant, a company that provides incident response services, said in its report, released Tuesday, that the attack began on Aug. 13 when a number of workers received the malware-infested phishing email. At least one employee fell for the ruse, which executed malware, stealing their username and password. Two weeks later, the attackers used these credentials to log in to the Department of Revenue's remote access service, giving them access to the employee's computer. They then used that worker's access privileges to reach other systems and databases on the state agency's network.
When the smoke cleared, the damage was astonishing. Gov. Malware don't need Coffee. CGISecurity - Website and Application Security News. Ha.ckers.org web application security lab. Ha.ckers.org web application security lab. Application-Layer DDoS Attacks Are Growing: Three to Watch Out For | BreakingPoint. DDoS and Security Reports| Arbor Networks Security Engineering & Response Team. Marc Eisenbarth, Alison Goodrich, Roland Dobbins, Curt Wilson Background A very serious vulnerability present in OpenSSL 1.0.1 for two years has been disclosed (CVE-2014-0160). This “Heartbleed” vulnerability allows an attacker to reveal up to 64kb of memory to a connected client or server. This buffer-over-read vulnerability can be used in rapid succession to exfiltration larger sections of memory, potentially exposing private keys, usernames and passwords, cookies, session tokens, email, or any other data that resides in the affected memory region.
This flaw [...] Read More I’ve always found sites which test IPv6 connectivity interesting. As mentioned in another posting (you can read it here), the “test-ipv6” software is available open-source. There is a certain level of skill to creating an IPv6-capable network. Such sites have been around in one form or another since at least 2000. Similar, Yet Different. Data Breach Scoreboard. 06 November 2012Drew Amorosi Infosecurity compiles history’s top data breaches, while surveying the mandatory reporting landscape in the US and Western Europe Data Breach Reporting Requirements These United States? European Disunion Top Data Breaches – All Time (no. of records)* Most Significant Data Breaches* Global Reported Data Breach Incidents by Sector Reported Worldwide Data Breach Incidents by Year Comment on this article You must be registered and logged in to leave a comment about this article. Disable copy shortcut for web page. StratBLOG - stratsec security research.
NLP and Social Engineering - Hacking the human mind Article at HellBound Hackers. Hey everyone this is an extension to my original Social engineering article. This will add on to the specifics behind some techniques that you can use in real social engineering. I hope this really adds on to what I mentioned in the previous article, enjoy. *The basics of NLP* NLP stands for nuero linguistic programming, and as the name suggests it is the programming of a persons subconscious mind to get them to do what you please. This is a very good skill to learn for social engineering. NLP is a real phenomenon that can be used by any person. *The Human Factor* Regardless of age, profession, religion, or philosophical beliefs, people are always trying to persuade each other. *The twelve laws to persuasion and NLP* The twelve laws I will introduce to you are twelve laws you can use to persuade and influence another person, to get them to do what you want.
*the Law of Dissonance* *the law of Obligation* *the law of Connectivity* *the law of Social Validation* *the law of Scarcity* Media Destruction Guidance. The products on these lists meet specific NSA performance requirements for sanitizing, destroying, or disposing of media containing sensitive or classified information. Inclusion on a list does not constitute an endorsement by NSA or the U.S. Government. Note: NSA has determined that High Security Disintegrators listed on the Evaluated Products List provide adequate security for the destruction of paper, optical media (CDs and DVDs), and punched tape as annotated on the EPL.
When destroying optical media in disintegrators, NSA recommends that paper be mixed with the optical media during destruction. Please contact the manufacturer to determine if a specific product is mechanically suited for optical media destruction. Paper Only NSA/CSS Evaluated Products List for High Security Crosscut Paper ShreddersDated October 15, 2013 Punched Tape NSA/CSS Evaluated Products List for Punched Tape Destruction Devices Version C, dated 29 July 2005 Optical Media Degaussers (Magnetic Media Sanitization) S | Password Haystacks: How Well Hidden is Your Needle? ... and how well hidden is YOUR needle? Every password you use can be thought of as a needle hiding in a haystack. After all searches of common passwords and dictionaries have failed, an attacker must resort to a “brute force” search – ultimately trying every possible combination of letters, numbers and then symbols until the combination you chose, is discovered.
If every possible password is tried, sooner or later yours will be found. The question is: Will that be too soon . . . or enough later? This interactive brute force search space calculator allows you to experiment with password length and composition to develop an accurate and quantified sense for the safety of using passwords that can only be found through exhaustive search. <! (The Haystack Calculator has been viewed 8,794,660 times since its publication.) IMPORTANT!!! It is NOT a “Password Strength Meter.” Since it could be easily confused for one, it is very important for you to understand what it is, and what it isn't: Okay.
Userguide - Paterva Wiki. From Paterva Wiki Maltego User Guide (Commercial edition) This user guide is for the commercial edition of Maltego. The community edition of Maltego is very similar; there are only a couple of differences in the startup. Maltego can run on Windows or Linux. This section of the guide assumes that you already have Java 1.6 installed. Should you have any questions not answered by this user guide please Contact Us Installation Windows After downloading the MaltegoInstaller.exe file double click on it to start the installation process. After installation you should see an icon on the desktop and see it in the start menu under Paterva -> Maltego Linux You will need to have a windows (X11) system – Maltego is a graphical application. > cd downloads/maltego (assuming that you’ve downloaded it here) From here you can run the Java installer using the following command: > java –jar MaltegoInstaller.jar The installer should start the graphical wizard.
Mac Running the first time & registering Click on next. Pan. Towelling Robe: 4th Doctor. Hackmageddon.com. Whatever. YUMI - Multiboot USB Creator (Windows) YUMI Basic Essentials NOTE: YUMI exFAT works with exFAT formatted USB drives. For the legacy variant, your USB drive must be Fat32/NTFS formatted, otherwise Syslinux will fail and as a result, your drive will NOT Boot. NTFS may not work with every distribution but is required for storing files over 4GB. The UEFI variant must use Fat32 format. The Installer will format your select USB drive, but be aware that all partitions on the select disk will also be deleted. Basic Essentials to create a Multi System Bootable USB Drive Recommended: You will have the best experience when using a Fast SSD Flash Drive. 2GB+ Formatted Flash Drive (128-256GB recommended).Computer that can boot from USB.Windows 11, 10, 8, 7 Operating Environment.YUMI (to create a Multiboot Bootable USB).Your favorite ISO Files.
Please inform me of unlisted "FREE" Live Linux distributions or version revisions, and I will attempt to update the USB Multiboot Tool to support them. That's really all there is to it. I. II. III. Homeland Security Watch. Android Forensics « Forensic Focus – Articles. Smartphones are changing the IT and Communication landscape vastly. A Smartphone can do almost every good thing a computer can do. Today most of the corporate employee access and manage their official emails through the e-mail client installed on their Smartphone.
Right from booking movie tickets to making fund transfers, all e-commerce and online banking transactions can be done using a Smartphone. With high speed of 3G, Smartphones are getting more popular specially among working professionals and students. As Smartphone market is growing, it is also catching bad guy’s attentions. There are number of Mobile Operating Systems present in the market. It is quite obvious that the widely used platform is likely to be targeted more, as in the case of Microsoft Windows Operating System. It is always a challenge for forensic examiners to discover the evidences from the Android devices. How Android can be used in Cyber Crime Android can be used in cyber crime in two ways: Investigation • GPS data. Chip and Skim: cloning EMV cards with the pre-play attack. September 10th, 2012 at 19:25 UTC by Mike Bond November last, on the Eurostar back from Paris, something struck me as I looked at the logs of ATM withdrawals disputed by Alex Gambin, a customer of HSBC in Malta.
Comparing four grainy log pages on a tiny phone screen, I had to scroll away from the transaction data to see the page numbers, so I couldn’t take in the big picture in one go. I differentiated pages instead using the EMV Unpredictable Number field – a 32 bit field that’s supposed to be unique to each transaction. I soon got muddled up… it turned out that the unpredictable numbers… well… weren’t.
Each shared 17 bits in common and the remaining 15 looked at first glance like a counter. And with that the ball started rolling on an exciting direction of research that’s kept us busy the last nine months. Mike Bond, Omar Choudary, Steven J. Let’s go back to the start. Early on Alex smelled a rat. First, there is an easier attack than predicting the RNG. A Day in the Life of an Information Security Investigator. Recent blog entries by Chief Monkey Articles The Links - Yes They are Broken :( Folks, I appreciate all the e-mail regarding broken links on the blog.
I've reached out to each of you individually, but I figured after the 50th ... From The Toolkit: Extending Burp Proxy with Extensions No joke, Burp Suite is one of my favorite application security testing tools, period. How the Heck Do You Test the Security of IPv6? "How the heck does one test IPv6?
" Cheat Sheet: Master Boot Record While sorting through the mailbox this week, I happened upon an aspiring forensics student that was looking for some quick reference sheets to add to his ... Seven Hours of Video from TrustyCon 2014 For those of you that couldn't make it to TrustyCon in San Francisco today, never fear! OS X/IOS SSL Flaw Proof of Concept Tool I spent the past week at the RSA 2014 security conference in San Francisco this past week, and ran into the usual characters.
EyeWitness: Rapid Web Application Triage Tool From the Toolkit: HashData. SecuriTeam Blogs. Weblog : News from the Lab. Whether he's the guy or not… it fits the typical profile. A young person with good SEO skills pushing a rather useless app. Lame "SEO apps" are prevalent on Google Play. They're easy to find if you look. For example: • Best Antivirus Lite • SAFE antivirus Limited • Skulls Antivirus • Shnarped Hockey antivirus lite Best and SAFE link to one "developer" — while Skulls and Shnarped Hockey link to another.
Though there are two different developers… the apps are identical apart from their name. Android apps: no developer skills required. So what do the apps do? Well, the "antivirus" open sa screen label "anti spyware". Hmm, the terms changed. Click "Start Scan" and the app does a basic scan of permissions for installed apps. Google Play: caveat emptor. P.S. Check out F-Secure App Permissions for Android. There has been plenty of noise about Heartbleed, so if you're an admin, you already know what to do. 1. As recommended reading we would suggest: OWASP Transport Layer Protection Cheat Sheet 5. 6. - Roger's Information Security Blog. MSI :: State of Security | Insight from the Information Security Experts. Neohapsis Labs. Dan Kaminsky's Blog. Wargames. We're hackers, and we are good-looking. We are the 1%. The wargames offered by the OverTheWire community can help you to learn and practice security concepts in the form of fun-filled games.
To find out more about a certain wargame, just visit its page linked from the menu on the left. If you have a problem, a question or a suggestion, you can join us on IRC. Suggested order to play the games in Bandit Leviathan or Natas or Krypton Narnia Behemoth Utumno Maze … Each shell game has its own SSH port Information about how to connect to each game using SSH, is provided in the top left corner of the page. Carnal0wnage & Attack Research Blog. Ha.ckers.org web application security lab. Here we are, my friends. The 1000th post. Whew! It’s quite a load off to have finally made it. Hopefully this doesn’t come as a surprise to anyone since I’ve been announcing it for months, and if you have questions, hopefully the FAQ can answer them. It wasn’t that long ago that I unfortunately lost my love affair with security. I started ha.ckers.org as a place for me to experiment on my own, and share ideas with a few like-minded folks. With any kind of work you get a sense of anxiety.
They say that if you look at the graph of happiness in your life you can tell what sort of life you led. I’m not an oracle and I really don’t like giving people incorrect information. Although I’m a fun loving person in many ways I also tend to be a pessimist and I do take things too seriously sometimes - definitely to a fault. So this is it - I’m taking my happiness back and I’ll be taking on new and exciting challenges without the drama of intense public scrutiny.
Tech blog for network administrators – TalkTechToMe. Command Line Kung Fu. Blog. In my previous post about clustering, I mentioned that it can be used as an efficient data reduction technique. I also provided some examples of timestamps that could be useful for detecting suspicious files on the system. One of them was a compilation time embedded inside Portable Executables (PE). Turns out that putting this idea into practice is easy and today I wrote a simple perl script that implements this functionality in a few dozen lines of code. The script scans directory (recursively, if requested) and finds all Portable Executables. It then reads their compilation timestamps and groups them into clusters. On a screenshot below you can see the script at work – finding all PE files and grouping them into clusters: And after processing the whole folder, the resulting clusters are printed out: One needs to quickly scroll through these groups and look at isolated / oprhaned files or small groups and this should hopefully help in finding the bad apples.
Speaking of the devil. Why? Hacking Virtual Machines Part 2 - Virtualization Environments. Team Cymru SHA1/MD5 MHR Lookup v1.0. API Malwarehash. Digital Offensive » Blog Archive » Detecting Malware and other malicious files using md5 hashes. A Fistful of Dongles: Cyber Pearl Harbor. Malware Intelligence Lab from FireEye - Research & Analysis of Zero-Day & Advanced Targeted Threats. ETTERCAP - The Easy Tutorial - Man in the middle attacks. The Dell SecureWorks Counter Threat Unit leverages information and analysis available from SecureWorks' rich database of security incidents and skilled security experts. Chasing APT. Windows Registry | Forensic Methods.
Ex Forensis. Yogesh Khatri's forensic blog: Tracking USB First insertion in Event logs. MRU | Forensic Artifacts. Malware. ThreatWiki | Check Point Software. Lessons in website security anti-patterns by Tesco. What Information Security Can Learn from Waiting Tables. URLCrazy. BeEF - The Browser Exploitation Framework Blog: BeEF In a Real World Pen Test - Part 1: BeEFy Marinades (Pre-hooking Profiling and Trust Yield) Blog. Advanced Malware and Persistent Threat Detection - Damballa. Slide rules. Anton Chuvakin — A Member of The Gartner Blog Network.
Institute. Combat the APT by Sharing Indicators of Compromise. Detect. Respond. Contain. Manipulating Windows File Protection and Indicators of Compromise. 4 Steps to Combat Malware Enterprise-Wide. Live - Badmalweb. HpHosts Online - Simple, Searchable & FREE! DNS-BH – Malware Domain Blocklist. Downloadable Lists. Public Block Lists of Malicious IPs and URLs - Select Real Security.
Arbor Networks | ATLAS Dashboard: Global. Blocklists of Suspected Malicious IPs and URLs. Digital Forensics Magazine | eForensics Mag. Registrydecoder - Automated Acquisition, Analysis, and Reporting of Registry Contents. Hack This Site! How to find malicious communication leaving your network « Fox-IT International blog.
Zeus. ZeuS Tracker :: FAQ. ZeuS on the Hunt. Computers Don’t Get Sick – They Get Compromised. OS X Folder Layout 1. Girl, Unallocated.
Blog. Cloud Security Monitoring: The “Who” Question. Security Blog: Application security research, security trends and opinions. The Falcon's View. Rud.is. BLOG - Sans Forensic. Information Security and Ethical Hacking Blog | The Hacker Academy. The New School of Information Security. ShackF00 » Lies, Damn Lies, and Infosec. The Hacker News [ THN ]: News. The State of Security | Tripwire, Inc. Archives. Krebs on Security. DeepSec. Windows Incident Response.