Awesome-Hacking/README.md at master · Hack-with-Github/Awesome-Hacking The Scrap Value of a Hacked PC, Revisited A few years back, when I was a reporter at The Washington Post, I put together a chart listing the various ways that miscreants can monetize hacked PCs. The project was designed to explain simply and visually to the sort of computer user who can’t begin to fathom why miscreants would want to hack into his PC. “I don’t bank online, I don’t store sensitive information on my machine! I only use it to check email. What could hackers possibly want with this hunk of junk? I recently updated the graphic (below) to include some of the increasingly prevalent malicious uses for hacked PCs, including hostage attacks — such as ransomware — and reputation hijacking on social networking forums. Next time someone asks why miscreants might want to hack his PC, show him this diagram. One of the ideas I tried to get across with this image is that nearly every aspect of a hacked computer and a user’s online life can be and has been commoditized. Tags: Scrap Value of a Hacked PC
Mac Rumors: Apple Mac Rumors and News You Care About Transmit Data Through Sound: Quiet This library uses liquid SDR to transmit data through sound. This makes it suitable for sending data across a 3.5mm headphone jack or via speaker and mic. Quiet can build standalone binaries for encoding/decoding data via .wav files or for streaming through your soundcard via PortAudio. Dependencies Liquid DSP Be sure to work from the devel branchlibfec (optional but strongly recommended)Janssonlibsndfile (optional)PortAudio (optional) Build With the dependencies installed, run . Profiles The encoding and decoding processes are controlled by the profiles in quiet-profiles.json. Cable For cable transmission, use the cable- profiles. Ultrasonic The ultrasonic- profiles encode data through a very low bitrate, but the audio content lies above 16kHz, which should pass through audio equipment relatively well while being inaudible to the average person. Javascript binding for libquiet Javascript binding for libquiet allows sending and receiving data via sound card from any browser. Compatibility Usage
Security Tools Last week’s article about how to prevent CryptoLocker ransomware attacks generated quite a bit of feedback and lots of questions from readers. For some answers — and since the malware itself has morphed significantly in just a few day’s time — I turned to Lawrence Abrams and his online help forum BleepingComputer.com, which have been following and warning about this scourge for several months. This message is left by CryptoLocker for victims whose antivirus software removes the file needed to pay the ransom. To recap, CryptoLocker is a diabolical new twist on an old scam. The malware encrypts all of the most important files on a victim PC — pictures, movie and music files, documents, etc. — as well as any files on attached or networked storage media. “They realized they’ve been leaving money on the table,” Abrams said. Part of the problem, according to Abrams, is that few victims even know about Bitcoins or MoneyPak, let alone how to obtain or use these payment mechanisms.
TOR Mail Encrypted Server: OnionMail TOR Mail Encrypted Server for Hidden Services OnionMail is an anonymous, encrypted mail server made to run on TOR network without losing the ability to communicate with the Internet. All OnionMail servers are configured as TOR hidden services and use SSL (via STARTTLS). To use OnionMail all you need is an email client connected to the TOR network – Example: Claws-Mail or Thunderbird. All OnionMail servers are connected in a ‘federated network’. Thanks to the TOR network nobody can know: Who are you.With whom you are communicating.If you are communicating.What are you reading or writing.Where are you.Where is the server.What you are doing. List of some OnionMail’s functions: Multiple instances of server. Password key derivation via multiple keyfiles and passwords.Deleting files with wipe by default.Message headers filtering to hide informations and sigint.POP3 TLS Access.SMTP TLS Access.User’s parameters.Exit node selection to connect to internet.M.A.T.
Copier and MFD Security - Information Security Guide - Internet2 Wiki Skip to end of metadataGo to start of metadata Other Hot Topics: Cloud Computing Security | Cloud Data Storage Solutions | Community Based Security Awareness | Full Disk Encryption | Managing Malware | Mobile Device Security | Social Networking Security | Statewide Longitudinal Data Systems Eight Steps to Secure Your Copier or Multi-Function Device (MFD) Configure copiers, printers, and other multi-function devices securely. Configure the device with a static IP address, using RFC1918 (non-routable) addressing if possible. Additional Resources for Copier & Multifunction Device (MFD) Security Higher Education Resources Industry & Other Resources Questions or comments? Contact us. Except where otherwise noted, this work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License.
Pattern Matching Swiss Knife: YARA YARA is a tool aimed at (but not limited to) helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families (or whatever you want to describe) based on textual or binary patterns. Each description, a.k.a rule, consists of a set of strings and a boolean expression which determine its logic. Let’s see an example: The above rule is telling YARA that any file containing one of the three strings must be reported as silent_banker. Pattern Matching Swiss Knife: Installation Download the source tarball and get prepared for compiling it: tar -zxf yara-3.1.0.tar.gz cd yara-3.1.0 . YARA uses GNU autotools, so it’s compiled and installed in the standard way: . Some YARA’s features depends on the OpenSSL library. The following modules are not copiled into YARA by default: cuckoomagic If you plan to use them must pass the corresponding --enable-<module name> arguments to theconfigure script. For example: . Installing on Windows dummy my_first_rule
Security Metrics Dark Internet Mail Environment: DIME Internet electronic mail (email) was designed in the early days of the Internet, and so lacks any mechanism to protect the privacy of the sender and addressee. Several techniques have been used in an attempt to increase the privacy of email. These techniques have provided either modest increases in privacy, or have proven to be very difficult to use for most people. In addition to protection of content, truly private email must limit information disclosed to handling agents, only exposing information necessary for delivery (the metadata), and provide robust identity guarantees which prevent the impersonation of senders. The goal of DIME is to provide a messaging system capable of protecting user privacy. The term security is frequently has also been frequently abused. These definitions led to specific deficiencies within the current email infrastructure, and its ability to ensure the security of confidential information. Technologies used Directories autoreconf --install Then: .
Automated Modular Cryptanalysis Tool: FeatherDuster Automated Modular Cryptanalysis Tool FeatherDuster is a tool written by Daniel “unicornfurnace” Crowley of NCC Group for breaking crypto which tries to make the process of identifying and exploiting weak cryptosystems as easy as possible. Cryptanalib is the moving parts behind FeatherDuster, and can be used independently of FeatherDuster. Cryptanalib can be used separately of FeatherDuster to make Python-based crypto attack tools. Documentation for cryptanalib functions can be accessed through the Python help() function The analysis engine in Cryptanalib, used by FeatherDuster, can automatically detect encodings and decode samples. The engine assumes that all samples are generated with the same process (for instance, base64encode(aes_encrypt(datum))), but can handle mixed samples to some degree. Vanilla Base64 ASCII hex-encoding Zlib compression Cryptanalib’s analysis engine can detect a number of properties in the analysis phase, too: This is a beta release of FeatherDuster. Installation
Multiprotocol Network Emulator - Simulator: IMUNES IMUNES GUI is a simple Tcl/Tk based management console, allowing for specification and management of virtual network topologies. The emulation execution engine itself operates within the operating system kernel. Univesity of Zagreb developed a realistic network topology emulation / simulation framework based on the FreeBSD and Linux operating system kernel partitioned into multiple lightweight virtual nodes, which can be interconnected via kernel-level links to form arbitrarily complex network topologies. Main advantages: Current applications: General-purpose network testbed used for Ericsson Nikola Tesla product testingRealistic laboratory and learning environments used for teaching at the University of Zagreb Technologies used: jails, netgraph (FreeBSD)Docker, Open vSwitch (Linux) IMUNES advantages Project overview As invaluable tools in networked and distributed systems research, network emulators and simulators offer a viable alternative to live experimental networks. FreeBSD packages
Open-Source Phishing Toolkit: gophish Gophish is an open-source phishing toolkit designed for businesses and penetration testers. It provides the ability to quickly and easily setup and execute hishing engagements and security awareness training. Installing Gophish Using Pre-Built Binaries Gophish is provided as a pre-built binary for most operating systems. With this being the case, installation is as simple as downloading the ZIP file containing the binary that is built for your OS and extracting the contents. Installing Gophish from Source One of the major benefits of having written gophish in the Go programming language is that it is extremely simple to build from source. To install gophish, simply run go get github.com/gophish/gophish This downloads gophish into your $GOPATH. Next, navigate to $GOPATH/src/github.com/gophish/gophish and run the command go build This builds a gophish binary in the current directory. Running Gophish Now that you have gophish installed, you’re ready to run the software.
Malicious Traffic Detection System: Maltrail Maltrail is a malicious traffic detection system, utilizing publicly available (black)lists containing malicious and/or generally suspicious trails, along with static trails compiled from various AV reports and custom user defined lists, where trail can be anything from domain name (e.g. zvpprsensinaix.com for Banjori malware), URL (e.g. for known malicious executable) or IP address (e.g. 103.224.167.117 for known attacker). Also, it has (optional) advanced heuristic mechanisms that can help in discovery of unknown threats (e.g. new malware). The following (black)lists (i.e. feeds) are being utilized: As of static entries, the trails for the following malicious entities (e.g. malware C&Cs) have been manually included (from various AV reports): Architecture Maltrail is based on the Sensor <-> Server <-> Client architecture. Server‘s primary role is to store the event details and provide back-end support for the reporting web application. Source && Download