6.30.2020

Ethical hacking : Top 18 best websites to learn hacking 2018

  • Hakin9: E-magazine offering in-depth looks at both attack and defense techniques and concentrates on difficult technical issues.
  • Offensive Security Training: Developers of Kali Linux and Exploit DB, and the creators of the Metasploit Unleashed and Penetration Testing with Kali Linux course.
  • Exploit DB: An archive of exploits and vulnerable software by Offensive Security. The site collects exploits from submissions and mailing lists and concentrates them in a single database.
  • SecurityFocus: Provides security information to all members of the security community, from end users, security hobbyists and network administrators to security consultants, IT Managers, CIOs and CSOs.
  • KitPloit: Leading source of Security Tools, Hacking Tools, CyberSecurity and Network Security.
  • Metasploit: Find security issues, verify vulnerability mitigations & manage security assessments with Metasploit. Get the worlds best penetration testing software now.
  • HackRead: HackRead is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance, and Hacking News with full-scale reviews on Social Media Platforms.
  • DEFCON: Information about the largest annual hacker convention in the US, including past speeches, video, archives, and updates on the next upcoming show as well as links and other details.
  • SecTools.Org: List of 75 security tools based on a 2003 vote by hackers.
  • NFOHump: Offers up-to-date .NFO files and reviews on the latest pirate software releases.
  • Black Hat: The Black Hat Briefings have become the biggest and the most important security conference series in the world by sticking to our core value: serving the information security community by delivering timely, actionable security information in a friendly, vendor-neutral environment.
  • Hackaday: A hardware hack every day.
  • Makezine: Magazine that celebrates your right to tweak, hack, and bend any technology to your own will.
  • The Hacker News: The Hacker News — most trusted and widely-acknowledged online cyber security news magazine with in-depth technical coverage for cybersecurity.
  • Hack Forums: Emphasis on white hat, with categories for hacking, coding and computer security.
  • Packet Storm: Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers.
  • Hacked Gadgets: A resource for DIY project documentation as well as general gadget and technology news.
  • Phrack Magazine: Digital hacking magazine.

Posted by GetStamping.com at Tuesday, June 30, 2020 0 comments

6.12.2020

BASICS OF METASPLOIT – BASIC COMMANDS OF METASPLOIT

Metasploit is an advanced hacking tool that comes itself with a complete lack of advanced penetration testing tools. Penetration testers and hackers are taking so much advantage of this tool. It's a complete hack pack for a hacker that he can play almost any attack with it. Here I am going to discuss the basics of Metasploit. I am not covering attacks in this article, as I am just making sure to share the basics of Metasploit and basic commands of Metasploit. So, we can get back to cover attacks of Metasploit in the next articles.

BASICS OF METASPLOIT

The Metasploit framework has three types of working environments.
  1. msfconsole
  2. msfcli interface
  3. msfweb interface
However, the most preferred and used is the 'msfconsole'. It's a very efficient command-line interface that has its own set of commands and system's working environment.
First of all, it's most important to know and understand all the useful commands of Metasploit that are going to be used.

BASIC COMMANDS OF METASPLOIT

Metasploit have a huge number of command that we can use in different type of attacks, but I am just going to share the most used and useful commands here that a beginner can easily understand and follow 'em.
  • help (It will give the basic commands you need to launch an exploit.
  • search (Finds out the keywords in the selected attack method).
  • show exploits (Shows list of an available exploit in the selected option).
  • show payloads (It lists all the payloads available).
  • show options (It helps you to know all the options if you might have forgotten one).
  • info (This is used to get information about any exploit or payload).
  • use (It tells Metasploit to use the exploit with the specified name).
  • set RHOST (Sets the address of specified remote host).
  • set RPORT (Sets up a port that connects to on the remote host).
  • set PAYLOAD (It sets the payload that gives you a shell when a service is exploited).
  • set LPORT (Sets the port number that the payload will open on the server when an exploit is exploited).
  • exploit  (It actually exploits the service).
  • rexploit (Reloads your exploit code and then executes the exploit without restarting the console).
These are the most used Metasploit commands which come in handy in most of the situations during any sort of attack. You must give all the commands a try and understand 'em how it works and then move to the next part of designing an attack.

Related links


Posted by GetStamping.com at Friday, June 12, 2020 0 comments

6.10.2020

The OWASP Foundation Has Selected The Technical Writer For Google Season Of Docs

The OWASP Foundation has selected the technical writer for Google Season of Docs by Fabio Cerullo


The OWASP Foundation has been accepted as the organization for the Google Seasons of Docs, a project whose goals are to give technical writers an opportunity to gain experience in contributing to open source projects and to give open-source projects an opportunity to engage the technical writing community.

During the program, technical writers spend a few months working closely with an open-source community. They bring their technical writing expertise to the project's documentation, and at the same time learn about open source and new technologies.

The open-source projects work with the technical writers to improve the project's documentation and processes. Together they may choose to build a new documentation set, or redesign the existing docs, or improve and document the open-source community's contribution procedures and onboarding experience. Together, we raise public awareness of open source docs, of technical writing, and of how we can work together to the benefit of the global open source community.

After a careful review and selection process, the OWASP Foundation has picked the primary technical writer who will work along the OWASP ZAP Team for the next 3 months to create the API documentation of this flagship project.

Congratulations to Nirojan Selvanathan!

Please refer to the linked document where you could look at the deliverables and work execution plan.
https://drive.google.com/open?id=1kwxAzaqSuvWhis9Xn1VKNJTJZPM2UV20



Related articles


  1. Pentest Usb
  2. Pentest Vs Ceh
  3. Hacking Tutorials
  4. Hacker Anonymous
  5. Pentest Box
  6. Pentest Ubuntu
  7. Pentest Reporting Tool
  8. Hacker0Ne
  9. Hacking Jacket
  10. Pentest Red Team
  11. Hacking Gif
  12. Pentest Report Generator
  13. Pentest Tools For Windows
  14. Hacking Google
  15. Hacking Site
  16. Pentest Vs Ceh
  17. Hacker On Computer
  18. Pentest As A Service
  19. How To Pentest A Website With Kali

Posted by GetStamping.com at Wednesday, June 10, 2020 0 comments

Security Drift – The Silent Killer

Global spending on cybersecurity products and services is predicted to exceed $1 trillion during the period of five years, between 2017 to 2021, with different analysts predicting the Compound Annual Growth Rate (CAGR) at anywhere between 8 to 15%. It is not surprising to see this growth in spending, which is primarily driven by the evolving sophistication and volume of attacks as well as the

via The Hacker News

This article is the property of Tenochtitlan Offensive Security. Verlo Completo --> https://tenochtitlan-sec.blogspot.com
More articles

  1. Hacking Groups
  2. Hacker Types
  3. Pentest Standard
  4. Hacking The System
  5. Pentest Tools
  6. Pentestmonkey
  7. Hackintosh
  8. Hacking Programs
  9. Pentest Owasp Top 10
  10. Hacking Forums
  11. Pentest Guide
  12. Hacker Types
  13. Pentest Services
  14. Pentest Practice
  15. Pentest Wifi
  16. Hacking Box
  17. Pentest Linux
  18. Pentest Devices

Posted by GetStamping.com at Wednesday, June 10, 2020 0 comments

6.09.2020

TERMINOLOGIES OF ETHICAL HACKING

What is the terminologies in ethical hacking?

Here are a few key terms that you will hear in discussion about hackers and what they do:


1-Backdoor-A secret pathway a hacker uses to gain entry to a computer system.


2-Adware-It is the softw-are designed to force pre-chosen ads to display on your system.


3-Attack-That action performs by a attacker on a system to gain unauthorized access.


4-Buffer Overflow-It is the process of attack where the hacker delivers malicious commands to a system by overrunning an application buffer.


5-Denial-of-Service attack (DOS)-A attack designed to cripple the victim's system by preventing it from handling its normal traffic,usally by flooding it with false traffic.


6-Email Warm-A virus-laden script or mini-program sent to an unsuspecting victim through a normal-looking email message.


7-Bruteforce Attack-It is an automated and simplest kind of method to gain access to a system or website. It tries different combination of usernames and passwords,again & again until it gets in from bruteforce dictionary.


8-Root Access-The highest level of access to a computer system,which can give them complete control over the system.


9-Root Kit-A set of tools used by an intruder to expand and disguise his control of the system.It is the stealthy type of software used for gain access to a computer system.


10-Session Hijacking- When a hacker is able to insert malicious data packets right into an actual data transmission over the internet connection.


11-Phreaker-Phreakers are considered the original computer hackers who break into the telephone network illegally, typically to make free longdistance phone calls or to tap lines.


12-Trojan Horse-It is a malicious program that tricks the computer user into opening it.There designed with an intention to destroy files,alter information,steal password or other information.


13-Virus-It is piece of code or malicious program which is capable of copying itself has a detrimental effect such as corrupting the system od destroying data. Antivirus is used to protect the system from viruses.


14-Worms-It is a self reflicating virus that does not alter  files but resides in the active memory and duplicate itself.


15-Vulnerability-It is a weakness which allows a hacker to compromise the security of a computer or network system to gain unauthorized access.


16-Threat-A threat is a possible danger that can exploit an existing bug or vulnerability to comprise the security of a computer or network system. Threat is of two types-physical & non physical.


17-Cross-site Scripting-(XSS) It is a type of computer security vulnerability found in web application.It enables attacker to inject client side script into web pages viwed by other users.


18-Botnet-It is also known as Zombie Army is a group of computers controlled without their owner's knowledge.It is used to send spam or make denial of service attacks.


19-Bot- A bot is a program that automates an action so that it can be done repeatedly at a much higher rate for a period than a human operator could do it.Example-Sending HTTP, FTP oe Telnet at a higer rate or calling script to creat objects at a higher rate.


20-Firewall-It is a designed to keep unwanted intruder outside a computer system or network for safe communication b/w system and users on the inside of the firewall.


21-Spam-A spam is unsolicited email or junk email sent to a large numbers of receipients without their consent.


22-Zombie Drone-It is defined as a hi-jacked computer that is being used anonymously as a soldier or drone for malicious activity.ExDistributing Unwanted Spam Emails.


23-Logic Bomb-It is a type of virus upload in to a system that triggers a malicious action when certain conditions are met.The most common version is Time Bomb.


24-Shrink Wrap code-The process of attack for exploiting the holes in unpatched or poorly configured software.


25-Malware-It is an umbrella term used to refer a variety of intrusive software, including computer viruses,worms,Trojan Horses,Ransomeware,spyware,adware, scareware and other malicious program.


Follow me on instagram-anoymous_adi

Related news


  1. Pentest Vpn
  2. Pentest Linux
  3. Pentest Online Course
  4. Pentest With Kali
  5. Hackintosh
  6. Pentest+ Vs Ceh
  7. Hackerrank
  8. Pentest Questions
  9. Hacker Lab
  10. Hacking Network
  11. Pentest Basics

Posted by GetStamping.com at Tuesday, June 09, 2020 0 comments

BEST PASSWORD MANAGERS FOR IOS

As I said, Apple's iOS is also prone to cyber attacks, so you can use some of the best password managers for iOS to secure your online accounts.

BEST PASSWORD MANAGERS FOR IOS

Here I have streamlined few of the best password managers for iOS including Keeper, OneSafe, Enpass, mSecure, LastPass, RoboForm, SplashID Safe and LoginBox Pro.

1. ONESAFE PASSWORD MANAGER (CROSS-PLATFORM)

OneSafe is one of the best Password Manager apps for iOS devices that lets you store not only your accounts' passwords but also sensitive documents, credit card details, photos, and more.
OneSafe password manager app for iOS encrypts your data behind a master password, with AES-256 encryption — the highest level available on mobile — and Touch ID. There is also an option for additional passwords for given folders.
OneSafe password manager for iOS also offers an in-app browser that supports autofill of logins, so that you don't need to enter your login details every time.
Besides this, OneSafe also provides advanced security for your accounts' passwords with features like auto-lock, intrusion detection, self-destruct mode, decoy safe and double protection.
Download OneSafe Password Manager: iOS | Mac | Android | Windows

2. SPLASHID SAFE PASSWORD MANAGER (CROSS-PLATFORM)

SplashID Safe is one of the oldest and best password management tools for iOS that allows users to securely store their login data and other sensitive information in an encrypted record.
All your information, including website logins, credit card and social security data, photos and file attachments, are protected with 256-bit encryption.
SplashID Safe Password Manager app for iOS also provides web autofill option, meaning you will not have to bother copy-pasting your passwords in login.
The free version of SplashID Safe app comes with basic record storage functionality, though you can opt for premium subscriptions that provide cross-device syncing among other premium features.
Download SplashID Safe Password Manager: Windows and Mac | iOS | Android

3. LOGIN BOX PRO PASSWORD MANAGER

LoginBox Pro is another great password manager app for iOS devices. The app provides a single tap login to any website you visit, making the password manager app as the safest and fastest way to sign in to password-protected internet sites.
LoginBox Password Manager app for iOS combines a password manager as well as a browser.
From the moment you download it, all your login actions, including entering information, tapping buttons, checking boxes, or answering security questions, automatically completes by the login box Password Manager app.
For security, the login box Password Manager app uses hardware-accelerated AES encryption and passcode to encrypt your data and save it on your device itself.
Download LoginBox Password Manager: iOS | Android
Read more

Posted by GetStamping.com at Tuesday, June 09, 2020 0 comments

Gridcoin - The Bad

In this post we will show why Gridcoin is insecure and probably will never achieve better security. Therefore, we are going to explain two critical implementation vulnerabilities and our experience with the core developer in the process of the responsible disclosure. 
    In our last blog post we described the Gridcoin architecture and the design vulnerability we found and fixed (the good). Now we come to the process of responsibly disclosing our findings and try to fix the two implementation vulnerabilities (the bad).

    Update (15.08.2017):
    After the talk at WOOT'17 serveral other developers of Gridcoin quickly reached out to us and told us that there was a change in responsibility internally in the Gridcoin-Dev team. Thus, we are going to wait for their response and then change this blog post accordingly. So stay tuned :)

    Update (16.08.2017):
    We are currently in touch with the whole dev team of Gridcoin and it seems that they are going to fix the vulnerabilities with the next release.


    TL;DR
    The whole Gridcoin currency is seriously insecure against attacks and should not be trusted anymore; unless some developers are in place, which have a profound background in protocol and application security.

    What is Gridcoin?

    Gridcoin is an altcoin, which is in active development since 2013. It claims to provide a high sustainability, as it has very low energy requirements in comparison to Bitcoin. It rewards users for contributing computation power to scientific projects, published on the BOINC project platform. Although Gridcoin is not as widespread as Bitcoin, its draft is very appealing as it attempts to  eliminate Bitcoin's core problems. It possesses a market capitalization of $13,530,738 as of August the 4th 2017 and its users contributed approximately 5% of the total scientific BOINC work done before October 2016.

    A detailed description of the Gridcoin architecture and technical terms used in this blog post are explained in our last blog post.

    The Issues

    Currently there are 2 implementation vulnerabilities in the source code, and we can mount the following attacks against Gridcoin:
    1. We can steal the block creation reward from many Gridcoin minters
    2. We can efficiently prevent many Gridcoin minters from claiming their block creation reward (DoS attack)
    So why do we not just open up an issue online explaining the problems?

    Because we already fixed a critical design issue in Gridcoin last year and tried to help them to fix the new issues. Unfortunately, they do not seem to have an interest in securing Gridcoin and thus leave us no other choice than fully disclosing the findings.

    In order to explain the vulnerabilities we will take a look at the current Gridcoin source code (version 3.5.9.8).

    WARNING: Due to the high number of source code lines in the source files, it can take a while until your browser shows the right line.

    Stealing the BOINC block reward

    The developer implemented our countermeasures in order to prevent our attack from the last blog post. Unfortunately, they did not look at their implementation from an attacker's perspective. Otherwise, they would have found out that they conduct not check, if the signature over the last block hash really is done over the last block hash. But we come to that in a minute. First lets take a look at the code flow:

    In the figure the called-by-graph can be seen for the function VerifyCPIDSignature.
    1. CheckBlock → DeserializeBoincBlock [Source]
      • Here we deserialize the BOINC data structure from the first transaction
    2. CheckBlock → IsCPIDValidv2 [Source]
      • Then we call a function to verify the CPID used in the block. Due to the massive changes over the last years, there are 3 possible verify functions. We are interested in the last one (VerifyCPIDSignature), for the reason that it is the current verification function.
    3. IsCPIDValidv2 → VerifyCPIDSignature [Source]
    4. VerifyCPIDSignature → CheckMessageSignature [Source, Source]
    In the last function the real signature verification is conducted [Source]. When we closely take a look at the function parameter, we see the message (std::string sMsg)  and the signature (std::string sSig) variables, which are checked. But where does this values come from?


    If we go backwards in the function call graph we see that in VerifyCPIDSignature the sMsg is the string sConcatMessage, which is a concatenation of the sCPID and the sBlockHash.
    We are interested where the sBlockHash value comes from, due to the fact that this one is the only changing value in the signature generation.
    When we go backwards, we see that the value originate from the deserialization of the BOINC structure (MiningCPID& mc) and is the variable mc.lastblockhash [Source, Source]. But wait a second, is this value ever checked whether it contains the real last block hash?

    No, it is not....

    So they just look if the stored values there end up in a valid signature.

    Thus, we just need to wait for one valid block from a researcher and copy the signature, the last block hash value, the CPID and adjust every other dynamic value, like the RAC. Consequently, we are able to claim the reward of other BOINC users. This simple bug allows us again to steal the reward of every Gridcoin researcher, like there was never a countermeasure.

    Lock out Gridcoin researcher
    The following vulnerability allows an attacker under specific circumstances to register a key pair for a CPID, even if the CPID was previously tied to another key pair. Thus, the attacker locks out a legit researcher and prevent him from claiming BOINC reward in his minted blocks.

    Reminder: A beacon is valid for 5 months, afterwards a new beacon must be sent with the same public key and CPID.

    Therefore, we need to take a look at the functions, which process the beacon information. Every time there is a block, which contains beacon information, it is processed the following way (click image for higher resolution):


    In the figure the called-by-graph can be seen for the function GetBeaconPublicKey.
    We now show the source code path:
    • ProcessBlock → CheckBlock [Source]
    • CheckBlock → LoadAdminMessages [Source]
    • LoadAdminMessages → MemorizeMessages [Source]
    • MemorizeMessages → GetBeaconPublicKey [Source]
    In the last function GetBeaconPublicKey there are different paths to process a beacon depending on the public key, the CPID, and the time since both were associated to each other.
    For the following explanation we assume that we have an existing association (bound) between a CPID A and a public key pubK_A for 4 months.
    1. First public key for a CPID received [Source]
      • The initial situation, when pubK_A was sent and bind to CPID  A (4 months ago)
    2. Existing public key for a CPID was sent [Source]
      • The case that pubK_A was resent for a CPID A, before the 5 months are passed by
    3. Other public key for a CPID was sent [Source]
      • The case, if a different public key pubK_B for the CPID A was sent via beacon.
    4. The existing public key for the CPID is expired
      • After 5 months a refresh for the association between A and pubK_A is required.
    When an incoming beacon is processed, a look up is made, if there already exists a public key for the CPID used in the beacon. If yes, it is compared to the public key used in the beacon (case 2 and 3).
    If no public key exists (case 1) the new public key is bound to the CPID.

    If a public key exists, but it was not refreshed directly 12.960.000 seconds (5 months [Source]) after the last beacon advertisement of the public key and CPID, it is handled as no public key would exist [Source].

    Thus, case 1 and 4 are treated identical, if the public key is expired, allowing an attacker to register his public key for an arbitrary CPID with expired public key. In practice this allows an attacker to lock out a Gridcoin user from the minting process of new blocks and further allows the attacker to claim reward for BOINC work he never did.

    There is a countermeasure, which allows a user to delete his last beacon (identified by the CPID) . Therefore, the user sends 1 GRC to a special address (SAuJGrxn724SVmpYNxb8gsi3tDgnFhTES9) from an GRC address associated to this CPID [Source]. We did not look into this mechanism in more detail, because it only can be used to remove our attack beacon, but does not prevent the attack.

    The responsible disclosure process

    As part of our work as researchers we all have had the pleasure to responsible disclose the findings to developer or companies.

    For the reasons that we wanted to give the developer some time to fix the design vulnerabilities, described in the last blog post, we did not issue a ticket at the Gridcoin Github project. Instead we contacted the developer at September the 14th 2016 via email and got a response one day later (2016/09/15). They proposed a variation of our countermeasure and dropped the signature in the advertising beacon, which would result in further security issues. We sent another email (2016/09/15) explained to them, why it is not wise to change our countermeasures and drop the signature in the advertising beacon.
    Unfortunately, we did not receive a response. We tried it again on October the 31th 2016. They again did not respond, but we saw in the source code that they made some promising changes. Due to some other projects we did not look into the code until May 2017. At this point we found the two implementation vulnerabilities. We contacted the developer twice via email (5th and 16th of May 2017) again, but never received a response. Thus, we decided to wait for the WOOT notification to pass by and then fully disclose the findings. We thus have no other choice then to say that:

    The whole Gridcoin cryptocurrency is seriously insecure against attacks and should not be trusted anymore; unless some developers are in place, which have a profound background in protocol and application security.

    Further Reading
    A more detailed description of the Gridcoin architecture, the old design issue and the fix will be presented at WOOT'17. Some days after the conference the paper will be available online.
    Related articles

    Posted by GetStamping.com at Tuesday, June 09, 2020 0 comments

    Evolving Logic Until Pass Tests Automatically

    Automating the automation is still a challenge, but in some cases it's possible under certain situations.

    In 2017 I created logic-evolver, one of my experiments for creating logic automatically or better said evolving logic automatically.

    In some way, the computer create its own program that satisfies a set of tests defined by a human.

    https://github.com/sha0coder/logic-evolver

    This implementation in rust, contains a fast cpu emulator than can execute one million instructions in less than two seconds. And a simple genetic algorithm to do the evolution.


    Here we create the genetic algorithm, and configure a population of 1000 individuals, and the top 5 to crossover. We run the genetic algorithm with 500 cycles maximum.
    Note that in this case the population are programs initially random until take the correct shape.


    An evaluation function is provided in the run method as well, and looks like this:




    The evaluation function receives a CPU object, to compute a test you need to set the initial parameters, run the program and set a scoring regarding the return value.


    Related news
    1. Pentest Wifi
    2. Pentest With Kali
    3. Hacking For Dummies
    4. Hacker Code
    5. Hacking Books
    6. Hacking Quotes
    7. Hacker Software
    8. Pentestmonkey Cheat Sheet
    9. Pentest Cheat Sheet
    10. Hacking Attack

    Posted by GetStamping.com at Tuesday, June 09, 2020 0 comments

    How tO Secure Yourself From Evil Twin Attack

    How To Secure Yourself From Evil Twin Attack ?
    Hello, in this article you are going to learn how to secure yourself from getting hacked using evil twin attack.


    1) Do not connect to any public networks, anyone can sniff your data while you are on a public network.Evil Twin attack will be performed as a public network, so wherever possible restrict connecting to any open or public networks mainly if it wifi name is same as your wifi name

    2) When your internet connection suddenly stops working, you might be under DOS attack using evil twin attack, just restart the router and the hacker need to restart the attack and as it takes some time.  Maybe they leave it or continue some other time 

    3) Running a VPN to ensure that any browsing and transmitted data is done through an encrypted tunnel that cannot be easily snooped. 

    4) Do not always rely on the name of the network, make sure it is a legitimate and trusted network or not. 


    Thank You for Reading, Hope It's Useful

    @£V£RYTHING NT
    More info

    Posted by GetStamping.com at Tuesday, June 09, 2020 0 comments

    Router-Exploit-Shovel: An Automated Application Generator For Stack Overflow Types On Wireless Routers

    About Router-Exploit-Shovel
       Router-Exploit-Shovel is an automated application generation for Stack Overflow types on Wireless Routers.

       Router exploits shovel is an automated application generation tool for stack overflow types on wireless routers. The tool implements the key functions of exploits, it can adapt to the length of the data padding on the stack, generate the ROP chain, generate the encoded shellcode, and finally assemble them into a complete attack code. The user only needs to attach the attack code to the overflow location of the POC to complete the Exploit of the remote code execution.

       The tool supports MIPSel and MIPSeb.Run on Ubuntu 16.04 64bit.

    Router-Exploit-Shovel's Installation
       Open your Terminal and enter these commands:
    Usage


       Example: python3 Router_Exploit_Shovel.py -b test_binaries/mipseb-httpd -l test_binaries/libuClibc-0.9.30.so -o 0x00478584

    Router-Exploit-Shovel's screenshot

    Code structure

    ROP chain generation
       This tool uses pattern to generate ROP chains. Extract patterns from common ROP exploitation procedure. Use regex matching to find available gadgets to fill up chain strings. Base64 encoding is to avoid duplicate character escapes. For example:

    Attackblocks
       You can get attackblocks generated in results/attackBlocks.txt. Such as:

    You might like these similar tools:

    More information


    Posted by GetStamping.com at Tuesday, June 09, 2020 0 comments

    Scanning TLS Server Configurations With Burp Suite

    In this post, we present our new Burp Suite extension "TLS-Attacker".
    Using this extension penetration testers and security researchers can assess the security of TLS server configurations directly from within Burp Suite.
    The extension is based on the TLS-Attacker framework and the TLS-Scanner, both of which are developed by the Chair for Network and Data Security.

    You can find the latest release of our extension at: https://github.com/RUB-NDS/TLS-Attacker-BurpExtension/releases

    TLS-Scanner

    Thanks to the seamless integration of the TLS-Scanner into the BurpSuite, the penetration tester only needs to configure a single parameter: the host to be scanned.  After clicking the Scan button, the extension runs the default checks and responds with a report that allows penetration testers to quickly determine potential issues in the server's TLS configuration.  Basic tests check the supported cipher suites and protocol versions.  In addition, several known attacks on TLS are automatically evaluated, including Bleichenbacher's attack, Padding Oracles, and Invalid Curve attacks.

    Furthermore, the extension allows fine-tuning for the configuration of the underlying TLS-Scanner.  The two parameters parallelProbes and overallThreads can be used to improve the scan performance (at the cost of increased network load and resource usage).

    It is also possible to configure the granularity of the scan using Scan Detail and Danger Level. The level of detail contained in the returned scan report can also be controlled using the Report Detail setting.

    Please refer to the GitHub repositories linked above for further details on configuration and usage of TLS-Scanner.

    Scan History 

    If several hosts are scanned, the Scan History tab keeps track of the preformed scans and is a useful tool when comparing the results of subsequent scans.

    Additional functions will follow in later versions

    Currently, we are working on integrating an at-a-glance rating mechanism to allow for easily estimating the security of a scanned host's TLS configuration.

    This is a combined work of Nurullah Erinola, Nils Engelbertz, David Herring, Juraj Somorovsky, Vladislav Mladenov, and Robert Merget.  The research was supported by the European Commission through the FutureTrust project (grant 700542-Future-Trust-H2020-DS-2015-1).

    If you would like to learn more about TLS, Juraj and Robert will give a TLS Training at Ruhrsec on the 27th of May 2019. There are still a few seats left.
    Related articles

    Posted by GetStamping.com at Tuesday, June 09, 2020 0 comments

    Subscribe to: Posts (Atom)