Geek Memos

Privilege Escalation

We use PowerUp and SharpUp to identify a privilege escalation opportunity. Then, we use msfvenom to exploit it.

Android P: Private DNS

Android Pie, or P, offers the ability to use the DNS-over-TLS capable DNS servers of your choice. This also solves the problem of having to install third party applications to change the phone's default DNS servers without dealing with the mess of manual configurations. See more about the Private DNS

Send Messages to Keybase Team Channels

Lets get straight to the point. I wanted to send output of a script sent to a keybase [https://keybase.io] team channel. Typically, you'll send a message in kebyase like this: kebyase chat send "message" Not bad huh? Now, you can pip the output of a script to keybase

CEH was too easy

Certified Ethical Hacker exam was just too easy. I took it in December and passed with only 2 days of prep. I used Boson exam simulations which pretty much covered everything that was on the exam 125 multiple choice questions varied on topics such as Nmap switches, VLAN types, TCP/

Ransomware and Healthcare Organizations

The Office for Civil Rights OCR seems to consider [http://www.hhs.gov/sites/default/files/RansomwareFactSheet.pdf] all ransomware events a breach unless proven otherwise. This is because successful ransomware incidents affect all three aspects of data security (Confidentiality, Integrity, and Availability). Specifically: * Confidentiality: Ransomware gained access to your

Lessons from BSides ATL and ISSA GA

BSides Atlanta: [http://www.securitybsides.com/w/page/111501508/BSidesATL-2016] * Ransomware is adapting to evade countermeasures * Train your users to identify phishing emails * Manually test your backups at least monthly or depending on how many days worth of data you are willing to lose How do I recover from a

A Healthy Dose of Ransomware

Healthcare continue to be a prime target for ransomware. All hospitals, small and large, seem to be on a hit list. Hospitals around the U.S. are reporting ransomware incidents. In fact, HHS has stepped in with its guidelines on ransomware and claims a ransomware incident is a data breach

Stop Using MS Word/Excel "Restrict Editing" Option

Clarification: These methods only work for documents that are "restricted for editing". It does not work for files that are "password encrypted". Microsoft Word stores passwords hashes and salts inside the document. Method 1: * Rename filename.docx file extension to filename.zip * Open resulting zip file in 7zip. * Navigate to

Let's Talk Crypto

Cryptography is big part of today's information security. Hence, it is important to know at least the basics. So, let's begin with some terms and their definitions. * Cryptography: The art and science of making secret codes. * Cryptanalysis: Analysis of secret codes. In other words, art and science of breaking codes.

DNS Featured

Investigating a DNS DDoS Attack

Update: AT&T sent me a new modem which gave me a new IP address. All is fine now :) ORIGINAL POST: Last night I began noticing extreme slowness in traffic bound to Google Play Store. Strangely enough, all other network traffic was fine. Upon further investigation, I realized that my

attacks

Root DNS Servers Experienced DDoS Attack with 5 Million Queries per Second

A report from Root [DNS] Server Operations or rootops published on December 4th, 2015 stated that the Internet Domain Name System’s root name servers received a high rate of DNS queries over two separate intervals. The incidents occurred on November 30, 2015 and December 1st, 2015. The queries were

Android

Big day for exploits

* Nearly 90 percent of Android devices vulnerable to endless reboot bug.- Exploits a flaw in Android media players when running .mkv files only. * The vulnerability affects Android versions 4.0.1 to 5.1.1 * Google has already patched the vulnerability. * http://www.scmagazine.com/yet-another-dos-vulnerability-affects-android-devices/article/430661/ * Revamped

bind

Bind DNS Server major flaw could let a script kiddie bring down large number of DNS servers

* BIND is most widely used DNS Server to date. * A major flaw was found in BIND’s versions from 9.1.0 to 9.8.x, 9.9.0 to 9.9.7-P1, and 9.10.0 to 9.10.2-P2. (CVE-2015-5477) * Attackers can exploit it by sending vulnerable servers

Network Tap with Netgear GS108T

After attending BSides Chicago 2015 and hearing all the good things about Security Onion, I decided to give Security Onion a try. Now, I’ve got Google Fiber with blazing fast speeds (oh yes), so I did not want to use a 10/100 tap that would limit my network

anonymity

Internet Anonymity Pros and Cons

Anonymity over the Internet has largely helped journalists escape clinching firewalls and surveillance of their governments. In fact, Freedom of the Press Foundation recommends use of The Onion Router (TOR) to better protect journalists’ from surveillance and in many instances prison (Lee, 2013). Anonymity in the World Wide Web allows

idps

OSSEC Alert On New Files

A colleague came to me today complaining about how tons of malicious .php files are showing up in his Apache directory. After talking to him about vulnerability testing against his website, I suggested he take a look at OSSEC for its system and file integrity checks. OSSEC has the ability

dns

Automate DNS Zone Transfer

/bin/bash #Simple zone transfer bash script with $1 being first argument given #Tested against zonetransfer.me #for example ./zonetransfer.sh zonetransfer.me if [ -z "$1" ];then echo "[] Simple Zone Transfer script" echo "[] Usage : $0 " exit 0 fi #if argument was given, identify DNS servers for domain. #For each of

bot

Reddit Bot

!/usr/bin/python """ This bot searches a subreddit for specified keyword and sends an email notification to defined address. Use at your own risk. No warranty ^_^ Got suggestions? Have it your way """ # following are required and must be installed import praw import time import datetime import os import smtplib import

nmap

TCP Connect Scan using Python

########################################################################### # # Need Python version 2.x, scapy, and python module sys installed on system # Usage: python tcpConnect.py [hostname] [port] # For example: python tcpConnect.py google.com 80 # https://github.com/qasimchadhar/portScan/blob/master/tcpConnect.py # ########################################################################### from socket import * import logging logging.getLogger("scapy.runtime").setLevel(logging.CRITICAL) #S

blogs

Google's No Captcha reCaptcha Breakable?

Egor Homakov of Sakurity claims [http://homakov.blogspot.com/2014/12/the-no-captcha-problem.html?], I’d say proved, that Google’s No Captcha reCaptcha [https://www.google.com/recaptcha/intro/index.html]might not be as bot proof as we thought. [https://i0.wp.com/geekmemos.com/wp-content/uploads/2014/12/

anonymity

TOR Network Compromised

Reports are coming in that TOR network has been compromised. @torproject issued a warning, > Possible upcoming attempts to disable the Tor network https://t.co/XRcpy2fX1f #Tor [https://twitter.com/hashtag/Tor?src=hash] #anonymity [https://twitter.com/hashtag/anonymity?src=hash] #humanrights [https://twitter.com/hashtag/humanrights?src=hash]

nmap

Scanning North Korean Public IP space

viahttp://nknetobserver.github.io/ **Some noteworthy points:**- The allocated North Korean network range is 175.45.176.0/22 - 210.52.109.0 – 210.52.109.255 block is assigned to North Korea through Chinese company China Unicom - 77.94.35.0/24 — this block is assigned

grep

Quick Nmap ping sweep and output to grep-able format

Start with laying out what range of IP addresses you want to scan. I’d suggest keeping it limited to your specific targets. Then run this as root: nmap -sn -v -oG nmapped.txt 192.168.1.201-254 * -sn (No port scan) .This option tells Nmap not to do a

hacking

PingSweep with Scapy

Want to get a bit geekier with your ping sweeps? Python Scapy can be used to create, modify, send, and intercept network packets and any TCP/IP layer. Here is a simple ping sweep script with Python Scapy: !/usr/bin/python from scapy.all import * TIMEOUT = 2 conf.verb = 0

bash

SNMPWALK against multiple IP address

For a recent test, I needed to perform multiple snmpwalk scans against a set of IP addresses. Instead of running each scan separately, I was able to write a bash script. Enjoy: for ip in $(cat snmpWindowsIPs.txt); do echo "----------------------------------------------------"; echo " [+] Testing " $ip; echo "----------------------------------------------------"; echo " " echo "----------------------------------------------------"; echo