We often overlook things that happen over a long period of time. Sort of like our animal counterparts we fail to notice many things unless they make a sudden movement. One example is computer assisted warfare. Without noticing it we have been using and then allowing computers and robots to assist in killing humans for a very long time. For some reason many people have an image in their heads that a computer killing a person would be a desktop PC reaching out and choking someone to death. But computers are in our cars, planes, and just about every advanced weapon system. Our aircraft were computer controlled, our weapons systems were already being computerized by the time we entered the Korean war. At Bletchley Park UK we had used computers to break the German's Enigma encryption allowing us to read the Germans messages and then kill them at will. It only got worse from there, we used them to calculate targeting of artillery right after that. Computers have been killing and assisting in killing ever since. Our first use of a real computer was to kill, as it is with every advancement in technology, first we must use it for harm. When Dr. Alan Turing killed himself we had our first computer expert' stress related death, it happens with greater regularity every year. Apparently the wages of genius really is madness; perceived or factual, we have limits.
We have also allowed our robotic friends to become ubiquitous without seeing it at all. Our transportation systems, and farming, deep sea exploration, warfare, medical, and all facets of modern life are inundated with these little automated pieces of hardware. When you use a computer to automate some piece of hardware it becomes robotic in nature. It is essentially a series of automated processes in response to some kind of input. When you hit the breaks on a car with anti-lock breaks, the computer is reading sensor information from the wheels. If one of the wheels stops it releases the break pressure slightly until the wheel moves again. It is of course more complex than this. But for brevity's sake we won't delve into the inner workings. Suffice to say, you told the breaks to do something and the computer in the car told the breaks to do something else. You are not fully in charge of the car's breaks anymore. Cruise control is a similar system of automated interactions between computer and car also. The auto pilot on the planes, trains, and ships are all related systems with more sensors giving feedback for safe travel. These are all great, life saving and very highly sought after systems. They are however robotic systems and more are coming, but very little is being done to make sure they are secure from tampering.
Some of these systems are demonstrably insecure, others are untested. There is no cause for alarm, nothing has happened yet. There hasn't been a full scale demonstration of any kind of danger, unless you count Stuxnet and he Iranian nuclear material production facility attack. It has been described in many ways, yet the one most important aspect is unspoken more than not. It was an attack on an isolated, top secret, radioactive, extremely high speed, computer controlled, system. Apparently from remote, and causing some physical destruction. No report of the workers in the facility being killed or not, but radiation certainly has the potential to kill after it has been released. You would think this might set a precedent, and in some ways it does. It isn't often we see people go to such extremes without taking a lot more lives.
By now it should become clear that we have for a long time been very deeply involved in a cyber conflict that we had not realized should be called a cyber conflict. I know many people prefer to call only computer on computer attacks cyber, or computers in the standard desktop verity being the attack vector cyber. I assure you, that the difference between the computers in the office and the CPU in the cruise missile, or Patriot, or even those in aircraft and automobiles are not much great. They obey the same concepts and logic. They process many of the same commands and use similar if not the same programming languages. There is little difference, the same experts who attack your computers at work can attack these automated systems that generate your electricity and provide your water. The danger is in that there are so many skilled in this dark art.
Now we look to the future. There are thousands of small aircraft with camera systems that are controlled over the airwaves. You can manipulate a flying camera from one nation while the aircraft is in another. There is nothing that prevents you from using it for bad except your own ethics. It can have a camera as well as anything else connected to it. It is as easy to report water pollution as it is to assassinate someone. An entire war will be fought with this technology soon. One remote presence begets another and the flying ones will insert the wheeled ones. The floating will launch the flying as well as the submersible. Even though it may not look like a human form, it is essentially a human providing final decision authority and humans are watching from remote locations. There will be no separation between military and civilian in this war. The battles are mostly machine on machine struggling to reach the human controllers. In the future, knowledge truly is power and information is the currency. Of course the future is actually only a few years or less in advance. Our automated drones and advancing technology are becoming as everyday as cell phones and television. Reporters are using them, police are using them, and soon there will be nothing that isn't using them.
A little further into the future and controls are in place for the flying things, but nothing has been able to control the advancing scope of technology. Today a plan stolen is in production within the day.
Thursday, September 05, 2019
Thursday, August 01, 2019
Some of the Posts
Some of the posts I made as long ago as 2014 were in a format that didn't look right with a while background on the text, when I updated them though it placed them up to today's date. Sorry for any confusion, not that anyone is reading this.
InfoSec Update
SB (@SBousseaden)
Detecting UAC Bypass by Mocking Trusted Directories using Sysmon example was uploaded to the ATT&CK EVTX repo -> bit.ly/30YSEAB #threathunting #DFIR [125 evtx, more than 130 techniques✌️] , BTW same UACbypass used recently by TA505 APT group, consider multi spaces! pic.twitter.com/EIuL01b32B
BEST SKIMMER HUNTER Presale only for limited time
From July 22 to August 11
ElectronicCats (EC) is a startup founded in 2016, established in Aguascalientes, Mexico; its mission is to create hardware and embedded systems. In 2019, Electronic Cats has been working to launch the first commercial and user-friendly skimmer hunter.
Bank cards have information in their magnetic stripe that is used to validate transactions; Being static information, becomes one of the biggest disadvantages of this magstripe information. Most of the attackers use this limitation to seize the information using a skimming technique which occurs mainly in ATMs. The malicious attackers add a second card reader to obtain the information of the person who uses the ATM, PoS or terminal. Although, some cases come to light where some workers in establishments that had a second card reader in addition to the store's own PoS to perform such data theft.
https://hunter.electroniccats.com/
If You Were at Tony P's Talk Today
The books he mention are located here.
https://landing.google.com/sre/books/
A New Humble Bundle is out
HUMBLE BOOK BUNDLE: DATA ANALYSIS & MACHINE LEARNING BY O'REILLY
We've teamed up with O'Reilly for our newest bundle on data analysis and machine learning! Get ebooks like Advanced Analytics with Spark, Practical Statistics for Data Scientists, and more.
$711 WORTH OF AWESOME STUFF | PAY $1 OR MORE | DRM-FREE MULTI-FORMAT |
11,512 BUNDLES SOLD
https://www.humblebundle.com/books/data-analysis-machine-learning-books?hmb_source=navbar&hmb_medium=product_tile&hmb_campaign=tile_index_4
An Introduction To Code Analysis With Ghidra
This article describes an approach for using Ghidra to perform malicious code analysis. Ghidra is a free software reverse engineering (SRE) framework developed by the National Security Agency (NSA) of the United States. It was released as open-source software in March 2019, making this powerful reverse engineering tool available to all, regardless of budget.
https://threatvector.cylance.com/en_us/home/an-introduction-to-code-analysis-with-ghidra.html
Detecting UAC Bypass by Mocking Trusted Directories using Sysmon example was uploaded to the ATT&CK EVTX repo -> bit.ly/30YSEAB #threathunting #DFIR [125 evtx, more than 130 techniques✌️] , BTW same UACbypass used recently by TA505 APT group, consider multi spaces! pic.twitter.com/EIuL01b32B
BEST SKIMMER HUNTER Presale only for limited time
From July 22 to August 11
ElectronicCats (EC) is a startup founded in 2016, established in Aguascalientes, Mexico; its mission is to create hardware and embedded systems. In 2019, Electronic Cats has been working to launch the first commercial and user-friendly skimmer hunter.
Bank cards have information in their magnetic stripe that is used to validate transactions; Being static information, becomes one of the biggest disadvantages of this magstripe information. Most of the attackers use this limitation to seize the information using a skimming technique which occurs mainly in ATMs. The malicious attackers add a second card reader to obtain the information of the person who uses the ATM, PoS or terminal. Although, some cases come to light where some workers in establishments that had a second card reader in addition to the store's own PoS to perform such data theft.
https://hunter.electroniccats.com/
If You Were at Tony P's Talk Today
The books he mention are located here.
https://landing.google.com/sre/books/
A New Humble Bundle is out
HUMBLE BOOK BUNDLE: DATA ANALYSIS & MACHINE LEARNING BY O'REILLY
We've teamed up with O'Reilly for our newest bundle on data analysis and machine learning! Get ebooks like Advanced Analytics with Spark, Practical Statistics for Data Scientists, and more.
$711 WORTH OF AWESOME STUFF | PAY $1 OR MORE | DRM-FREE MULTI-FORMAT |
11,512 BUNDLES SOLD
https://www.humblebundle.com/books/data-analysis-machine-learning-books?hmb_source=navbar&hmb_medium=product_tile&hmb_campaign=tile_index_4
An Introduction To Code Analysis With Ghidra
This article describes an approach for using Ghidra to perform malicious code analysis. Ghidra is a free software reverse engineering (SRE) framework developed by the National Security Agency (NSA) of the United States. It was released as open-source software in March 2019, making this powerful reverse engineering tool available to all, regardless of budget.
https://threatvector.cylance.com/en_us/home/an-introduction-to-code-analysis-with-ghidra.html
Tip from SB @SBousseaden
From SB
@SBousseaden
"if u see "devtools.selfxss.count" in cmd cmdline then likely it's #backswap banking trojan, also monitor changes to firefox user preferences "prefs.js", this malwr is a combin of smart tricks to inject JS within browsers with no proc code inj "
https://www.welivesecurity.com/2018/05/25/backswap-malware-empty-bank-accounts
@SBousseaden
https://www.welivesecurity.com/2018/05/25/backswap-malware-empty-bank-accounts
Howard's List
- Efficient use of ecological systems.
- Determining an efficient way to garner the energy from the sun, so that humans can migrate away from fossil fuels.
- Finding and getting to another planet that will support and sustain human life.
- Determining a way to better and more efficiently conserve and better use water.
- Educating people about the responsibility of reproduction.
- Educating people to become more tolerant and understanding of other cultures through language and custom classes.
- Creating more extensive and efficient transportation infrastructure (Better roads, better rail system, and more comprehensive public transportation).
- Getting chemicals and steroids out of our food supply systems. Ending "assembly line" style production of food.
- Curtailing the power of the pharmaceutical industry. Working to curtail the greed factor in the production of pharmaceuticals.
- Reducing the divorce rate. Divorce has systematically created subsequent dysfunctional generations of people.
- Discover a more efficient way to distribute food and water to the 8 billion plus humans in the world in effort to end poverty.
- End the IMF and Federal Reserve, or at least curtail their power and influence on the world economic system.
I took this from a GFI advertisment
"As a system admin, we know you're turning over every stone to find tools that make your life easier. Help is at hand with our guide to the top 10 free network monitoring and analysis tools!
http://www.wireshark.com Wireshark kicks off our list, being a network protocol analyzer andcapture utility. Captured data can easily be sent to another application for analysis, or filtered within WireShark itself.
http://pandorafms.com/?lng=en If you want to keep an eye on your servers, applications and communications, look no further than Pandora FMS. It can be configured to create alerts based on specific events,nd send notifications to administrators.
http://angryip.org Angry IP Scanner Scans IP addresses and ports, finding live hosts and providing you with information about them.
http://microsoft-network-monitor.en.s... When you're looking to capture packet data to analyze network traffic, turn to Microsoft Network Monitor. It has support for over three hundred public and Microsoft propriety protocols, as well as a wireless Monitor Mode.
http://www.telerik.com/fiddler
Fiddler captures HTTP between computers and the Internet to help with debugging. You see incoming and outgoing data, including encrypted HTTPS traffic, allowing you to test your website performance, or the security of your web applications.
http://www.netresec.com/?page=Network... Network Miner is classed as a Network Forensic Analysis Tool, and is used to capture packets. It then extracts files and images from that data, allowing you to reconstruct your users actions.
http://www.colasoft.com/capsa-free/ Another tool for monitoring, troubleshooting and analysing network traffic is Capsa Free. Not only does it have over 300 protocols, and the ability to create and customise them, but it's dashboard also allows you to see a summary of traffic stays, TCP/UDP conversations, and packet analysis.
http://www.softinventive.com/products... Total Network Monitor watches over your hosts and services, notifyingyou when something requires your attention.t's colorful interface lets you see what's wrong at a glance.
http://www.xirrus.com/Products/Networ... And don't miss Xirrus Wi-Fi Inspector which manages connections,locates devices, detects rogue access points, and has connection and speed quality tests.
http://www.zenoss.org Lastly, Zenoss Core keeps an eye on your applications, servers, storage, networking and virtualization giving youperformance and availability stats. It also has an advanced notification system.
http://technet.microsoft.com/en-us/sysinternals/bb545021.aspx
The Sysinternals site was created in 1996 by Mark Russinovich and Bryce Cogswell to host their advanced system utilities and technical information. Whether you’re an IT Pro or a developer, you’ll find Sysinternals utilities to help you manage, troubleshoot and diagnose your Windows systems and applications.
With so much pressure on IT departments, can you afford not to take advantage of any free help you can get?"
Wednesday, April 10, 2019
Once you have OpenVas in a Docker Container you have a way to operate from a Windows 10 OS and still do what you need to do as far as scanning. The rest of this page is from the Docker Hub.
atomicorp/openvas
By atomicorp • Updated 9 months ago
OpenVAS Container for Docker
Openvas Docker container
This container is based on Centos 7 for FIPS-140-2 compliance. It is a self contained Openvas Scanner with web console on port 443.
Launchdocker run -d -p 443:443 --name openvas atomicorp/openvas https://
Launch with a Volumedocker volume create openvas docker run -d -p 443:443 -v openvas:/var/lib/openvas/mgr --name openvas atomicorp/openvas
Set Admin Passworddocker run -d -p 443:443 -e OV_PASSWORD=iliketurtles --name openvas atomicorp/openvas
Update NVT datadocker run -d -p 443:443 -e OV_UPDATE=yes --name openvas atomicorp/openvas
Attach to runningdocker exec -it openvas bash
Thanks Jan-Oliver Wagner @Greenbone Michael Meyer @Greenbone Everyone at Greenbone that made this project possible The Arachni Project Openvas Docker creators used as a reference: Mike Splain, William Collani, Serge Katzmann, and Daniel Popescu
Tuesday, April 02, 2019
Commando VM: The First of Its Kind Windows Offensive Distribution
Commando VM: The First of Its Kind Windows Offensive Distribution
March 28, 2019 | by Jacob Barteaux, Blaine Stancill, Nhan Huynh
For penetration testers looking for a stable and supported Linux testing platform, the industry agrees that Kali is the go-to platform. However, if you’d prefer to use Windows as an operating system, you may have noticed that a worthy platform didn’t exist. As security researchers, every one of us has probably spent hours customizing a Windows working environment at least once and we all use the same tools, utilities, and techniques during customer engagements. Therefore, maintaining a custom environment while keeping all our tool sets up-to-date can be a monotonous chore for all. Recognizing that, we have created a Windows distribution focused on supporting penetration testers and red teamers.
https://www.fireeye.com/blog/threat-research/2019/03/commando-vm-windows-offensive-distribution.html
Subscribe to:
Posts (Atom)