Thursday, 21 May 2020

Ransomware.OSX.KeRanger Samples


Research: New OS X Ransomware KeRanger Infected Transmission BitTorrent Client Installer by Claud Xiao

Sample credit: Claud Xiao


File information

d1ac55a4e610380f0ab239fcc1c5f5a42722e8ee1554cba8074bbae4a5f6dbe1 
1d6297e2427f1d00a5b355d6d50809cb 
Transmission-2.90.dmg

e3ad733cea9eba29e86610050c1a15592e6c77820927b9edeb77310975393574 
56b1d956112b0b7bd3e44f20cf1f2c19 
Transmission

31b6adb633cff2a0f34cefd2a218097f3a9a8176c9363cc70fe41fe02af810b9
14a4df1df622562b3bf5bc9a94e6a783 
General.rtf

d7d765b1ddd235a57a2d13bd065f293a7469594c7e13ea7700e55501206a09b5 
24a8f01cfdc4228b4fc9bb87fedf6eb7 
Transmission2.90.dmg

ddc3dbee2a8ea9d8ed93f0843400653a89350612f2914868485476a847c6484a
3151d9a085d14508fa9f10d48afc7016 
Transmission

6061a554f5997a43c91f49f8aaf40c80a3f547fc6187bee57cd5573641fcf153 
861c3da2bbce6c09eda2709c8994f34c 
General.rtf



Download

Related word


Android SSHControl V1.0 Relased!!!

Hoy sabado 15, he subido al Market de Android la versión 1.0 de SSHControl, con nuevas funcionalades y la esperada opción "Custom Commands".






Esta aplicación permite controlar tus servidores linux, bsd y unix con solo un dedo, mediante esta app Android.
Y soluciona las siguientes problemáticas:
- Manejar una shell desde el pequeño teclado de un móvil es engorroso.
- Leer todos los resultados de un comando en la pantalla del móvil, nos dejamos la vista.

Esta app permite interactuar con servidores remotos simplemente haciendo pulsaciones en la pantalla, mediante un explorador de ficheros, de conexiones, etc..

Las funcionalidades nuevas de esta versión 1.0 son:

- Administración del Firewall Iptables.
- Opción de Custom Commands, tal como había prometido.

Las funcionalidades ya presentes en la v0.8 son:

- escalada a root mediante su y sudo
- gestor de procesos
- explorador de ficheros, editor de ficheros, editor de permisos.
- monitorización y baneo de conexiones
- Visualizadores de logs
- administrador de drivers
- estadisticas de disco

Para la versión 2.0 preveo:

- Escuchar música remota
- Descarga de ficheros (wget)
- Transferencia segura de ficheros entre servidores (scp)
- Gestures, para administrar los sitemas en plan minority report :)

App disponible en el market para 861 tipos de dispositivos y pronto disponible en tablets.

https://market.android.com/details?id=net.ssh.SSHControl

Cualquier sugerencia de mejora: sha0 [4t] badchecksum [d0t] net

Related word


  1. Hacking With Swift
  2. Curso Hacker
  3. Hacking Con Buscadores
  4. Ingeniería Social. El Arte Del Hacking Personal Pdf
  5. Kali Hacking
  6. Herramientas De Seguridad Informatica
  7. Hacking Bluetooth Speaker
  8. Hacking In Spanish
  9. Ultimate Hacking Keyboard
  10. Hacking Python
  11. Herramientas Hacking
  12. Hacking In Spanish

Networking | Switching And Routing | Tutorial 1 | 2018


Welcome to my new series of tutorials about networking. Moreover in this series I'll discuss briefly each and every thing related to routing and switching. After that you will able to pass an exam of HCNA, CCNA etc. First of all you have to know which software is used by which company such as Huawei used its own software named eNSP while Cisco used its own software named Cisco Packet Tracer. After that you have to know that how to download and install both of the software in your computer systems. So the purpose of this blog is to give you people an overview about how to download and install both of them.

What is a Network? 

First of all we must have to know about what is a network. So the network is the interconnection of two or more than two devices in such a way that they can communicate each other. In computer networks we can say that the interconnection of two or more than two end devices (computer, laptops, printers etc) for the sake of sending and receiving some amount of data is known as computer network.

What is Internet?  

The very simple and easily understandable definition of a internet is "The network of networks". Now what is meant by that? When different networks from the different areas or at the same areas wanna communicate with each other then internet formed. So we can say that "Internet is the interconnection of different networks in such a way that networks can communicate with each other".

Related articles


Why (I Believe) WADA Was Not Hacked By The Russians

Disclaimer: This is my personal opinion. I am not an expert in attribution. But as it turns out, not many people in the world are good at attribution. I know this post lacks real evidence and is mostly based on speculation.



Let's start with the main facts we know about the WADA hack, in chronological order:


1. Some point in time (August - September 2016), the WADA database has been hacked and exfiltrated
2. August 15th, "WADA has alerted their stakeholders that email phishing scams are being reported in connection with WADA and therefore asks its recipients to be careful"  https://m.paralympic.org/news/wada-warns-stakeholders-phishing-scams
3. September 1st, the fancybear.net domain has been registered
   Domain Name: FANCYBEAR.NET
...
Updated Date: 18-sep-2016
Creation Date: 01-sep-2016
4. The content of the WADA hack has been published on the website
5. The @FancyBears and @FancyBearsHT Twitter accounts have been created and started to tweet on 12th September, reaching out to journalists
6. 12th September, Western media started headlines "Russia hacked WADA"
7. The leaked documents have been altered, states WADA https://www.wada-ama.org/en/media/news/2016-10/cyber-security-update-wadas-incident-response


The Threatconnect analysis

The only technical analysis on why Russia was behind the hack, can be read here: https://www.threatconnect.com/blog/fancy-bear-anti-doping-agency-phishing/

After reading this, I was able to collect the following main points:

  1. It is Russia because Russian APT groups are capable of phishing
  2. It is Russia because the phishing site "wada-awa[.]org was registered and uses a name server from ITitch[.]com, a domain registrar that FANCY BEAR actors recently used"
  3. It is Russia because "Wada-arna[.]org and tas-cass[.]org were registered through and use name servers from Domains4bitcoins[.]com, a registrar that has also been associated with FANCY BEAR activity."
  4. It is Russia, because "The registration of these domains on August 3rd and 8th, 2016 are consistent with the timeline in which the WADA recommended banning all Russian athletes from the Olympic and Paralympic games."
  5. It is Russia, because "The use of 1&1 mail.com webmail addresses to register domains matches a TTP we previously identified for FANCY BEAR actors."

There is an interesting side-track in the article, the case of the @anpoland account. Let me deal with this at the end of this post.

My problem with the above points is that all five flag was publicly accessible to anyone as TTP's for Fancy Bear. And meanwhile, all five is weak evidence. Any script kittie in the world is capable of both hacking WADA and planting these false-flags.

A stronger than these weak pieces of evidence would be:

  • Malware sharing same code attributed to Fancy Bear (where the code is not publicly available or circulating on hackforums)
  • Private servers sharing the IP address with previous attacks attributed to Fancy Bear (where the server is not a hacked server or a proxy used by multiple parties)
  • E-mail addresses used to register the domain attributed to Fancy Bear
  • Many other things
For me, it is quite strange that after such great analysis on Guccifer 2.0, the Threatconnect guys came up with this low-value post. 


The fancybear website

It is quite unfortunate that the analysis was not updated after the documents have been leaked. But let's just have a look at the fancybear . net website, shall we?

Now the question is, if you are a Russian state-sponsored hacker group, and you are already accused of the hack itself, do you create a website with tons of bears on the website, and do you choose the same name (Fancy Bear) for your "Hack team" that is already used by Crowdstrike to refer to a Russian state-sponsored hacker group? Well, for me, it makes no sense. Now I can hear people screaming: "The Russians changed tactics to confuse us". Again, it makes no sense to change tactics on this, while keeping tactics on the "evidence" found by Threatconnect.

It makes sense that a Russian state-sponsored group creates a fake persona, names it Guccifer 2.0, pretends Guccifer 2.0 is from Romania, but in the end it turns out Guccifer 2.0 isn't a native Romanian speaker. That really makes sense.

What happens when someone creates this fancybear website for leaking the docs, and from the Twitter account reaches out to the media? Journalists check the website, they see it was done by Fancy Bear, they Bing Google this name, and clearly see it is a Russian state-sponsored hacker group. Some journalists also found the Threatconnect report, which seems very convincing for the first read. I mean, it is a work of experts, right? So you can write in the headlines that the hack was done by the Russians.

Just imagine an expert in the USA or Canada writing in report for WADA:
"the hack was done by non-Russian, but state-sponsored actors, who planted a lot of false-flags to accuse the Russians and to destroy confidence in past and future leaks". Well, I am sure this is not a popular opinion, and whoever tries this, risks his career. Experts are human, subject to all kinds of bias.

The Guardian

The only other source I was able to find is from The Guardian, where not just one side (it was Russia) was represented in the article. It is quite unfortunate that both experts are from Russia - so people from USA will call them being not objective on the matter. But the fact that they are Russian experts does not mean they are not true ...

https://www.theguardian.com/sport/2016/sep/15/fancy-bears-hackers--russia-wada-tues-leaks

Sergei Nikitin:
"We don't have this in the case of the DNC and Wada hacks, so it's not clear on what basis conclusions are being drawn that Russian hackers or special services were involved. It's done on the basis of the website design, which is absurd," he said, referring to the depiction of symbolically Russian animals, brown and white bears, on the "Fancy Bears' Hack Team" website.

I don't agree with the DNC part, but this is not the topic of conversation here.

Alexander Baranov:
"the hackers were most likely amateurs who published a "semi-finished product" rather than truly compromising information. "They could have done this more harshly and suddenly," he said. "If it was [state-sponsored] hackers, they would have dug deeper. Since it's enthusiasts, amateurs, they got what they got and went public with it.""

The @anpoland side-track

First please check the tas-cas.org hack https://www.youtube.com/watch?v=day5Aq0bHsA  , I will be here when you finished it. This is a website for "Court of Arbitration for Sport's", and referring to the Threatconnect post, "CAS is the highest international tribunal that was established to settle disputes related to sport through arbitration. Starting in 2016, an anti-doping division of CAS began judging doping cases at the Olympic Games, replacing the IOC disciplinary commission." Now you can see why this attack is also discussed here.


  • My bet is that this machine was set-up for these @anpoland videos only. Whether google.ru is a false flag or it is real, hard to decide. It is interesting to see that there is no google search done via google.ru, it is used only once. 
  • The creator of the video can't double click. Is it because he has a malfunctioning mouse? Is it because he uses a virtualization console, which is near-perfect OPSEC to hide your real identity? My personal experience is that using virtualization consoles remotely (e.g. RDP) has very similar effects to what we can see on the video. 
  • The timeline of the Twitter account is quite strange, registered in 2010
  • I agree with the Threatconnect analysis that this @anpoland account is probably a faketivist, and not an activist. But who is behind it, remains a mystery. 
  • Either the "activist" is using a whonix-like setup for remaining anonymous, or a TOR router (something like this), or does not care about privacy at all. Looking at the response times (SQLmap, web browser), I doubt this "activist" is behind anything related to TOR. Which makes no sense for an activist, who publishes his hack on Youtube. People are stupid for sure, but this does not add up. It makes sense that this was a server (paid by bitcoins or stolen credit cards or whatever) rather than a home computer.
For me, this whole @anpoland thing makes no sense, and I think it is just loosely connected to the WADA hack. 

The mysterious Korean characters in the HTML source

There is another interesting flag in the whole story, which actually makes no sense. When the website was published, there were Korean characters in HTML comments. 



When someone pointed this out on Twitter, these Korean HTML comments disappeared:
These HTML comments look like generated HTML comments, from a WYSIWYG editor, which is using the Korean language. Let me know if you can identify the editor.

The Russians are denying it

Well, what choice they have? It does not matter if they did this or not, they will deny it. And they can't deny this differently. Just imagine a spokesperson: "Previously we have falsely denied the DCC and DNC hacks, but this time please believe us, this wasn't Russia." Sounds plausible ...

Attribution

Let me sum up what we know:

It makes sense that the WADA hack was done by Russia, because:

  1. Russia being almost banned from the Olympics due to doping scandal, it made sense to discredit WADA and US Olympians
  2. There are multiple(weak) pieces of evidence which point to Russia
It makes sense that the WADA hack was not done by  Russia, because: 
  1. By instantly attributing the hack to the Russians, the story was more about to discredit Russia than discrediting WADA or US Olympians.
  2. In reality, there was no gain for Russia for disclosing the documents. Nothing happened, nothing changed, no discredit for WADA. Not a single case turned out to be illegal or unethical.
  3. Altering the leaked documents makes no sense if it was Russia (see update at the end). Altering the leaked documents makes a lot of sense if it was not Russia. Because from now on, people can always state "these leaks cannot be trusted, so it is not true what is written there". It is quite cozy for any US organization, who has been hacked or will be hacked. If you are interested in the "Russians forging leaked documents" debate, I highly recommend to start with this The Intercept article
  4. If the Korean characters were false flags planted by the Russians, why would they remove it? If it had been Russian characters, I would understand removing it.
  5. All evidence against Russia is weak, can be easily forged by even any script kittie.

I don't like guessing, but here is my guess. This WADA hack was an operation of a (non-professional) hackers-for-hire service, paid by an enemy of Russia. The goal was to hack WADA, leak the documents, modify some contents in the documents, and blame it all on the Russians ...

Questions and answers

  • Was Russia capable of doing this WADA hack? Yes.
  • Was Russia hacking WADA? Maybe yes, maybe not.
  • Was this leak done by a Russian state-sponsored hacker group? I highly doubt that.
  • Is it possible to buy an attribution-dice where all six-side is Russia? No, it is sold-out. 

To quote Patrick Gray: "Russia is the new China, and the Russians ate my homework."©

Let me know what you think about this, and please comment. 

Related posts

Tuesday, 19 May 2020

Linux Command Line Hackery Series: Part 1




In this concise article we will learn some basics of how to use Linux Command line, so lets get started.

Requirements:

1. An open Terminal in your Linux Box. I'm using Kali Linux 2.0
or you can check out this amazing website Webminal

Command:  ls
Syntax:         ls [flag(s)]
Function:      ls is short for list. ls command is used to list the contents of a directory these contents include files, folders, and links. ls has many optional flags as well, some of them are described below
Flags:    -a this flag is used to view hidden files that is those files whose names are preceded                      by a '.'(dot)
               -l  this flag is used to view file permissions, owner of the file, group of the owner, the                        file size, the modification date, and the filename. We'll talk more about it in later                            articles.

Command:  mkdir
Syntax:         mkdir dirname
Function:      mkdir is used to create a directory (or a folder) with the name which is followed by the command

now lets create a directory in our current directory named as myfiles, how would you do that?

mkdir myfiles

which command should we use in order to verify that the directory has been created in our current folder?

ls

this will list all the files and directories in our current folder. Do you see myfiles directory listed?

Command:  cd
Syntax:         cd path/to/directory
Function:      cd is short for change directory. It is used to navigate directories, or to make it clear it does the same thing as what double clicking on a folder do except it doesn't show you contents of the directory :(. In order to navigate or visit another directory we need to provide it's ABSOLUTE-PATH or RELATIVE-PATH you heard that, didn't ya?

Paths are of two types relative path or absolute path (also called full-path). Relative as the name suggests is relative to the current directory, so if you have to navigate to a folder within the current directory you'll just simply type cd directory_name. But what if you have to navigate to a directory which is the parent of current directory? Well it's easy just type cd .. (yes double dots, you noticed that .. and . thing when you typed ls -a, didn't you?). The double dots mean the directory above current directory (i,e the parent directory) and a single dot means the current directory (i,e the directory that I'm currently in). Now if you have to navigate two directories above current directory using relative path navigation you'll type

cd ../.. 

here .. means previous directory and another .. after slash (/) means the previous directory of the previous directory sounds confusing..!

The Absolute Path means full path to the file or folder which starts from root directory. Say I want to navigate to my home folder using absolute path, then I'll type:

cd /home/user

where user is the username
Now think of navigating to the myfiles folder from your home directory using the absolute path, it will be something like this:

cd /home/user/myfiles

Exercise: Create a directory project1 inside your home directory and inside the project1 directory create a file and a directory named index.html and css respectively. Then navigate to the css directory and create a style.css file inside it. At last navigate out of the css directory to home both using the relative and absolute path mechanisms.

[Trick: To get quickly out of any directory to your home directory type cd ~ [press Enter] or simply cd [press Enter]]

Command:  touch
Syntax:         touch filename
Function:      touch is a nifty little function used to create an empty file (actually it's used to change access time of a file but everyone has got bad habits :P ). You can create any type of empty file with the touch command. If you are a bit curious about touch read the manual page of the touch command using the man touch command.

Now lets create a few files inside of our myfiles directory

touch file1 file2 file3

The above command creates three empty files in our current directory named file1, file2, and file3.
How will you verify that it has indeed created these three files in your current directory? I won't answer this time.

Command:  echo
Syntax:         echo Hacker manufacturing under process
Function:      echo is used to display a line of text. By default echo displays a line of text on the terminal which is the standard output device (stdout for short). However we can redirect the output of an echo command to a file using > (the greater than symbol).
Now if we have to echo a line of text to a file, say file1 in our myfiles directory, we will type:

echo This is file1 > file1

The above command will echo the text "This is file1" to file1.

Command:  cat
Syntax:         cat filename [anotherfilename...]
Function:      cat stands for concatenate (not that puny little creature in your house). The main function of cat is to concatenate files and display them on your terminal (or in geeky terms stdout). But its also used to display the contents of a file on your terminal.

Let's display the contents of file1 in the myfiles directory that we echoed to it using the echo command, for that we'll type:

cat file1

Awesome I can see on black screen contents of my file (what if your terminals background is white?), looks like I'm becoming a hacker. In case you don't see it then I suggest you should give up the thought of becoming a hacker. Just kidding you might have missed a step or two from the above steps that we performed.

Now lets say that we want to add another line of text to our file using the echo command should we use the same greater than (>) symbol? No, if we want to add another line (which in geeky terms is to append a line) to our file using the echo command we have to use >> (two greater than symbols) like this:

echo Another line of text >> file1

now to check the contents of file1 we'll type:

cat file1

OK we wrote two lines inside of the file1.
Does it mean we have to add three greater than symbols to write third line? Oh! I didn't thought you'd be such a genius.

A single greater than symbol (>) means redirect the output of the preceding command to a file specified after the > symbol. If the file exists then overwrite everything that's in it with the new contents and if the file does not exist then create one and write to it the output of the preceding command. So if you had typed

echo Another line of text > file1

it would have overwritten the contents of the file1 with "Another line of text" and the line "This is file1" would no longer be present in the file.

Two greater than symbols (>>) mean that append (remember the geeky term?) the output of the previous command to the end of file specified after >>. Now if you want to add another line of text to file1, you won't use >>> rather you'll use >> like this:

echo Third line in file1 >> file1

This is it for today. But don't worry we'll learn more things soon.

Related articles


  1. Hacking Informatico
  2. Android Hacking
  3. Rom Hacking
  4. Etica Hacker
  5. Curso Ethical Hacking
  6. Hacking Definition
  7. Curso Seguridad Informatica
  8. Clases De Hacker
  9. Hacking Life
  10. Herramientas De Seguridad Informatica
  11. Web Hacking 101

Difference Between Hacker, Programmer, And Developer

                There are numerous sprite debates and discussions on the differences between hackers, developers, and programmers. With most descriptions, however, there is usually a slight flaw in at least one or two serious ways. These terms are all traditionally misused and misunderstood, with many of us frequently mixing them up as an all-encompassing definition of anyone working on the Software realm.


However, if you are looking to clarify your project goals and business needs adequately, it is essential that you understand that all these terms do not all represent the same thing (although a person with the ability to program a computer can use different skills to accomplish various outcomes).

What's more, it is also quite important for you to differentiate between these three terms if you are working with software development groups and the fact that they cannot be interchanged.  This excerpt seeks to break it all down for you mainly-the vital difference between hackers, developers, and programmers, their actual tasks, as well as their relationship.

The Hacker

A hacker is a computer expert who uses his knowledge of computer networking, programming, cryptography, and databases to overcome a problem in the system. Hackers are more concerned with availing the concept as opposed to minding about the long-term quality. And although a hacker can conceptualize about how will ultimately be created while frantically writing code, the role is primarily about speed.

A hacker, as well as hacking,' are most useful in dealing with emergency circumstances or when prototyping an item. Hackers and the profession of hacking, in general, is not concerned with the ultimate effect of the code.

Hackers make things. They typically alter the things programmers create and transform them to function differently as well as also writing codes. While "hacker" can refer to any skilled technical person, the term has become associated with computer security, someone who, with their technical knowledge, uses bugs or exploits to break into computer systems.

The Programmer

programmer is an individual equipped with the expertise to write codes. Programmers usually master in a single or multiple programming languages and boast vast knowledge on related areas also. Their roles are relatively procedural and mandate for total concentration not to mention refined skills.

A programmer is solely focused both in writing codes as well as getting features appropriately performed so that these features are accessible for integration and later use. Programming is merely the process of swinging the hammer and adequately creating the software.

Usually, it is easy to identify that an individual is in programming mode since they often have a concentrated gaze and are deep in the zone.' Programmers are normally internalizing the system they are operating as well as editing and writing pieces of something that can only best be described as a long algebra problem.'

The Developer

Developers are typically creators. However, not anyone that is an expert at writing codes can be a developer. Developers are experts at identifying ways around various problems as well as plugging together components to fulfill some requirements. These professionals solve problems or create things by adhering to a specific set of principles (design and implementation).

This set of principles includes attributes such as maintainability, performance, robustness, security, and scale among others. They solve problems in a systematic manner. Ideally, this is what distinguishes programmers, developers, and hackers.

In A Nutshell:

In all simplicity, these three professionals solve various problems using code. A programmer is an encompassing term that means a problem solver, a developer is a trained programmer (formal) who besides resolving issues achieves it in an organized and methodical manner likely instilled in the course of their formal education, and a hacker is a tinkerer/creator.

Despite their differences in individual meaning and professional capacities, these terms, however, can interrelate with each other quite effectively. In fact, it is possible for you to combine the skills to your benefit. In reality, all developers and hackers are programmers. However, despite their expertise, not many developers and programmers are creative enough to warrant an identity as hackers.

Finally, although hackers and programmers are quite impressive, they are however not experienced or educated enough to warrant consideration as developers. The similarity, however, is that all work to create code, each in their specified manner.

Ideally, anyone would work to be all the above-as creative as a hacker, though, somewhat better experienced and formally trained to design software as opposed to only hacking.

Nonetheless, even if you lack the creativity, experience, or education, or either to necessarily create a broad application, it is still worth noting that you are still ideally a programmer. And in case you did not know, solving a problem through code is by itself, a superpower!


@£√£RYTHING NT

More info


A Quick Guide To Selection Sorting



In this Article I'll tell you about Selection Sort
Selection sort is that type of sorting in which smallest element of a list is searched and then this number is swapped with the first element of the list and then second smallest element is searched in the list and is swapped with the second element of the list and so on i,e this "thingy" thing continues on till n-1 times (where 'n' is the number of terms).
COMPLEXITY:-
Complexity of Selection sort is O(n^2) in best case as well as in worst case.

Well selection sort is not a good sorting algorithm which you can see even from the complexity of selection sort because selection sort performs same number of comparisons even in the best case as in the worst case. Which makes it very slow.
Pseudo-code:-
sort(Arr)
for i = 0 to n-1
smallest = location of smallest number from Arr[i] to Arr[n-1]
swap Arr[i] with Arr[smallest]

/*C Program: Implementation of Selection Sort*/
#include<stdio.h>
void swap(int a[], int i, int j){
    int tmp = a[i];
    a[i] = a[j];
    a[j] = tmp;
}
void selectionSort(int a[], int l, int h){
   for(int i=l; i<h; i++){
     int small  = i;
     for(int j=i+1; j<=h; j++){
       if(a[j] < a[i]) small = j;
     }
     swap(a,i,small);
   }
}
int main(void) {
   int arr[10], n;
   printf("Enter Size of Array: ");
   scanf("%d", &n);
   printf("Enter %d elements:\n", n);
   for(int i=0; i<n; i++) scanf("%d", &arr[i]);
   selectionSort(arr, 0, n-1);
   printf("Sorted Array is as:\n");
   for(int i=0; i<n; i++) printf("%d ", arr[i]);
   printf("\n");
   return 0;
}
More info