Remote Desktop Attacks – Ransomware Entry
1. Introduction and Objectives In this article, we will briefly explain the methodology employed by certain criminal groups to gain access to computer systems by exploiting their Remote Desktop Services (RDP). This methodology for installing various types of malware has been observed in a large number of forensic analyses of ransomware attacks, and it’s not surprising considering the ease and nature of exploitation, as we will see throughout this article. To follow along, you will need to have at least basic knowledge of brute force tools and exploit launching. We will be using Kali Linux as the attacking machine. 2. …
Exploiting: Buffer Overflow (BoF)
1. Introduction and Objectives In this article, we will delve into the exploitation of a Buffer Overflow (BoF) vulnerability. We will utilize various tools to extract the required information through reverse engineering, enabling us to create the final exploit and gain access to the target machine. To accomplish this, a fundamental understanding of reverse engineering and programming in Python is essential. 2. Setting up the Lab To initiate this practice of exploiting a Buffer Overflow vulnerability, we will need to set up a laboratory with the following virtual machines and tools: Once the machines are set up, we verify that …
SPLUNK: The Ultimate SIEM for Control
1. Introduction and Objectives In this article, we will step into the shoes of a security analyst whose task involves detecting intrusions by analyzing the various log files generated by machines and devices, searching for abnormal behaviors. This is done to respond to potential incidents, establish appropriate policies and rules, and ensure their compliance. Additionally, this role includes the implementation of Security Information and Event Management (SIEM) systems. For this exercise, we will use the tool “Splunk Enterprise.” In the following sections, we will define this tool and its functionality, as well as briefly explore some use cases that can …
Implementing Scripts in Metasploit (Proof of Concept)
1. Introduction and Objectives In this article, we will demonstrate how we can implement Ruby-written scripts in the Metasploit Framework, in order to subsequently utilize them in our cybersecurity audits. It’s worth noting that when we refer to ‘scripts,’ we are talking about various tools, whether they are exploits, auxiliary modules, or any other type. To achieve this, we will need to have at least a basic understanding of Ruby and the architecture of Metasploit. 2. Metasploit & Ruby Ruby is a dynamic, object-oriented, open-source programming language focused on simplicity and productivity. The significance of this language within Metasploit is …
Analysis of Malware in Android
1. Introduction and Objectives In this article, we will conduct the analysis of a well-known malware targeting Android. Specifically, we will examine a “Meterpreter” originated using the “Msfvenom” tool belonging to the Metasploit framework. For those unfamiliar with a “Meterpreter” application, it’s a command interpreter that allows interaction with the victim machine, offering high flexibility and reliability. In other words, it’s malware that provides the attacker with complete control over the infected machine, enabling command execution, webcam viewing, microphone listening, and numerous other fascinating functions. We will define what a “Meterpreter session” is later on. I recommend reading the book …
Vulnerability Analysis in Android Applications (2)
1. Introduction and Objectives In this article, we will continue with the analysis of Android applications. The objectives and the laboratory setup remain the same as in the first part. For more information about setting up the analysis laboratory, you can refer to the first part: “Vulnerability Analysis in Android Applications (1)“. In the following sections, we will conduct a brief analysis of “InsecureBankV2“. As the name suggests, it is a banking app that has certain vulnerabilities that we need to identify. As seen in its official repository, this application has a significant number of vulnerabilities. However, in this article, …
Vulnerability Analysis in Android Applications (1)
1. Introduction and Objectives According to “OWASP Mobile Security Testing,” the phases for conducting a pentest on a mobile application are as follows: In this article, we will learn the basics and methodology of manual static analysis of Android applications. We will not use automated vulnerability detection tools for this purpose. Instead, we will demonstrate this process using a specific example. 2. Setting Up the Analysis Environment The first step is to create and set up a secure and suitable analysis environment. The tools you’ll need to set up are as follows: By setting up this environment, you’ll have access …
Man In The Middle (MITM): Capturing Credentials with SSLStrip2 and Delorean
Introduction and Objectives This attack, as its name suggests, involves positioning oneself in the middle of the data transmission between the machines that make up the network and the router. Its main objective is espionage, capturing sensitive data that flows through the network, obtaining access credentials to devices and user accounts for potential privilege escalation, conducting subsequent phishing attacks by knowing the websites that organization users frequently visit, using a “remote browser” attack, among many other intriguing activities. Initially, we will use basic auditing tools to conduct an attack of this kind. These tools are “ettercap” and “Wireshark”. With “ettercap,” …
Netcat, Cryptcat, and Ncat: The Swiss Army knives of hacking.
Introduction and objectives We are going to study the functioning and behavior of these tools, which provide the pentester with a range of opportunities in system auditing. You can download them from the following links: In the practical exercise we are going to perform in this article, we will learn how to obtain a remote machine’s command shell by using these tools. Subsequently, we will also conduct a study of the network traffic generated using each of these tools, with the aim of understanding communication security. Obtaining a “bind shell” in a LAN. a) Machines used for the practice To …
Analysis of the EvilPDF tool
Description and installation of EvilPDF We are going to study the operation of this tool, which provides the user with the ability to embed an executable file in a PDF document. In its Github repository it is defined as such, although it is not really the most accurate definition, as we will see throughout the analysis. The tool can be found in its github repository. https://github.com/JAYMONSECURITY/evilpdf As we can see below, the project consists of several files, the most important of which are the following: The first thing we are going to do is to follow the instructions to download …
Latest News
