Latest News

Reset Group Policy in Vista/ Windows 7/ 8


Local Group Policy Editor, an administrator can edit local GPOs, disable computer or user settings in Local Group Policy and use scripts for certain tasks that include startup and shutdown. Local Group Policy Editor can be found in all Windows Server versions since Windows Server 2008. Local Group Policy Editor is not available on Windows home editions.
This method can save you from headache of group policies error. I am sure that it will also helpful for those who are facing some problems like folder option error etc...The Local Group Policy Editor has now been reset back to default.

1. Open  command prompt with Administrator rights otherwise you will face problem "Access Denied" Vista or Windows 7 or Windows 8.
(Click image for large view)

2. In the command prompt, type diskpart, and press Enter

3. In the command prompt, type list volume, and press Enter. You will see your volume list (Partition list). Make a note your Local Drive Letter. For Example here mine is C Drive.

4. In the command prompt, type exit, and press Enter.

5. In the command prompt, type RD /S /Q "C:\Windows\System32\GroupPolicy" and press Enter. Here C is my local drive letter.

6. Again type RD /S /Q "C:\Windows\System32\GroupPolicyUsers" and Press Enter.
(Click image for large view)

7. Restart the computer.

Like it ? Share it.

Fool the Network Hunters (Hackers)

Portspoof is meant to be a lightweight, fast, portable, and secure addition to any firewall system or security system. The general goal of the program is to make the information-gathering phase slow and bothersome for your attackers as much as possible. This is quite a change to the standard 5s nmap scan that will give a full view of your system’s running services.

eLearnSecurity Advanced Reverse Engineering Of Software - Review

There is a saying "To understand how something works, you must take it apart and unravel its secrets" that's exactly what reverse engineering is all about i.e. breaking down things apart to figure out how they work from inside. If you have a keen interest in software reverse engineering and are curious on how the bad guys really go about cracking the softwares and developing keygens/patches for it, if you are interested in how security professionals go about analyzing complex malwares, then the "ARES Course" is for you.

Straight from the horse's mouth,  "This advanced reverse engineering training course is highly practical, meaning you will learn things by yourself and not just listen to some instructors and watch. If you like the "learning-by-doing" approach, then this is for you. This is NOT a "learn - repeat - forget" type of training. The course guidance ensures that you will get all the necessary knowledge along the way."

Pre-requisites

Before you enroll into this course, the following are the pre-requisites mentioned by the author.

1) You don't need to already be a reverse engineer to attempt this course, this course takes you from a very beginner level up to an advanced level.

2) Knowledge of assembly language would certainly be helpful, however the author covers important instructions along while demonstrations. In the written part, the author also provides several references assembly guiders and reference books. So, in case if you are unaware what particular assembly instruction does you can quickly look through the references.

3) Basic knowledge of programming concepts (Variables, Strings, functions, pointers etc) is required, however you don't need to be a hardcore programmer to be enrolled into this course.

The course is divided into three parts

1) Foundations
2) Technical Part 1
3) Technical Part 2

Foundations

The "Foundation" part talks about the necessary theory you need to understand how understand before you dive into the technical parts. The course focuses specifically upon the intel 32 bit architecture, memory segments such as stack heap, flags, registers and popularly used windows API's and tools in the trade for reversing.

The author points out that it's not necessary to be a master at assembly language in order to become a successful reverse engineer and which started making sense to me as soon as i finished the technical parts of the course, however as mentioned before the knowledge about certain programming concepts will surely be a great help for you.  Here is what the author states:

Probably, you've heard that if you want to become a reverse engineer you have to master assembly language first, which is far from truth. Of course, being a programmer, especially in not a very high level language like C/C++ can be very helpful in some concepts like points, etc.. but in regards to reversing and assembly language, what you really need is to be able to understand what you see. There's no need to write complex programs using assembly.

Technical Part I - Learning how to reverse

The "technical part 1" goes from very basic software patching up-to in depth analysis of algorithms and windows API's. The very first module of this section is  "String References & Basic Patching", in this module the authors explains several methods of patching an executable such as manipulating, noping out the jumps etc to change the program flow. The next module focuses on using the "Stack" for tracing back algorithm, this comes handy when we are up against a binary, where the strings are encrypted and decrypted on the runtime and therefore we are unable to locate the algorithm with static analysis.

In the next module "Algorithm Reversing" the author digs deeper into the world of reverse engineering by analyzing the algorithms in detail to find a solution that would really validate the given algorithm and this is where the real fun starts. The next module, "Windows Registry Manipulation" is more related to reversing malware rather than cracking softwares, the author analyses an application that is trying to read specific piece of information from the registry, in this module the author also explains the use of "Hardware breakpoints" for monitoring access into specific memory areas. In the next module "File Manipulation", the author dives into more practical reverse engineering methods, where he examines an application that is trying to read contents of a specific file inside the system.


Technical Part II - Anti-reversing tricks

In real world, the binary analysis is not as easy as you might think, you might encounter different obstacles and protections when doing professional reverse engineering. Developers have came up with several tricks for making the binary analysis process much harder by using anti-debugging api's, code obfuscation, packers etc.

The modules gives insights into bypassing most commonly used anti-reversing tricks such as bypassing anti-debugging mechanisms, de-obfuscating code obfuscation and the process of manually unpacking a binary. Last but not least, the author explains about reversing multi-threaded applications, the author points out that analyzing these applications can be bit tricky for beginners, however after understanding the concepts of creations of multi-threads on run-time, this process becomes much more easy.


Challenges

Each module comes with a unique challenge which contains a binary which would allow you to practically perform the techniques you have learnt in the video section of the course. In case if you are unable to solve it, just don't panic, in the video parts the author walks you through solving the challenge.

Exam And Certification


Once you have mastered all the techniques taught in the course, you can appear in the eCRE examination, the exam is divided in to two different parts i.e. theory and practical. You must score at-least 88% in theory part which is a multiple choice question and answers.

 Once you have passed the eCRE Stage 1 (Theory part) you would be allowed to attempt the eCRE Stage 2 in which you dive in to the practical part of the examination, you would be given binaries and would have 7 days to analyse them and write a formal report about it. A examiner will formally analyse your report and if you pass you are titled as "eLearnSecurity Certified Reverse Engineer"

Launch Webinar

If you would like to see this course in action, I would recommend you to take a look at the launch webinar, in which the author shows live demonstration of analysing obfuscated binary.


Conclusion


If you are passionate about reverse engineering or have a dream persuading your career as a reverse engineer, then this course is definitely for you. Overall, I would rate the course to be 9/10 as this one of the most technical and informative courses I have ever taken.

For further information about the course, Please refer the following link - https://www.elearnsecurity.com/course/advanced_reverse_engineering_of_software/

Privilege Escalation


Privilege escalation is the act of exploiting a bug, design flaw or configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user. The result is that an application with more privileges than intended by the application developer or system administrator can perform unauthorized actions.
Privilege escalation means a user receives privileges they are not entitled to. These privileges can be used to delete files, view private information, or install unwanted programs such as viruses. It usually occurs when a system has a bug that allows security to be bypassed or, alternatively, has flawed design assumptions about how it will be used. Privilege escalation occurs in two forms:
  1. Vertical privilege escalation, also known as privilege elevation, where a lower privilege user or application accesses functions or content reserved for higher privilege users or applications (e.g. Internet Banking users can access site administrative functions or the password for a smartphone can be bypassed.)
  2. Horizontal privilege escalation, where a normal user accesses functions or content reserved for other normal users (e.g. Internet Banking User A accesses the Internet bank account of User B)
Vertical Privilege Escalation 

This type of privilege escalation occurs when the user or process is able to obtain a higher level of access than an administrator or system developer intended, possibly by performing kernel-level operations.

Examples of vertical privilege escalation
In some cases a high-privilege application assumes that it will only be provided with input that matches its interface specification, and doesn't validate the input. An attacker may then be able to exploit this assumption so that unauthorized code is run with the application's privileges:
  • Some Windows services are configured to run under the Local System user account. A vulnerability such as a buffer overflow may be used to execute arbitrary code with privilege elevated to Local System. Alternatively, a system service that is impersonating a lesser user can elevate that user's privileges if errors are not handled correctly while the user is being impersonated (e.g. if the user has introduced a malicious error handler)
  • Under some legacy versions of the Microsoft Windows operating system, the All Users screensaver runs under the Local System account - any account that can replace the current screensaver binary in the file system or Registry can therefore elevate privileges.
  • In certain versions of the Linux kernel it was possible to write a program that would set its current directory to /etc/cron.d, request that a core dump be performed in case it crashes and then have itself killed by another process. The core dump file would have been placed at the program's current directory, that is, /etc/cron.d, and cron would have treated it as a text file instructing it to run programs on schedule. Because the contents of the file would be under attacker’s control, the attacker would be able to execute any program with root privileges.
  • Cross Zone Scripting is a type of privilege escalation attack in which a website subverts the security model of web browsers so that it can run malicious code on client computers.
  • There are also situations where an application can use other high privilege services and has incorrect assumptions about how a client could manipulate its use of these services. An application that can execute Command line or shell commands could have a Shell Injection vulnerability if it uses unvalidated input as part of an executed command. An attacker would then be able to run system commands using the application's privileges.
  • Texas Instruments calculators (particularly the TI-85 and TI-82) were originally designed to use only interpreted programs written in dialects of TI-BASIC; however, after users discovered bugs that could be exploited to allow native Z-80 code to run on the calculator hardware, TI released programming data to support third-party development. (This did not carry on to the ARM-based TI-Nspire, for which jailbreaks have been found but are still actively fought against by Texas Instruments.)
  • Some versions of the iPhone allow an unauthorised user to access the phone while it is locked.

Jailbreaking

A jailbreak is the act or tool used to perform the act of breaking out of a chroot or jail in UNIX-like operating systems or bypassing digital rights management (DRM).
In the former case, it allows the user to see files outside of the filesystem that the administrator intends to make available to the application or user in question. In the context of DRM, this allows the user to run arbitrarily defined code on devices with DRM as well as break out of chroot-like restrictions. The term originated with the iPhone/iOS jailbreaking community and has also been used as a term for PlayStation Portable hacking; these devices have repeatedly been subject to jailbreaks, allowing the execution of arbitrary code, and sometimes have had those jailbreaks disabled by vendor updates.
iOS systems including the iPhone, iPad, and iPod touch have been subject to iOS jailbreaking efforts since they were released, and continuing with each firmware update. iOS jailbreaking tools include the option to install Cydia, a third-party alternative to the App Store, as a way to find and install system tweaks and binaries. To prevent iOS jailbreaking, Apple has made the device boot ROM execute checks for SHSH blobs in order to disallow uploads of custom kernels and prevent software downgrades to earlier, jailbreakable firmwares. In an "untethered" jailbreak, the iBoot environment is changed to execute a boot ROM exploit and allow submission of a patched low level bootloader or hack the kernel to submit the jailbroken kernel after the SHSH check.
A similar method of jailbreaking exists for S60 Platform smartphones, which involves installing softmod-style patches which involves patching certain ROM files while loaded in RAM or edited firmware (similar to the M33 hacked firmware used for the PlayStation Portable) to circumvent restrictions on unsigned code. Nokia has since issued updates to curb unauthorised jailbreaking, in a manner similar to Apple.

Prevention Strategies

Operating systems and users can use the following strategies to reduce the risk of privilege escalation:
  • Data Execution Prevention
  • Address space layout randomization (to make it harder for buffer overruns to execute privileged instructions at known addresses in memory)
  • Running applications with least privilege (for example by running Internet Explorer with the Administrator SID disabled in the process token) in order to reduce the ability of buffer overrun exploits to abuse the privileges of an elevated user.
  • Requiring kernel mode code to be digitally signed.
  • Use of up-to-date antivirus software
  • Patching
  • Use of compilers that trap buffer overruns
  • Encryption of software and/or firmware components.
Horizontal Privilege Escalation

Horizontal privilege escalation occurs when an application allows the attacker to gain access to resources which normally would have been protected from an application or user. The result is that the application performs actions with the same but different security context than intended by the application developer or system administrator; this is effectively a limited form of privilege escalation (specifically, the unauthorized assumption of the capability of impersonating other users).

Examples of horizontal privilege escalation
This problem often occurs in web applications. Consider the following example:
  • User A has access to his/her bank account in an Internet Banking application.
  • User B has access to his/her bank account in the same Internet Banking application.
  • The vulnerability occurs when User A is able to access User B's bank account by performing some sort of malicious activity.
This malicious activity may be possible due to common web application weaknesses or vulnerabilities. Potential web application vulnerabilities or situations that may lead to this condition include:
  • Predictable session ID's in the user's HTTP cookie
  • Session fixation
  • Cross-site Scripting
  • Easily guessable passwords
  • Theft or hijacking of session cookies
  • Keystroke logging
Preventing Privilege Escalation Vulnerabilities

Review those logs
Time-consuming, tedious, and absolutely necessary for the health of your network: review your log files. Once you understand what "normal" looks like for your network, you're more likely to spot dangerous abnormalities.
What should you look for? In two words: weird stuff. Examples: You know John is on vacation at Disney World, and his laptop is sitting in your office, but someone keeps logging into your network as John. Time to investigate. If, normally, your Web server can run six weeks at a time without requiring a reboot, but it rebooted itself three times last night, some attacker may be trying to perfect his buffer overflow attack against it. If your database server is locked in a closet in your server farm but the log files report a console login attempt on that server (which has no keyboard), investigate further. Get the idea?

Keep up-to-date on patches
Another painful but necessary task. We're surprised to see the Frethem virus spreading as we write this, because it works primarily on Internet Explorer systems that have not been updated in over a year. A diligent sys admin may patch daily. Lately, advisories about buffer overflows are being reported in the popular press. You can't assume "no one knows about them." Plug all known holes.

Use passphrases
We have often advised in LiveSecurity articles, "Use strong passwords." The problem with passwords that are cryptographically strong (e.g., "1@3gg]+nP915f~") is that no one can remember them, and they're hard to type. A nice balance between that and a too-easy password (e.g., "John") is the pass phrase. Try using bits of poetry, lines from plays or movies, anything lengthy but memorable. In Star Wars: A New Hope, an embarrassed Han Solo tells his mocking sidekick Chewbacca, "Laugh it up, fuzzball." Modified slightly to "L4ugh it up, Fu22ball!" you have a strong passphrase, hard for an attacker to brute force or guess, but easy for you to live with. Pick your own favorite. Just don't read it from anything hanging near your workstation.

Manage settings aggressively
Sure, it's easier to set your firewall to permit "Any" to "all." But that's not secure. Work out a security policy that grants employees the minimum amount of access they need to do their jobs. Then set your routers, switches, and firewalls to enforce the policy. While you're at it, consider installing interdepartmental firewalls: that way, if an attacker breaks in somewhere, you've limited the damage to a smaller network segment.

Further countermeasures are really up to application developers. Buffer overflows don't succeed in a well-written program. But you can't do a lot about that right now. What you can do is make sure your people use strong credentials, then protect those credentials.

Information Security Aficionado: Vulnerability Scanning With Metasploit

Information Security Aficionado: Vulnerability Scanning With Metasploit: Vulnerability scanning is part of penetration testing. A vulnerability scanner is an automated program designed to look for weakne...

Facebook Slide Out Share Button for Blogger


Now a days Facebook share button is very important to increase your blog traffic as well getting touch with your blog reader. So, here i am providing you a Facebook Silde out share button for blogger.
This widget has many features such as -
  • Lightweight Size
  • Compact Design
  • Supports all Major Browsers
  • Attractive and Elegant
  • Made with CSS3 and beautiful transitions.
  • Shown only on Post pages
Code :

<b:if cond='data:blog.pageType == "item"'>
<style>
/* Widget by geekyshows.com */
#fixed-share {background: none repeat scroll 0 0 #4C6699;border-bottom: 3px solid #30476F;bottom: 60px;box-shadow: 0 8px 8px #888888;font-family: Arial;font-size: 16px;padding: 15px 30px 15px 15px;position: fixed;right: -147px;text-align: left;text-transform: uppercase;transition: all 1s ease 0s;z-index: 10;}
#fixed-share:hover {right: 0}
#fixed-share:hover > #share-box {right: 147px}
#share-box {background: none repeat scroll 0 0 #4C6699;bottom: 72px;box-shadow: 0 8px 8px #888888;height: 40px;position: fixed;right: 1px;text-align: center;transition: all 1s ease 0s;width: 40px;}
</style>
 <div id="fixed-share">
 <div id="share-box">
<img src="http://s10.postimg.org/s1a8ghl6t/Fb_Logo.png" />
</div>
<span>Support Us<br/> <script>(function(d){ var js, id =
'facebook-jssdk'; if (d.getElementById(id)) {return;} js =
d.createElement('script'); js.id = id; js.async = true; js.src =
"//connect.facebook.net/en_US/all.js#xfbml=1";
d.getElementsByTagName('head')[0].appendChild(js);
}(document));</script>  <fb:share-button expr:href='data:post.url'
type='button_count'/> </fb:share-button>
</span></div>
<!-- Widget  by geekyshows.com -->
</b:if>

How to Do :
1. Copy above code
2. Login to your blogger and click on Layout then click on Add a Gadget

3. After Clicking on 'Add a Gadget' A window will appear then Click 'HTML/Java Script'

4. Soon a Configure HTML/Java Script window will appear. There you need to paste the code and Click on Save.

5. Done !


Like it ? Share it.

Install Kali Linux on VMware


Kali Linux is the new generation of the industry-leading BackTrack Linux penetration testing and security auditing Linux distribution. Kali Linux is a complete re-build of BackTrack from the ground up, adhering completely to Debian development standards. It is maintained and funded by Offensive Security Ltd. It was developed by Mati Aharoni and Devon Kearns of Offensive Security through the rewriting BackTrack, their previous forensics Linux distribution. Users may run Kali Linux from a hard disk, live CD, or live USB. Kali Linux is distributed in 32- and 64-bit images for use on hosts based on the x86 instruction set, as well as an image for the ARM architecture for use on the Raspberry Pi computer and on Samsung's ARM Chromebook. Kali Linux is also known as Backtrack 6.


Installation Prerequisites
A minimum of 8 GB disk space for the Kali Linux install.
For i386 and amd64 architectures, a minimum of 512MB RAM.
CD-DVD Drive / USB boot support

Preparing for the Installation
Download Kali linux.
Burn The Kali Linux ISO to DVD or Image Kali Linux Live to USB or ISO File.

1. Go to File and click on New Virtual Machine
(Click image for large view)

2. Select Typical and Click Next
3. In this Screen You have Three option to choose your installation destination.
    I. Choose ‘Installer Disc’ If you have Kali Linux DVD.
   II. Choose ‘ISO’ If you have Kali Linux ISO file.
  III. Choose ‘I will install the operating system later.’ If you do not want to install Now.

4. In this Article I choose ISO installation. First of all select ‘Installer disc image file (ISO)’ then click on Browser and select your Kali Linux ISO file then Click on Open.

5. Click Next

6. Select Linux, Choose your OS Version (Debian) and click Next

7. Virtual Machine Name – In this are you can change your VM Name.
    Location – This field shows where you are going to install your Kali Linux. If you want to change your installation destination Click on Browser and select your Folder then Click on OK

8. Click Next

9. Resize your OS installation disk. If possible make it more than 20 GB. Click on Next

10. Click on Finish

11. To start your installation, boot with your chosen installation medium. You should be greeted with the  
     Kali Boot screen. Choose either Graphical or Text-Mode install. In this example, we choose a GUI 
     install.

12. Select Language – English and Click on Continue

13. Select Location – United State and click on continue

14. Configure the keyboard – American English and click on continue

15. Soon You will see below screen. Let it complete 

16. In this Screen You can change your Hostname like I changed it as GeekyShows and click on Continue

17. Leave blank the Domain Name area and click on continue

18. Set up users and password – In this Screen write root password and click on continue (Must remember this password. You have to put this password while log in your Kali Linux as Root.

19. Configure the clock – Eastern  and click on continue

20. Partition Disk – Here you have option to choose how do u want to install your os. Use Entire disk means OS will create your whole Hard Disk in one partition and OS will install in this partition. Select Guided - Use Entire Disk and Click On Continue

21. Click Continue


22. Click Continue

23. Select ‘Finish partition and write change to disk’ and click on Continue  

24. Select Yes and click on Continue

25. Installation has been started. (It takes time)

26. Configure the Package manager – Use a network mirror ( If you will choose ‘Yes’ than ready for online updates and it takes lots of time so better to choose ‘No’ if you have slow net connection )
Here I am choosing ‘No’ and click on continue

27. Install the grub boot loader – Select ‘Yes’ and click on continue

28. Installation Finished Click Continue

 29. Turn ON Your Kali Linux you will see this boot menu 

30. Now click on Other or Press Enter

 31. Write username ‘root’ and click on log in (username must write root)

32. Write your password which you written during the OS installation and click login

33. Successfully Log In
(Click image for large view)
How to Install Kali Linux on VMware How to install Kali Linux on Virtual Machine How to Install Kali Linux

Like it ? Share it.

Contact Us

24x7 online , we happy to answer you
tamilcypc@gmail.com

Disclaimer

This Blog and its TUT's are intended for educational purposes only, no-one involved in the creation of this TuT may be held responsible for any illegal acts brought about by this Blog or TuT.



Featured Post

Custom Domains And HTTPS Redirection Code