Wednesday, 27 November 2013

OpenVPN Configuration CentOS - XP ( Server - Client )

OpenVPN
    This is an open source application. It provides ‘VIRTUAL PRIVATE NETWORK’. It provides tunneling in which we can transmit packets securely. The main aim of using any VPN is to secure the network. In my demonstration I am going to install, configure and test openvpn within server and client. I will also generate RDP through rdesktop utility. RDP will be forwarded via TLS tunnel. And as a proof we will also analyze the packet through tcpdump.

Tuesday, 26 November 2013

Http Tunneling

Most of the companies and enterprises use proxies and firewalls for their company’s network security. But majority firewalls and proxies block most or all other services but one – http/https. They allow traffic to destination port 80 or 443 to pass in order for their employees to surf the web. So this particular behavior of the firewall can be exploited in order to connect to remote servers with services running on different ports other than 80 or 443. Let us see how.

ARP Poisoning - A Theoretical Approach

ARP Poisoning is an attack that can be carried out in a LAN that relies on Address Resolution Protocol for its internal routing. ARP Poisoning can then be further extended in different forms of attack like Man-in-the-middle-attack, Packet sniffing, Denial of Service etc. In this attack the attacker spoofs the ARP cache of the target machine.

Monday, 25 November 2013

Cryptography Unleashed - Overhead Analysis[Added]


What is cryptography?

IPSec provides security to the Internet Protocol Layer. It does this by giving us the choices to use any encryption-decryption algorithm along with the mandatory security protocols.. IPSec uses some different important protocols such as AH (Authentication Header), ESP (Encapsulating Security Protocol), ISAKMP (Internet Security Association and Key Protocol) and IKE (Internet key exchange). Each has their own responsibility and functionality. To operate all this functionality, there are two basic modes such as: Transport Mode & Tunnel Mode.

Sunday, 24 November 2013

Everything About SSL

In this article I am going to tell you everything about SSL that what it is why we need it, technical and non technical aspects of SSL etc.. This article covers the introduction, SSL certificate, Encryption, process of encryption and how your browser interact and trust that certificate provided by the website you are visiting.

Existence of SSL
There are basically 2 aspects of SSl. One is Encryption and second is Identification.  Now encryption is what you hide the content of the data sent from one machine to another machine. It is done by changing the content of the data in identical to garbage form which is human readable but not human understandable. It is exactly like speaking in different languages with what one person is not familiar. I am Indian if someone speaks in Russian language, it is not understandable by me. So here Russian language is like encrypted language for me. However if I get a translator and he/she translates that Russian language into Hindi  then I can say that now that is understandable by me. So it is said that message has been decrypted. Identification is related to trust.  In the previous scenario, how can I trust the translator who is converting Russian language to Hindi? Is she/he legitimate ? Can I trust him/her? In the digital world, it is something like this. Your machine has to trust the SSL certificate (security mechanism), provided by the website via an SSL certificate issuing vendor.

Transport Layer Security - Part 1

This is a non-technical guide which will make you familiar with the transport layer. The main purpose of writing this guide is to point out why we need major security implementation on the transport layer. What if the components of this layer get compromised?


Introduction
In this today’s digital world, every business has their website. If it is a small firm or any big agency which is government agency or non-government agency, they have a website and they use websites. It is clearly visible that number of individuals and companies who are accessing the internet has rapidly increased. As the businesses around the globe are rapidly increasing, they want the internet to be act as web e-commerce for their business to manage everything centrally. However, over the years we are watching that web services across the internet are majorly vulnerable in various ways. None of the business wants to put themselves into vulnerable environment. As a result, the need for security in the corporate world is also in demand.

Monday, 18 November 2013

Suspicious File Analysis With PEFRAME

In this article I am going to conduct a walk through with a nice python tool named PeFrame. This tool should be an analyst’s first choice in order to analysis a piece of static malware. I am going to discuss each and every feature provided by this tool and I will also show you why it is important to find information through the malware.

What is Peframe?

This is a python-based. Tool used to assist in the analysis of PE files. There are many different tools available for malware analysis, but this tool is strictly built for portable executable malware analysis such as .exe and .dll files.

Monday, 11 November 2013

Doxing

Lets suppose any thriller stealing movie. Think what does robbers do before they hack the bank or anything else? They gather the information. They collect each and every information about bank system, alarm methodology, CCTV interface, Guards changing time, list of weapons having with guards.After gathering information they make plan and attack or rob the bank. You all are clever. So assume they don't have these much of information and they are going to rob bank directly, what will happen ? You will find them caught with by police.

Same scenario also applied in information security world. Before attacking or testing something a hacker/tester needs to find the information about his/her target. Now this target can be a network, web application, organization or a person. In our world finding information is also called as footprinting or doxing. Also the term reconnaissance can be used sometimes.

CyberCrime - From A Different View Point

Many of you are already familiar with cyber crime. I am just going to share which are the areas in cyber crime that one should keep in mind apart from only hacking and bank fraud. These areas are also called as "Traditional Crime Techniques".

In this article I am going to compare traditional crime techniques to the cyber crime techniques and methodologies. We will come to know how common is that in the real world and how hacker got an idea of doing digital crime by analyzing real world traditional crime.

Internet Safety Tips

Cyber Security Tips - Mind Map
Click on the pic to enlarge

Network Footprinting - Doxing - Information Gathering

This article is all about different information-gathering techniques on the network. It is the most essential and important task of attackers. Knowing the opponents and their interests can be valuable. Here I am going to show you which are the different ways and techniques one can do the network information/intelligence gathering.

INTRODUCTION

Let’s think of any thrilling movie theft. What do robbers do before they break into the bank or anything else? They gather information. They collect each and every bit of information about the bank system, alarm methodology, CCTV interface, the guards’ changing time, and a list of weapons that the guards have. After gathering information they make plans and attack or rob the bank. Assume they don’t have this information and they rob the bank directly. What will happen? You will find that they are caught by the police.

The same scenario can also be applied in the information security world. Before attacking or testing something, a hacker/tester needs to find information about his/her target. This target can be a network, web application, organization, or person. In our world, finding information is also called footprinting or doxing. Also, the word “reconnaissance” can be used sometimes.

How to detect firewall using different packets to it

Before starting your network/web application security auditing it is always good to detect whether your target server is running any firewall/IPS or not. It has been always a best practice and method to send some crafted packets to the server in order to check the response form the server. In this article you will learn how to craft packets and how to send the server on their various ports using hping3. Also you will analyze each and every request coming and going from your machine to your target. Here my target is www.lucideus.com which's IP I have taken.

Review of Different Phishing Countermeasures

In this article I have my best to gather and explain all those possible ways by which phishing can be avoided. Here I am going to explain Phishing counter measures in very details. As you know phishing is kind of technical and psychological attack on human nature, which make him/her to reveal their sensitive information to the attacker. For more information on phishing you may visit Wikipedia and search for a topic “Phishing”. Here I am going to provide you all possible counter measures for phishing attacks.

Scalpel : Data Recovery From Byte Strings

In digital forensics, file carving is an essential process. It is a technique in which investigator uses databases of headers as well footers. These headers and footers contain byte strings. So, suppose you have 5 JPEG files. So all those 5 files will have same header & footer byte strings. So this tool carves data by analyzing that byte string. This Is an advance tool as it also carves file even after its metadata is removed.

Design of Scalpel
It’s a high performance file carving utility which is designed based on 2 principles.
1.    Economical yet flexible : This tool is designed in such a way that it can run on any machine which is having still those ancient Pentium II processors with 256 or even less MB ram. It can also run on Knoppix, Helix or any other Linux system. Additionally this tool is capable of recovering data of any larger size.

2.    Time Complexity : Here I am using this “High Performance” word frequently because when we talk about high performance, we always consider quality along with time. This tool is carving files in no time without compromising the quality of the carving service.

Sunday, 3 November 2013

Email encryption: Mailvelope

Between constant password breaches and the NSA looking in on everything you do, you’ve probably got privacy on the mind lately. If you’re looking for a little personal privacy in your communications with friends and loved ones, or you just want to trust that the documents you email to your accountant or client aren’t being intercepted and read, you’ll need to encrypt those messages. Most email is sent as plain text. This means that anyone can intercept email messages. To rescue ourselves from man in middle attack we must have to use email encryption. Mailvelope is a browser extension that allows exchanging encrypted emails following the OpenPGP encryption standard.

Email encryption
Email encryption refers to encryption of email messages, to protect the content from being read by any unauthorized recipients. By using Email encryption we can keep our data safe when we send our documents. By the use of email encryption technique any unauthorized person is unable to understand the content of our mail. Email encryption can rely on public-key cryptography, in which users can each publish a public key that others can use to encrypt messages to them, while keeping secret a private key they can use to decrypt such messages or to digitally encrypt and sign messages they send.

Mechanism of email encryption
Encrypted email is a way of keeping the content of your email safe from eavesdropping as it bounces around the internet. The most common type of encryption is OpenPGP (PGP is “Pretty Good Privacy”). It was created by Phil Zimmerman in 1991. We can perform hard drive encryption, file system encryption as well as attachment encryption. It’s basically based on Public Key cryptography which contains a public key and a private key.
Pretty Good Privacy is a popular program used to encrypt and decrypt e-mail over the Internet. It can also be used to send an encrypted digital signature that lets the receiver verify the sender’s identity and know that the message was not changed en route.