Archive for August, 2016


August 25, 2016

iOS 9.3.5 is now out. Update like you’ve never updated before. https://t.co/8mWfs6aril #Trident

Share

August 24, 2016

This translation toolset is a very neat asset to any penetration tester and especially useful for exploit development and Web Application Pen Testing.

https://paulschou.com/tools/xlate/

Share

Easy SMTP Mail Relay Test

Author: Martin Voelk
August 23, 2016

This is a neat tool to test for open relays. Whilst most true open relays are not out there these days, internal relay is as dangerous? Why? Imagine Mr Tom Smith is the boss of Mr Jack Miller. Now Jack Miller sends an insulting email to Tom Smith which could terminate his work contract. Likewise a fake Smith to Miller mail could create serious disturbance. We come across those internal relay problems in many of our audits. Disable internal mail relaying!

https://www.wormly.com/test_smtp_server

Share

Dangerous FTP dork

Author: Martin Voelk
August 22, 2016

The following Google dork reveals open FTP directories spidered and indexed by Google. Shocking! As always, use responsibly but test for your own web site by adding the site operator

inurl:ftp -inurl:(http|https)

site:yourdomain.com inure:ftp -inurl:(http|https)

Share

nsa_gchq-e1448883882585

 

An unknown hacker or a group of hackers just claimed to have hacked into “Equation Group” — a cyber-attack group allegedly associated with the United States intelligence organization NSA — and dumped a bunch of its hacking tools (malware, private exploits, and hacking tools) online.

 

In what security experts say is either a one-of-a-kind breach or an elaborate hoax, an anonymous group has published what it claims are sophisticated software tools belonging to an elite team of hackers tied to the US National Security Agency.

 

Screenshot from 2016-08-17 10:08:23

 

 

In a recently published blog post, the group calling itself Shadow Brokers claims the leaked set of exploits were obtained after members hacked Equation Group (the post has since been removed from Tumblr, but a cached version here was still available as this post was going live). Last year, Kaspersky Lab researchers described Equation Group as one of the world’s most advanced hacking groups, with ties to both the Stuxnet and Flame espionage malware platforms. The compressed data accompanying the Shadow Broker post is slightly bigger than 256 megabytes and purports to contain a series of hacking tools dating back to 2010. While it wasn’t immediately possible for outsiders to prove the posted data—mostly batch scripts and poorly coded python scripts—belonged to Equation Group, there was little doubt the data have origins with some advanced hacking group.

 
The files mostly contained installation scripts, configurations for command-and-control (C&C) servers, and exploits allegedly designed to target routers and firewalls from American manufacturers including, Cisco, Juniper, and Fortinet.

 

According to the leaked files, Chinese company ‘Topsec’ was also an Equation Group target.

 

The leak mentioned names of some of the hacking tools that correlate with names used in the documents leaked by whistleblower Edward Snowden, like “BANANAGLEE” and “EPICBANANA.”

 

Screenshot from 2016-08-17 10:08:40 Screenshot from 2016-08-17 10:08:56 Screenshot from 2016-08-17 10:09:24

 

It is yet not confirmed whether the leaked documents are legitimate or not, but some security experts agree that it likely is. “I haven’t tested the exploits, but they definitely look like legitimate exploits,” Matt Suiche, founder of UAE-based cyber security firm Comae Technologies, told the Daily Dot.

 

While some are saying that the leak could be a very well-researched hoax, and the Bitcoin auction could be nothing but a distraction in an attempt to gain media attention.
At the same time, the Risk Based Security post cautioned that so-called false-flag operations—in which attackers manufacture evidence that falsely implicates others—is a regular occurrence in hacking campaigns, particularly those sponsored by nations. If the claims in the Shadow Brokers’ post are true, this may be one of the only publicly known times the NSA has been compromised. But even if the claims turn out to be exaggerated, the Shadow Brokers’ post is significant, if only for the amount of work and planning that went into the fabricating evidence to provoke one of the world’s most advanced hacking operations.

 

 

Share