Malware Analysics (Screenshots) - URL Redirection

Today lets have deeper Insight of Malware Analysics with Mindset of FORENSIC INVESTIGATOR !Alrite JUMP IN !!! (SHA1: fbe71968d4c5399c2906b56d9feadf19a35beb97, detected as TrojanDropper:Win32/Vundo.L). This trojan hijacks  the hosts “vk.com” and “vkontakte.ru” (both social networking sites in Russia)and redirects them to 92.38.209.252, but achieves this in an unusual way. A common  method used to hijack a website and redirect it to a site of the attacker’s choice is to add an entry in the Windows hosts file located in the %SystemRoot%\system32\drivers\etc directory. However, when we open this file on an affected computer, it doesn’t...

Read More

Setup a Tor relay or Tor bridge to help Censorship Country Users

For those in Iran. Here is a guide in Farsi for installing Tor so you can surf the web without censorship: http://greenoolo.pieceoftheworld.org/ IMPORTANT UPDATE (23/06/09): New email addresses have been added, and others updated. If you have Tor setup in bridge mode, resend your connection information to us. IMPORTANT UPDATE #2: When posting in the comments section do not post your normal email address, do not use your name/alias (make up a new one) or post other personally identifiable information. This is very important. UPDATE: slseveral sends this interesting read: http://blog.torproject.org/blog/measuring-tor-and-iran That might ease...

Read More

Attention ! We`re Attacking FB from May 1St -By Anonymous

Attention citizens of the world, We are anonymous. The popular social network face book is in the midst of an alternative and long awaited event. Members of anonymous have decide it's time to show the face book corporation and the people of the world that the website is in fact vulnerable and that it's possible to be taken down with little effort. There has been multiple releases of face book related operations but none of them have actually had much of an effect, if any. Unlike the other video's we aren't going to bullshit the public about worthless denile of service attacks against face book, in the very near future anonymous will...

Read More

WCE v1.3beta 32bit released. (Must needed for Admins)

Download link: http://www.ampliasecurity.com/research/wce_v1_3beta.tgz Changelog: version 1.3beta: March 8, 2012 * Bug fixes * Extended support to obtain NTLM hashes without code injection * Added feature to dump login cleartext passwords stored by the Digest Authentication package Example: * Dump cleartext passwords stored by the Digest Authentication package C:\>wce -w WCE v1.3beta (Windows Credentials Editor) - (c) 2010,2011,2012 Amplia Security - by Hernan Ochoa (hernan@ampliasecurity.com) Use -h for help. test\MYDOMAIN:mypass1234 NETWORK SERVICE\WORKGROUP:test The cleartext passwords dumped include passwords used to login...

Read More

Exploring all DNS Records using DIG Commands

Using dig command you can query DNS name servers for your DNS lookup related tasks. This article explains 10 examples on how to use dig command. 1. Simple dig Command Usage (Understand dig Output)When you pass a domain name to the dig command, by default it displays the A record (the ip-address of the site that is queried) as shown below. In this example, it displays the A record of redhat.com in the “ANSWER SECTION” of the dig command output. $ dig redhat.com ; <<>> DiG 9.7.3-RedHat-9.7.3-2.el6 <<>> redhat.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62863 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 3 ;; QUESTION SECTION: ;redhat.com. IN A ;; ANSWER...

Read More

NSA opens massive cryptologic center in Georgia

The National Security Agency/Central Security Service officially opened the new NSA/CSS Georgia Cryptologic Center. The $286 million complex will provide cryptologic professionals with the latest state-of-the-art tools to conduct signals intelligence operations, train the cryptologic workforce, and enable global communications. NSA/CSS has had a presence in Georgia for over 16 years on Ft. Gordon, when only 50 people arrived to establish one of NSA’s Regional Security Operations Centers. “This new facility will allow the National Security Agency to work more effectively and efficiently in protecting our homeland,” said Sen. Saxby ...

Read More

Get paid 100USD From Amazon, Just do this Survey in Web App Security

So Long time Not blogging at all, since from the day i signed for my CCNA and CCNP Classess, Course are going are pretty good learned a lot with hand on with cisco routers and switches now am back on with some serious deal Here its if u are a Pen tester or Web App security consultant here its for u, Just answer fr this 25 questions and u could be a lucky winner to win 100USD From amazon Some of the questions can be perceived as difficult to answer. However, if all this data was known, or easy to identify, there would be no reason to gather estimates on the topic. Consequently, we ask that you complete this survey and provide us with your beliefs and best estimates, even if you are uncertain about the answer to the questions asked. ...

Read More

Unlocking cmd.exe Locked by Admin

Running a Locked cmd.exe First WayOpen up 'Notepad' or a similar text editor. Type in "start" with no quotations. Save it as a .bat file. i.e. fakecmd.exe Double-click it to run. That's the easiest way, but not always guaranteed to work. Here's a better way that will work Second WayOpen up your text editor. Put the following: Code:@echo off command comand.com pause Save it as a .bat file Double-click it, and voila! Now that I had that going, I was able to gain access to all of the C: drive. I then ran a net user batch file and added my user to the admin group giving me full control. I was tempted to format and install Ubuntu but decided not to. Didn't want to get arrested and go to jail for destroying government property. It was fun tho. Anyway, that's about it, enjoy. ...

Read More

Changing Admin password

Ok, here we go. First off, this might not work, depends on if the computer is correctly protected or not. Second, if you do have the download power and time you will want to go to the previous thread and learn from that dude because he knows what he is doing. I am pretty sure everyone here knows how to do this trick but if you dont you might want to learn it. I will start off with the unprotected kind of computer. You goto the start button and click on the icon/button on the lower-right hand corner that says "run". Type in the letters "cmd" or "command", both will work for this trick but be warned, they are different. Once you see the...

Read More

Stay Highly Anonymous

Lets pretend for a moment that the Internet is made up of 26 websites, A-Z. The web filter blocks your browser from accessing sites X-Z, but not sites A-W. Simply make the browser think you--„¢re going to A- W. There are a variety of ways to do this: Proxy Servers: This is a list of http proxies. These sites may not be up forever, so you may need to search for --“free http proxy--� or --“public proxy servers--� or other similar terms. Proxy server lists: -- http://www.aliveproxy.com -- http://www.multiproxy.org -- http://www.publicproxyservers.com/index.html -- http://www.tehbox.com/proxy -- http://www.proxz.com -- http://www.proxy4free.com/index.html -- http://free-proxies.com Now that you have a list of proxies, you would open IE (internet explorer) and click on Tools...

Read More