Social Icons

Showing posts with label cyber. Show all posts
Showing posts with label cyber. Show all posts

Sunday, July 20, 2014

Nessus @ Kali Linux

1.  Nessus is a proprietary comprehensive vulnerability scanner which is developed by Tenable Network Security. It is free of charge for personal use in a non-enterprise environment and is the world's most popular vulnerability scanner, taking first place in the 2000, 2003, and 2006 security tools survey.Nessus allows scans for the following types of vulnerabilities:
 
Vulnerabilities that allow a remote hacker to control or access sensitive data on a system.
Misconfiguration (e.g. open mail relay, missing patches, etc.).
Default passwords, a few common passwords, and blank/absent passwords on some system accounts. Nessus can also call Hydra (an external tool) to launch a dictionary attack.
Denials of service against the TCP/IP stack by using mangled packets
-  Preparation for PCI DSS audits

2.   This post brings you screenshots for installing Nessus in Kali Linux for home users that's the free edition I am using here :

Firstly after installing Nessus from the site,Obtain the activation code for Nessus by registering at 

http://www.nessus.org/products/nessus/nessus-plugins/obtain-an-activation-code

Secondly Activate Nessus by executing the following command:

/opt/nessus/bin/nessus-fetch --register S56X-XXXX-XXXX-XXXX-4122

Where  S56X-XXXX-XXXX-XXXX-4122 should be your activation code received vide registered email.

Create a user account for the Nessus web interface:

/opt/nessus/sbin/nessus-adduser








To start the Nessus server, we simply invoke the following command:

/etc/init.d/nessusd start

Sunday, February 12, 2012

Single malicious document can expose your whole LAN via ur trusted MFD

1.   "Imagination is the key to Success" in the world of IT....specially applicable to the world of cyber crime....this one i read at one of my fav news feed destinations at http://thehackernews.com...now when we keep covering up the PCs with ideas like antivirus/anti-malware and all sorts of anti's and virus'cides....this thing has come up fresh.....attack the LAN after altering the firmware of the masoom MFD ie multifunction device.Sequence of the main article at http://thehackernews.com is produced below :

- At Chaos Communications Congress (28C3) 

- Ang Cui presents Print Me If You Dare

- He explained how he reverse-engineered the firmware-update process for HPs hundreds of millions of printers

- He showed how he could load arbitrary software into any printer by embedding it in a malicious document or by connecting to the printer online. 
- Performed two demonstrations 

- In the first, he sent a document to a printer that contained a malicious version of the OS that caused it to copy the documents it printed and post them to an IP address on the Internet.

- In the second, he took over a remote printer with a malicious document, caused that printer to scan the LAN for vulnerable PCs, compromise a PC, and turn it into a proxy that gave him access through the firewall.

- Actually found a method to exploit the firmware update capability of certain Xerox MFPs to upload his crafted PostScript code. 

- Was able to run code to dump memory from the printer. This could allow an attacker to grab passwords for the administration interface or access or print PIN-protected documents.

2.  So now start taking care of your firmware updates of your MFDs......

Sunday, August 21, 2011

Now Aerial cyber attack!!!!r u safe anyway?


"Imagine sitting in a cofee house with your laptop and chatting with your dear friend.....and then calling a friend on your phone and then paying your bill and moving out for ur regular work"

1.    Now imagine some thing u never imagined.....all what you chatted and all what you spoke on phone in the cafe house is compromised....all saved at a location unknown to you....

2.    Two security professionals proved as much at the Black Hat cybersecurity convention in Las Vegas.This has been made possible after investing a few thousand bucks, a tool box and some technical skill like these two security professionals,Richard Perkins and Mike Tassey have done.These two guys have assembled a small, unmanned airplane that is capable of some truly remarkable and potentially disastrous hacks.


3.    Perkins is a security engineer supporting the U.S. government and Tassey is a security consultant for Wall Street firms. But after work, the long-time buddies would take off their cyber attack prevention hats, put on their evil hacker thinking caps, and build their airplane in Perkins' garage.

4.    The plane can wreak lots of havoc.

- For instance, it can fly over a Starbucks (SBUX, Fortune 500) and steal the personal information of everyone connected to the coffee shop's free Wi-Fi network. It can intercept your cell phone conversations and even reroute your calls to another number. It can trace the location of specific people and follow them home.

- Perkins and Tassey spent a total of just $6,190 to build the plane. They made a point to keep it relatively cheap and to buy components that were readily available to prove that literally anyone could make one."You don't need a Ph.D. from MIT to do this," said Perkins. "There are no custom parts, it was fabricated using hand tools, and very little coding is required. All you need is dedicated people."

5.    Thanks CNN
Powered By Blogger