Qubes OS Installation issue with Virtual Box

1.    I have a habit of running most of the Operating systems in Virtual Environment(mostly Virtual Box) that I keep experimenting with.Till date I have had no issues running anyone of them inside Virtual Box including Ubuntu,Fedora ,Mint,BackBox , BackTrack ,Metasploit , Windows , Pentoo ,Knoppix ,Chromium OS, Arch Linux , Open Suse, Red Hat etc....in fact the list goes on.But whilst exploring the QUBES OS today...I found the Virtual Box unable to run it...and always getting the following screens :

2.   Qubes is a security-oriented operating system (OS) and an extract from the installation advise is shown below : 

Extract produced below :

Note: We don’t recommend installing Qubes in a virtual machine! It will likely not work. Please don’t send emails asking about it. You can, however, install it on an external USB hard drive and run from it, at least for testing.

3.  But further to my surprise,I found via Google searches that this OS works fine with VMWare workstation player.And after I tried it,I found it works perfectly fine as I show it in my next post.I though couldn't find a resolve or any kind of solution to run it fine on the Virtual Box but then till the time VMware workstation performs the task,I am ok :-)

Volatility Framework Command : Using dlllist - dlldump to extricate DLLfile details

 This post will share an example to run the two volatility terminal commands including dllllist and dlldump  to display a process's loaded DLLs.

Before I proceed ahead,I would assume that you have installed volatility in your Linux system(in my case I am using UBUNTU, Installation explained at my earlier post at http://anupriti.blogspot.in/2015/09/volatility-advanced-memory-forensics.html) and you have a RAM dump of the OS u desire to analyse.In my case here I have taken the RAM dump of a Windows 7 OS as explained here at http://anupriti.blogspot.in/2015/09/volatility-command-using-imageinfo-to.html

dlllist

dlllist is used to display a process's loaded DLLs.DLLs are automatically added to this list when a process calls LoadLibrary (or some derivative such as LdrLoadDll).

vol.py --profile=Win7SP0x86 -f windows7_image.raw dlllist

To display the DLLs for a specific process instead of all processes, there is option to use the switch -p or --pid filter as shown below:

vol.py --profile=Win7SP0x86 -f windows7_image.raw dlllist --pid=1892

To display the DLLs for a process that is hidden or unlinked by a rootkit, first use the psscan to get the physical offset of the EPROCESS object and then:

vol.py --profile=Win7SP0x86 -f windows7_image.raw dlllist --offset=0x04a291a8

(Click on the image to ENLARGE)

dlldump

dlldump command is used to extract a DLL from a process's memory space and dump it to disk for analysis.The syntax is nearly the same as what has been seen earlier with any command.This plugin provisions the following :

- Dump all DLLs from a hidden/unlinked process (with --offset=OFFSET)
- Dump all DLLs from a specific process (with --pid=PID)
- Dump all DLLs from all processes
- Dump a PE from anywhere in process memory (with --base=BASEADDR), this option is useful for extracting hidden DLLs

To specify an output directory, use --dump-dir=DIR or -d DIR.

vol.py --profile=Win7SP0x86 -f windows7_image.raw dlldump --dump-dir output

where output is the name of directory where u get the dll dump

the output directory will be seen as seen below :

More at : https://code.google.com/p/volatility/wiki/CommandReference#dlllist

Volatility Command : Using kdbgscan/kprcscan to scan for potential KDBG/KPCR structures

This post will share an example to run the two volatility terminal commands including kdbgscan and kprcscan.

Before I proceed ahead,I would assume that you have installed volatility in your Linux system(in my case I am using UBUNTU) (Installation explained at my earlier post at http://anupriti.blogspot.in/2015/09/volatility-advanced-memory-forensics.html) and you have a RAM dump of the OS u desire to analyse.In my case here I have taken the RAM dump of a Windows 7 OS as explained here at http://anupriti.blogspot.in/2015/09/volatility-command-using-imageinfo-to.html

Basic intro about these two commands :

kdbgscan

This command is used to scan for potential KDBG structures and is meant to positively identify the correct profile of the system and the correct KDBG (kernel debugger block) address. It simply scans for KDBG header signatures linked to the profiles in Volatility.

Usage : 

python vol.py --profile=Win7SP0x86 -f filename.raw kdbgscan

Screen shot executing the above command shown below :

(CLICK TO ENLARGE)

kpcrscan

This command is used to scan for potential KPCR(Kernel Processor Control Region) structures. A KPCR is a data structure used by the kernel to store the processor-specific data. Kpcrscan searches for and dumps potential KPCR values. On a multi-core system, each processor has its own KPCR. Therefore, ideally  one should see at least as many KPCR addresses as there are processors on the machine from which the memory dump was acquired.Usage as follows :

python vol.py --profile=Win7SP0x86 -f win_image.raw kpcrscan

Screen shot with output as below :

(CLICK ON IMAGE TO ENLARGE)

Kali Linux 2.0 : The new release has arrived

Kali Linux ,is a well known Penetration testing distro and also contains a plethora for digital forensics, is widely used by ethical hacker community across the globe and is maintained and developed by the organization known as “Offensive Security”. It comes with over 650 tools pre-installed that help  perform tasks like network analysis, ethical hacking, load & crash testing etc. It is powered by Linux kernel 4.0 and has enhanced support for different graphics cards and desktop environments.The most recent version of Kali has just been released few days back and here I bring you the installation step by step screen shot being installed in Virtual Box.

 Choose Install above

The desktop boots to the following screen...thats it... You are ready to go....

Quantifying your WEB SECURITY

This small presentation will sail through a set of questions for any web/Internet user and will mark for every question as the user decides to answer.The safety score as it ends up lets the user know of where he stands in terms of IT SECURITY on the web!!!!

Officially Keylogged : Welcome to Microsoft Windows 10 Preview

1.   Though an avid loyalist of Linux for last about a decade,I always keep a tag of what’s happening in the world of Windows......and recently when Windows 10 preview was launched I started reading various reviews pan web....and I came across this startling and surprisingly criminal revelation regarding inbuilt key logging in the OS available for download.See the screen shot below straight from the Microsoft and you read it for your self highlighted...  

(Click to Enlarge)

2.     This is actually too much in the name of Data Collection wave by various companies as a genuine and legal move putting across mostly naive users at complete risk since anyone is hardly interested in reading the Terms & Conditions of any application.A google search on this gives surprising concerns as bought out by various reviewers across as seen below :

(Click to Enlarge)

3.   Few interesting statements below from Terms and Conditions :

"Microsoft collects information about you, your devices, applications and networks, and your use of those devices, applications and networks. Examples of data we collect include your name, email address, preferences and interests; browsing, search and file history; phone call and SMS data; device configuration and sensor data; and application usage."


"We may collect information about your device and applications and use it for purposes such as determining or improving compatibility" and "use voice input features like speech-to-text, we may collect voice information and use it for purposes such as improving speech processing."
The killer statement says, "If you open a file, we may collect information about the file, the application used to open the file, and how long it takes any use [of] it for purposes such as improving performance, or [if you] enter text, we may collect typed characters, we may collect typed characters and use them for purposes such as improving autocomplete and spellcheck features."

4.     Thanks Microsoft :-)

HACKER EDITION SPECIAL : SEDULITY Operating System

1.     How many of us and those who are live wire updated with the Cyber security have heard of ethical hacker editions of any DVD with all hackers dream collection vide one window.When we speak on such editions foremost comes like Backtrack(ethical), Backbox ,Samurai Web Security Framework, Bugtraq, Nodezero etc. In this post I am introducing you guys to a relatively unheard Operating System by the name of SEDULITY OPERATING SYSTEM. I just got a copy from the originator Dr Anup Girdhar who holds a Ph.d in Cyber Security. I have recently installed it on a Virtual Box and believe you me I am yet to install any third party tool....coz everything I need is already inside.Definetly a good distro for beginners in this field. Here I bring you the basic installation screen shots and few details of this edition of OS.

2.     Sedulity Solutions & Technologies is India’s first organization, who have developed and patented a "Flavored Operating System" in five different flavors including -

• Corporate Edition
• Developers Edition
• Ethical Hackers Edition
• Forensics Edition
• Gaming Edition

3.    Sedulity OS Ethical Hackers Edition is an exclusive creation that helps the Security Professionals to perform Penetration Testing and vulnerability Assessment in a purely dedicated environment. Sedulity OS-Ethical Hackers Edition is meant for all those Researchers, Hackers, and Security Professionals, who wanted to do hands-on, in various platforms of technologies with all the Latest tools Pre-Deployed in it.

 In the next post will bring you screen shots from inside the OS...bringing you interfaces of the tools available in the OS.