Invalid settings detected Virtualbox Host only Adapter solved

1.   This post will help guys stuck with adding a Host only Adapter in Virtual Box.The screen shots are self explanatory in a step wise manner.First screen shot shows the problem as  seen on the screen....rest on how to resolve.

(Invalid settings detected)

(Go to preferences as shown above)

(No more errors)

 

Setting up your Virtual Lab : Two Machines for SET

1.  This post will be useful for those looking to setup a virtual lab on their laptops/PCs that can be used to play with Backtrack/Kali Linux like similar images.Here I am sharing exact screen shots of configuration required to set up two machines who would access internet independently and would also at the same time ping each other on a local LAN setup...subsequently can be used to work with SET(Social Engineering Toolkit) as discussed in my last post.I have two machines here with Kali Linux and a Windows 7 machine.

2.  Both have been setup with two NICs each and configured as shown below :

(Windows 7 Machine NIC 1 Setting)

(Windows 7 Machine NIC 2 Setting)

(Kali Machine NIC 1 Setting)

(Kali Machine NIC 2 Setting)

(IPCONFIG output at Windows machine)

(ifconfig output at Kali machine)

(Ping to Windows Machine)

(Ping to Kali Machine)

(Kali Access to Internet)

(Windows Access to Internet)

Fedora Security Labs

1.   The Fedora Security Lab provides a safe test environment to work on security auditing, forensics, system rescue and teaching security testing methodologies in universities and other organizations.

2.    The spin is maintained by a community of security testers and developers. It comes with the clean and fast LXDE Desktop Environment and a customized menu that provides all the instruments needed to follow a proper test path for security testing or to rescue a broken system. The Live image has been crafted to make it possible to install software while running, and if you are running it from a USB stick created with LiveUSB Creator using the overlay feature, you can install and update software and save your test results permanently.

3.    Download the .iso file from http://spins.fedoraproject.org/security/#downloads

Here in the video below,basic running of the lab along with inside features available inside are shown...

4.    More at http://spins.fedoraproject.org/security/#home

Virtual Machines : Escape vs Introspection

1.   For last few years playing inside a VM ,I always used to wonder if it actually that safe surfing anything inside a VM...and that hardly anything gets in touch with the Host machine while we work with applications inside.Then I heard of two relative terms that are : Virtual Machine Escape vs Virtual Machine Introspection

2.  New to me but pretty old from point of view of existence....these are briefly explained below :

Virtual Machine Escape

Normally virtual machines are encapsulated, isolated environments. The operating systems running inside the virtual machine shouldn't know that they are virtualized, and there should be no way to break out of the virtual machine and interact with the parent hyper visor  The process of breaking out and interacting with the hyper visor is called a “VM escape.” Since the hyper visor controls the execution of all of the virtual machines an attacker that can gain access to the hyper visor can then gain control over every other virtual machine running on the host. Because the hyper visor is between the physical hardware and the guest operating system an attacker will then be able to circumvent security controls in place on the virtual machine.(Source : http://lonesysadmin.net)

Virtual Machine Introspection

Although virtualization isn’t new, the recent development of x86 virtualization products has revived interest in the virtualization market. This has led to the evolution of Virtual Machine Introspection (VMI) techniques and tools to monitor VM behavior. VMI tools inspect a VM from the outside to assess what’s happening on the inside.This makes it possible for security tools—such as virus scanners and intrusion detection system to observe and respond to VM events from a “safe” location outside the monitored machine. Depth of information is the fundamental benefit behind a concept called Virtual Machine Introspection (VMI). Its use within virtualized environments is absolutely crucial to effective risk mitigation at scale.(Source : |http://www.securityweek.com/vm-introspection-know-your-virtual-environment-inside-and-out)

So the basic difference is I think the route,in case of the former the need is to contact the hypervisor from inside and the latter shows the way out to get to know whats happening inside from outside perspective.....

Whonix : Not just another ANONYMOUS OS!!!

1.     When u simply Google on "How to surf Anonymously on the web ? ".....u get a whooping 5,510,000 results in 0.19 seconds!!!!!but when u have such a plethora of options..how do u actually decide on which is actually worth? So there is TOR, then there is Anonymous OS.....did some one think Incognito?....:-)..so we have millions in the line!...so now what I am going to mention here is about Whonix OS.....few points about this as follows :

- An anonymous general purpose Operating System based on Virtual Box, Debian GNU/Linux and Tor.

- By Whonix design, IP and DNS leaks are impossible.

- Not even malware with root rights can find out the user's real IP/location.

- Whonix consists of two (virtual) machines.

-  One VM solely runs Tor and acts as a gateway, which we call Whonix-Gateway.

-  The other VM, which we call Whonix-Workstation, is on a completely isolated network.

-  Only connections through Tor are possible.

2.  When you download the image from the source forge site at http://sourceforge.net/projects/whonix/files/whonix-0.5.6/ you get basically three files.Two in the appliance format and one as a vmdk.So here is the basic diagram explaining the working architecture in WHONIX.

(Click on the image to enlarge)

3.   There is a small difference when we install this OS.Unlike the regular OSs wherein you get the .iso image of the OS and you install it in the typical manner,here the files you need to install are actually virtual appliances in form of .ovf and .ova format.How the installation is done is shown in the video cast below :

Detecting a MALICIOUS PDF:PDFid @ BACKTRACK 5 R3

Here is the Screen cast of the past link on "Detecting a MALICIOUS PDF:PDFid @ BACKTRACK 5 R3"

Detecting a MALICIOUS PDF:PDFid @ BACKTRACK 5 R3

1.    Adobe, who gave us the the ever comfortable PDF..thats the "Portable Document Format" in the early 1990's never thought like how this can become a security threat by the simple action of opening it only....yess!!!this post will give a small insight of how things really work behind the scene in execution of a malicious PDF....

2.  So first of all...how a PDF becomes a malicious document?The answer to this question is simple embedding of a JAVA SCRIPT, that is not seen but only executed once a PDF is opened....no antivirus will be able to identify of what malicious thing lies behind a normal PDF that u and me use daily...so if u scan a malicious PDF with your Antivirus,it is veri unlikely to be caught....how do we know then whether a PDF is malicious or not?...thats what this post shows here....I came across a tool known as PDFid in the BACKTRACK R3 that I was running in Virtual Box.

3.   Few lines about the tool....this was developed by Didier Stevens who blogs at http://blog.didierstevens.com/.So this helps us to differentiate between PDF Documents that could be malicious and those that are unlikely to be....The tool is based on the fact that that a  typical PDF File comprises of header, objects, cross-reference table (to locate objects), and trailer.So , if there is a tool that can find out if any one of them is available in this PDF...things can become easier...so like for example...if a PDF that has no purpose of embedding or holding a JS inside it,then a eye brow raise is certain as to why should it be there....so PDFid tool comes to rescue us out of this question...First the typical structure of a PDF with its one line explanation is given below :

“/OpenAction” and “/AA” (Additional Action) specifies the script or action to run automatically.

 “/Names”, “/AcroForm”, “/Action” can also specify and launch scripts or actions.

“/JavaScript” specifies JavaScript to run.

 “/GoTo*” changes the view to a specified destination within the PDF or in another PDF file.

 “/Launch” launches a program or opens a document.

“/URI” accesses a resource by its URL.

“/SubmitForm” and “/GoToR” can send data to URL.

“/RichMedia” can be used to embed Flash in PDF.

“/ObjStm” can hide objects inside an Object Stream.

4. So now I have set up a VB machine running BTR3 that would run this tool and find out if the PDF that I have analyzed is malicious or not? These are the screen shots showing a step by step scene of how u do it....

(Click on the Image to ENLARGE)

(Click on the Image to ENLARGE)

(Click on the Image to ENLARGE)

(Click on the Image to ENLARGE)

5.   So the last screen shows the final result...for those of you who find this little complicated I will upload a video cast of this soon....

6.   Thanks http://blog.didierstevens.com and http://zeltser.com

BARE METAL ENVIRONMENT & HYPERVISORS

1.   I had till now been playing around with Virtual Machines for quiet some time . I started with loading xp on Vista around 2006-7 and then tried networking,played around with basic linux OS....but what I did everi time was that I loaded the host OS first and then allocated the desired resources in form of some RAM and HDD and then booting the new OS....but then I was wasting the host OS Resource that actually is running the various virtual machines on it.....so how to use that, is where Bare Metal Environment comes in to rescue.

2.    Simply told,a bare metal environment is a system in which a virtual machine is installed directly on hardware rather than within the host operating system (OS). The term "bare metal" refers to a hard disk, the usual medium on which a computer's OS is installed.But then how come it is called virtual when the machine is directly running on the hardware? So actually a kind of  a pseudonym since a virtual machine running directly on bare metal would technically not be a virtual machine. In such cases VMs run within a hypervisor which creates the abstraction layer between physical and virtual hardware. So whats Hypervisor?? :-)

3.    A hypervisor is actually the virtual machine manager (VMM), or a virtualization technique allowing multiple operating systems to run concurrently on a host computer. Multiple instances of a variety of operating systems may share the virtualized hardware resources.The hypervisors are classified into basically two types as follows :

Type 1 refers to bare metal hypervisors that run directly on the host's hardware to control the hardware and to manage guest operating systems. 

Type 2 refers to hypervisors that run within a conventional operating system environment. With the hypervisor layer as a distinct second software level, guest operating systems run at the third level above the hardware.This classification can be made more clear with the help of figures below :

TYPE 1 : THE NATIVE BARE METAL TYPE

(click to enlarge)

TYPE 2 : HOSTED TYPE

(click to enlarge)

4.    Thanks Wiki and http://forums.hornfans.com