BITCOIN is FOREN"SICK" : Threats and Solutions

1.  The increased use of cryptocurrencies such as Bitcoin among an increasing user base has opened a new avenue of research in the field of digital forensics involving cryptocurrencies. Since the creation of Bitcoin in 2008, cryptocurrencies have begun to make a presence in the world of e-commerce. Cryptography serves as the underlying foundation for Bitcoin, which gives it the benefits of confidentiality, integrity, non repudiation and authentication. Having been designed and built upon the foundation of these four objectives makes Bitcoin an attractive alternative to mainstream currency and provides users with the benefits of payment freedom, security, very low fees, and fewer risks for merchants.

2.  This presentation brings out the aspects and discusses on BITCOIN FORENSICS.The same was presented at National Information Security Summit (NISS) held at Lucknow,a premier International Information Security Awareness, Cyber Forensics, Malware Analysis, Cyber Cop, Cyber Law & Ethical Hacking Summit with skilled & proficient Speakers from government & private sector.

   Bitcoin is FOREN"SICK" : Threats and Solutions by Anupam Tiwari on Scribd

Few pics of the event below:

Whonix : Debian GNU/Linux based Security-focused Linux distribution

1.     Even if one is not doing anything wrong, he is being watched and recorded in real time as Edward Snowden revealed few years back. Most Internet users value online anonymity, with majority saying they have taken steps to remove or mask their digital footprints, and  reporting that they have taken steps to avoid being observed by specific people, organizations, or governments.Whonix is a Debian GNU/Linux based security-focused Linux distribution which aims to provide privacy, security and anonymity on the internet. The operating system consists of two virtual machines, a "Workstation" and a Tor "Gateway", running Debian GNU/Linux. All communications are forced through the Tor network.This post gives you screen-shots of installation and execution of the virtual appliances involved.

2.    The Gateway VM is responsible for running Tor, and has two virtual network interfaces. One of these is connected to the outside Internet via NAT on the VM host, and is used to communicate with Tor relays. The other is connected to a virtual LAN that runs entirely inside the host.

3.    The Workstation VM runs user applications and is connected only to the internal virtual LAN, and can directly communicate only with the Gateway, which forces all traffic coming from the Workstation to pass through the Tor network. The Workstation VM can "see" only IP addresses on the Internal LAN, which are the same in every Whonix installation.

4.  Download the two virtual machines ie the Gateway and the workstation from https://www.whonix.org/wiki/VirtualBox

5.   Once you download the two machines as above from the link in reference,the following screen-shots will assist you in installation of the same.The two downloaded files are seen below : 

Instead of typically creating a virtual machine and then mounting a vdi,in this case more simply we have to just import the .ova appliance,rest is in auto mode.

Next

Next

Agree to the T&C

Next

Will take few minutes loading

Next

Import

Agree again

Import appliance of the workstation

So u have two machines in the virtualbox console as seen in the bottom two listing below :

Just click both with the start button...and the machine start

Next

Next

Next

Ok

Updated TOR download

Here we see the IP address relating to Budapest Hungary....and thats surely not the user....:-)

Kali Linux 2 : Installing and Setting up OPENVAS

1.     This post will be useful for users who have just installed Kali Linux 2 and wish to install and setup OPENVAS.OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution. The framework is part of GreenBone Networks commercial vulnerability management solution from which developments are contributed to the Open Source community since 2009. 

 2.   The following set of commands vide a Kali terminal will be in the following sequence :

:~ apt-get update

:~ apt-get -y upgrade

:~ apt-get install openvas

:~ openvas-check-setup

after you run the open-check-setup command ,there is a possibility of something going wrong during installation...if there are some errors ...do the following at the terminal

:~ openvasmd --rebuild

next you might be prompted to create a user

:~ openvasmd --create-user= --role=Admin && openvasmd --user= --new-password=yourpassword

:~ greenbone-certdata-sync

Run the check setup again :

:~ openvas-check-setup

 the check setup screen should look like below :

 Final step to the access will need to browse you at the link as below to access Greenbone web interface

https://localhost:9392

 Thats all...start exploring the interface

Generate Public Key- Private Key Pair and Test them

The Public and Private key pair comprises of two uniquely related cryptographic keys.The Public Key is made available to everyone via a publicly accessible repository or directory. On the other hand, the Private Key must remain confidential to its respective owner. Because the key pair is mathematically related, whatever is encrypted with a Public Key may only be decrypted by its corresponding Private Key and vice versa.In this post we will see how to generate a set of private and public keys and then test to encrypt with public and decrypt with private key.I have a Ubuntu system...and I attempt all here on the terminal.The following commands will be used as we work with RSA keys:

openssl genrsa: Generates an RSA private keys.
openssl rsautl: Encrypt and decrypt files with RSA keys.
openssl rsa: Manage RSA private keys (includes generating a public key from it).

Firstly to generate the key,the terminal command will be as follows and shown in the screenshot :

 :~ openssl genrsa -des3 -out private.pem 2048

 The following command will generate a public key from the private key generated above
: ~ openssl rsa -in private.pem -outform PEM -pubout -out public.pem

 So now we have generated a set of private key and public key with the extension .pem

 To just verify the generation,chk the contents inside as seen below :

:~ more public.pem

 :~ more private.pem

 Use the following command to generate the random key:
 :~ openssl rand -base64 128 -out key.bin

 Encrypt the sample pdf or any other file you want to encrypt with this key vide the following command :

:~ openssl enc -aes-256-cbc -salt -in anupam.pdf -out anupam.pdf.enc -pass file:./key.bin

 So now you have the original file here anupam.pdf and the encrypted file as anupam.pdf.enc

 We see that the files do not have much of a size difference but the file is encrypted.

Now use the following command to encrypt the random keyfile with the other persons public key:

:~ openssl rsautl -encrypt -inkey public.pem -pubin -in key.bin -out key.bin.enc

 The key.bin is encrypted now.
: ~ openssl rsautl -decrypt -inkey private.pem -in key.bin.enc -out key.bin1

 and finally we decrypt the pdf.enc file to original .pdf extension

:~ openssl enc -d -aes-256-cbc -in anupam.pdf.enc -out anupam1.pdf -pass file:./key.bin