Recent Posts

Trust is a very important part of any relationship and once it's been established, you ignore all the traps of that person. After you trust somebody, you do not think twice, and reply to all the mails and messages sent by the trusted person. But what if I told you that this trust will be abused by an hacker or attacker with you and how?. An attacker who will ride on this trust to form you are doing one thing they require, like downloading malware.One of the many flavors of phishing out there does just this — clone phishing. This article can explore clone phishing. We’ll inspect what clone phishing is, the various sorts of clone phishing, however you'll be able to spot clone phishing and what you'll be able to do to avoid victim to what has been known as the foremost harmful kind of phishing.       What is clone phishing?   If the name conjures images of fish cloning or “Star Wars” movies, i need to disappoint you. Instead, clone phishing refers to the e-mail or message employed by attackers.     As mentioned earlier, trust is large in business relationships, and this will affect tasks that appear relatively insignificant to the involved parties like readily responding to emails and messages. Attackers are cognizant that this trust relationship is an important a part of an email producing the sender’s desired effect, and that they use clone phishing to require advantage of this relationship.       The different types of clone phishing   OK, so you get that the essential trust in a business relationship is abused in clone phishing. But what does a clone phishing email look like? There are three different types of clone phishing emails:     An email sent from a spoofed email address intended to trick the recipient into thinking it is from a legitimate sender An email containing a link or attachment that has been replaced with a malicious link or attachment   An email or message that claims to be from a recent email from a legitimate sender but is updated in some way Think about it this way: if you're sitting at your desk during a busy workday and you receive an email from a private that you simply trust, you'll presumably suit whatever request the email has got to keep the continuity of workflow going. When phishers cash in on this, it's kind of like an abuse of system feature attack — but during this case, the system is you!     Phishers can also use clone phishing to pivot from a previously infected system and gain a foothold on other systems in an organization by abusing this trust.         Due to using a solid anti-spam solution, I don’t have any examples of a clone phishing email to present for you all. However, just a few years ago when I did not use this solution I remember encountering at least one of these emails a month. They often purported to be from a trusted business but were riddled with URL mismatches and sometimes even humorous “pron” spam email misspellings and grammatical errors. “!Sometimes life is about finding humor in little things like these!”   How to spot clone phishing   There are some tell-tale signs of clone phishing that ought to stand bent anyone with a minimal eye for detail.     URL mismatches: This refers to mismatches or discrepancies between the particular links and therefore the displaced URLs. a method to verify if they match is to easily hover over the link to ascertain where it leads. Impersonated domains. Apparent and actual sender mismatches: this will be determined by the sender name being off in how. repeatedly, the particular sender is going to be somebody entirely different. Suspicious email misspellings, grammatical errors and other “phishy” mistakes that a legitimate sender wouldn't make.   What can you do to avoid becoming a clone phishing victim?   The good thing is that there are variety of measures you'll fancy to make sure you don't fall victim to a clone phishing scheme.         Cybersecurity education for end users: this is often the highest thanks to prevent clone phishing from claiming another victim at your organization, because the user is that the last line of defense within the face of phishing. Once you recognize what to seem for, the facility is indeed in your hands to prevent it. Anti-spam software: this is often one among the simplest ways to stop clone phishing because it'll simply filter emails that look “phishy” ad infinitum users or the organization administrator having to believe it. Firewalls/threat management solutions: this is often another “not need to believe it” solution which will add the background to seem for mismatched URLs and sender discrepancies which will indicate clone phishing Contact the sender: Call the sender and ask whether the email is legitimate. this is often my favorite method of prevention, because it provides notification to the opposite legitimate party       Conclusion   Clone phishing may be a sort of phishing that has been said to be the foremost harmful sort of phishing. This heightened risk of harm comes from the very fact that an user is more likely to trust an email from a trusted sender that appears just like others they need received during this past. The scary thing is that only one click of a malicious link during this cloned email is all it's going to fancy compromise a system and potentially other systems also.     By following the fairly straightforward ways to identify and stop clone phishing emails, your organization are going to be far less likely to fall victim.    

  The OpenWrt Project is a Linux operating system targeting embedded devices. Instead of trying to create a single, static firmware, OpenWrt provides a fully writable filesystem with package management. This frees you from the application selection and configuration provided by the vendor and allows you to customize the device through the use of packages to suit any application. For developers, OpenWrt is the framework to build an application without having to build a complete firmware around it; for users this means the ability for full customization, to use the device in ways never envisioned.   it is an embedded Linux distribution that can be installed on various routers. OpenWrt has a web interface, and it may be more stable than your hardware’s default firmware. If you find yourself having to restart your router every few days because it’s become bogged down, you’re a candidate for OpenWrt. With privacy concerns stemming from cloud computing and Internet of Things adoption, the OpenWrt community has grown enough to have hosted not one, but two summits dedicated to the project. You could be the next person to fall in love with tinkering with their route Uses for OpenWrt If the idea of having a modular Linux distribution available on your router doesn’t excite you with all the possibilities, you may be reading the wrong article. But we’ll give you a list of the cool things you could do with OpenWrt , aside from having it function as a router: Use the SSH Server for SSH Tunneling: OpenWrt includes an SSH server so you can access its terminal. If you expose the SSH server to the Internet (be sure to secure it with key-based authentication instead of a weak password), you can access it remotely and use SSH tunneling to forward your traffic over the encrypted connection. This allows you to securely access websites from public Wi-Fi and access websites that can only be accessed in your home country while travelling abroad. Set Up a VPN: SSH tunneling works similarly to a VPN in many ways, but you could also set up a proper VPN on your OpenWrt router. Install a BitTorrent Client: With some sort of network-attached storage or a router with an integrated USB port and an attached USB storage device, you could use your router itself as a BitTorrent client. Run Server Software: OpenWrt’s software repositories contain packages that allow it to function as a web server, IRC server, BitTorrent tracker, and more. You’re probably already using a router, so why not have that same router function as a server? For starters, routers require much less power than computers. Perform Traffic-Shaping and QoS: OpenWrt allows you to perform traffic-shaping and quality of service on the packets travelling through your router, prioritizing certain types of traffic. You could even prioritize traffic going to specific computers, de-prioritizing traffic going to other computers. Create a Guest Network: OpenWrt’s wiki contains instructions for setting up a special wireless network for guests, one that’s separate from your main network. (You can even throttle the guest network’s speed.) There are several reasons to set up a guest network on your router. Capture and Analyze Network Traffic: You can use tcpdump to log all the packets travelling through your router to a network share and open the file with a tool like Wireshark to analyze your network’s traffic. Original article -> https://www.makeuseof.com/tag/what-is-openwrt-and-why-should-i-use-it-for-my-router/    

The Hacker Methodology     Performing Reconnaissance Good reconnaissance is critical to great hacking. In general, a good hacker will recon for about 2 to 3 times longer than he/she would performing the actual hack. It's not unusual to spend weeks or months gathering information before even beginning to attempt an exploit. Most exploits are dependent on operating systems, applications, ports, and services, so you need to gather this information before you start hacking. If you don't, you will likely fail, get caught, or both. I can't emphasize this enough. Newbie hackers are always so anxious to get to the exploit that they often ignore this phase of the attack. Recon can be broken into at least two categories, passive and active. Passive Reconnaissance Passive reconnaissance can be defined as gathering information about the target without actually "touching" the target, or in a way that looks like normal traffic. I have already shown you how to use Netcraft to gather info about websites, such as the web server, operating system, last reboot, and other technologies. All of this information is critical before starting the hack. Most recently, I gave a lesson on how to use FOCA to gather metadata from documents on a website. In addition, passive reconnaissance can include DNS and SNMP mining, dumpster diving, social engineering, using social media such as Facebook and LinkedIn, and of course, Google hacking, among other techniques. Active Reconnaissance Active reconnaissance is information gathered about the target by actually sending packets to the target and evaluating the response. The results of active recon are much more specific and reliable, but also much riskier. Anytime we send a packet to a site, our IP address is left behind. Nmap, Hping, Netdiscover, P0f, and Xprobe2 are among the many tools we can use to gather info on remote targets that can be useful in revealing open ports, running services, and operating systems. Active recon can also include enumeration of the network. Techniques such as banner grabbing and the use of vulnerability assessment tools such as Nessus, Nikto, and Retina are also often a part of this phase.   Exploitation Exploitation is defined as using a vulnerability identified during by our recon phase and using it to gain access to the intended machine. As you can see from the above example machine we have a TON of ports and services available. Each of these services are potential entry ways into our victims network because they are open lines of communication to the outside world. A popular framework for exploitation is metasploit. Metasploit is too large of a topic to cover here and will be covered in future lessons. If you’re interested in looking further now I suggest reading Metasploit: The Penetration Tester’s Guide.  Another method would be sending a phishing email to one of your targets identified during the recon phase that had a call back to a listener you had running on your attack box   Privilege escalation   Privilege escalation is the act of exploiting a bug, design flaw or configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user. The result is that an application with more privileges than intended by the application developer or system administrator can perform unauthorized actions. Most computer systems are designed for use with multiple user accounts, each of which has abilities known as privileges. Common privileges include viewing and editing files, or modifying system files. Privilege escalation means a user receives privileges they are not entitled to. These privileges can be used to delete files, view private information, or install unwanted programs such as viruses. It usually occurs when a system has a bug that allows security to be bypassed or, alternatively, has flawed design assumptions about how it will be used. Privilege escalation occurs in two forms: Vertical privilege escalation, also known as privilege elevation, where a lower privilege user or application accesses functions or content reserved for higher privilege users or applications (e.g. Internet Banking users can access site administrative functions or the password for a smartphone can be bypassed.) Horizontal privilege escalation, where a normal user accesses functions or content reserved for other normal users (e.g. Internet Banking User A accesses the Internet bank account of User B)    Establish Persistence (setting up backdoor)   At this point we would drop in a backdoor or Remote Access tool. This allows us persistence in the machine, or the ability for us to come and go as we please in the event we get disconnected from our victim. it will be necessary to leave behind a listener or rootkit. This listener, ideally, will persist beyond when the system is rebooted and will be there when we want to come back to the system and continue to use/exploit/extract. This listener can take many forms, such as Netcat, a command shell, VNC, Meterpreter, etc. Keeping access to a computer system is a pressing exercise that demands to be explained and explicitly disclosed to the client. Many businesses are engaged in begetting a penetration test completed but are suspicious of providing the penetration testing firm to take control of backdoors. Most companies or people are nervous that these backdoors will be found and utilized by an illegal third party.   Extracting Data Now that we have established persistence lets get to the real stuff, data ex filtration. This is the point where you set up some kind of tunnel to your attack platform or to a dead-drop on some server that you will be using as an intermediary. You pull off any data that you may consider important. Usually in a *nix system this will comprise of at LEAST the /etc/shadow and /etc/passwd files, in Windows it will be the SAM file and registry. E-mails are often good to go for as people send out lots of information such as passwords, phone numbers etc. This can be credit card data, personally identifiable information (PII), intellectual property, or other valuable information. To do so, we need a way to remove the data in a way that is not readily noticeable by the sysadmin, and ideally, encrypted. Recub and Cryptcat are two tools that can remove data stealthily.   Covering Your Tracks The big one, how not to get caught. We could spend forever talking about covering your tracks and ways to do this but for the purpose of this lesson it means system log and tool clean-up. You need to restore the machine back to the way you found it. If you exploit a vulnerability in a machine you want that vulnerability to stay there so you may use it again later. To make certain that our exploits don't lead back to us, we need to cover our tracks. This can take many forms such clearing log files, removing any software we uploaded, removing our command history, etc. Metasploit's Meterpreter has a killav script to disable antivirus software, as well as a clearev command that removes the event logs on Windows systems.   Reporting Like every other phase we have mentioned in this post, drafting a sound ethical hacking report is crucial. Many ethical hackers wrongly think that they can just present the immature output from the tools that they use. Correct or incorrect, your status as a ethical hacker will have a linear association with the nature of the reports that you submit. Mastering to put a well-written report is important for getting clients and getting a prospective job. It is eternally a solid plan to have a specimen report available. Many promised customers will demand a specimen report before reaching a conclusive judgment.                    

SoftEther is a free and open-source VPN client and VPN server software developed as part of a master's thesis research at the University of Tsukuba in Japan.   By default, SoftEther uses the SoftEther protocol - an SSL VPN protocol that its developers claim includes several improvements over OpenVPN (also an SSL VPN protocol).   SoftEther servers can accept connections from a wide range of VPN protocols, so use of the SoftEther client is not necessary. You can, for example, connect to a SoftEther server using the L2TP/IPsec client built into most modern operating systems, or via any OpenVPN client. SoftEther VPN (“SoftEther” stands for “Software Ethernet”) is one of the world’s most powerful and easy-to-use multi-protocol VPN programs. It can run on nearly any platform, including Windows, Linux, MacOS, and even FreeBSD and Solaris. SoftEther VPN is open source and works on multiple platforms. You can use it for personal or commercial use for free charge. It is compatibility with today’s most popular VPN products among the world and has the interoperability with OpenVPN, L2TP, IPsec, EtherIP, L2TPv3, Cisco VPN Routers, and MS-SSTP VPN Clients. SoftEther VPN is also the world’s only VPN software which supports SSL-VPN, OpenVPN, L2TP, EtherIP, L2TPv3 and IPsec, as a single VPN software program. If interested, you can read more information about the features and specifications of SoftEther VPN on their official website. In this tutorial, we will show you how you can take advantage of all the features of SoftEther VPN by showing you how to set up a VPN serving using it. A home VPN setup SoftEther supports many VPN configurations, including remote access of your LAN resources over a VPN connection. This guide, however, covers how to turn your home PC into a personal VPN server.   Running a personal VPN server is great for bypassing censorship when abroad and for ensuring privacy when using public WiFi hotspots. It's also a great way to access your regular streaming services, as you will do so using your own home IP address which will not be blocked, as the IPs belonging to many commercial VPN services are.   The main downside of running your own VPN server is that it does not hide your real IP address from the outside world. Running your own VPN server (whether at home or using rented server space) therefore loses some key privacy benefits of using a third-party VPN service. Setup SoftEther VPN Server In this tutorial, you will specifically need to install a server with Ubuntu with a minimum of 1024 MB RAM, and configure inbound/outbound firewall rules. Preparing Your Server We need to ensure that your server is up to date by using the following command: apt -y update Next, we will install ubuntu Development Tools, Wget package (which we will use to download the installation archive of SoftEther VPN server) and nano package as a text editor. Use the following command: apt -y install "Development Tools" && yum -y install wget vim git   Configuring Firewall Rules Firewall rules define what kind of Internet traffic is allowed or blocked. You can think of it as an additional protection layer provided by your hosting provider to take control of your traffic. If your hosting provider asks you to configure the firewall rules of your traffic (Skip if not), you have to configure your firewall rules to allow your traffic though their network. Here is a list of mostly used default ports on servers: If you are not  knowing firewall configuration very well we suggest to disable it 20 – FTP 21 – FTP 22 – SSH 25 – SMTP/EMAIL 26 – SMTP 53 – BIND/DNS 80 – HTTP / Apache Web server 110 – POP3/EMAIL 143 – IMAP 443 – HTTPS / Apache Web server SSL 465 – SMTP/EMAIL SSL/TLS 873 – RSYNC 993 – IMAP/EMAIL SSL 995 – POP3/EMAIL SSL 3306 – MYSQL Ports used by SoftEther VPN: ProtocolPortDescriptionTCP1194SoftEther OpenVPNTCP5555SoftEther ManagementUDP1194SoftEther OpenVPNUDP500SoftEther SoftEther L2TP/IPSecUDP1701SoftEther SoftEther L2TP/IPSecUDP4500SoftEther SoftEther L2TP/IPSec Additionally, you have to add any other ports that you use for the VPN server to that list.   Download and Install the SoftEther VPN Server Softether Server Auto Installer: Supports: SoftEther, OpenVPN, IPSEC / L2TP, SSTP, User Management, User Statistics, etc Softether Auto Installer Multi Platform Softether Auto Installer Script for multi platforms Softether VPN server always latest version Checks for firewalld and add related rules SoftEther-VPN-Installer SoftEther VPN Installer for CentOS & Ubuntu, etc Instruction Run the following one line on your command prompt: bash <(curl -s https://raw.githubusercontent.com/DediData/SoftEther-VPN-Installer/master/softether-installer.sh) Restart VPN Server: systemctl restart softether-vpnserver Stop VPN Server: systemctl stop softether-vpnserver Start VPN Server: systemctl start softether-vpnserver Enable VPN Server in boot loading: systemctl enable softether-vpnserver Disable VPN Server in boot loading: systemctl disable softether-vpnserver Management Methods: 1- Using SoftEther VPN Server Manager Application: Download & Install "SoftEther VPN Server Manager": https://www.softether-download.com/en.aspx?product=softether Add your Server IP address and connect! Then set an admin password and setup SoftEther VPN ! Enjoy ! 2- Using SSH Command Prompt: Run in terminal: vpncmd Press 1 to select "Management of VPN Server or VPN Bridge" Then press Enter without typing anything to connect to the localhost server, and again press Enter without inputting anything to connect to server by server admin mode. Then use command below to change admin password: ServerPasswordSet   All set after restarting the vpn server using command you can setup all your vpn setting using GUI using VPN Management tools using windows based computer for this you need to download management tools for your windows machine Step 1 Download and install the software. Visit the SoftEther Download Center and select the software we’ll need using the drop-down menus. The Component is SoftEther VPN Server, and the Platform is Windows. Intel (x86 and x96) is the only CPU option available for Windows.   Download the latest version of the software and install it in the usual way. The only component you need to select for our current purpose is SoftEther Server.