python – USBkill anti-forensic usb killswitch

download

USBkill is an anti-forensic kill-switch that waits for a change on your USB ports and then immediately shuts down your computer (or execute some commands self-destruct and shutdown your computer).

To install dependencies:
sudo apt-get update
sudo apt-get install python2.7
sudo apt-get install secure-delete

To run:
sudo python usbkill.py

Some reasons to use this tool:

You don’t want someone to retrieve documents from your computer or install malware/backdoors via USB.
You want to improve the security of your full disk encrypted home or corporate server.

Important: Make sure to use disk encryption! Otherwise they will get in anyway.
Continue reading python – USBkill anti-forensic usb killswitch

FacebookTwitterGoogle+Share

python – poet post-exploitation tool

download

This program can be used in the post-exploration stage. You can run the client in a deamonized mode on the target with a frequency to connect at. Whenever the server isn’t running, the client sleeps and tries again at the next interval. When you start the server, you will be presented with a control shell with various commands / actions to choose from.

Poet Capture help
Poet help

Getting started

Go to the releases page and download the latest poet-client and poet-server files available.
Then skip to the Usage section below.
Alternatively, you can build Poet yourself (it’s pretty easy). Make sure you have the python2.7 and zip executables available.
git clone https://github.com/mossberg/poet
cd poet
make

This will create a bin/ directory which contains poet-client and poet-server.
Continue reading python – poet post-exploitation tool

FacebookTwitterGoogle+Share

linux – Openvas 8 on Ubuntu 14.04 server

Install Openvas 8 on a local Ubuntu 14.04. The greatest part of this installation is done as root user so don’t install this on an internet facing server.

First we install all the packages needed for a succesfull Openvas 8 installation.

sudo apt-get install -y build-essential devscripts dpatch libassuan-dev \
libglib2.0-dev libgpgme11-dev libpcre3-dev libpth-dev libwrap0-dev libgmp-dev libgmp3-dev \
libgpgme11-dev libopenvas2 libpcre3-dev libpth-dev quilt cmake pkg-config \
libssh-dev libglib2.0-dev libpcap-dev libgpgme11-dev uuid-dev bison libksba-dev \
doxygen sqlfairy xmltoman sqlite3 libsqlite3-dev wamerican redis-server libhiredis-dev libsnmp-dev \
libmicrohttpd-dev libxml2-dev libxslt1-dev xsltproc libssh2-1-dev libldap2-dev autoconf nmap libgnutls-dev \
libpopt-dev heimdal-dev heimdal-multidev libpopt-dev mingw32

Continue reading linux – Openvas 8 on Ubuntu 14.04 server

FacebookTwitterGoogle+Share

Linux – Openvas 7 on the raspberry pi

Install OpenVAS 7 on the raspberry pi

You can download a ready to use Rapberryvas image from these mirrors:
mirror1
mirror2
(I used a 16GB sdcard to flash them using Win32DiskImager. )
username: pi password:0penvas
login Openvas https://ip user: openvas password:0penvas

Openvas is a great vulnerability scanner
No packages are available for version 7 so i have installed it from source on my raspberry pi.
http://www.openvas.org/install-source.html

Continue reading Linux – Openvas 7 on the raspberry pi

FacebookTwitterGoogle+Share

windows – jellyfish gpu r.a.t. (rootkit)

download
Developers of team Jellyfish  have posted a PoC of a portable executable gpu remote access tool. They already posted a linux version earlier this week.

Tapping an infected computer’s GPU allows malware to run without the usual software hooks or modifications mallware makes in the operating system kernel. Those modifications can be dead giveaways that a system is infected.

Advantages of gpu stored rootkits:

  • No gpu malware analysis tools available on web
  • Can snoop on cpu host memory via DMA
  • Gpu can be used for fast/swift mathematical calculations like xor’ing or parsing
  • Stubs
  • Malicious memory may be retained across warm reboots. (Did more conductive research on the theory of malicious memory still being in gpu after shutdown)

It is just a mather of time untill a version emerge that runs on graphics processors integrated into CPUs.

FacebookTwitterGoogle+Share
This site uses cookies. Find out more about this site’s cookies.