In this course video by Atul Tiwari from his Mastering Burp Suite course, you will learn how to set up Burp Suite to intercept and analyze traffic going through a mobile device - in this case, an iPhone. Sounds like a useful trick to know, right? It's perfect for setting up on your own phone and playing with traffic generated by mobile apps. Enjoy and have fun with Burp! 

In that module of the course we start with setting up Burp Suite environments and play with various features of Burp Suite Professional and Burp Suite free edition to get around spidering, SSL/TLS setup, automation, rewriting host-headers, intercepting mobile devices traffic for mobile testing, invisible proxying for thick clients, CA certificate for SSL sites, setting the scope for engagement, identifying input parameters and setting various filters.

Further down the road we start tinkering with the repeater module to make a point-to-point attack. Intruder module will be used in more advanced ways with hunting for insecure direct object reference attack and placing payloads at multiple points in single attack with snipper, cluster bomb, pitch fork and battering arm. Further attacks -  bit flipping, hidden form field attack, data extraction from response, authorization and authentication attacks, brute forcing every parameters and various automated attacks to find hidden directories.

By the end of the course, we use auto-submit CSRF scripts, generate PoCs, session analysis of tokens to attack authentication and authorization, Burp Collaborator for hunting hidden bugs and security flaws that will not be caught in other pentesting, like blind XSS. Moving towards the most dangerous attack types – Clickjacking will be uncovered by Burp Clickbandit. And further we will hunt for many serious bugs using Burp Infiltrator and Out-of-Band security testing.

The access to this course is currently restricted to Hakin9 Premium or IT Pack Premium Subscription.

Courses instructed by Atul:

Brute-force attacks with PowerShell [FREE COURSE CONTENT]

Harvesting email addresses for OSINT [FREE COURSE CONTENT]

Mastering Burp Suite Professional (W36)

Open Source Intelligence (W40)

Packet Analysis with Wireshark (W37)

PowerShell for Hackers (W41)

The post Intercepting Mobile Traffic with Burp Suite - iPhone [FREE COURSE CONTENT] appeared first on Hakin9 - IT Security Magazine.

Cell phones have become such an integral part of our everyday lives that they have a significant impact on everything we do in our personal and professional space. Today, mobility has become the mainstream that drives the success of digital businesses.

Enterprise mobility is providing a helping hand to the business by empowering Employees, driving business transformation, and delighting customers. While 71% of the existing enterprises are giving priority to mobility, we should carefully understand the security risk that comes with using the mobility at the workplace.

Check out this infographic to know the biggest threats in enterprise mobility, how companies can secure their digital assets and provide a secure enterprise mobility experience to every workforce.

[Infographic]ENTERPRISE MOBILITY TRENDS, CHALLENGES OF 2019 & THE WAY FORWARD by Scalefusion MDM

The post 2019: Enterprise Mobility Trends, Challenges and the Way Forward by Scalefusion appeared first on Hakin9 - IT Security Magazine.

R3con1z3r is a lightweight web information gathering tool with an intuitive features written in python. It provides a powerful environment in which open source intelligence (OSINT) web-based footprinting can be conducted quickly and thoroughly.

Footprinting is the first phase of ethical hacking, its the collection of every possible information regarding the target. R3con1z3r is a passive reconnaissance tool with built-in functionalities which includes: HTTP header flag, Traceroute, Whois Footprinting, DNS information, Site on same server, Nmap port scanner, Reverse Target and hyperlinks on a webpage. The tool, after being provided with necessary inputs generates an output in HTML format.

Installation

r3con1z3r supports Python 2 and Python 3.

# install from pypi   
pip install r3con1z3r

Modules

r3con1z3r depends only on the sys and the requests python modules. For the extra coloring to work on windows, win_unicode_console and colorama have to be installed

For Coloring on Windows: pip install win_unicode_console colorama

Usage

r3con1z3r installs a command line tool on system path that can be interacted with by using

# `domain.com` is the website to perform footprinting on    
r3con1z3r -d domain.com

Using this tool generates a html named as domain.com-r3con1z3r.html which can be opened on a browser to view the footprinting results

Demo

Simple usage of r3con1z3r CLI to perform OSINT footprinting on google.com

Examples

• To install on all Operating Systems (Linux, Windows, Mac OS X, Android e.t.c) i.e Python 2 environment from within the cloned repo:

pip install r3con1z3r

python3 environment:

pip3 install r3con1z3r

ToDo

• Include travis setup for automatic testing
• Include automatic deployment of incremented versions to pypi so that pip install r3con1z3r can work

License

r3con1z3r is licensed under the GNU GPL license. take a look at the LICENSE for more information.

Contribution

This project is open to contributions, Bug reports and pull requests are welcome on GitHub at https://github.com/abdulgaphy/r3con1z3r. Current contributors can be viewed by running r3con1z3r -a

Changelog

1.0 - Release

Download the tool: https://github.com/abdulgaphy/r3con1z3r

The post R3con1z3r is a lightweight web information gathering tool with an intuitive features written in python appeared first on Hakin9 - IT Security Magazine.

ispy is a Eternalblue (MS17-010) and BlueKeep (CVE-2019-0708) scanner and exploiter with Metasploit Framework.

What is eternalblue:

EternalBlue is a cyberattack exploit developed by the U.S. National Security Agency (NSA) according to testimony by former NSA employees. It was leaked by the Shadow Brokers hacker group on April 14, 2017, one month after Microsoft released patches for the vulnerability. EternalBlue is the name given to a software vulnerability in Microsoft's Windows operating system. The tech giant has called it EternalBlue MS17-010 and issued a security update for the flaw on March 14. The patch was issued before the WannaCry ransomware spread around the world and those who had updated early would have been protected. The vulnerability works by exploiting the Microsoft Server Message Block 1.0. The SMB is a network file sharing protocol and 'allows applications on a computer to read and write to files and to request services' that are on the same network. Microsoft says the security update it issued is Critical and following WannaCry it released a rare Windows XP patch after officially ending support for the software in 2014.

What is Bluekeep:

BlueKeep (CVE-2019-0708) is a security vulnerability that was discovered in Microsoft's Remote Desktop Protocol, which allows for the possibility of remote code execution. Bluekeep or CVE-2019-0708 is an RCE exploit that effects the following versions of Windows systems: + Windows 2003 + Windows XP + Windows Vista + Windows 7 + Windows Server 2008 + Windows Server 2008 R2

How to install:

git clone https://github.com/Cyb0r9/ispy.git
cd ispy
chmod +x setup.sh
./setup.sh

For other Linux distros, open your terminal and enter these commands to install Metasploit Framework:

curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall
chmod 755 msfinstall
msfinstall

Then, enter these commands to install ispy:

git clone https://github.com/Cyb0r9/ispy
cd ispy
sudo bash setup.sh
sudo bash ispy

Tested On:

• Parrot OS
• Kali linux

Tutorial (How to use ispy)

Youtube Channel (Cyborg)

https://youtube.com/c/Cyborg_TN

Information:

• GitHub profile : https://github.com/Cyb0r9
• YouTbue channel: https://youtube.com/c/Cyborg_TN
• Ask Fm (ask me): https://ask.fm/Cyborg_TN
• E-mail address : TunisianEagles@protonmail.com

Disclaimer:

Usage of ispy for attacking targets without prior mutual consent is illegal. ispy is for security testing purposes only.

The post ISPY: Exploiting EternalBlue And BlueKeep Vulnerabilities With Metasploit appeared first on Hakin9 - IT Security Magazine.

IoT-Implant-Toolkit is a framework of useful tools for malware implantation research of IoT devices. It is a toolkit consisted of essential software tools on firmware modification, serial port debugging, software analysis and stable spy clients. With an easy-to-use and extensible shell-like environment, IoT-Implant-Toolkit is a one-stop-shop toolkit simplifies complex procedure of IoT malware implantation.

In our research, we have successfully implanted Trojans in eight devices including smart speakers, cameras, driving recorders and mobile translators with IoT-Implant-Toolkit.

A demo video below:

How to use

Installation

Make sure you have git, python3 and setuptools installed. For audio processing and playing, you should install alsa(built-in in linux), sox and ffplay. On ubuntu18.04:

$ sudo apt install sox ffmpeg

Download source code from our Github:

$ git clone https://github.com/arthastang/IoT-Implant-Toolkit.git

Set up environment and install dependencies:

$ cd IoT-Implant-Toolkit/ 
$ python3 setup.py install

Run

Run the toolkit:

$ python3 -B IoT-Implant-Toolkit.py
 _____   _______   _____                 _             _       _______          _ _    _ _   
|_   _| |__   __| |_   _|               | |           | |     |__   __|        | | |  (_) |  
  | |  ___ | |______| |  _ __ ___  _ __ | | __ _ _ __ | |_ ______| | ___   ___ | | | ___| |_ 
  | | / _ \| |______| | | '_ ` _ \| '_ \| |/ _` | '_ \| __|______| |/ _ \ / _ \| | |/ / | __|
 _| || (_) | |     _| |_| | | | | | |_) | | (_| | | | | |_       | | (_) | (_) | |   <| | |_ 
|_____\___/|_|    |_____|_| |_| |_| .__/|_|\__,_|_| |_|\__|      |_|\___/ \___/|_|_|\_\_|\__|
                                  | |                                                        
                                  |_|                                                        
            
                                 IoT-Implant-Toolkit
            -------------------------------------------------------------
                         A Framework for IoT implantation research.

                                   by Marvel Team

            Command:
            list - List all tools
            run - Run a specific tool
            exit - Exit

                
[Implant-Toolkit]>

• list: list all plugins
• run: run a specific plugin with "run [plugin] [parameters]"
• exit: exit

Features

Each software tool acts as a plugin which can be easily added into the framework. There are more than ten plugins in four categories, including topics on serial port debugging, firmware pack&unpack, software analysis, and implanted spy programs.

List of Plugins

Existing plugins in our framework:

Create new plugins

Code structure:

--IoT-Implant_toolkit.py         #Startup script
--outputs/                       #Default folder of outputs
--toolkit/                       
  |---core/                      
      |---basic/                 #Basic plugin class defination
      |---cli/                   #Shell-like cli defination
      |---toollist/              #Auto updating toollist of plugins 
  |---plugins/                   
      |---firmware/              #Plugins for firmware modification
      |---implant/               #Plugins for generate spy programs
      |---serialport/            #Plugins for serial port debugging
      |---software/              #Plugins for software analysis especially for Android
  |---tools/                     #Other tools

Create [newplugin].py in corresponding folder(category) and define init attributes to add a new plugin to IoT-Implant-Toolkit.The framework will detect new plugin automatically when startup.

Other tools

Hardware tools

Essential hardware tools for malware implantation research. See pictures in HardwareTools folder.

Other useful software tools

We have not added more plugins due to time limitation. Chart below are tools not fits our framework, but may be useful. We hope that IoT-Implant-Tookit will be an essential toolkit in malware implantation.

Download the tool: https://github.com/arthastang/IoT-Implant-Toolkit

The post IoT-Implant-Toolkit - Toolkit For Implant Attack Of IoT Devices appeared first on Hakin9 - IT Security Magazine.

In recent years, we have seen the IT infrastructure to undergo massive changes. DevSecOps approach has been at the forefront of these changes. By combining both the development and operations team, DevOps helped to scale up and speed up the process. Apart from boosting efficiency and speed, this has played a significant role in strengthening stability. DevOps approach has been particularly beneficial for apps releasing features frequently. 

In spite of all these positive aspects, the security aspect of an app has largely remained underserved. This is why DevSecOps has emerged as the most promising and value-driven methodology incorporating security at the product lifecycle besides development and operations components. DevSecOps has already been known to reduce security vulnerabilities while reaping the same advantages of integrating development and operations just as in DevOps. 

DevSecOps: Integrating Security with DevOps 

When it comes to the integration of security with the DevOps, it boasts of a different approach corresponding to both processes and tools. In the already agile development methodology of DevOps, the collaborative inputs of security experts will only help to enhance the security safeguards for the project. This approach will make security as silent and effective as possible while keeping the seamless and agile nature of DevOps methodology intact. 

As of now, the takers of the DevSecOps approach have been very few in numbers, while most development companies by embracing DevOps approach are ready to reap the agile development benefits from a collaborative environment comparison growth professionals from both app developers and operations team. The need of the hour is to make them understand about the significance of security in the product life cycle and the way security experts can enhance the security safeguards from the very early stage of the product development. 

What are the Best Practices for DevSecOps? 

The approach of DevSecOps is quite simple. The development companies need to integrate security experts besides the regular operations and development team members working in DevOps projects. The real objective of the approach is to make security a core element in the workflow. To realize this objective to the fullest extent, DevSecOps must follow the following time tested and tried practices. 

Embracing Automation as the Key Element

Just as we know, the DevOps approach requires full process automation; DevSecOps cannot undermine the importance of automating the security as well. There should be a whole host of security automation tools for DevSecOps methodology. Only these security automation tools can reap the benefits of the approach to the ultimate extent. 

Ensuring Container Security 

Since containers are known to carry open-source software applications full of security vulnerabilities and risk factors, the DevSecOps must have robust container security solution as a safeguard against them. 

Figure out Effective Security for APIs and Microservices 

The security solutions within the DevSecOps methodology should work consistently. This requires addressing the security risks and vulnerabilities involved in APIs, microservices, and serverless solutions. These areas require the most consistent and solid security focus.  

Evaluating your code dependencies 

Since code with various security vulnerabilities belonging to open source software solutions often prove to be risky enough, you need automated security checks for code in all third-party components. This is one effective way to have safeguard against vulnerabilities from code dependencies. 

Ensuring secure coding practices 

A great number of security risks simply emerge from under-optimized coding practices. This is one area that you need to address by training the developers about secure coding practices. Secure coding practices should be given priority to ensure optimum output from the DevSecOps approach of development. 

Make A Wise Selection of Security Tools 

In a DevSecOps project, you also need to choose the most effective and efficient security tools that are equally feature-rich and efficient. Apart from allowing easy integration into the development pipeline, the tools must allow easy collaboration and cooperation among the team members. 

The Key Benefits of DevSecOps Approach for Any App

DevSecOps allows integration of the security automation within the DevOps development process. There are several advantages of integrating such security checks with the DevOps development process. 

Let us evaluate some of the key benefits of DevSecOps methodology for any app development project. 

It Offers A More Holistic and Consistent Approach to Security 

Just as in DevOps approach the operations have been integrated for ensuring more productivity and output while maintaining optimum agility, the integration of security automation in the development process ensures more consistency and holistic approach to security. The security automation with DevOps makes everyone more proactive and responsive in respect of addressing security flaws. 

Better Industry Regulatory Compliance 

Since for data storage or data access, there are already several industry regulations and constraints, and companies often have the chance of taking wrong steps regarding data usage. This becomes particularly hurting and contentious when dealing with customer data. This is where DevSecOps, by incorporating security automation versed in the latest regulations can play a positive role. 

Active Threat Detection

DevSecOps, thanks to its robust security automation tools and practices, helps the team and the entire process to stay on their toes for dealing with security threats and vulnerabilities. Naturally, with DevSecOps, active threat detection gets a solid boost. With active and always aware, threat detection mechanisms are always at work, on-the-go and active threat detection never face any hurdle. 

Enhanced Encryption and Authorization Control

One of the crucial security features that most apps are benefited from is encryption. Authorization is another way to safeguard application data and prevent unsolicited access to data and features. These features are better controlled and managed by the security automation tools in the DevSecOps environment. From ruling how the encryption needs to be handled to evaluating the authorization process, the security automation tools can handle them in a pretty agile and proactive manner.  

Scaling up with the user growth 

Instead of coming with frequent security upgrades and updates to scale up the security and management capacity when the number of users grows, the security automation tools in the DevSecOps environment take care if scaling up the security and app capacity automatically. 

Conclusion 

DevSecOps has emerged as the most proactive, robust, scalable, and rich methodology to take care of the entire development life cycle of software application products. In the time to come, we can expect more DevOps projects to embrace DevSecOps methodology.

About the Author:

Nathan McKinley is a Business Development Manager at Cerdonis Technologies LLC - mobile app development company in Chicago, USA providing secured app usability because the future is much more about the safety of the app users what DevOps Approach can do flawlessly. 4+ Years as a Business Developer and along with this he loves to write on technology vulnerabilities to provide real value of insights on tech updates and how we can utilize.

The post DevSecOps: The New Security Focused Enhancement to DevOps Approach by Nathan McKinley appeared first on Hakin9 - IT Security Magazine.

Penta is is Pentest automation tool using Python3.It provides advanced features such as metasploit and nexpose to extract vuln info found on specific servers.

Installation

Install requirements:

Penta requires the following packages

• Python3.7
• pipenv

Resolve python package dependency.

$ pipenv install

If you dislike pipenv:

$ pip install -r requirements.txt

Usage

$ pipenv run start <options>

If you dislike pipenv:

$ python penta/penta.py

Usage: List options

$ pipenv run start -h
usage: penta.py [-h] [-target TARGET] [-ports PORTS] [-proxy PROXY]

Penta is Pentest automation tool

optional arguments:
  -h, --help      show this help message and exit
  -target TARGET  Specify target IP / domain
  -ports PORTS    Please, specify the target port(s) separated by comma.
                  Default: 21,22,25,80,110,443,8080
  -proxy PROXY    Proxy[IP:PORT]

Usage: Main menu

[ ] === MENU LIST ===========================================
[0] EXIT
[1] Port scanning Default: 21,22,25,80,110,443,8080
[2] Nmap & vuln scanning
[3] Check HTTP option methods
[4] Grab DNS server info
[5] Shodan host search
[6] FTP connect with anonymous
[7] SSH connect with Brute Force
[99] Change target host

1. Port scanning
   To check ports for a target. Log output supported.
2. Nmap
   To check ports by additional means using nmap
3. Check HTTP option methods
   To check the methods (e.g. GET,POST) for a target.
4. Grab DNS server info
   To show the info about DNS server.
5. Shodan host search
   To collect host service info from Shodan.
   Request Shodan API key to enable the feature.
6. FTP connect with anonymous
   To check if it has anonymous access activated in port 21.
   FTP users can authenticate themselves using the plain text sign-in protocol (Typically username and password format), but they can connect anonymously if the server is configured to allow it. Anyone can log in to the server if the administrator has allowed an FTP connection with an anonymous login.
7. SSH connect with Brute Force
   To check ssh connection to scan with Brute Force.
   Dictionary data is in data/dict.
8. Metasploit Frame Work [Auto Scan is Future Work!!!] To check useful msf modules from opened ports. Module DB is in data/msf/module_list.db

Download tool: https://github.com/takuzoo3868/penta 

The post Penta - Open Source All-In-One CLI Tool To Automate Pentesting appeared first on Hakin9 - IT Security Magazine.

In this video from our OSINT for Hackers online course by Atul Tiwari you will learn how to use the Harvester in combination with Shodan to collect email addresses for intelligence gathering. It's a routine task every hacker should be able to perform, so if you are unsure on how to proceed, this tutorial will help you out. Jump in and enjoy! 

In the age of social networking where people post everything about themselves over the insecure internet, it becomes easy to hunt for or harvest information with the help of open source intelligence gathering. The only thing we are required is to use is the right set of mind with the right set of open source tools.

We can get almost everything, from credit card numbers to social security numbers, personal data, complete profiles of any person, vulnerable and misconfigured servers, private or internal IP addresses of an organization, passwords for admin panel, geo-location of IP addresses; more than 80 percent of the desired information can be obtained using only OSINT (Open Source Intelligence gathering).

This course is focused only on OSINT tools that are free to use. We have used numerous such tools that act as a silver bullet in terms of accessing public sources. In module 1, starting with DNS enumeration, getting useful URLs, IP and host finder, we will dive into harvesting email addresses anonymously and finding information about an email. Google dork or Google hacking database will play a crucial role in finding the complete information about anything deeply. Netcraft, web archives, and cached data will complete this module with outstanding command over all the topics discussed. You can start OSINT straight from here.

The exercises of the module focus on: 

• Harvesting email addresses
• Using Google dorks to find hidden data
• Searching for cached data
• Using Automater
• Gathering DNS records

Other courses by Atul

Brute-force attacks with PowerShell [FREE COURSE CONTENT]

Intercepting Mobile Traffic with Burp Suite - iPhone [FREE COURSE CONTENT]

Mastering Burp Suite Professional (W36)

Open Source Intelligence (W40)

Packet Analysis with Wireshark (W37)

PowerShell for Hackers (W41)

The post Harvesting email addresses for OSINT [FREE COURSE CONTENT] appeared first on Hakin9 - IT Security Magazine.

Bullying is a hurtful action that has been around forever. Today, however, these bullies have discovered they can prolong an individual’s pain by using mobile devices and the internet. It is no longer just a physical problem, it is now emotionally and mentally harmful. Since time has changed and the way kids and adults deal with the bullying tactics, we need to find other ways to help stop and prevent this detrimental behavior. Top app development companies have designed apps that will likely help.

Being online, in the privacy of your own home does not mean that your child is not receiving threats or hurtful words from others. The majority of children online whether on laptops or on their cell phones has grown substantially. Up to 20% of kids 6 to 9 years of age spend two or more hours on the internet, whether gaming or on social networks. A parent can set parental controls on the devices and still not prevent all the issues that children go through from bullies.

Thankfully, we do have assistance out there. Top app development companies have designed certain apps that allow anonymous reports to be filed that report these actions.

Certain apps developed for mobile devices were originally thought of by students who have experienced being bullied. They know how the victim feels and offer tutorials to assist in reporting, deleting and blocking the individual that is treating them in a harassing manner. The two students who act as guides will offer tips and links to counselors that can help the victims.

Another app created by a 17 year old and top app development companies is a useful one that works towards the bully themselves. The app helps promote proper behavior and gives a person a second chance to rethink what they are saying to others in message form. It helps to create a more positive behavior online. This app can detect offensive language and the hurtful words that have caused many suicides among teenagers in our world. The writer will receive a prompt that suggests they think again about sending such a message. For up to 93% of these bullies, the messages are deleted and not sent. With the pressure that so many victims feel as far as reporting the messages they receive, this prevents the fear they feel as far as retaliation for telling an adult.

Many of the apps developed by top app development companies are enabled with a capture and block capability. These will allow for recording the bullying individual word whether typed or spoken. The bully does not know that they are being recorded. Separate apps developed by top app development companies allow people to send in tips to government officials in an anonymous manner. Most apps are free, and a few will set you back less than $5.00. Well worth the cost of peace for the adolescent.

Not surprisingly, is the fact that cyberbullying does not stop at the adolescents. This negativity has crossed over to the workplace. Op app development companies have also designed an app for employees to report harassment they receive from fellow employees. Petitions had circulated to remove apps that basically were allowing people to harass and bully others. That app was supposedly created for employees to give constructive feedback to the employers, however, that is the opposite of what took place. The app was then removed from the online stores. After much thought and consideration, it had been determined that the workplace app be one that allows anonymity. There is one that allows the person reporting to send it directly to the head offices. Others will send a report to a third party ombudsman.

The ramifications of not preventing or ending the harassment of adolescents and adults alike cause detrimental damages that can lead to severe depression, anxiety, relationship issues or even suicide. Cyberbullying is something that can and will happen to someone we know. It is not an issue to ignore or laugh at behind the victim’s back. Everyone including teachers and parents needs to face the bullies head-on to protect all youth and adults from being victimized. Do not stand back and expect the bully or the bully’s parents to put an end to the behavior. Most often the parent does not know.

Take advantage of the apps developed by top app development companies that allow people to record and send the messages received to law enforcement, parents, teachers and any governmental group that makes it known they are there for the victims. There is no room to wait for someone else to help the victim, face it head-on with a calm demeanor and confidence. Other actions to help stave off the cyberbullying behavior could be:

Make the expectations clear pertaining to any online behavior. This includes social websites, games, workplace email accounts and personal email, even texting on mobile devices.

Always speak in a positive manner when speaking with the bully, and leave the conversation in a positive way. For the youth, be persistent in seeking help from an adult. Sometimes people are busy, so be patient and keep looking for assistance. For all, please remember that any physical action should only be in times when all else has failed, it should be considered as a last resort of action or to protect yourself. Use the apps to record, report, protect and prevent any cyberbullying.

About the Author:

Melissa Crooks is Content Writer who writes for Hyperlink InfoSystem, a mobile app development company in New York, USA and India that holds the best team of skilled and expert app developers. She is a versatile tech writer and loves exploring latest technology trends, entrepreneur and startup column. She also writes for top app development companies.

The post There Are Ways To Help Stop Cyber Bullying by Melissa Crooks appeared first on Hakin9 - IT Security Magazine.

OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. It has been created in order to structure, store, organize and visualize technical and non-technical information about cyber threats.

The structuration of the data is performed using a knowledge schema based on the STIX2 standards. It has been designed as a modern web application including a GraphQL API and an UX oriented frontend. Also, OpenCTI can be integrated with other tools and applications such as MISP, TheHive, MITRE ATT&CK, etc.

Objective

The goal is to create a comprehensive tool allowing users to capitalize technical (such as TTPs and observables) and non-technical information (such as suggested attribution, victimlogy etc.) while linking each piece of information to its primary source (a report, a MISP event, etc.), with features such as links between each information, first and last seen dates, levels of confidence etc. The tool is able to use the MITRE ATT&CK framework (through a dedicated connector) to help structure the data. The user can also chose to implement its own datasets.

Once data has been capitalized and processed by the analysts within OpenCTI, new relations may be inferred from existing ones to facilitate the understanding and the representation of this information. This allow the user to extract and leverage meaningful knowledge from the raw data.

OpenCTI not only allows imports but also exports of data under different formats (CSV, STIX2 bundles, etc.). Connectorsare currently developped to accelerate interactions between the tool and other platforms.

Documentation and demonstration

If you want to know more on OpenCTI, you can read the documentation on the tool. If you wish to discover how the OpenCTI platform is working, a demonstration instance is available and open to everyone. This instance is reset every night and is based on reference data maintened by the OpenCTI developers.

Releases download

The releases are available on the Github releases page. You can also access to the rolling release package generated from the mater branch of the repository.

Installation

All you need to install the OpenCTI platform can be found in the official documentation. For installation, you can:

• Use Docker (recommended)
• Install manually

Contributing

Code of Conduct

OpenCTI has adopted a Code of Conduct that we expect project participants to adhere to. Please read the full text so that you can understand what actions will and will not be tolerated.

Contributing Guide

Read our contributing guide to learn about our development process, how to propose bugfixes and improvements, and how to build and test your changes to OpenCTI.

Beginner friendly issues

To help you get you familiar with our contribution process, we have a list of beginner friendly issues which are fairly easy to implement. This is a great place to get started.

Development

If you want to actively help OpenCTI, we created a dedicated documentation about the deployment of a development environement and how to start the source code modification.

Community

Status & bugs

Currently OpenCTI is under heavy development, if you wish to report bugs or ask for new features, you can directly use the Github issues module.

Discussion

If you need support or you wish to engage a discussion about the OpenCTI platform, feel free to join us on our Slack channel. You can also send us an email to contact@opencti.io.

About

OpenCTI is a product powered by the collaboration of the French national cybersecurity agency (ANSSI), the CERT-EUand the Luatix non-profit organization. More: https://github.com/OpenCTI-Platform/opencti

The post OpenCTI - Open Cyber Threat Intelligence Platform appeared first on Hakin9 - IT Security Magazine.

HomePwn is a framework that provides features to audit and pentesting devices that company employees can use in their day-to-day work and inside the same working environment. It is designed to find devices in the home or office, take advantage of certain vulnerabilities to read or send data to those devices. With a strong library of modules you can use this tool to load new features and use them in a vast variety of devices.

HomePwn has a modular architecture in which any user can expand the knowledge base about different technologies. Principally it has two different components:

• Discovery modules. These modules provide functionalities related to the discovery stage, regardless of the technology to be used. For example, it can be used to conduct WiFi scans via an adapter in monitor mode, perform discovery of BLE devices, Bluetooth Low-Energy, which other devices are nearby and view their connectivity status, etc. Also, It can be used to discover a home or office IoT services using protocols such as SSDP or Simple Service Discovery Protocol and MDNS or Multicast DNS.
• Specific modules for the technology to be audited. On the other hand, there are specific modules for audited technology. Today, HomePwn can perform auditing tests on technologies such as WiFi, NFC, or BLE. In other words, there are modules for each of these technologies in which different known vulnerabilities or different techniques are implemented to asses the device's security level implemented and communicated with this kind of technologies.

Built With

• Python - Programming language used
• Prompt Toolkit - Python command line

Documentation

It's possible to read the documentation in our papers:

• Spanish Version
• English Version

Getting Started

These instructions will get you a copy of the project up and running on your local machine for development and testing purposes. See deployment for notes on how to deploy the project on a live system.

Prerequisites:

You need to have Linux and python 3.6+ running in your computer, please install them in the download page.

• Ubuntu, Debian or similar.
• Python 3.6+.

Installing all requisites:

To install all dependencies in Ubuntu 18.04 or derivatives use the file install.sh

> sudo apt-get update 
> sudo ./install.sh

The script ask you if you want to create a virtualenv, if your answer is 'y' then it installs python libraries within the virtual environment, if not in the system itself

Usage

To run the script, if you chose a virtual environment in the installation follow execute the next command to activate the virtual environment:

> source homePwn/bin/activate

Launch the application:

> sudo python3 homePwn.py

Examples

Here are some videos to see how the tool works.

HomePwn. Bluetooth Low-Energy PoC & Hacking

HomePwn. Bluetooth Spoofing

HomePwn. NFC Clone

HomePwn. BLE capture on PCAP file (sniffing)

HomePwn. QR Options hack

HomePwn. Apple BLE Discovery

HomePwn. Xiaomi IoT Advertisement

Authors

This project has been developed by the team of 'Ideas Locas' (CDO - Telefónica). To contact the authors:

• Pablo Gonzázlez Perez -- @pablogonzalezpe -- pablo.gonzalezperez@telefonica.com
• Josué Encinar García -- @JosueEncinar -- josue.encinargarcia@telefonica.com
• Lucas Fernández Aragón -- @lucferbux -- lucas.fernandezaragon@telefonica.com

See also the list of CONTRIBUTORS.md who participated in this project.

Contributing

Please read CONTRIBUTING.md for details on our code of conduct, and the process for submitting pull requests to us.

License

This project is licensed under the GNU General Public License - see the LICENSE.md file for details.

Disclaimer!

THE SOFTWARE (for educational purpose only) IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

This software doesn't have a QA Process.

Github page: https://github.com/ElevenPaths/HomePWN

The post HomePwn - Swiss Army Knife for Pentesting of IoT Devices appeared first on Hakin9 - IT Security Magazine.

Given the range of system logins enterprise users and customers have to access every day, the process of keying in a password over and over has become not just an inconvenience but also a security risk. From banks and hospitals to campuses and corporate offices, the password is becoming an outdated form of login credentials for computer systems and facilities. Hackers, fraudsters and data thieves, for instance, are continually devising ways to steal passwords or circumvent the need to supply one to carry out their criminal activities. It’s no wonder then, that in a recent survey, 70% of American respondents find biometrics more convenient than passwords. All it takes is a single scan of the fingerprint, iris, ear, or face to detect and verify the identity of the user.

Biometric data rely on the measurements of key features on a person’s body or even their behavioral output, such as their signature or tone of voice. However, the most popular types of biometric data are physical: some examples are DNA, fingerprint, or iris patterns.

Why is biometric authentication a more secure alternative to the password, then?

Biometric authentication uses unique data 

This level of complexity and specificity—typically absent from most passwords—is crucial in keeping security high, especially since four out of five data breaches (81%) take place with the use of a stolen or weak password, Verizon’s 2017 report on data breach investigations showed.  

While people can generate quirky alphanumeric passwords that appear difficult to decipher—and difficult to copy—the fact that passwords are artificially produced and exist outside of the person also means they can easily be replicated or stolen. 

The case is different, however, for biometric data since the patterns that signify a unique identity are naturally occurring. Biological attributes thus become an essential part of a person’s digital identity and are authenticated right where the person is physically located.

Unlike passwords or codes that might be forgotten over time, biometric data remain inherent in a person, as these are his physical and behavioral characteristics. 

Biometric authentication is convenient to use

Having to memorize passwords can be painstaking. Instead of doing so, however, most people would rather use the same code across different platforms. In the US, the average user links up to 130 online services to a single email account. This raises the risk of losing access to multiple accounts once that single password is stolen.

Biometric authentication eliminates the need for users to input a different password on yet another platform, or to risk getting hacked across apps when they recycle the same universal password. 

All that a user has to do when accessing a device or app, or authorizing an action, is to wait for the biometric scan to complete. The system allows for easy verification thanks to the use of sensors that read multiple data points on a subject’s physical or behavioral features. 

Biometric authentication can support multi-factor authentication

For users who prefer to key in passwords or draw lock patterns on their device, but who still require an extra layer of security, biometric authentication can be used in conjunction with other traditional modes of verification. 

Most security systems can accommodate any combination of physical and behavioral cues along with nominal codes to launch an action. For instance, a person can input a password, then proceed with an iris scan, combine facial recognition with voice recognition scans, or swipe an access card, then proceed with a fingerprint scan.

Biometric authentication is safe from most cyber attacks

The most common cybersecurity threats come in the form of phishing attacks and, more recently, identity theft through impersonation or spoofing.

Phishing attacks are socially engineered to deceive users into giving up their personal data or prompt them into clicking or downloading a file that grants attackers easy access to their system. An essential part of a phishing attack is how it is made to look like a legitimate request so that the victim would type in their security details into a fake login portal. 

Phishing attacks are less likely to occur, however, when biometric data is being used through multi-factor authentication. That is when the system requires not just the password but also the actual scan of a person’s physical or behavioral feature when launching an app or authorizing a transaction. 

The popularity of mobile banking apps in recent years, for instance, has prompted banks to switch to biometric authentication as a more sophisticated method for users transacting via the app.

Companies are also now increasing security against fraudsters who would use the victim’s selfies to impersonate or spoof them during a facial recognition scan. 

The more advanced biometric authentication systems include a liveness detection or spoof detection tool to determine whether the sample being presented before the sensors is a live human being or a spoof. Security protocols include instructions for the user to blink, open their mouth, or respond to a question—all of which would be difficult to perform with a spoof.

As more device manufacturers like Apple and Samsung build scanners and sensors into their systems, more companies will find it useful to incorporate biometric authentication to enhance their security features.

About the Author:

Alex Hunter is a Business Development Representative from ImageWare Systems. She has spent the past 8 years working to develop market awareness of, what is now recognized to be, one of the world’s leading 2FA/Multi-Factor Biometric Authentication solutions available today.

The post Why Biometric Authentication is Better than Passwords by Alex Hunter appeared first on Hakin9 - IT Security Magazine.

By now, I imagine you’ve heard the news. California has become the first state to follow the European Union’s lead, creating a privacy framework of its own. Enforceable by 2020, the California Consumer Privacy Act will most certainly be the first of many.

Other states already have their own regulations in the works. And United States lawmakers are working with tech companies to devise a federal framework. Although there will naturally be a few differences, I imagine it will be largely based upon the foundation created by California.

So with that in mind, let’s discuss it. 

The basic beats should be pretty familiar to anyone who’s been paying attention. Users have a right to know what data is being collected about them and why. They have a right to opt out of the sale of their data to third parties. Children under 16 - or their parent or legal guardian - must provide explicit consent before their data can be sold. 

Consumers also have the right to download, transfer, or delete their stored data. Companies are not allowed to treat a consumer differently based on whether or not they have consented to their data being sold, and consumers are allowed to sue if a company violates this rule. Businesses are also expected to go to reasonable lengths to keep personal data safe - again, pretty similar to GDPR.

What’s interesting about California’s regulation is that it has a pretty broad definition of what constitutes personal information. There’s the obvious stuff, like browsing history and personal identifiers like name, address, and phone number. But it also includes psychometrics and any predictions or inferences a company might make about a consumer based on their behavior. 

Again, California’s data privacy law isn’t going to be the sole standard for the country. But it will serve as a starting point. And at the very least, it should signal to your organization that it’s high time to start considering how it will deal with consumer data in its own right.

Honestly, your best bet here is to simply embrace the GDPR. Treat it as a business opportunity rather than a roadblock. Hire a compliance officer, and work with them to sanitize your data, organize consumer information, and draft up consent forms for your customers.

Compliance aside, the GDPR can actually end up being a pretty phenomenal marketing tool for your organization. Consumer trust in business is at an all-time low. If you’re able to show people that you care about their rights - if you demonstrate that you’re willing to give them ownership over their personal information - they will be much more willing to work with you in the future.

Sure, doing the right thing and respecting the agency of your customers should be its own reward. But in an era where privacy is effectively on life support, it can also be a great value-add. Really, time and effort aside, you’ve no reason not to become compliant.

Plus, it’ll save you from having to scramble through the process when your home state inevitably starts enforcing privacy regulations of its own.

About the Author:

Tim Mullahy is the Executive Vice President and Managing Director at Liberty Center One, a new breed of data center located in Royal Oak, MI. Tim has a demonstrated history of working in the information technology and services industry.

The post The United States Will Eventually Have Its Own Version of The GDPR - Here's How To Prepare by Tim Mullahy appeared first on Hakin9 - IT Security Magazine.

Installation & Usage

git clone https://github.com/devploit/XORpass 
cd XORpass

$ php encode.php STRING $
php decode.php "XORed STRING"

Example of bypass:

Using clear PHP function:

Using XOR bypass of that function:

$ php encode.php system # return A
$ php encode.php ls # return B

payload == A(B)

Why does PHP treat our payload as a string?

The ^ is the exclusive or operator, which means that we're in reality working with binary values. So lets break down what happens.

The XOR operator on binary values will return 1 where just one of the bits were 1, otherwise it returns 0 (0^0 = 0, 0^1 = 1, 1^0 = 1, 1^1 = 0). When you use XOR on characters, you're using their ASCII values. These ASCII values are integers, so we need to convert those to binary to see what's actually going on:

A = 65 = 1000001 
S = 83 = 1010011 
B = 66 = 1000010 

A        1000001
         ^
S        1010011
         ^ 
B        1000010 
---------------- 
result 0010010 = 80 = P 

A^S^B = P

If we do an 'echo "A"^"S"^"B";' PHP will return us a P as we see.

Contact

Telegram: @devploit

https://github.com/devploit/XORpass

Twitter: https://www.twitter.com/devploit

The post XORpass is an encoder to bypass WAF filters using XOR operations. appeared first on Hakin9 - IT Security Magazine.

Current features

Some features ezXSS has

• Easy to use dashboard with statics, payloads, view/share/search reports and more
• Payload generator
• Instant email alert on payload
• Custom javascript payload
• Enable/Disable screenshots
• Prevent double payloads from saving or alerting
• Block domains
• Share reports with a direct link or with other ezXSS users
• Easily manage and view reports in the dashboard
• Secure your login with extra protection (2FA)
• The following information is collected on a vulnerable page:
  • The URL of the page
  • IP Address
  • Any page referer (or share referer)
  • The User-Agent
  • All Non-HTTP-Only Cookies
  • All Locale Storage
  • All Session Storage
  • Full HTML DOM source of the page
  • Page origin
  • Time of execution
  • Screenshot of the page
• its just ez :-)

Required

• A host with PHP 7.1 or up
• A domain name (consider a short one)
• An SSL if you want to test on https websites (consider Cloudflare or Let's Encrypt for a free SSL)

Installation

ezXSS is ez to install

• Clone the repository and put the files in the document root
• Create an empty database and provide your database information in 'src/Database.php'
• Visit /manage/install in your browser and setup a password and email
• Done! That was ez right?

Demo

For a demo visit demo.ezxss.com/manage with password demo1234. Please note that some features might be disabled in the demo version.

Screenshots

Github Page: https://github.com/ssl/ezXSS

The post ezXSS - An Easy Way For Penetration Testers And Bug Bounty Hunters To Test (Blind) XSS appeared first on Hakin9 - IT Security Magazine.

In this video from our Packet Analysis with Wireshark course by Atul Tiwari we learn how to perform IPv4 and IPv6 analysis in Wireshark. It's a straightforward task that's very useful in many situations. We hope you like the tutorial, jump in! 

Wireshark is the world’s foremost and most widely-used network protocol analyzer. Network analysis and troubleshooting data packets in a network is always a daunting task. But Wireshark always comes to the rescue in such situations. As Wireshark is used widely inside commercial, non-profit, educational and at various places, it becomes crucial for IT people to have thorough knowledge about Wireshark’s capabilities to get insights at a microscopic level in a network and know what’s happening in order to analyze, troubleshoot, monitor and sometimes capture sensitive credentials passing through the wires. Wireshark is useful even in session hijacking of authenticated users and it is the industry leading tool that every ethical hacker, network admin, system admin and even malicious hackers or black hat hackers uses to perform advanced security analysis and attacks.

What skills do you gain in this course?

• Know what’s happening inside the network traffic
• Filter traffic based on your own rules that you created
• How to capture the traffic in multiple datasets
• How to split and merge large captured traces
• Perform various attacks based on protocol issues
• Find TCP and HTTP headers for further analysis
• See only endpoints, target traffic for a single requirement
• Filter for one protocol, one port or port range, one IP address or range of IP
• Identify network intrusions using filters and colorizing rules
• Identify port scanning and DoS attacks on your networks
• Remotely capturing the traffic
• IP and port filtering
• Capture VoIP telephony and listen to the conversations
• Baseline your network traffic for your organization
• EMAIL, DNS, HTTP, TCP, ARP, Ipv4, Ipv6, etc., analysis
• Make and apply display filters

This video is from module 4, where we analyze different protocols, listen to VoIP communications and playback using the captured packets. As a network engineer, one can dive into Wireshark’s plugins, create rules for detecting unauthorized scanning, network flooding of the network and intrusion detection, and fixing issues, as well. Make your own traffic baseline for organization.

You might also be interested in:

Brute-force attacks with PowerShell [FREE COURSE CONTENT]

Harvesting email addresses for OSINT [FREE COURSE CONTENT]

Intercepting Mobile Traffic with Burp Suite - iPhone [FREE COURSE CONTENT]

Mastering Burp Suite Professional (W36)

Open Source Intelligence (W40)

Packet Analysis with Wireshark (W37)

PowerShell for Hackers (W41)

The post IPv4 and IPv6 analysis in Wireshark [FREE COURSE CONTENT] appeared first on Hakin9 - IT Security Magazine.

Vulnx is an intelligent bot auto shell injector that detect vulnerabilities in multiple types of CMS, fast CMS detection, informations gathering and vulnerability scanning of the target like subdomains, ipaddresses, country, org, timezone, region, ans and more.

Instead of injecting each and every shell manually like all the other tools do, Vulnx analyses the target website checking the presence of a vulnerabilities if so the shell will be Injected.searching urls with dorks tool. 

• VulnX Wiki • How To Use • Compatibility • Library •

https://github.com/anouarbensaad/vulnx/archive/master.zip

Features

• Detect cms (wordpress, joomla, prestashop, drupal, opencart, magento, lokomedia)
• Target informations gatherings
• Target Subdomains gathering
• Multi-threading on demand
• Checks for vulnerabilities
• Auto shell injector
• Exploit dork searcher
• Ports Scan High Level
• Dns-Servers Dump
• Input multiple target to scan.
• Dorks Listing by Name& by ExploitName.
• Export multiple target from Dorks into a logfile.

DNS-Map-Results

To do this, run a scan with the --dns flag and -d for subdomains. To generate a map of isetso.rnu.tn, you can run the command vulnx -u isetso.rnu.tn --dns -d --output $PATHin a new terminal.

$PATH : Where the graphs results will be stored.

Let's generates an image displaying target Subdomains,MX & DNS data.

Exploits

Joomla

• Com Jce
• Com Jwallpapers
• Com Jdownloads
• Com Jdownloads2
• Com Weblinks
• Com Fabrik
• Com Fabrik2
• Com Jdownloads Index
• Com Foxcontact
• Com Blog
• Com Users
• Com Ads Manager
• Com Sexycontactform
• Com Media
• Mod_simplefileupload
• Com Facileforms
• Com Facileforms
• Com extplorer

WordPress

• Simple Ads Manager
• InBoundio Marketing
• WPshop eCommerce
• Synoptic
• Showbiz Pro
• Job Manager
• Formcraft
• PowerZoom
• Download Manager
• CherryFramework
• Catpro
• Blaze SlideShow
• Wysija-Newsletters

Drupal

• Add Admin
• Drupal BruteForcer
• Drupal Geddon2

PrestaShop

• attributewizardpro
• columnadverts
• soopamobile
• pk_flexmenu
• pk_vertflexmenu
• nvn_export_orders
• megamenu
• tdpsthemeoptionpanel
• psmodthemeoptionpanel
• masseditproduct
• blocktestimonial
• soopabanners
• Vtermslideshow
• simpleslideshow
• productpageadverts
• homepageadvertise
• homepageadvertise2
• jro_homepageadvertise
• advancedslider
• cartabandonmentpro
• cartabandonmentproOld
• videostab
• wg24themeadministration
• fieldvmegamenu
• wdoptionpanel

Opencart

• Opencart BruteForce

Available command line options

READ VULNX WIKI

usage: vulnx [options]

-u –url           url target to scan
-D –dorks         search webs with dorks
-o –output        specify output directory
-t –timeout       http requests timeout
-c –cms-info      search cms info[themes,plugins,user,version..]
-e –exploit       searching vulnerability & run exploits
-w –web-info      web informations gathering
-d –domain-info   subdomains informations gathering
-l, –dork-list    list names of dorks exploits
-n, –number-page  number page of search engine(Google)
-p, –ports        ports to scan
-i, –input        specify input file of domains to scan
–threads          number of threads
–dns              dns informations gathering

Docker

VulnX can be launched in docker.

$ git clone https://github.com/anouarbensaad/VulnX.git
$ cd VulnX
$ docker build -t vulnx ./docker/
$ docker run -it –name vulnx vulnx:latest -u http://exemple.com

Run vulnx container in interactive mode:

To view logfiles mount it in a volume like so:

$ docker run -it –name vulnx -v “$PWD/logs:/VulnX/logs” vulnx:latest -u http://exemple.com

change the mounting directory:

VOLUME [ "$PATH" ]

Install vulnx on Ubuntu

$ git clone https://github.com/anouarbensaad/vulnx.git
$ cd VulnX
$ chmod +x install.sh
$ ./install.sh

Now run vulnx

Install vulnx on Termux 

$ pkg update
$ pkg install -y git
$ git clone http://github.com/anouarbensaad/vulnx
$ cd vulnx
$ chmod +x install.sh
$ ./install.sh

Results:

example command with options : settimeout=3 , cms-gathering = all , -d subdomains-gathering , run --exploits

vulnx -u http://example.com --timeout 3 -c all -d -w --exploit

example command for searching dorks : -D or --dorks , -l --list-dorks

vulnx --list-dorks return table of exploits name. vulnx -D blaze return urls found with blaze dork

Contribution & License

You can contribute in following ways:

• Report bugs & add issues
• Search for new vulnerability
• Develop plugins
• Searching Exploits
• Give suggestions (Ideas) to make it better

Do you want to have a conversation in private? email me : Bensaad.tig@gmail.com

VulnX is licensed under GPL-3.0 License

The post Vulnx 🕷️ is an intelligent bot auto shell injector that detect vulnerabilities in multiple types of CMS appeared first on Hakin9 - IT Security Magazine.

The fracas over Gutenberg and WordPress is the latest installment in the death of PHP. Take a deep breath everybody. Let’s ignore the trolls and take a look at what Mark Twain, Fidel Castro and PHP have in common—and more to the point, why PHP is still a reasonable choice for startups and small businesses.

When did PHP start dying?

It looks like ‘PHP is dead’ blog posts started cropping up in 2011 (let me know if you find older ones). If you search around Medium and the coding bootcamps that are popping up like mushrooms, the only common denominator is that everyone hates on PHP or simply ignores it. Apparently it’s impossible to code in PHP with an oiled beard and ironic t-shirt while drinking overpriced coffee.

Bullshit.

Enough is enough. I talk to founders all the time that are ready to make questionable business decisions because of the anti-PHP echo chamber.

Here’s the reality: nearly 80% of the internet is running on PHP as of 2018.

I guess PHP isn’t that dead after all.

The myths

PHP doesn’t scale. Riiiiiight. Wikipedia runs entirely on PHP and is the fifth most visited site on the internet. There’s also this little site called Facebook that uses PHP, ever heard of it?

PHP is slow. Sure, old PHP can be slow. The argument is about as sound is saying that OS X is a terrible OS because my first Apple IIe was slow. PHP 7 is plenty fast, even three time faster than Python.

Projects where PHP shines

When I talk to business owners that need a website, my first suggestion is to look at a PHP-based CMS such as Drupal. Even building a custom CMS in PHP is well within the budget of most small businesses. I often get murmured responses, “but what about [super expensive niche technology X].”

Don’t get me wrong, I’ve managed projects with machine learning, high-load systems and cutting edge JS. I’m not a luddite. I’m a businessperson, and that’s why I’m obsessive about finding exactly the right technology for each company I work with.

PHP is great for putting together content driven websites. Most businesses I work with need sites that are easy to update, change copy, add blog posts and manage with templates. And all of this has be easy enough for non-technical staff to do without breaking things.

The same is true of e-commerce. Business owners that need to focus on selling rather than coding, use platforms like Magento that work out of the box. Don’t worry, you can still sell beard oil from an e-commerce site that runs PHP in the background. I won’t tell anybody.

There’s no need to stop there. Advanced frameworks like Symfony can handle complex business logic for a wide range of application. PHP is a great language to build APIs that play nice with modern front-end frameworks like React, Vue and Angular.

The business sense of PHP

Let’s go back to 80% of the web running on PHP. Translated into economics, that means there are a tons of PHP developers. The upside for you is that:

1. Hiring developers is much easier. Good luck finding a new developer for that project you decided to do with some obscure framework.
2. Development costs are lower because of the high availability of developers on the market and not needing to reinvent the wheel—there are plenty of open source projects to draw from.

For whatever reason, fundamental business acumen is lacking in the startup scene. The next time you hear someone describing their simple web app with some verbal diarrhea about blockchain and machine learning, just nod and calmly explain why Laravel or Symfony would work just fine 99% of the time. In short, don’t believe your own marketing department’s hype.

I can’t stress this enough for bootstrapped startups. Look at solutions in the PHP ecosystem. More often than not, you can execute your business logic for a fraction of the cost and development time by going with PHP.

The perspective that senior developers bring

True senior engineers bring a sobriety and broad perspective that you just don’t get when talking to ‘senior developers’ with two years of experience on the interwebs. When you use tried and true technology like PHP, it’s far easier to find an expert with 10 years of experience under their belt.

For entrepreneurs, going with experienced engineers saves money. Build your MVP faster and with high quality from the start, rather than trying to ‘save’ money by hiring a team of juniors. Finder senior developers is far more realistic when using PHP and frameworks such as Symfony and Laravel.

The nine lives of PHP

We can always hope that 2019 will finally bring an end to blog posts about the death of PHP. Then again, maybe it’d be better if nobody else learned my secret. It’s because of awesome languages like PHP and Ruby that I can crank out MVPs for under 15k using senior developers.

PHP is the Fidel Castro of programming languages; after all Castro outlived five US presidents who ordered his assassination. And of course, like reports of Mark Twain’s death being exaggerated, it’s patently absurd to call a language that powers 80% of the web dead.

Viva le PHP!

About the Author:

Sergii Shanin

With over a decade in the tech industry, I’ve managed projects for payment providers, startups, retail and cloud solutions. As the CEO of eTeam, I’ve overseen long-term client relationships for high-load payment systems as well as working with new startups.

At eTeam, we use a combination of the latest technology and an agile development process to help our clients make products that we're proud of.

The post PHP is dead…Viva le PHP! By Sergii Shanin appeared first on Hakin9 - IT Security Magazine.

If you deposit sensitive data on your USB stick, then you must consider encryption to secure your information in the event of a security breach or physical loss.

There are a couple of different ways to encrypt your device, depending on what operating system your host device is using, be it Windows or a macOS – in this blog we’ll cover the different ways to encrypt your USB on both devices. 

It’s important to note though, that USBs, along with just about any device, are not 100% impenetrable even after encryption. 

That said, hacking and exposing a devices’ weaknesses is not a simple task that can be performed by just anyone. It requires technical skills and knowledge to penetrate the information of an encrypted device.

What is Encryption?

When you encrypt your files, you’re essentially making them unreadable, unless someone can unscramble them. Which is usually only the case when someone is using a certain kind of software or has some idea of what your chosen password is. 

Someone may encrypt files to prevent certain information from being seen. For instance, if you use a USB stick to store financial data, photographs or any other personal documents, that someone could use against you, like trying to steal your identity, then it’s of the utmost importance that you encrypt this data. 

Should I Encrypt My Device?

You know the story: someone with significant power loses a USB device, containing information that could be available for anyone to see if they were to stumble across it. 

Such incidents are often reported in the news, and only last year an unencrypted USB device containing the personal details of up to 900 university students was lost by a leading Irish university. 

No one wants to be in that situation, whether it’s data from a respected institution such as NUI Galway, or even your own personal data. 

That said, most of us are only storing and transporting this kind of information for a reason, so we’re not carrying such sensitive data on a daily basis, which means that encryption isn’t necessary for every situation. 

As we’ve already covered, it’s really only for when you’re carrying documents that could present a considerable personal security threat if the drive were to be misplaced, or your host device, such as a tablet or laptop, has been breached by malware, and the data needs to moved. 

Encrypting Your Device Using BitLocker on Windows

Microsoft’s built-in encryption tool is called BitLocker, which will encrypt the information on your device and request a password of your choosing each time its plug into a PC, so only individuals with knowledge of the password will be able to view your information. 

Note: If the steps below aren’t working on your computer, it means that your current version of Windows doesn’t support BitLocker

Step One – Connect your USB drive to your computer, and then right-click on the image of the USB drive in ‘This PC’ and select ‘Turn on BitLocker’. 

Step Two: Once you’ve clicked this option, you’ll be asked how you’d like to unlock your data. There are three options available to you: password, smart card or both. For most users, the password option will be the best. 

Step Three: The next step is crucial since you’ll be asked to select the method you’d use in order to retrieve the data from your device if you happen to forget your password.

There are three options available to you at this stage:

• Save to your Microsoft account
• Save to a file
• Print the recovery key

Saving your data to your Microsoft account is usually the best option because it will remain securely stored on the Microsoft servers. 

If you choose the second option, Save to a file, then you must ensure your file is saved securely. 

Finally, you could print the recovery key and then store it safely in a secure location. 

Whatever avenue you decide to travel down, it’s absolutely crucial that you keep your recovery key secure, because if anyone were to stumble across it, they’d have the means to access all of your data. 

Step Four: Now, you’ve decided how you’ll recover your device; you’ll need to choose how much of your drive you want to encrypt. If it’s a brand-new flash drive, just encrypt the used space, and it’ll encrypt new data as its added. If you already have data stored on it, then just go ahead and encrypt the whole drive.

Depending on which version of Windows you’re using, you may not see this. You’ll instead see:

This is because Windows 10 runs a stronger and improved version of BitLocker, which isn’t compatible with earlier versions of Windows. If you require upgraded protection, get Windows 10, but if you just want to connect the device to older versions, click Compatible Mode. 

Once you’ve clicked Next, the PC will encrypt your USB, and the time it takes to do so, will depend largely on how much data is stored on the device.

When it does finish encrypting, you’ll see a notification when you plug it into any Windows machine telling you that your device is ‘BitLocker-Protected’. 

If you enter the ‘This PC’ section again, you’ll now see that your drive icon has a gold padlock on it:

Step Five: Now everything is encrypted, double-clicking on the drive icon, will bring up a password prompt. This screen will also allow you to enter your recovery key, should you forget your password:

If you want to unlock your device again, right-click the icon and select Manage BitLocker then Turn off BitLocker. 

Within this menu, you’ll also be able to change your password, get another recovery key, add smart card verification and toggle auto-unlock for specific devices. 

Encrypting Your Device Using VeraCrypt on Windows

Many third-party data encryption options on the market claim to be safe and secure, but in reality, no one has actually audited these options to verify these claims. When it comes to encryption devices, you must use software that has been written and reviewed by security experts.

The only software we could recommend at this time is VeraCrypt, which is the name now given to the previously popular TrueCrypt. The code for this programme has been correctly audited, and no major security concerns have been highlighted. 

Step One: Once you’ve downloaded the programme, you’ll see this:

We want to create a new volume:

Step Two: You’ll now see the ‘VeraCrypt Volume Creation Wizard’, which presents you with a few options:

You can use one of the following options:

• Create an encrypted file container – makes a virtual encrypted disk and stores it in a single file
• Encrypt a non-system partition/drive – will encrypt your entire flash drive
• Encrypt the system partition or entire system drive – encrypts some parts of the drive and leaves the rest unencrypted.

Since we’re carrying delicate data on our USB, we’d always select option two. 

Step Three: On the next screen, you’ll need to choose between creating a ‘Standard VeraCrypt Volume’ or a ‘Hidden VeraCrypt Volume’. 

Essentially the difference between the two is the added security level. Again, we’re carrying sensitive information, so we’ll choose hidden volume because this basically creates another layer of protection, which means you can store decoy data within the first layer and the real data in the second.

This method also means that if someone has your password, they will only gain access to the first layer (volume) of information and not the real data hidden in the second since this will need another password.

If you’ve chosen the hidden volume, ensure that you select normal mode on the next screen, so the software knows to create two layers – one visible and one hidden.

Step Four: Next, we need to choose the location of the volume.

Click on the select device button and then take a look for your device. At this step, you’ll either be able to choose a partition or the entire device. 

If you decided on hidden volume in the earlier stage, the next screen would set your parameters for the ‘outer volume’ or outer layer of security in other words.

Step Five: At this stage, you’ll be asked to select the encryption and hash algorithms. However, if you are unsure on this, it’s best to just leave everything in its default state and move to the next step.

Step Six: The next screen will ask you to verify the size of the outer volume, which will be the same size as the portion of the drive you want to encrypt, then you’ll be asked to create a password:

Be sure to note that the outer volume (decoy layer) and the hidden volume (the real data) must be given very different passwords, so think of some long and varied passwords that you could use for each, or alternatively use a password generator. 

passwordgenerator.net is a good one to use, since you can generate passwords that include symbols, numbers and upper- and lower-case characters with up to 2048 characters, for unbelievable levels of security. 

Step Seven: You’ll now need to select whether or not you’d like to support huge files. It’s generally recommended that you don’t, so only click yes if you are storing data larger than 4GB.

Step Eight: Now, you’ll be asked to format the outer volume, and it’s a good idea to leave everything as it is here since the FAT filesystem is best for VeraCrypt. 

Once you click the format button, it will actually delete everything on the drive and then begin to create the outer volume.

This will take more time than if you were using BitLocker because doing this will enable you to actually write random information across the entire device. When this finished, you’ll be asked to copy data to the outer volume, which is supposed to act as your decoy data. 

Step Nine: Once you’ve copied over miscellaneous data, you’ll need to begin the process for the hidden volume. 

You’ll be once again asked to choose your encryption type, which, once again is best to leave as it is. Then you’ll need to choose the size of the hidden volume. If you’re certain that you won’t be adding to the outer volume, you can just choose the maximum hidden volume value. 

Alternatively, you can keep the hidden volume to a minimum if you don’t need to store large amounts of data, and you need more room for the outer volume. 

Step Ten: Now, you’ll need to give your hidden volume a password and hit Format to the create the hidden volume, once this is complete, you’ll see this message:

Now, this is complete; the only way you’ll be able to gain access to your drive is by using VeraCrypt. If you attempt to click on the drive in Windows, you’ll be given an error message which tells you that your device can’t be recognised and requires formatting, don’t do this or you will lose all of your encrypted data.

Open VeraCrypt and select a drive letter from the list:

Then click select device:

And choose a removable disk partition from the list and hit the Mount button. 

Now you can enter the outer password to mount the outer volume to a new drive letter, or if you type the hidden volume password it will dismiss the outer volume, and your hidden information will load instead.

Since the release of macOS Mojave, it’s relatively easy to encrypt your USB devices. 

However, bear in mind that if you’re using Finder to encrypt a device, you won’t be able to access it on a machine that isn’t running macOS.

Step One: Plug your USB drive into the Mac and open Finder.

Step Two: Right-click on your device in the left sidebar, under locations and click encrypt:

Step Three: You’ll now be prompted to enter your password and hint. Just like other forms of encryption, you’ll need this to access your data, so keep a secure copy somewhere away from the primary device, as you won’t be able to recover or reset this password once you’ve decided what it is.

Step Four: Once this is filled out, click Encrypt Disk. 

The Mac will now encrypt the device, and as with the other options we’ve covered, the time taken to do so will depend largely on what you have stored on the drive. 

Once it’s complete, the only way you’ll be able to access your information is by inserting it into a Mac device and inputting the password. 

Note: If the Encryption option doesn’t appear when you right-click your device, it means the drive isn’t in the right format to use the standard macOS encryption. You’ll need to follow the steps below to encrypt your device.

Encrypting Your Device Using Disk Utility on a Mac 

We we’ve mentioned in the section above, if you can’t use the built-in encrypt option, it means your flash drive hasn’t been formatted using a GUID partition map.

Step 1: To use this encryption method, you’ll first need to remove your drive and encrypt it in Disk Utility. First, make a copy of all your data and move it somewhere safe. Once, you’ve completed this; you can then erase and encrypt the device. 

Step 2: Open up Disk Utility, which can be found in Applications and then Utilities in Finder:

Step Three: From here, select Disk Utility, then view.

Step Four: Now select, Show all Devices, and select the top option of your USB drive from the left-hand sidebar.

Step Five: Click the Erase option in the toolbar:

Step Six: Now rename your USB device and under the Scheme menu, ensure you have GUID Partition Map selection, before you change Format, where you should select Mac OS Extended (Journaled, Encrypted).

Step Seven: You’ll be asked to type in a password and reminder, once again it’s worth remembering that this isn’t changeable so don’t forget it. Once you’ve completed this step, click Erase. 

Step Eight: Once you’ve completed this step, move all of your data that initially removed back onto your device. Once it’s on the drive, it will automatically encrypt with a password.

Conclusion

While we know that encryption is not 100% fool proof, leaving sensitive data exposed is not something we should be doing in this day-and-age. 

In this blog, we’ve covered how to encrypt devices using BitLocker and VeraCrypt on Windows and how to do it on an Apple device too, so you can be sure that whatever device you’re using you can keep your private data safe.

About the Author:

Richard LeCount is a cybersecurity expert and the managing director of usbmakers.com, a company specialising in USBs and power banks.  

The post How and Why You Should Encrypt Your USB Data by Richard LeCount appeared first on Hakin9 - IT Security Magazine.

Cybersecurity must be a top priority for every business across every industry. Through the expansion of the internet, exposure to malicious users and exploited devices has increased dramatically. 

Essentially, our devices are communicating with more users than ever before and connecting around the world has come with some unfortunate consequences. Unfortunately, the damage that these breaches and hacks cause can sometimes cripple a business for good or expose countless users to hackers. 

Avoiding this has become the most important thing that businesses can do as the threat continues to grow across the spectrum. Some businesses, however, still have not updated with the cybersecurity trend at great risk to themselves and others. 

Cybersecurity should start by analyzing the systems that are currently in place and gauging which ones need to upgrade. Analyzing the network infrastructure first allows businesses to handle the front end of the cybersecurity deployment to prevent any viruses from entering the network. 

Network infrastructures are often not secure

Mini small and medium businesses rely on routers and other networking equipment supplied them by their Internet service provider. This is not recommended for several reasons. Chiefly, the network equipment they supply you with it’s often cheap and outdated.

As a result, networking structures are often wanting. They do not have the proper hubs, switches, or routers. The equipment, and therefore the infrastructure, underperforms.

Hacking is much more sophisticated than it used to be

Businesses must take cybersecurity more seriously than they ever have before because the world is only getting bigger and the opportunities continue to grow. The importance of cybersecurity grows alongside the growth of the Internet and will continue to be a cornerstone of business in the future.

Hackers are becoming more coordinated and pernicious. As hacking organizations and individuals become more profitable, the hacking techniques become more sophisticated and malicious,

Every single business should be on guard. Every business in this day and age produces a massive amount of data and this data could be quite valuable.

Privacy regulations must be operationalized

Privacy is important. But, it’s often overlooked. The recent large breaches require all of our attention, however. More businesses are subject to targeted hacking attempts than ever before.

It is important to make sure that your company is aware of every privacy policy and protocol that relate to their doing business. For instance, your business may be liable for personal damages related to a data leak from your database. It’s important to take the proper precautions to safeguard sensitive data of tech managers, interns, and clients alike.

Encryption can save you from costly leaks

Encrypting your file system, or even individual files can protect you from data leaks. Encrypting files is often an easy but neglected duty. 

Use programs like FolderLock to encrypt without much effort or encrypt an entire partition with powerful and comprehensive encryption software.

Free security software downloads make security affordable. Using network vulnerability scanners in conjunction with encryption tools and antivirus software will provide you with a strong layer of security.

Conclusion

Companies must make sure that their equipment is up to date and modern enough to keep up with current software. Legacy technologies are often the culprit when analyzing the source of a network intrusion because older technology does not have the same level of active security that newer tech does. 

Company networks should also be customized to the needs of the business specifically and limited where necessary to mitigate the damages of a potential hack. Risk mitigation, as it were, has its limits when it comes to honest hacking. 

Many of the best hackers use social exploits to gain access to private data. Every business should be educating their employees about the dangers online and setting up rigorous network protocols to prevent errant attacks from unknown sources. 

Businesses can control their networks to this degree by assigning the proper value to their data. Most businesses are parting with valuable data without any knowledge of the fact because they have failed to implement appropriate cybersecurity standards. Businesses can implement a greater level of security by choosing to encrypt their file systems completely. 

Even though it requires more permission checks, setting up a standard and thorough encryption system will make your business an iron fortress. 

The post Why Cybersecurity Needs to Remain a Top Priority For Every Company appeared first on Hakin9 - IT Security Magazine.