Showing posts with label ethical hacking news. Show all posts
Showing posts with label ethical hacking news. Show all posts

Tuesday, 28 October 2014

"NetHunter" — Turn Your Android Device into hacking weapons

The developers of one of the most advance open source operating system for penetration testing, 'KALI Linux' have announced yesterday the release of a new Kali project, known as NetHunter, that runs on a Google Nexus device.Kali Linux is an open source Debian-based operating system for penetration testing and forensics, which is maintained and funded by Offensive Security, a provider of world-class information security training and penetration testing services. It comes wrapped with a collection of penetration testing and network monitoring tools used for testing of software privacy and security.After making its influence in hacker and security circles, Kali Linux has now been published with Kali Nethunter, a version of the security suite for Android devices. The tool is a mobile distribution designed to compromise systems via USB when installed and runon an Android phone.Kali Linux. NetHunter project provides much of the power to Nexus users, those running the NetHunter penetration testing platform can now launch attacks including Teensy keyboard via HID style attacks and BadUSB man-in-the-middle (MITM) networking attacks via USB human interface device (HID), wireless 802.11 frame injection, and could setup evil access points in a single click.
Nethunter is currently available for Nexus devices only, but builds for other Android devices are likely on the way. Nethunter contained a full Kali Linux toolset, including support for self destruction, software defined radio andthe ability to launch a Kali desktop VNC session on Nexus phone.The tools are designed for use by an attacker who has physical access to a device — an insider threat — or someone who gains access through social engineering, tailing etc.On one hand,Teensy Keyboard attackson PCs can be used to automatically elevate privileges on a Windows PC and install a reverse-HTTP tunnel to a remote workstation. 
On the other hand,BadUSBcan force a Windows PC to recognize the USB-connected phone as a network adapter and re-route all the traffic of the PC through it for monitoring purposes.Additionally, the Kali NetHunter configuration interface helps users to easily manage complex configuration files through a local web interface, which together with 802.11 wireless injection and a pre-configured connect VPN service make it a “formidable network security tool or discrete drop box – with Kali Linux at the tip of your fingers wherever you are.
”Kali NetHunter open source security platform supports Nexus 10 and 7 tablets and Nexus 5 phones built on the existing Kali (formerly Backtrack) Linux platform.
Download It fromhttp://www.offensive-security.com/kali-linux-nethunter-download/ here

Turn USB Drives Into Undetectable CyberWeapons

Once again USB has come up as a major threat to a vast number of users who use USB drives – including USB sticks and keyboards.
Security researchers have released a bunch of hacking tools that can be used to convert USB drive into silentmalwareinstaller.This vulnerability has come about to be known as "BadUSB", whose source code has been published by the researchers on the open source code hosting website Github, demanding manufacturers either to beef up protections for USB flash drive firmware and fix the problem or leave hundreds of millions of users vulnerable to the attack.
The code released by researchers
Adam Caudill and Brandon Wilson has capability to spread itself by hiding in the firmware meant to control the ways in which USB devices connect to computers. The hack utilizes the security flaw in the USB that allows an attacker to insert malicious code into their firmware.But Wait! What this means is that this critical vulnerability is now available online for hackers, cyber criminals and everybody to use so as to infect as many computers as they want.
SOURCE CODE AVAILABLE ONLINE TO EVERYBODY
In a talk at the Derbycon Hacker Conference in Louisville last week, the duo were able to reverse engineer the USB firmware, infect it with their own code, and essentially hijack the associated device. The researchers also underlined the danger of the Bad USB hack by going in-depth of the code.The security hole was first revealed by researchers from Berlin-based Security Research Labs (SRLabs in Germany)at the Black Hat security conference in LasVegas two months ago, and here you can watch the video of their presentation. The German researchers didn’t publish their source code because they thought it to be dangerous and too hard to patch.
The good news is that this vulnerability presents in only one USB manufacturer Phison electronics, a Taiwanese electronics company. But the bad side of it is that Phison USB sticks can infect any given device they are plugged into, and the company has not yet revealed who it manufactures USB sticks for. This is the fact it is still unclear as to how widespread the problem may be at the moment.A Phison USB stick can infect any type of computer, but it isn’t clear if its able to infect any other USB device that is plugged into them afterwards or not.
However, Phison controllers are found in a very large number of USB thumb drives available on the market.
Bad USB VULNERABILITY IS UNPATCHABLE
The flaw in USB basically modifies the firmware of USB devices, which can easily be done from inside the operating system, and hides the malware in USB devices in a way that it become almost impossible to detect it. The flaw goes worst when complete formatting or deleting the contents of a USB device wouldn't vanish the malicious code, since its embedded in the firmware.
IMPACT OF BadUSB ATTACK
Once compromised, the USB devices can reportedly:
*.enter keystrokes
*.alter files
*.affect Internet activity
*.infect other systems, as well, and then spread to additional USB devices
*.spoofs a network card and change the computer’s DNS setting to redirect traffic
*.emulates a keyboard and issue commands on behalf of the logged-in user,
for example to exfiltrate files or install malware
Get source code from here

Windows 10:Everything You Need To Know

As expected Microsofthas formally announcedthe new version of Windows. As no-one expected it will be called‘Windows 10’ not Windows 9. Why?
Because Microsoft claims it represents such a significant leap over Windows 8 that calling it Windows 9 would not do it justice.I can hear your groans now, but in Microsoft’s defence Windows 10 hassome major (and long awaited) improvements.
Here are the highlights:
One OS To Rule Them All Architecturally the biggest news is that Windows 10 is being designed to run across all device form factors. That means desktops, laptops, tablets, phablets and smartphones.“Windows 10 will run on the broadest amount of devices. A tailored experience for each device,” said Terry Myerson, Microsoft Executive VP of Operating Systems. “There will be one way to write a universal application, one store, one way for apps to be discovered purchased and updated across all of these devices.
”Microsoft didn’t break down when we might see a Windows 10 smartphone and how that would impact/absorb WindowsPhone (or even elaborate on the future for Windows Phone) but it does offer clear insight into Microsoft’s long term road map.
Update: Microsoft has now confirmed ‘Windows 10′ will also bethe next major version of Windows Phone. What devices get the upgrade and how Microsoft will handle it remains to be seen. Windows 10 Start Menu
The Start Menu Is Back , but Microsoft has finally confirmed the Start Menu will return. The leaks were spot on and it will combine both aspects of the classic Windows 7 start menu with apps from the Metro/Modern UI.
Searching with in the Start Menu will now perform a web search as well.Crucially its layout can be customised so apps can be removed or resized and the flexibility and personalisation potential of the Start Menu should win back fans disillusioned about its removal in Windows 8.
Better Touch/Keyboard And Mouse Integration
Microsoft has taken criticism seriously about the jarring nature of moving between touch and the keyboard and mouse elements of Windows 8.Microsoft is calling the new approach ‘Continuum’ and it is an umbrella term for a better merger between to different input methods. Continuum will be able to automatically switch between modes by detecting on how users interact with their device. It also carries over to design aspects like the new Start Menu, windowed apps within the desktop and so forth.“We’re trying to be thoughtful about a UI that goes across all devices,” explained Joe Belfiore, Corporate Vice President of the Operating Systems Group at Microsoft.He admits Continuum remains a work in progress with refinements to things like the Charms Bar (yesit is still there) set to be an ongoing process through the life of the public beta and right up to release (more on thatlater)
Virtual Desktops
Another leaked feature Microsoft confirmed today was virtual desktops. Microsoft didn’t give the feature an official name at this stage, but it works muchlike the long used multiple desktops on Linux and Exposé on Mac OS X.The view can be triggered with a new ‘task view’ button which both allows users to launch a new virtual desktop and jump between them. Interestingly the taskbarcan be customised to look different/relevant to each desktop allowinga simple leap from work to home modes, for example.Microsoft said all open programs in the virtual desktops will continue to run in the background, which makes for some interesting memory management challengesbut also greatly increases the potential productivity of Windows as well as de-cluttering the desktop space.
Pricing / Availability
It has been much speculated that Windows 10 may be given away free to upgraders or involve a nominal fee, but Microsoft revealed no information about this in either the presentation or Q&A afterwards.What we did learn is a technical preview of Windows 10 will be made available to users later this week (Microsoft is stressing it is only for advanced users and developers at this stage) and that an official release would not follow until ‘later in 2015’.
This suggests the OS is not as far along as many expected and Microsoft is keen to develop it in conjunctionwith user feedback.
Windows 10 Start Menu search
What Will Still Don’t Know:
A Lot Perhaps what is almost as interesting as what was revealed about Windows 10 is what Microsoft kept to itself.In addition to no news on pricing, Microsoft also didn’t touch on performance (install sizeand minimum hardwarerequirements), Cortana integration (thevoice assistant in Windows Phone 8.1), give a solid release time frame or go into any detail on how Windows 10 will handle scaling on high resolution screens – crucial given 4k monitors and super highresolution laptops are quickly gaining momentum.On the flip side what we did see is a more open Microsoft. A company, perhaps shaken by the decidedly mixed reaction to Windows 8 (however fair or unfair), that is now keen to try and mix the best aspects of Windows 7 and Windows 8 into a more user friendly experience. This means releasing early builds, issuing rapid fire updates and developing in conjunction with ongoing user feedback.
Windows 10 Product Family
Is choosing the ‘Windows 10’ moniker a step too far though? “It’sa name that resonated best with what we’ll deliver,” explained Myerson.Many would argue the struggles of Windows Phone and Windows 8 have put Microsoft into a terminal decline, but tonight’s announcement – while thin on details – suggests there is still life in the old dog yet.

Friday, 10 October 2014

"NetHunter" — Turn Your Android Device into Hacking Weapons


The developers of one of the most advance open source operating system for penetration testing, 'KALI Linux' have announced yesterday the release of a new Kali project, known as NetHunter, that runs on a Google Nexus device.Kali Linux is an open source Debian-based operating system for penetration testing and forensics, which is maintained and funded by Offensive Security, a provider of world-class information security training and penetration testing services. It comes wrapped with a collection of penetration testing and network monitoring tools used for testing of software privacy and security.After making its influence in hacker and security circles, Kali Linux has now been published with Kali Nethunter, a version of the security suite for Android devices. The tool is a mobile distribution designed to compromise systems via USB when installed and runon an Android phone.Kali Linux. NetHunter project provides much of the power to Nexus users, those running the NetHunter penetration testing platform can now launch attacks including Teensy keyboard via HID style attacks and BadUSB man-in-the-middle (MITM) networking attacks via USB human interface device (HID), wireless 802.11 frame injection, and could setup evil access points in a single click.

Nethunter is currently available for Nexus devices only, but builds for other Android devices are likely on the way. Nethunter contained a full Kali Linux toolset, including support for self destruction, software defined radio andthe ability to launch a Kali desktop VNC session on Nexus phone.The tools are designed for use by an attacker who has physical access to a device — an insider threat — or someone who gains access through social engineering, tailing etc.On one hand,Teensy Keyboard attackson PCs can be used to automatically elevate privileges on a Windows PC and install a reverse-HTTP tunnel to a remote workstation.

On the other hand,BadUSBcan force a Windows PC to recognize the USB-connected phone as a network adapter and re-route all the traffic of the PC through it for monitoring purposes.Additionally, the Kali NetHunter configuration interface helps users to easily manage complex configuration files through a local web interface, which together with 802.11 wireless injection and a pre-configured connect VPN service make it a “formidable network security tool or discrete drop box – with Kali Linux at the tip of your fingers wherever you are.

”Kali NetHunter open source security platform supports Nexus 10 and 7 tablets and Nexus 5 phones built on the existing Kali (formerly Backtrack) Linux platform.
download it here

Popular Posts