Turning a Regular USB Flash Drive into a USB Rubber Ducky

A long time ago, we reviewed some devices which should be in any hacker's toolbox. One of these devices was a USB Rubber Ducky — a device which resembles a regular USB flash drive. When connected to a computer, it claims to be a keyboard and quickly enters all its commands. It's a pretty cool thing and very useful for pentests, but why pay 40 dollars or more if a regular USB flash drive can be taught the same tricks?

Read full article →


The Children of CryptoLocker, Part 2. TeslaCrypt, TorLocker, TorrentLocker

Previous part: The Children of CryptoLocker, Part 1

The first examples of malware that encrypts files and then demands money for decryption appeared a long time ago. Just remember Trojan.Xorist with its primitive encryption algorithm based on XOR, or Trojan.ArchiveLock written in PureBasic, which used regular WinRAR for encryption and Sysinternals SDelete for deleting encrypted files, and demanded as much as five thousand dollars for decryption. However, it was CryptoLocker that established the bad trend among virus writers to use the latest achievements in cryptography as quite stable encryption algorithms. Today, we will investigate several encryption-based trojans which emerged after the notorious spread of CryptoLocker on the internet (or at the same time).

Read full article →


The Children of CryptoLocker, Part 1. Critroni, CryptoWall, DirCrypt

The first examples of malware that encrypts files and then demands money for decryption appeared a long time ago. Just remember Trojan.Xorist with its primitive encryption algorithm based on XOR, or Trojan.ArchiveLock written in PureBasic, which used regular WinRAR for encryption and Sysinternals SDelete for deleting encrypted files, and demanded as much as five thousand dollars for decryption. However, it was CryptoLocker that established the bad trend among virus writers to use the latest achievements in cryptography as quite stable encryption algorithms. Today, we will investigate several encryption-based trojans which emerged after the notorious spread of CryptoLocker on the internet (or at the same time).

Read full article →


Injection gloves-off: bypassing antivirus software with Shellter

The great problem for many pentests lies in the fact that any "charged" executable file created with Metasploit or other pentest frameworks can be tracked by any antivirus vendor. That is why a pentester has to find out a way to bypass antivirus software instead of going on with penetration. A lot of time is wasted on this task being performed from case to case. So, eventually, various tools for automation of this task started to appear; today we are going to review one of these cool tools, named Shellter.

Read full article →


Hidden threats of the IPv6

The most conservative estimates indicate that, by the end of 2015, the share of IPv6 traffic will reach at least 10%, and this growth will continue. A special protocol for regional registries also came into force recently. Now, a new block of IPv4 addresses will be issued only if the company proves it has already implemented IPv6. So if anyone needs a subnetwork of white IPv4 addresses, they will need to implement IPv6. This fact will also encourage the further growth of IPv6 systems and lead to an increase in traffic. As far as ordinary users are concerned, providers began appearing all over the world, issuing real IPv6-addresses to end subscribers. And so, IPv6 will be encountered more and more often, and that’s a fact we cannot ignore.

Read full article →


How to keep an eye on someone through an Android phone without bothering the owner

Everyone cares about their significant others' security. We all know that feeling when your calls are not answered and your Whatsapp messages not marked as read. In a moment like that you would do a lot to have any idea what is happening there. Although cell phone carriers offer geolocation services to locate another user, knowing your girlfriend is somewhere in the middle of Main Street will barely help. So what can we do about it?

Read full article →