Jump to content
YOUR-AD-HERE
HOSTING
TOOLS
SERVICE

Search the Community

Showing results for tags 'detection'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Staff Control
    • Staff Announcements
  • General doubts | News
    • General doubts
    • News
  • Hacking | Remote Administration | Bugs & Exploits
    • Hacking
    • Remote Administration
    • Bugs & Exploits
  • Programming | Web | SEO | Prefabricated applications
    • General Programming
    • Web Programming
    • Prefabricated Applications
    • SEO
  • Pentesting Zone
    • Pentesting Accounts
    • Reverse Engineering
  • Security & Anonymity
    • Security
    • Wireless Security
    • Web Security
    • Anonymity
  • Operating Systems | Hardware | Programs
    • Operating systems
    • Hardware
    • PC programs
    • iOS
    • Android
  • Graphic Design
    • Graphic Design
  • vBCms Comments
  • live stream tv
    • live stream tv
  • Marketplace
    • Sell
    • Services
    • Request
  • Pentesting Premium
    • Pentesting Accounts
  • Modders Section
    • Source Codes
    • Manuals | Videos
    • Tools
    • Others
  • PRIV8-Section
    • Exploits
    • Accounts|Dumps
    • Crypter|Binder|Bots
    • Tutorials|Videos
    • Cracked Tools
    • Make Money
    • More Tools
    • Databeses
    • Ebooks
  • Pentesting Zone PRIV8
    • Pentesting Accounts
    • Reverse Engineering
    • Cracker Preview Area
  • Carding Zone PRIV8
    • Carding
    • Phishing
    • Defacing
    • Doxing
    • Special User Premium Preview Area
  • Recycle Bin
    • Recycle
  • Null3D's Nulled Group

Product Groups

  • PRIV8
  • Advertising
  • Access Basic
  • Seller
  • Services

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


About Me

  1. GoTestWAF is a tool for API and OWASP attack simulation, that supports a wide range of API protocols including REST, GraphQL, gRPC, WebSockets, SOAP, XMLRPC, and others. It was designed to evaluate web application security solutions, such as API security proxies, Web Application Firewalls, IPS, API gateways, and others. Changelog v0.3.1 Fixed bugs [hide][Hidden Content]]
  2. Protect your end users and IT infrastructure against common ransomware attack vectors and efficiently monitor future threats Purchase of the print or Kindle book includes a free PDF eBook Key Features Learn to build security monitoring solutions based on Microsoft 365 and Sentinel Understand how Zero-Trust access and SASE services can help in mitigating risks Build a secure foundation for Windows endpoints, email, infrastructure, and cloud services Book Description If you're looking for an effective way to secure your environment against ransomware attacks, this is the book for you. From teaching you how to monitor security threats to establishing countermeasures to protect against ransomware attacks, Windows Ransomware Detection and Protection has it all covered. The book begins by helping you understand how ransomware attacks work, identifying different attack vectors, and showing you how to build a secure network foundation and Windows environment. You'll then explore ransomware countermeasures in different segments, such as Identity and Access Management, networking, Endpoint Manager, cloud, and infrastructure, and learn how to protect against attacks. As you move forward, you'll get to grips with the forensics involved in making important considerations when your system is attacked or compromised with ransomware, the steps you should follow, and how you can monitor the threat landscape for future threats by exploring different online data sources and building processes. By the end of this ransomware book, you'll have learned how configuration settings and scripts can be used to protect Windows from ransomware attacks with 50 tips on security settings to secure your Windows workload. What you will learn Understand how ransomware has evolved into a larger threat Secure identity-based access using services like multifactor authentication Enrich data with threat intelligence and other external data sources Protect devices with Microsoft Defender and Network Protection Find out how to secure users in Active Directory and Azure Active Directory Secure your Windows endpoints using Endpoint Manager Design network architecture in Azure to reduce the risk of lateral movement Who this book is for This book is for Windows administrators, cloud administrators, CISOs, and blue team members looking to understand the ransomware problem, how attackers execute intrusions, and how you can use the techniques to counteract attacks. Security administrators who want more insights into how they can secure their environment will also find this book useful. Basic Windows and cloud experience is needed to understand the concepts in this book. Table of Contents Ransomware Attack Vectors and the Threat Landscape Building a Secure Foundation Security Monitoring using Microsoft Sentinel and Defender Ransomware Countermeasures - Windows Endpoints, Identity, and SaaS Ransomware Countermeasures – Microsoft Azure Workloads Ransomware Countermeasures - Networking and Zero-Trust Access Protecting Information Using Azure Information Protection and Data Protection Ransomware Forensics Monitoring the Threat Landscape Best Practices for Protecting Windows from Ransomware Attacks [Hidden Content] [hide][Hidden Content]]
  3. CrossInjector is a Python tool to scan a list of URLs for Cross-Site Scripting (XSS) vulnerabilities. It uses Selenium WebDriver and ChromeDriver to execute JavaScript code and identify if a given URL is vulnerable to XSS attacks. [Hidden Content]
  4. Emotet detection tool for Windows OS [Hidden Content]
  5. Book Description The popularity of Android mobile phones has caused more cybercriminals to create malware applications that carry out various malicious activities. The attacks, which escalated after the COVID-19 pandemic, proved there is great importance in protecting Android mobile devices from malware attacks. Intelligent Mobile Malware Detection will teach users how to develop intelligent Android malware detection mechanisms by using various graph and stochastic models. The book begins with an introduction to the Android operating system accompanied by the limitations of the state-of-the-art static malware detection mechanisms as well as a detailed presentation of a hybrid malware detection mechanism. The text then presents four different system call-based dynamic Android malware detection mechanisms using graph centrality measures, graph signal processing and graph convolutional networks. Further, the text shows how most of the Android malware can be detected by checking the presence of a unique subsequence of system calls in its system call sequence. All the malware detection mechanisms presented in the book are based on the authors' recent research. The experiments are conducted with the latest Android malware samples, and the malware samples are collected from public repositories. The source codes are also provided for easy implementation of the mechanisms. This book will be highly useful to Android malware researchers, developers, students and cyber security professionals to explore and build defense mechanisms against the ever-evolving Android malware. Table of Contents 1. Internet and Android OS 2. Android Malware 3. Static Malware Detection 4. Dynamic and Hybrid Malware Detection 5. Detection Using Graph Centrality Measures 6. Graph Convolutional Network for Detection 7. Graph Signal Processing Based Detection 8. System Call Pattern Based Detection 9. Conclusions and Future Directions [Hidden Content] [hide][Hidden Content]]
  6. Security Onion Security Onion is a free and open-source Linux distribution for intrusion detection, enterprise security monitoring, and log management. It includes Elasticsearch, Logstash, Kibana, Snort, Suricata, Bro, OSSEC, Sguil, Squert, NetworkMiner, and many other security tools. The easy-to-use Setup wizard allows you to build an army of distributed sensors for your enterprise in minutes! Below are several diagrams to represent the current architecture and deployment scenarios for Security Onion on the Elastic Stack. Changelog v2.3.170 FEATURE: Events table(s) for Windows Events matching default view #8591 FEATURE: Split the winlog.event_data.Hashes field for Windows sysmon process creation events. #8593 FIX: Mapping error when trying to index Strelka logs generated from ELF files. #8592 UPGRADE: Elastic 8.4.1 #8794 UPGRADE: Zeek 4.0.9 #8774 [hide][Hidden Content]]
  7. A very good method to avoid detection of your payload is to change the signature result in your payload here you have explanation of the method, other method can be added [hide][Hidden Content]]
  8. Obfuscation Detection Automatically detect obfuscated code and other state machines Scripts to automatically detect obfuscated code and state machines in binaries. Implementation is based on IDA 7.4+ (Python3). Check out the following blog posts for more information on the Binary Ninja implementation: Automated Detection of Control-flow Flattening Automated Detection of Obfuscated Code Referenced Repository Note: Due to the recursive nature of plotting a dominator tree of every found function within the binary, the implementation and runtime overhead is expensive. As such, the flattening heuristic is omitted when the binary loaded has more than 50 functions. Functions will be skipped if the ctree structure is too large (more than 50 nodes) to prevent crashes. Changelog v1.7 Support for IDA 7.4+ (Including 7.7 onwards) Added version check for deprecated API functions [hide][Hidden Content]]
  9. Security Onion is a free and open-source Linux distribution for intrusion detection, enterprise security monitoring, and log management. It includes Elasticsearch, Logstash, Kibana, Snort, Suricata, Bro, OSSEC, Sguil, Squert, NetworkMiner, and many other security tools. The easy-to-use Setup wizard allows you to build an army of distributed sensors for your enterprise in minutes! Below are several diagrams to represent the current architecture and deployment scenarios for Security Onion on the Elastic Stack. Changelog v2.3.110 FEATURE: Full ECS data type compliance #6747 FEATURE: Intrusion Detection Honeypot Node #7138 FEATURE: Multi-Factor Authentication (MFA) for Security Onion #7316 FEATURE: Populate Zeek’s networks.cfg with $HOME_NET #6854 FEATURE: SOC authentication logs will now be ingested into Elasticsearch #7354 FEATURE: sort indices list alphabetically by index name #6969 FIX: ACNG should clear the cache on restart #7114 FIX: Abort so-user sync if Kratos database is locked #7459 FIX: Add Endgame Index settings to the global.sls on new installs #7293 FIX: Allow downgrades during docker_install #7228 FIX: Avoid telegraf apparmor issues #2560 FIX: Composable Templates #4644 FIX: Increase minimum password length from 6 to 8 characters #7352 FIX: Navigator should ship with all needed files #1162 FIX: Prevent Elasticsearch deprecation notices from causing installation failures #7353 FIX: Random passwords generated at setup contain character combinations that cause problems with some containers #7233 FIX: curator should exclude so-case* indices #7270 FIX: so-ip-update needs to update Kibana dashboards #7237 FIX: so-status TTY improvements #7355 UPGRADE: Elastic 7.17.1 #7137 UPGRADE: FleetDM to 4.10.0 #7245 UPGRADE: Grafana 8.4.1 #7281 UPGRADE: Kratos 0.8.2-alpha.1 #7351 [hide][Hidden Content]]
  10. Obfuscation Detection Automatically detect obfuscated code and other state machines Scripts to automatically detect obfuscated code and state machines in binaries. Implementation is based on IDA 7.4+ (Python3). Check out the following blog posts for more information on the Binary Ninja implementation: Automated Detection of Control-flow Flattening Automated Detection of Obfuscated Code Referenced Repository Note: Due to the recursive nature of plotting a dominator tree of every found function within the binary, the implementation and runtime overhead is expensive. As such, the flattening heuristic is omitted when the binary loaded has more than 50 functions. Functions will be skipped if the ctree structure is too large (more than 50 nodes) to prevent crashes. Changelog v1.6 Refactor plugin handler Removed duplicate banner print Changed PLUGIN_FIX to PLUGIN_HIDE, user can just use Ctrl-Shift-H Code cleanup in #5 [hide][Hidden Content]]
  11. Obfuscation Detection Automatically detect control-flow flattening and other state machines Scripts and binaries to automatically detect control-flow flattening and other state machines in binaries. Changelog v1.3 added fine-granular heuristic selection [hide][Hidden Content]]
  12. Security Onion Security Onion is a free and open source Linux distribution for intrusion detection, enterprise security monitoring, and log management. It includes Elasticsearch, Logstash, Kibana, Snort, Suricata, Bro, OSSEC, Sguil, Squert, NetworkMiner, and many other security tools. The easy-to-use Setup wizard allows you to build an army of distributed sensors for your enterprise in minutes! Below are several diagrams to represent the current architecture and deployment scenarios for Security Onion on the Elastic Stack. Core Components Logstash – Parse and format logs. Elasticsearch – Ingest and index logs. Kibana – Visualize ingested log data. Auxiliary Components Curator – Manage indices through scheduled maintenance. ElastAlert – Query Elasticsearch and alert on user-defined anomalous behavior or other interesting bits of information. FreqServer -Detect DGAs and find random file names, script names, process names, service names, workstation names, TLS certificate subjects and issuer subjects, etc. DomainStats – Get additional info about a domain by providing additional context, such as creation time, age, reputation, etc. Changelog v2.3.90 Changes FEATURE: Add ASN annotation for GeoIP #5068 FEATURE: Add Endgame Support for Security Onion #6166 FEATURE: Add TI Module #5916 FEATURE: Add additional flags to stenographer config #5851 FEATURE: Add filebeat, auditbeat, and metricbeat downloads to SOC Download screen #5849 FEATURE: Add logstash and redis input plugins to telegraf #5960 FEATURE: Add so-deny script for removing access from firewall and other apps #4621 FEATURE: Add support for escalation to Elastic Cases #6048 FEATURE: Allow for Kibana customizations via pillar #3933 FEATURE: Allow users to set their profile information #5846 FEATURE: Allow vlan tagged NICs to be used as management interface #3687 FEATURE: Create Pipeline Overview Dashboard for Grafana #6177 FEATURE: Create script to reset elastic auth passwords #6206 FEATURE: Enable Kibana Settings for encryption #6146 FEATURE: Expose new user profile field for specifying a custom note about a user #5847 FEATURE: HTTP module for SOC event escalation #5791 FEATURE: Increase password lengths, provide a way to change existing passwords #6043 FEATURE: Indicate that setup has completed at the very end of sosetup.log #5032 FEATURE: Prevent SOUP from running if there is an issue with the manager pillar #5809 FEATURE: Provide quick-select date ranges from Hunt/Alerts date range picker #5953 FEATURE: SOC Hunt Timeline/Charts should be collapsible #5114 FEATURE: Support Ubuntu 20.04 #601 FEATURE: setup should run so-preflight #3497 FIX: ACNG sometimes returns 503 errors when updating Ubuntu through the manager #6151 FIX: Add details to Setup for Install Type menus #6105 FIX: Adjust timeout in check_salt_minion_status in so-functions #5818 FIX: All templates should honor replica settings #6005 FIX: Clear holds on Ubuntu installs #5588 FIX: Consider making the airgap option only settable on the manager #5914 FIX: Docker containers should not start unless file events are completed #5955 FIX: Ensure soc_users_roles file is cleaned up if incorrectly mounted by Docker #5952 FIX: Favor non-aggregatable data type when a cache field has multiple conflicting data types #5962 FIX: Firefox tooltips stuck on Hunt and Alerts screens #6010 FIX: Grafana sensor graphs only show interface graphs when selected individually #6007 FIX: Kibana saved objects #5193 FIX: Modify Steno packet loss calculation to show point in time packet loss #6060 FIX: Remove CURCLOSEDAYS prompt in Setup since it is no longer used #6084 FIX: Remove references to xenial (Ubuntu 16.04) from setup #4292 FIX: Remove unnecessary screens from Analyst Setup #5615 FIX: SOC docker should not start until file managed state runs #5954 FIX: SOC unable to acknowledge alerts when not grouped by rule.name #5221 FIX: Setup should ask if new or existing distributed deployment #6115 FIX: Setup should prevent invalid characters in Node Description field #5937 FIX: Support non-WEL Beats #6063 FIX: Unnecessary Port Binding for so-steno #5981 FIX: Use yaml.safe_load() in so-firewall (thanks to @clairmont32) #5750 FIX: Zeek state max depth not working #5558 FIX: so-ip-update should grant mysql root user access on new IP #4811 FIX: docker group can be given gid used by salt created groups #6071 FIX: packetloss.sh gives an error every 10 min though ZEEK is disabled #5759 FIX: so-import-evtx elastic creds & logging #6065 FIX: so-user delete function causes re-migration of user roles #5897 FIX: wazuh-register-agent times out after 15 minutes lower to 5 minutes #5794 FIX: yum pkg.clean_metadata occasionally fails during setup #6113 UPGRADE: ElastAlert to 2.2.2 #5751 UPGRADE: Elastic to 7.15.2 #5752 UPGRADE: FleetDM to 4.5 #6188 UPGRADE: Grafana to 8.2.3 #5852 UPGRADE: Kratos to 0.7.6-alpha.1 #5848 UPGRADE: Redis to 6.2.6 #6140 UPGRADE: Suricata to 6.0.4 #6274 UPGRADE: Telegraf to 1.20.3 #6075 [hide][Hidden Content]]
  13. Security Onion Security Onion is a free and open source Linux distribution for intrusion detection, enterprise security monitoring, and log management. It includes Elasticsearch, Logstash, Kibana, Snort, Suricata, Bro, OSSEC, Sguil, Squert, NetworkMiner, and many other security tools. The easy-to-use Setup wizard allows you to build an army of distributed sensors for your enterprise in minutes! Below are several diagrams to represent the current architecture and deployment scenarios for Security Onion on the Elastic Stack. Core Components Logstash – Parse and format logs. Elasticsearch – Ingest and index logs. Kibana – Visualize ingested log data. Auxiliary Components Curator – Manage indices through scheduled maintenance. ElastAlert – Query Elasticsearch and alert on user-defined anomalous behavior or other interesting bits of information. FreqServer -Detect DGAs and find random file names, script names, process names, service names, workstation names, TLS certificate subjects and issuer subjects, etc. DomainStats – Get additional info about a domain by providing additional context, such as creation time, age, reputation, etc. Changelog v2.3.80 FEATURE: Ability to disable Zeek, Suricata #4429 FEATURE: Add docs link to Setup #5459 FEATURE: Add evtx support in Import Node #2206 FEATURE: Consolidate whiptail screens when selecting optional components #5456 FEATURE: Distinguish between Zeek generated syslog and normal syslog in hunt for event fields #5403 FEATURE: Enable index sorting to increase search speed #5287 FEATURE: Expose options for elasticsearch.yml via Salt pillar #1257 FEATURE: Role-based access control (RBAC) #5614 FEATURE: soup -y for automation #5043 FIX: Add new default filebeat module indices to the global pillar. #5526 FIX: all.rules file can become empty on non-airgap deployments if manager does not have access to the internet. #3619 FIX: Curator cron should run less often #5189 FIX: Improve unit test maintainability by refactoring to use Golang assertion library #5604 FIX: Invalid password message should also mention dollar signs are not allowed #5381 FIX: Max files for steno should use a pillar value for easy tuning. #5393 FIX: Remove raid check for official cloud appliances #5449 FIX: Remove watermark settings from global pillar. #5520 FIX: SOC Username case sensitivity #5154 FIX: so-user tool should validate password before adding user to SOC #5606 FIX: Switch to new Curator auth params #5273 UPGRADE: Curator to 5.8.4 #5272 UPGRADE: CyberChef to 9.32.2 #5158 UPGRADE: SOC UI 3rd Party dependencies to latest versions #5603 UPGRADE: Zeek to 4.0.4 #5630 [hide][Hidden Content]]
  14. Detection Lab Purpose This lab has been designed with defenders in mind. Its primary purpose is to allow the user to quickly build a Windows domain that comes pre-loaded with security tooling and some best practices when it comes to system logging configurations. It can easily be modified to fit most needs or expanded to include additional hosts. Read more about Detection Lab on Medium here: [Hidden Content] NOTE: This lab has not been hardened in any way and runs with default vagrant credentials. Please do not connect or bridge it to any networks you care about. This lab is deliberately designed to be insecure; the primary purpose of it is to provide visibility and introspection into each host. Primary Lab Features: Microsoft Advanced Threat Analytics ([Hidden Content]) is installed on the WEF machine, with the lightweight ATA gateway installed on the DC A Splunk forwarder is pre-installed and all indexes are pre-created. Technology add-ons are also preconfigured. A custom Windows auditing configuration is set via GPO to include command-line process auditing and additional OS-level logging Palantir’s Windows Event Forwarding subscriptions and custom channels are implemented Powershell transcript logging is enabled. All logs are saved to \\wef\pslogs osquery comes installed on each host and is pre-configured to connect to a Fleet server via TLS. Fleet is preconfigured with the configuration from Palantir’s osquery Configuration Sysmon is installed and configured using Olaf Hartong’s open-sourced Sysmon configuration All autostart items are logged to Windows Event Logs via AutorunsToWinEventLog Zeek and Suricata are pre-configured to monitor and alert on network traffic Apache Guacamole is installed to easily access all hosts from your local browser Detection Lab consists of 4 total hosts: DC – Windows 2016 Domain Controller WEF Server Configuration GPO Powershell logging GPO Enhanced Windows Auditing policy GPO Sysmon osquery Splunk Universal Forwarder (Forwards Sysmon & osquery) Sysinternals Tools WEF – Windows 2016 Server Windows Event Collector Windows Event Subscription Creation Powershell transcription logging share Sysmon osquery Splunk Universal Forwarder (Forwards WinEventLog & Powershell & Sysmon & osquery) Sysinternals tools Win10 – Windows 10 Workstation Simulates employee workstation Sysmon osquery Splunk Universal Forwarder (Forwards Sysmon & osquery) Sysinternals Tools Logger – Ubuntu 16.04 Splunk Enterprise Fleet osquery Manager [hide][Hidden Content]]
  15. Obfuscation Detection Automatically detect obfuscated code and other state machines Scripts to automatically detect obfuscated code and state machines in binaries. Implementation is based on IDA 7.4+ (Python3). Check out the following blog posts for more information on the Binary Ninja implementation: Automated Detection of Control-flow Flattening Automated Detection of Obfuscated Code Referenced Repository Note: Due to the recursive nature of plotting a dominator tree of every found function within the binary, the implementation and runtime overhead is expensive. As such, the flattening heuristic is omitted when the binary loaded has more than 50 functions. Functions will be skipped if the ctree structure is too large (more than 50 nodes) to prevent crashes. Changelog v1.5 GUI Features: QTable Heuristic result view Node limiting Single/All function heuristic search Heuristic result export Heuristic Features: Control-Flow Flattening Cyclomatic Complexity Basic Block Size Instruction Overlapping [hide][Hidden Content]]
  16. Automatically detect obfuscated code and other state machines Changelog v1.1 fixed plugin.json [hide][Hidden Content]]
  17. Security Onion Security Onion is a free and open source Linux distribution for intrusion detection, enterprise security monitoring, and log management. It includes Elasticsearch, Logstash, Kibana, Snort, Suricata, Bro, OSSEC, Sguil, Squert, NetworkMiner, and many other security tools. The easy-to-use Setup wizard allows you to build an army of distributed sensors for your enterprise in minutes! Below are several diagrams to represent the current architecture and deployment scenarios for Security Onion on the Elastic Stack. Changelog v2.3.61 FIX: Airgap link to Release Notes #4685 FIX: CyberChef unable to load due to recent Content Security Policy restrictions #4885 FIX: Suricata dns.response.code needs to be renamed to dns.response.code_name #4770 UPGRADE: alpine 3.12.1 to latest for Fleet image #4823 UPGRADE: Elastic 7.13.4 #4730 UPGRADE: Zeek 4.0.3 #4716 [hide][Hidden Content]]
  18. Security Onion is a free and open source Linux distribution for intrusion detection, enterprise security monitoring, and log management. It includes Elasticsearch, Logstash, Kibana, Snort, Suricata, Bro, OSSEC, Sguil, Squert, NetworkMiner, and many other security tools. The easy-to-use Setup wizard allows you to build an army of distributed sensors for your enterprise in minutes! Below are several diagrams to represent the current architecture and deployment scenarios for Security Onion on the Elastic Stack. Core Components Logstash – Parse and format logs. Elasticsearch – Ingest and index logs. Kibana – Visualize ingested log data. Auxiliary Components Curator – Manage indices through scheduled maintenance. ElastAlert – Query Elasticsearch and alert on user-defined anomalous behavior or other interesting bits of information. FreqServer -Detect DGAs and find random file names, script names, process names, service names, workstation names, TLS certificate subjects and issuer subjects, etc. DomainStats – Get additional info about a domain by providing additional context, such as creation time, age, reputation, etc. Changelog v2.3.30 Zeek is now at version 3.0.13. CyberChef is now at version 9.27.2. Elastic components are now at version 7.10.2. This is the last version that uses the Apache license. Suricata is now at version 6.0.1. Salt is now at version 3002.5. Suricata metadata parsing is now vastly improved. If you choose Suricata for metadata parsing, it will now extract files from the network and send them to Strelka. You can add additional mime types here: [Hidden Content] It is now possible to filter Suricata events from being written to the logs. This is a new Suricata 6 feature. We have included some examples here: [Hidden Content] The Kratos docker container will now perform DNS lookups locally before reaching out to the network DNS provider. Network configuration is now more compatible with manually configured OpenVPN or Wireguard VPN interfaces. so-sensor-clean will no longer spawn multiple instances. Suricata eve.json logs will now be cleaned up after 7 days. This can be changed via the pillar setting. Fixed a security issue where the backup directory had improper file permissions. The automated backup script on the manager now backs up all keys along with the salt configurations. Backup retention is now set to 7 days. Strelka logs are now being rotated properly. Elastalert can now be customized via a pillar. Introduced new script so-monitor-add that allows the user to easily add interfaces to the bond for monitoring. Setup now validates all user input fields to give up-front feedback if an entered value is invalid. There have been several changes to improve install reliability. Many install steps have had their validation processes reworked to ensure that required tasks have been completed before moving on to the next step of the install. Users are now warned if they try to set “securityonion” as their hostname. The ISO should now identify xvda and nvme devices as install targets. At the end of the first stage of the ISO setup, the ISO device should properly unmount and eject. The text selection of choosing Suricata vs Zeek for metadata is now more descriptive. The logic for properly setting the LOG_SIZE_LIMIT variable has been improved. When installing on Ubuntu, Setup will now wait for cloud init to complete before trying to start the install of packages. The firewall state runs considerably faster now. ICMP timestamps are now disabled. Copyright dates on all Security Onion specific files have been updated. so-tcpreplay (and indirectly so-test) should now work properly. The Zeek packet loss script is now more accurate. Grafana now includes an estimated EPS graph for events ingested on the manager. Updated Elastalert to release 0.2.4-alt2 based on the [Hidden Content] alt branch. Pivots from Alerts/Hunts to action links will properly URI encode values. Hunt timeline graph will properly scale the data point interval based on the search date range. Grid interface will properly show “Search” as the node type instead of “so-node”. Import node now supports airgap environments. The so-mysql container will now show “healthy” when viewing the docker ps output. The Soctopus configuration now uses private IPs instead of public IPs, allowing network communications to succeed within the grid. The Correlate action in Hunt now groups the OR filters together to ensure subsequent user-added filters are correctly ANDed to the entire OR group. Add support to so-firewall script to display existing port groups and host groups. Hive init during Setup will now properly check for a running ES instance and will retry connectivity checks to TheHive before proceeding. Changes to the .security analyzer yields more accurate query results when using Playbook. Several Hunt queries have been updated. The pfSense firewall log parser has been updated to improve compatibility. Kibana dashboard hyperlinks have been updated for faster navigation. Added a new so-rule script to make it easier to disable, enable, and modify SIDs. ISO now gives the option to just configure the network during setup. [hide][Hidden Content]]
  19. ssrf-king SSRF plugin for burp that Automates SSRF Detection in all of the Request Upcoming Features Checklist ✔️ It will soon have a user Interface to specify your own call back payload It will soon be able to test Json & XML Features ✔️ Test all of the requests for any external interactions. ✔️ Checks to see if any interactions are not the user’s IP if it is, it’s an open redirect. ✔️ Alerts the user for any external interactions with information such as: Endpoint Vulnerable Host Location Found It also performs the following tests based on this research. Scanning Options ✔️ Supports Both Passive & Active Scanning. Example Load the website you want to test. Load the plugin. Keep note of the Burp Collab Payload. Passively crawl the page, ssrf-king test everything in the request on the fly.SSRF Detection When it finds a vulnerability it logs the information and adds an alert. From here onwards you would fuzz the parameter to test for SSRF. SSRF-King v1.12 I have released v1.12 that has a small UI Design where you can specify your own call-back payload. Changes: Implemented checkbox for http:// and https:// Plugin now uses JDK 14 code compliance 9 which should work with all versions, let me know if it doesn't Bug fixes: Fixed parameter testing. When it reported a X-Forwarded-Host it came up as X-Forwarded-For The test cases for the following are now fixed and work. [hide][Hidden Content]]
  20. Static detection technologies based on signature-based approaches that are widely used in Android platform to detect malicious applications. It can accurately detect malware by extracting signatures from test data and then comparing the test data with the signature samples of virus and benign samples. However, this method is generally unable to detect unknown malware applications. This is because, sometimes, the machine code can be converted into assembly code, which can be easily read and understood by humans. Furthuremore, the attacker can then make sense of the assembly instructions and understand the functioning of the program from the same. Therefore we focus on observing the behaviour of the malicious software while it is actually running on a host system. The dynamic behaviours of an application are conducted by the system call sequences at the end. Hence, we observe the system call log of each application, use the same for the construction of our dataset, and finally use this dataset to classify an unknown application as malicious or benign. [hide][Hidden Content]]
  21. Security Onion 2.3.21 - Linux distro for intrusion detection, enterprise security monitoring, and log management Security Onion is a free and open source Linux distribution for intrusion detection, enterprise security monitoring, and log management. It includes Elasticsearch, Logstash, Kibana, Snort, Suricata, Bro, OSSEC, Sguil, Squert, NetworkMiner, and many other security tools. The easy-to-use Setup wizard allows you to build an army of distributed sensors for your enterprise in minutes! Below are several diagrams to represent the current architecture and deployment scenarios for Security Onion on the Elastic Stack. Core Components Logstash – Parse and format logs. Elasticsearch – Ingest and index logs. Kibana – Visualize ingested log data. Auxiliary Components Curator – Manage indices through scheduled maintenance. ElastAlert – Query Elasticsearch and alert on user-defined anomalous behavior or other interesting bits of information. FreqServer -Detect DGAs and find random file names, script names, process names, service names, workstation names, TLS certificate subjects and issuer subjects, etc. DomainStats – Get additional info about a domain by providing additional context, such as creation time, age, reputation, etc. Changelog v2.3.21 soup has been refactored. You will need to run it a few times to get all the changes properly. We are working on making this even easier for future releases. soup now has awareness of Elastic Features and now downloads the appropriate Docker containers. The Sensors interface has been renamed to Grid. This interface now includes all Security Onion nodes. Grid interface now includes the status of the node. The status currently shows either Online (blue) or Offline (orange). If a node does not check-in on time then it will be marked as Offline. Grid interface now includes the IP and Role of each node in the grid. Grid interface includes a new Filter search input to filter the visible list of grid nodes to a desired subset. As an example, typing in “sensor” will hide all nodes except those that behave as a sensor. The Grid description field can now be customized via the local minion pillar file for each node. SOC will now draw attention to an unhealthy situation within the grid or with the connection between the user’s browser and the manager node. For example, when the Grid has at least one Offline node the SOC interface will show an exclamation mark in front of the browser tab’s title and an exclamation mark next to the Grid menu option in SOC. Additionally, the favicon will show an orange marker in the top-right corner (dynamic favicons not supported in Safari). Additionally, if the user’s web browser is unable to communicate with the manager the unhealth indicators appear along with a message at the top of SOC that states there is a connection problem. Docker has been upgraded to the latest version. Docker should be more reliable now as Salt is now managing daemon.json. You can now install Elastic in a traditional cluster. When setting up the manager select Advanced and follow the prompts. Replicas are controlled in global.sls. You can now use Hot and Warm routing with Elastic in a traditional cluster. You can change the box.type in the minion’s sls file. You will need to create a curator job to re-tag the indexes based on your criteria. Telegraf has been updated to version 1.16.3. Grafana has been updated to 7.3.4 to resolve some XSS vulnerabilities. Grafana graphs have been changed to graphs vs guages so alerting can be set up. Grafana is now completely pillarized, allowing users to customize alerts and making it customizable for email, Slack, etc. See the docs here: [Hidden Content] Yara rules now should properly install on non-airgap installs. Previously, users had to wait for an automated job to place them in the correct location. Strelka backend will not stop itself any more. Previously, its behavior was to shut itself down after fifteen minutes and wait for Salt to restart it to look for work before shutting down again. Strelka daily rule updates are now logged to /nsm/strelka/log/yara-update.log Several changes to the setup script to improve install reliability. Airgap now supports the import node type. Custom Zeek file extraction values in the pillar now work properly. TheHive has been updated to support Elastic 7. Cortex image now includes whois package to correct an issue with the CERTatPassiveDNS analyzer. Hunt and Alert quick action menu has been refactored into submenus. New clipboard quick actions now allow for copying fields or entire events to the clipboard. PCAP Add Job form now retains previous job details for quickly adding additional jobs. A new Clear button now exists at the bottom of this form to clear out these fields and forget the previous job details. PCAP Add Job form now allows users to perform arbitrary PCAP lookups of imported PCAP data (data imported via the so-import-pcap script). Downloads page now allows direct download of Wazuh agents for Linux, Mac, and Windows from the manager, and shows the version of Wazuh and Elastic installed with Security Onion. PCAP job interface now shows additional job filter criteria when expanding the job filter details. Upgraded authentication backend to Kratos 0.5.5. SOC tables with the “Rows per Page” dropdown no longer show truncated page counts. Several Hunt errors are now more descriptive, particularly those around malformed queries. SOC Error banner has been improved to avoid showing raw HTML syntax, making connection and server-side errors more readable. Hunt and Alerts interfaces will now allow pivoting to PCAP from a group of results if the grouped results contain a network.community_id field. New “Correlate” quick action will pivot to a new Hunt search for all events that can be correlated by at least one of various event IDs. Fixed bug that caused some Hunt queries to not group correctly without a .keyword suffix. This has been corrected so that the .keyword suffix is no longer necessary on those groupby terms. Fixed issue where PCAP interface loses formatting and color coding when opening multiple PCAP tabs. Alerts interface now has a Refresh button that allows users to refresh the current alerts view without refreshing the entire SOC application. Hunt and Alerts interfaces now have an auto-refresh dropdown that will automatically refresh the current view at the selected frequency. The so-elastalert-test script has been refactored to work with Security Onion 2.3. The included Logstash image now includes Kafka plugins. Wazuh agent registration process has been improved to support slower hardware and networks. An Elasticsearch ingest pipeline has been added for suricata.ftp_data. Elasticsearch’s indices.query.bool.max_clause_count value has been increased to accommodate a slightly larger number of fields (1024 -> 1500) when querying using a wildcard. On nodes being added to an existing grid, setup will compare the version currently being installed to the manager (>=2.3.20), pull the correct Security Onion version from the manager if there is a mismatch, and run that version. Setup will gather any errors found during a failed install into /root/errors.log for easy copy/paste and debugging. Selecting Suricata as the metadata engine no longer results in the install failing. so-rule-update now accepts arguments to idstools. For example, so-rule-update -f will force idstools to pull rules, ignoring the default 15-minute pull limit. [hide][Hidden Content]]
  22. Security Onion Security Onion is a free and open source Linux distribution for intrusion detection, enterprise security monitoring, and log management. It includes Elasticsearch, Logstash, Kibana, Snort, Suricata, Bro, OSSEC, Sguil, Squert, NetworkMiner, and many other security tools. The easy-to-use Setup wizard allows you to build an army of distributed sensors for your enterprise in minutes! Below are several diagrams to represent the current architecture and deployment scenarios for Security Onion on the Elastic Stack. Core Components Logstash – Parse and format logs. Elasticsearch – Ingest and index logs. Kibana – Visualize ingested log data. Auxiliary Components Curator – Manage indices through scheduled maintenance. ElastAlert – Query Elasticsearch and alert on user-defined anomalous behavior or other interesting bits of information. FreqServer -Detect DGAs and find random file names, script names, process names, service names, workstation names, TLS certificate subjects and issuer subjects, etc. DomainStats – Get additional info about a domain by providing additional context, such as creation time, age, reputation, etc. Changelog v2.2 RC3 First, we have a new so-analyst script that will optionally install a GNOME desktop environment, Chromium web browser, NetworkMiner, Wireshark, and many other analyst tools. Next, we’ve collapsed Hunt filter icons and action links into a new quick action bar that will appear when you click a field value. Actions include: Filtering the hunt query Pivot to PCAP Create an alert in TheHive Google search for the value Analyze the value on VirusTotal.com Finally, we’ve greatly improved support for airgap deployments. There is more work to be done in the next release, but we’re getting closer! [hide][Hidden Content]]
  23. Introduction CMSeeK is a CMS detection and exploitation tool, written in Python3, capable of scanning numerous content management systems including WordPress, Joomla, Drupal, etc. It allows you to run both simple CMS detection and deep scans, as well as multisite scans. Currently it can be ran on any Unix-based system (Linux, OS X), but soon it’ll be available for Windows, too. Features: CMSeeK can perform basic CMS detection: for plenty of different CMS (150+). Capable of advanced WordPress scans: plugins, user and theme enumeration; version and user detection (3 different detection modes); version vulnerabilities detection, etc. Beside WordPress version detection, it can detect Drupal version. Capable of Advanced Joomla scans: admin page and backup files finder; core vulnerability and config leak detection; directory listing checks, etc. It has modular brute-force system: you can use pre made or create your own modules and integrate it within CMSeeK system. And so much more. Version 1.1.3 updates: Release Date: 25th July 2020 Added new CMS: Smartstore Solusquare Commerce Cloud Spree Brightspot CMS Amiro.CMS Weebly ekmPowershop GoDaddy Website Builder WHMCS Zen Cart OpenNemas CMS IPO CMS Version detection added for: Amiro.CMS GoDaddy Website Builder Added WordPress Bruteforce via XML-RPC improved logging for joomla scans improved logging for WordPress deep scan Switched to wpvulns.com for wordpress vulnerabilities Added --light-scan argument Added (--only-cms, -o) argument [hide][Hidden Content]]
  24. Security Onion 16.04.6.5 - Linux distro for intrusion detection, enterprise security monitoring, and log management Security Onion Security Onion is a free and open source Linux distribution for intrusion detection, enterprise security monitoring, and log management. It includes Elasticsearch, Logstash, Kibana, Snort, Suricata, Bro, OSSEC, Sguil, Squert, NetworkMiner, and many other security tools. The easy-to-use Setup wizard allows you to build an army of distributed sensors for your enterprise in minutes! Below are several diagrams to represent the current architecture and deployment scenarios for Security Onion on the Elastic Stack. Core Components Logstash – Parse and format logs. Elasticsearch – Ingest and index logs. Kibana – Visualize ingested log data. Auxiliary Components Curator – Manage indices through scheduled maintenance. ElastAlert – Query Elasticsearch and alert on user-defined anomalous behavior or other interesting bits of information. FreqServer -Detect DGAs and find random file names, script names, process names, service names, workstation names, TLS certificate subjects and issuer subjects, etc. DomainStats – Get additional info about a domain by providing additional context, such as creation time, age, reputation, etc. Changelog v16.04.6.5 Zeek 3.0.3 Suricata 4.1.7 Elastic 6.8.7 CyberChef 9.18.2 [Hidden Content]
  25. ApplicationInspector v1.0.24 Microsoft Application Inspector is a software source code analysis tool that helps identify and surface well-known features and other interesting characteristics of source code to aid in determining what the software is or what it does. Application Inspector is different from traditional static analysis tools in that it doesn’t attempt to identify “good” or “bad” patterns; it simply reports what it finds against a set of over 400 rule patterns for feature detection including features that impact security such as the use of cryptography and more. This can be extremely helpful in reducing the time needed to determine what Open Source or other components do by examining the source directly rather than trusting to limited documentation or recommendations. The tool supports scanning various programming languages including C, C++, C#, Java, JavaScript, HTML, Python, Objective-C, Go, Ruby, PowerShell and more and includes HTML, JSON and text output formats with the default being an HTML report similar to the one shown here. It includes a filterable confidence indicator to help minimize false positives matches as well as customizable default rules and conditional match logic. Goals Application Inspector helps inform you better for choosing the best components to meet your needs with a smaller footprint of unknowns for keeping your application attack surface smaller. It helps you to avoid inclusion of components with unexpected features you don’t want. Application Inspector can help identify feature deltas or changes between component versions which can be critical for detecting injection of backdoors. It can be used to automate detection of features of interest to identify components that require additional scrutiny as part of your build pipeline or create a repository of metadata regarding all of your enterprise application. Basically, we created Application Inspector to help us identify risky third party software components based on their specific features, but the tool is helpful in many non-security contexts as well. Application Inspector v1.0 is now in GENERAL AUDIENCE release status. Your feedback is important to us. If you’re interested in contributing, please review the CONTRIBUTING.md. Getting Application Inspector To use Application Inspector, download the relevant binary (either platform-specific or the multi-platform .NET Core release). If you use the .NET Core version, you will need to have .NET Core 3.0 or later installed. See the JustRunIt.md or Build.md files for help. It might be valuable to consult the project wiki for additional background on Rules, Tags and more used to identify features. Tags are used as a systematic heirarchal nomenclature e.g. Cryptography.Protocol.TLS to more easily represent features. Usage Application Inspector is a command-line tool. Run it from a command line in Windows, Linux, or MacOS. Examples: Command Help Usage: dotnet AppInspector.dll [arguments] [options] dotnet AppInspector.dll -description of available commands dotnet AppInspector.dll <command> -options description for a given command Analyze Command Usage: dotnet AppInspector.dll analyze [arguments] [options] Arguments: -s, --source-path Required. Path to source code to inspect (required) -o, --output-file-path Path to output file. Ignored with -f html option which auto creates output.html -f, --output-file-format (Default: html) Output format [html|json|text] -e, --text-format (Default: Tag:%T,Rule:%N,Ruleid:%R,Confidence:%X,File:%F,Sourcetype:%t,Line:%L,Sample:%m) -r, --custom-rules-path Custom rules path -t, --tag-output-only (Default: false) Output only contains identified tags -i, --ignore-default-rules (Default: false) Ignore default rules bundled with application -d, --allow-dup-tags (Default: false) Output only contains non-unique tag matches -c, --confidence-filters (Default: high,medium) Output only if matches rule pattern confidence [<value>,] [high|medium|low] -k, --include-sample-paths (Default: false) Include source files with (sample,example,test,.vs,.git) in pathname in analysis -x, --console-verbosity (Default: medium) Console verbosity [high|medium|low|none] -l, --log-file-path Log file path -v, --log-file-level (Default: Error) Log file level [Debug|Info|Warn|Error|Fatal|Off] Scan a project directory, with output sent to "output.html" (default behavior includes launching default browser to this file) dotnet AppInspector.dll analyze -s /home/user/myproject Add custom rules (can be specified multiple times) dotnet AppInspector.dll analyze -s /home/user/myproject -r /my/rules/directory -r /my/other/rules Write to JSON format dotnet AppInspector.dll analyze -s /home/user/myproject -f json Tagdiff Command Use to analyze and report on differences in tags (features) between two project or project versions e.g. v1, v2 to see what changed Usage: dotnet AppInspector.dll tagdiff [arguments] [options] Arguments: --src1 Required. Source 1 to compare (required) --src2 Required. Source 2 to compare (required -t, --test-type (Default: equality) Type of test to run [equality|inequality] -r, --custom-rules-path Custom rules path -i, --ignore-default-rules (Default: false) Ignore default rules bundled with application -o, --output-file-path Path to output file -x, --console-verbosity Console verbosity [high|medium|low -l, --log-file-path Log file path -v, --log-file-level Log file level [error|trace|debug|info] Simplist way to see the delta in tag features between two projects dotnet AppInspector.dll tagdiff --src1 /home/user/project1 --src2 /home/user/project2 Basic use dotnet AppInspector.dll tagdiff --src1 /home/user/project1 --src2 /home/user/project2 -t equality Basic use dotnet AppInspector.dll tagdiff --src1 /home/user/project1 --src2 /home/user/project2 -t inequality TagTest Command Used to verify (pass/fail) that a specified set of rule tags is present or not present in a project e.g. user only wants to know true/false if crytography is present as expected or if personal data is not present as expected and get a simple yes/no result rather than a full analyis report. Note: The user is expected to use the custom-rules-path option rather than the default ruleset because it is unlikely that any source package would contain all of the default rules. Instead, create a custom path and rule set as needed or specify a path using the custom-rules-path to point only to the rule(s) needed from the default set. Otherwise, testing for all default rules present in source will likely yield a false or fail result in most cases. Usage: dotnet AppInspector.dll tagtest [arguments] [options Arguments: -s, --source-path Required. Source to test (required) -t, --test-type (Default: rulespresent) Test to perform [rulespresent|rulesnotpresent] -r, --custom-rules-path Custom rules path -i, --ignore-default-rules (Default: true) Ignore default rules bundled with application -o, --output-file-path Path to output file -x, --console-verbosity Console verbosity [high|medium|low -l, --log-file-path Log file path -v, --log-file-level Log file level Simplest use to see if a set of rules are all present in a project dotnet AppInspector.dll tagtest -s /home/user/project1 -r /home/user/myrules.json Basic use dotnet AppInspector.dll tagtest -s /home/user/project1 -r /home/user/myrules.json -t rulespresent Basic use dotnet AppInspector.dll tagtest -s /home/user/project1 -r /home/user/myrules.json -t rulesnotpresent ExportTags Command Simple export of the ruleset schema for tags representing what features are supported for detection Usage: dotnet AppInspector.dll exporttags [arguments] [options] Arguments: -r, --custom-rules-path Custom rules path -i, --ignore-default-rules (Default: false) Ignore default rules bundled with application -o, --output-file-path Path to output file -x, --console-verbosity Console verbosity [high|medium|low Export default rule tags to console dotnet AppInspector.dll exporttags Using output file dotnet AppInspector.dll exporttags -o /home/user/myproject/exportags.txt With custom rules and output file dotnet AppInspector.dll exporttags -r /home/user/myproject/customrules -o /hom/user/myproject/exportags.txt Verify Command Verification that ruleset is compatible and error free for import and analysis Usage: dotnet AppInspector.dll verifyrules [arguments] Arguments: -r, --custom-rules-path Custom rules path -i, --ignore-default-rules (Default: false) Ignore default rules bundled with application -o, --output-file-path Path to output file -x, --console-verbosity Console verbosity [high|medium|low Simplist case to verify default rules dotnet AppInspector.dll verifyrules Using custom rules only dotnet AppInspector.dll verifyrules -r /home/user/myproject/customrules -i Download & more info [Hidden Content]
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.