Category Security

Linux version of EternalBlue Exploit?

All versions of Samba from 3.5.0 onwards are vulnerable to a remote
code execution vulnerability, allowing a malicious client to upload a
shared library to a writable share, and then cause the server to load
and execute it.

==================
Patch Availability
==================

A patch addressing this defect has been posted to

http://www.samba.org/samba/security/

Additionally, Samba 4.6.4, 4.5.10 and 4.4.14 have been issued as
security releases to correct the defect. Patches against older Samba
versions are available at http://samba.org/samba/patches/. Samba
vendors and administrators running affected versions are advised to
upgrade or apply the patch as soon as possible.

==========
Workaround
==========

Add the parameter:

nt pipe support = no

to the [global] section of your smb...

Read More

Hacking wireless howto

Learn how to hack your wifi in this free pdf download.
Hacking wireless presentation (pdf)

Read More

There’s now a tool to test for NSA spyware

A python2 script for processing a PCAP file to decrypt C2 traffic sent to DOUBLEPULSAR implant

“Has your computer been infected with a suspected NSA spying implant? A security researcher has come up with a free tool that can tell.

Luke Jennings of security firm Countercept wrote a script in response to last week’s high-profile leak of cyberweapons that some researchers believe are from the U.S. National Security Agency. It’s designed to detect an implant called Doublepulsar, which is delivered by many of the Windows-based exploits found in the leak and can be used to load other malware.”

Full article

Read More

Got one of these 20+ models of Linksys Smart Wi-Fi routers? Bad news.

20 Linksys models affected with 10 security holes.

Linksys is working on a firmware update for 10 security vulnerabilities affecting its “Smart” Wi-Fi series of routers.

Here’s a list of the vulnerable models:

EA2700
EA2750
EA3500
EA4500v3
EA6100
EA6200
EA6300
EA6350v2
EA6350v3
EA6400
EA6500
EA6700
EA6900
EA7300
EA7400
EA7500
EA8300
EA8500
EA9200
EA9400
EA9500
WRT1200AC
WRT1900AC
WRT1900ACS
WRT3200ACM

Read More

Cybrary Metasploit course

Cybrary Free Metasploit course
“The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development. Its best-known sub-project is the open source Metasploit Framework, a tool for developing and executing exploit code against a remote target machine. Other important sub-projects include the Opcode Database, shellcode archive and related research.

The Metasploit Project is well known for its anti-forensic and evasion tools, some of which are built into the Metasploit Framework.”

Metasploitable – Sourceforge – Attackable sandbox.
Metasploit web page

Read More

CTF Challenge and team

Linux Militia has a CTF team forming
CTF Time – Competitive CTF (Team) (message for invite)
CTF Linux Militia team
CTF Learn – Individual challenges and learning portal
Join our team and join our Discord server! (Send message for login approval).

Join our team and join our Discord server! (Sent message for login approval).

In computer security, Capture the Flag (CTF) is a computer security competition. CTF contests are usually designed to serve as an educational exercise to give participants experience in securing a machine, as well as conducting and reacting to the sort of attacks found in the real world...

Read More

CyberTalkRadio

Weekly discussion on internet and computer security with Bret Piatt. Find it here – CyberTalkRadio and don’t forget to hit the Archives as well. They are on iHeart radio, News Radio WOAI 1200 (San Antonio, Texas) (@Saturdays from 11:00 P.M. to Midnight on 1200 WOAI), Twitter @cybertalkradio, and Youtube!

Read More

Security eBooks –

Free Technology Ebooks from Packt Publishing.
Packt Publishing offers a free technology ebook a day. You can avail this here.
All you have to do is to visit that URL and claim you free book. Additionally after you add books in your account you can read it online, download PDF, EPUB and MOBI version and send to your Kindle.

In case you missed some of those cool ebooks, I have gathered some from my collection and will be updating regularly.

However this repository is exclusively for security folks and is a part of Hack with GitHub repositoryFree Security eBooks?

Free Security eBooks-2?
PacktPub – Free learning
PacktPub Mapt personal library

Read More

Auditing linux , unix OS..in 120 seconds flat

A script to audit linux and unix distributions based mainly on the CIS standards and universal linux hardening guidelines.

Nix Audit made easier (RHEL, CentOS)
Nix Auditor – GitHub

Also head over to CIS Secure Suite homepage for more greatness! Follow CIS Security on Youtube, Facebook and Twitter

https://www.cisecurity.org/

https://www.cisecurity.org/


CIS Secure Suite

Read More

OWTF 2.1a “Chicken Korma” released


OWASP OWTF

Yes folks, it is that time again, a new release of the Offensive Web Testing Framework, OWASP OWTF, one of several OWASP Flagship projects:
We find OWTF most useful in large assessment where you have little time to evaluate a large number of targets. The ability to launch plugins selectively and dynamically as well as removing work from the load, pause and resume, etc. makes OWTF shine where most other tools struggle 🙂

Read More