Breaking

Monday, October 15, 2018

Monday, October 15, 2018

Ep 3 || BUILDING VMAWRE VIRTUAL LAB CONFIGURATION and NETWORKING CONCEPT...







#faizanali
🕵DISCLAIMER:Any actions and or activities related to the material contained within this Video is solely your responsibility.The misuse of the information in this website can result in criminal charges brought against the persons in question. The authors and Kali Tutorials will not be held responsible in the event any criminal charges be brought against any individuals misusing the information in this website to break the law.

👇SUBSCRIBE
https://youtube.com/faizanalihakvines


👋Hey Guys in this video i am explaining how to build your own virtual lab and how to configure vmware in the best possible way.

SO IN THIS VIDEO WE ARE EXPLAINING THE CONCEPT OF VIRTUAL LABS. WHAT IS VIRTUAL LABS AND HOW TO CONFIGURE IT.

I hope you guys learn from this course and share it with everyone.

DON'T FORGET TO SUBSCRIBE TO MY CHANNEL.

MY INSTAGRAM ID:
https://www.instagram.com/faizann_ali/

facebook page;
https://www.facebook.com/pg/hackvines...

LIKE👍
COMMENT🗣
SHARE👬👫
SUBSCRIBE✌🤘

Thursday, October 11, 2018

Thursday, October 11, 2018

Ep 2|| VIRTUAL LAB CONCEPT EXPLAINED || 2018 Ceh Course





🕵DISCLAIMER:Any actions and or activities related to the material contained within this Website is solely your responsibility.The misuse of the information in this website can result in criminal charges brought against the persons in question. The authors and Kali Tutorials will not be held responsible in the event any criminal charges be brought against any individuals misusing the information in this website to break the law.



👇SUBSCRIBE

https://youtube.com/faizanalihakvines





👋Hey Guys in this video i am delivering an intro about what you will find this course and what is ethical hacking?



SO IN THIS VIDEO WE ARE EXPLAINING THE CONCEPT OF VIRTUAL LABS. WHAT IS VIRTUAL LABS AND HOW TO CONFIGURE IT.



I hope you guys learn from this course and share it with everyone.



DON'T FORGET TO SUBSCRIBE TO MY CHANNEL.



MY INSTAGRAM ID:

https://www.instagram.com/faizann_ali/



facebook page;

https://www.facebook.com/pg/hackvines.faizan



                                                   LIKE👍

                                              COMMENT🗣

                                                 SHARE👬👫

                                             SUBSCRIBE✌🤘

Friday, September 28, 2018

Friday, September 28, 2018

Uber agrees to pay $148 million in massive 2016 data breach settlement

In November 2017, the Uber CEO Dara Khosrowshahi announced that hackers broke into the company database and accessed the personal data (names, email addresses and cellphone numbers) of 57 million of its users, the disconcerting revelation was that the company covered up the hack for more than a year.
The attackers accessed also the names and driver’s license numbers of roughly 600,000 of its drivers in the United States.
The hack happened in 2016, it was easy for hackers that according to a report published by Bloomberg, obtained credentials from a private GitHub site used by the company development team. The hackers tried to blackmail Uber and demanded $100,000 from the company in exchange for avoiding publish the stolen data.
Rather than to notify the data breach to customers and law enforcement as is required by California’s data security breach notification law, the chief of information security Joe Sullivan ordered to pay the ransom and to cover the story destroying any evidence. The payout was disguised as a bug bounty prize complete with non-disclosure agreements signed
In 2017 the FTC charged the company for deceiving customers with its privacy and data security practices.
The first settlement dated back August 2017, according to the FTC, the company failed to apply security measures to protect customers and drivers data, later while investigating the settlement, the Commission discovered that the company did not disclose the 2016 data breach before 2017.
“This is one of the most egregious cases we’ve ever seen in terms of notification; a yearlong delay is just inexcusable,” Illinois Attorney General Lisa Madigan told The Associated Press.
“And we’re not going to put up with companies, Uber or any other company, completely ignoring our laws that require notification of data breaches.”
According to the settlement, Uber is obliged to disclose any future breach affecting consumer data and to comply with state consumer protection laws for the protection of personal information. Uber will also hire a cyber security firm to assess the security posture of the firm and
The company also will hire an outside firm to conduct an assessment of Uber’s data security and improve it.
“Uber hired a longtime in-house counsel for intel as chief its privacy officer and selected a former general counsel to the National Security Agency and director of the National Counterterrorism Center as the company’s chief trust and security officer.” continues the AP.
The overall payout will be divided among the states based on the number of drivers in each state that have been impacted by the security breach. For example, the share for the Illinois state is $8.5 million, each affected driver will receive $100.
Friday, September 28, 2018

Mutagen Astronomy Linux Kernel vulnerability affects Red Hat, CentOS, and Debian distros

A new integer overflow vulnerability found in Linux Kernel. Dubbed Mutagen Astronomy, it affects Red Hat, CentOS, and Debian Distributions.


Security researchers have discovered a new integer overflow vulnerability in Linux Kernel, dubbed Mutagen Astronomy, that affects Red Hat, CentOS, and Debian Distributions.
The vulnerability could be exploited by an unprivileged user to gain superuser access to the targeted system.
The flaw was discovered by researchers at security firm Qualys that shared technical details of the Mutagen Astronomy vulnerabilities, including proof-of-concept (PoC) exploits (Exploit 1Exploit 2).
The flaw tracked as CVE-2018-14634 affects the kernel versions released between July 2007 and July 2017, Linux Kernel versions 2.6.x, 3.10.x and 4.14.x, are vulnerable to the Mutagen Astronomy flaw.
The versions of Linux kernel as shipped with Red Hat Enterprise Linux 5 are not affected by the issue.
The Mutagen Astronomy vulnerability exists in the create_elf_tables() function in the Linux kernel that is used to manage memory tables.
“We discovered an integer overflow in the Linux kernel’s create_elf_tables() function: on a 64-bit system, a local attacker can exploit this vulnerability via a SUID-root binary and obtain full root privileges.” reads the security advisory published by Qualys.
“Only kernels with commit b6a2fea39318 (“mm: variable length argument support”, from July 19, 2007) but without commit da029c11e6b1 (“exec: Limit arg stack to at most 75% of _STK_LIM”, from July 7, 2017) are exploitable. Most Linux distributions backported commit da029c11e6b1 to their long-term-supported kernels, but Red Hat Enterprise Linux and CentOS (and Debian 8, the current “oldstable” version) have not, and are therefore vulnerable and exploitable.”
Like other local privilege escalation issue, the exploitation of this flaw requests the access to the targeted system and the execution of exploit code that trigger a buffer overflow.
Once the attacker has triggered a buffer overflow, it can execute arbitrary code on the affected machine and take over it.
“An integer overflow flaw was found in the Linux kernel’s create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system.” reads the security advisory published by Red Hat.
“This issue does not affect 32-bit systems as they do not have a large enough address space to exploit this flaw. Systems with less than 32GB of memory are very unlikely to be affected by this issue due to memory demands during exploitation.
This issue does not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 5. This issue affects the version of the kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2 will address this issue.”
At the time of writing, Red Hat Enterprise Linux, CentOS, and Debian 8 Jessie have not yet addressed the flaw.
Below the timeline for the flaw:
  • 2018-08-31: Contacted secalert@redhat.com.
  • 2018-09-18: Contacted linux-distros@vs.openwall.org and security@kernel.org.
  • 2018-09-25: Coordinated Release Date (Time: 5:00 PM UTC).
Friday, September 28, 2018

Pangu hackers are back, they realized the iOS 12 Jailbreak

Here we go again to speak about the notorious Chinese hacking team Pangu, the group is time popular for his ability to jailbreak Apple devices. This time the experts presented a jailbreak for iOS 12 running on the latest iPhone XS.
The last jailbreak for Apple iOS devised by the Pangu team was released in October 2015, when the expert published the untethered jailbreak tool for iOS 9.
iOS jailbreak allows to remove hardware restrictions implemented by the Apple’s operating system, Jailbreaking gives users root access to the iOS file system and manager, this allows them to download and install applications and themes from third-party stores.
Jailbreaking mobile devices expose them to a wild range of threats, including malware such as KeyRaider and YiSpector.
Below the Tweet shared by the researcher Min(Spark) Zheng on a Tweet that shows the successfully jailbreak on Apple iPhone XS with A12 Bionic chip announced by one of the Pangu researchers.
The experts pointed out that the iOS 12 jailbreak bypass a functional PAC (Pointer authentication codes) mitigation implemented in the new Apple’s A12 Bionic chip.


View image on TwitterView image on Twitter

iOS 12 Jailbreak on iPhone XS by @PanguTeam ! Bypass PAC mitigation on the new A12 chip. That's amazing!!!👏👏👏
Experts believe the same jailbreak should work also on iPhone XS Max because of the hardware similarities.

The Pangu group still haven’t announced the jailbreak, but many users hope the team will release the iOS 12 jailbreak to the public.

Sunday, September 09, 2018

Sunday, September 09, 2018

Recently uncovered PowerPool Group used recent Windows Zero-Day exploit

Security experts from ESET observed a treat actor, tracked as PowerPool, exploiting the recently disclosed Windows zero-day flaw in targeted attacks.

The vulnerability was publicly disclosed on August 27 by the security expert “@SandboxEscaper,” the researcher also published the exploit code for the vulnerability.
The vulnerability affects Microsoft’s Windows operating systems that could be exploited by a local attacker or malicious program to obtain system privileges on the vulnerable system.
The vulnerability resides in the Windows’ task scheduler program and ties to errors in the handling of Advanced Local Procedure Call (ALPC) systems.
Microsoft was expected to address the vulnerability in September security Patch Tuesday, that is scheduled for September 11, but the news of live attacks exploiting the issue could force the company to roll out a patch sooner.
Security community 0patch has also released an unofficial patch for the vulnerability.
Now security researchers from ESET reported the local privilege escalation vulnerability has been exploited by a previously unknown group tracked as PowerPool.
“As one could have predicted, it took only two days before we first identified the use of this exploit in a malicious campaign from a group we have dubbed PowerPool.“reads the analysis published by ESET.
“This group has a small number of victims and according to both our telemetry and uploads to VirusTotal (we only considered manual uploads from the web interface), the targeted countries include Chile, Germany, India, the Philippines, Poland, Russia, the United Kingdom, the United States and Ukraine.”
The threat actor leveraged the Windows zero-day exploit in targeted attacks against a small number of users located in the United States, the United Kingdom, Germany, Ukraine, Chile, India, Russia, the Philippines, and Poland.
According to ESET, attackers have modified the publicly available exploit source code and recompiled it.
eHackNews
To obtain a Local Privilege Escalation, the attacker needs to properly choose the target file that will be overwritten. The target file, in fact, has to be a file that is executed automatically with administrative rights.
“PowerPool’s developers chose to change the content of the file C:\Program Files (x86)\Google\Update\GoogleUpdate.exe. This is the legitimate updater for Google applications and is regularly run under administrative privileges by a Microsoft Windows task.” continues the analysis.
PowerPool’s attack vector is spear-phishing messages, ESET researchers pointed out that the same group was also responsible for a spam campaign spotted by SANS in May that used Symbolic Link (.slk) files to spread malicious codes.

The group used a multi-stage malware, the first stage is a backdoor used for a reconnaissance activity. It determines if the infected machine is interesting for the attackers, in this case, the malicious code downloads a second stage backdoor that supports various commands such as uploading and downloading files, killing processes, and listing folders.
The analysis of the second-stage backdoor allowed the researchers to determine that the malicious code is not “a state-of-the-art APT backdoor.”
“Once the PowerPool operators have persistent access to a machine with the second-stage backdoor, they use several open-source tools, mostly written in PowerShell, to move laterally on the network.” continues the report.
The tools used by the attackers include PowerDump, PowerSploit, SMBExec, Quarks PwDump, and FireMaster.
“This specific campaign targets a limited number of users, but don’t be fooled by that: it shows that cybercriminals also follow the news and work on employing exploits as soon as they are publicly available,” ESET concluded.
Sunday, September 09, 2018

Apple removed the popular app Adware Doctor because steals user browsing history

Apple has removed one of the most popular anti-malware app called Adware Doctor:Anti Malware &Ad from the official macOS App Store


Apple has removed one of the most popular anti-malware app called Adware Doctor:Anti Malware &Ad from the official macOS App Store because it was gathering users’ browser histories and other sensitive data and then upload them to a remote server in China.
Adware Doctor the top paid utility in the official Mac App Store, it has a good reputation with thousands of reviews and a 4.8 star rating.
Ironically an application developed to protect Mac systems was exposing user personal data without his permission.
The unwanted behavior was spotted by a security researcher that goes online with Twitter account Privacy 1st, he discovered that Adware Doctor would gather browsing history from the Safari, Chrome, and the Firefox browsers, the search history on the App Store, and a list of running processes.
The expert discovered also that the gathered info was first stored in a password protected zip file named “history.zip”, then it would be uploaded to a remote server.
Privacy 1st shared his discovery with the former NSA white hat hacker Patrick Wardle that after conducting a personal review confirmed the findings of the researcher.
Below a video created by Privacy_1st to show his findings.
Patrick Wardle by redirecting DNS resolution was able to capture the exfiltrated data:

eHackNews
he history.zip file is exfiltrated to a remote to dscan.yelabapp.com that is hosted on Amazon AWS servers, but the analysis of the DNS entries confirms that it is administered by an entity in China.
The app was developed by an individual identified as “Yongming Zhang.” Wardle speculated that this may be a reference to “Zhang Yongming,” a Chinese serial killer.
Thomas Reed, director of Mac and mobile security at Malwarebytes, his firm is monitoring the activity of this developer since 2015.
“At that time, we discovered an app on the App Store named Adware Medic – a direct rip-off of my own highly-successful app of the same name, which became Malwarebytes for Mac,” Reed wrote.
“We immediately began detecting this, and contacted Apple about removing the app. It was eventually removed, but was replaced soon after by an identical app named Adware Doctor.”
Reed confirmed that similar data exfiltration methodology was observed in other products as well (i.e. “Open Any Files: RAR Support”, “Dr. Antivirus”, and ‘Dr. Cleaner”).
Unfortunately, Apple is allowing such kind of dubious behavior and is allowing similar app names that could generate confusion in the users.
“If Apple is really “review[ing] each app before it’s accepted by the store” … how were these grave (and obvious) violations of this application missed!?,” Wardle states in his blog post. “Who knows, and maybe this one just slipped though. Maybe we should give them the benefit of the doubt, as yes we all make mistakes!But this bring us to the next point. Apple also claims that “if there’s ever a problem with an app, Apple can quickly remove it from the store”. Maybe the key word here is “can”.”