Monday, May 18, 2015

DoS website in Kali Linux using GoldenEye

Read full details here: DoS website in Kali Linux using GoldenEye

I’ve talked about testing few DoS tools that can put heavy load on HTTP servers in order to bring them to their knees by exhausting resource pools. GoldenEye is the first of those tools and it is one of the newest I discovered in GitHub. You can DoS websites with GoldenEye and bring it down almost within 30 seconds depending on how big their memory pool is. Of course, it wont work on protected servers and servers behind a proper WAF, IDS, but this is a great tool to test your own Web Server for load testing and amend your iptables/Firewall rules accordingly.
You can also use DoS using hping3 to simulate similar attacks or PHP exploit to attack WordPress websites. There’s also few great tools that will allow you view live DDoS attacks maps worldwide in almost realtime.
DoS website in Kali Linux using GoldenEye - blackMORE OpsDetails for GoldenEye tool is listed below:
From GoldenEye’s writer’s post:
  1. This tool is meant for research purposes only and any malicious usage of this tool is prohibited.
  2. GoldenEye is an python app for SECURITY TESTING PURPOSES ONLY!
  3. GoldenEye is a HTTP DoS Test Tool.
  4. Attack Vector exploited: HTTP Keep Alive + NoCache

Types of DoS or DDoS attacks

Let’s go over some very basic info regarding DoS or DDoS attacks. There are basically three types of DoS and DDoS attacks:
  1. Application layer DoS and DDoS attacks
  2. Protocol layer DoS and DDoS attacks
  3. Volume-based DoS and DDoS attacks

Application layer DoS and DDoS attacks

Application-layer DoS and DDoS attacks are attacks that target Windows, Apache, OpenBSD, or other software vulnerabilities to perform the attack and crash the server.

Protocol layer DoS and DDoS attacks

A protocol DoS and DDoS attacks is an attack on the protocol level. This category includes Synflood, Ping of Death, and more.

Volume-based DoS and DDoS attacks attacks

This type of DoS and DDoS attacks includes ICMP floods, UDP floods, and other kind of floods performed via spoofed packets.
The word DoS and DDoS is used loosely as when you attack from a single machine, it’s usually considered as a DoS attack. Multiply a single attacker from a botnet (or a group) then it becomes a DDoS attack. There are many explanations to it, but just know that no matter which type of attack it is, they are equally detrimental for a server/network.



Read the rest of it here: DoS website in Kali Linux using GoldenEye

Tuesday, May 12, 2015

Generating self-signed x509 certificate with 2048-bit key and sign with sha256 hash using OpenSSL

Read full details here: Generating self-signed x509 certificate with 2048-bit key and sign with sha256 hash using OpenSSL

With Google, Microsoft and every major technological giants sunsetting sha-1 due to it’s vulnerability, sha256 is the new standard. It seems to be an issue almost all Infrastructure Administrators are facing right now. Those who are using managed PKI console, it’s very easy and straight forward and the signing authority such a Symantec/Verisign or GoDaddy will take care of the signature hash. Generating self-signed x509 certificate with 2048-bit key and sha256 hash using OpenSSL - blackMORE Ops - Featured ImageUsers just select if they want to use sha1, sha256 and so on. But for those who have a test infrastructure where you are using self signed SSL/TLS certificate, they need to generate and or replace all their existing certificates with self-signed x509 certificate with 2048-bit key and sign with sha256 hash using OpenSSL. Generating a 2048-bit public key x509 certificate with sha256 digest algorithm is not very tough. But OpenSSL help menu can be confusing. This post would help anyone who had to walk that path of upgrading sha1 or issuing a new self-signed x509 certificate with 2048-bit key and sign with sha256 hash.

Read the rest of it here: Generating self-signed x509 certificate with 2048-bit key and sign with sha256 hash using OpenSSL

Thursday, May 7, 2015

Encrypting and decrypting files with password in Linux


Sometimes you need to send a file containing sensitive information across to someone over internet and you started thinking, “Gee, I’ve got some pretty sensitive information in the file. How can I send it securely?” There are many ways send encrypted files. A good way for encrypting files is using a long password with GPG or GNU Privacy Guard (GnuPG or GPG) tool. Once you’ve encrypted the file, you can do few things.Encrypting Decrypting files with password in Linux - blackMORE Ops - 3

Read full details here: Encrypting and decrypting files with password in Linux

  1. Put the file in an FTP or Web server the requires a second set of username and passwords.
  2. To further secure, you can put a firewall rule to allow a single IP/Network to access that location.
  3. Send the file via email as an attachment.
  4. Send the file via encrypted email. (double encryption). We will look into email encryption soon.
  5. Create a torrent file and send it securely as a private torrent if the file is too big. (i.e. movies, large files etc.)
So the possibilities are endless. GnuPG or GPG works in Windows, Linux, Mac (any iOS devices), Android, Blackberry etc. In short GnuPG or GPG is supported on all platforms and that’s what makes it such a good encryption tool.
 

Read the rest of it here: Encrypting and decrypting files with password in Linux

Wednesday, May 6, 2015

Three effective solutions for Google Analytics Referral spam

Read full details here: Three effective solutions for Google Analytics Referral spam

I published this post darodar.com referrer spam and should you be worried? back in December and I am still seeing a constant influx of frustrated website owners and concerned netizens getting worried about similar spams. I happen to be one of the first to detect this spam and post about it. I didn’t pay much attention to it as referral spam or web analytics is not my primary concern when it comes to computing. Working in IT field for over a decade and specifically IT security, I have a different view on spam and how they can be stopped. I opened my Analytics account yesterday cause I saw 25% traffic increase from Facebook, Twitter and many random sources and 83% increase on the root (“/”) of the server. Well, 25% is nothing, it can happen due to a post going viral. But this wasn’t the case this time as 83% increase was specific to the root (“/”) of the server It seems, our ‘beloved’ ‘Vitaly Popov’ has started a new stream of referral spam. He’s got more crafty as I predicted in my original post. He’s now actually using Facebook, Twitter as referrals including some new domains. In this post I will show three effective solutions for Google Analytics Referral spam.

Some facts about Google Analytics Referral spam:Three effective solutions for Google Analytics Referral spam - blackMORE Ops - 5

  1. By this time you know that Ghost Google Analytics Referrals spam cannot be blocked by .htaccess or web configuration.
  2. Ghost Google Analytics Referrals spam bots doesn’t really visit your website, so no trace of IP address be found in server logs.
  3. Ghost Google Analytics Referrals spam only abuse Google Analytics.
  4. Google Analytics hasn’t done anything about it, yet (officially).
  5. Google implemented encryption for all of their AdSense traffic.
  6. Ghost Google Analytics Referrals spam only affects Google Analytics.
  7. *** Ghost Referrals spam also affecting Yandex and few other search engines.
  8. As these bots doesn’t visit your website, they have no idea what your page title is. So Analytics will show (“/”) as the page title.
  9. These Ghost Google Analytics referral spam bots only targets your primary Tracking ID i.e. ‘UA-XXXX-1′

List of known Google Analytics Referral spam domains

Click to open list containing known Google Analytics Referral spam domains:

List of 194 new Google Analytics Referral spam domains

I now have a list of another 194 spammer domains that started yesterday.

Click to open list of new 194 new Google Analytics Referral spam domains

I mean seriously? users.skynet.be? It’s good to see they have some sense of humour.
So it seems very soon filters wont be enough. Actually it’s already not enough. Despite what the Analytics experts says, you can’t go around every day to filter hundreds of domains. Yes, you could filter for .be (i.e. Belgium) domains, but that’s a whole country we are talking about. So what is the best fix?



Read the rest of it here: Three effective solutions for Google Analytics Referral spam