Brute force is an old attack technique but it can be still gold. For brute force attack, we need a wordlist/password list that will be tried by the tool we use, including possible passwords. Then, the tool will try thousands of these passwords per second. This is also referred to dictionary attack. The stronger your … Continue reading Creating Wordlist for Brute Force Attack
XSS Detection and Prevention
XSS is a common and very popular vulnerability also took place in Owasp Top10 from the beginning. XSS is hard to detect and very dangerous since an attacker can gain the ability what user can do and see like passwords, financial information, etc. XSS has two mail types called Stored XSS which is when malicious … Continue reading XSS Detection and Prevention
Data Carving with Foremost
Foremost is a valuable tool for Linux Forensics. It is a console tool and you can recover files based on their different properties. This is basicly data carving process. Foremost can work on image files that created by Safeback, Encase, and dd. As a part of forensic analysis, data carving must be understood. It is … Continue reading Data Carving with Foremost
OpenVAS Vulnerability Scanner
OpenVAS is a preinstalled vulnerability tool in both Kali and Parrot. It is completely free and even if it is preinstalled in these OSs, you need to do something before you use it. First, you need to start a new installation; Meanwhile, if you updated your Kali or Parrot, it is possible you see such … Continue reading OpenVAS Vulnerability Scanner
System Analysis with Process Explorer
Computer forensics is a set of methodological techniques to gather, identify and present evidence from digital equipment. There are many different techniques required. One of them is getting the system information. Process Explorer is a tool helping you to get system information from any Windows machine. Process Explorer (procexp64.exe) is a SysInternals tool that can … Continue reading System Analysis with Process Explorer
A Quick Guide for Ransomware Protection
Unfortunately, ransomware problem is growing every day, although a lot of cases we hear and tens of articles and webinars are published about it. In this post, I try to explain the Protection processes against ransomware. Then, with more posts, I will try to explain every steps deeper. If you have been exposed to it … Continue reading A Quick Guide for Ransomware Protection
A Sad Story: Don’t Invest, Just Prodigalize
Last week, a friend called me, gave some bad news about a company. The company was looking for help since they became a victim of Egregor ransomware and trying to learn what to do against attacker since the attacker got their all data, encrypted it and gave three days to be paid 500k dollars. The … Continue reading A Sad Story: Don’t Invest, Just Prodigalize
TOR As A SOCKS Proxy
Almost all applications and web sites are trying to learn who we are and what we are looking for on the internet. These informations are being used for many different reasons like advertisements and to detect malicious attempts. Again, for many reasons, it is very important to surf internet anonymously. Tor is used for anonymous … Continue reading TOR As A SOCKS Proxy
How to Install Metasploit on Ubuntu
If you are familiar with infosec, you must know already what Metasploit is. So, I will not explain it here again. Metasploit is a predefined tool in Kali but if you use Ubuntu like me, it is better to install Metasploit on it even if switching to Kali for using. It is very easy to … Continue reading How to Install Metasploit on Ubuntu
C&C with Empire – A Mitre Att&ck T1071 and T1086 Demo
".. a pure PowerShell post-exploitation agent built on cryptologically-secure communications and a flexible architecture. Empire implements the ability to run PowerShell agents without needing powershell.exe, rapidly deployable post-exploitation modules ranging from key loggers to Mimikatz, and adaptable communications to evade network detection, all wrapped up in a usability-focused framework. It premiered at BSidesLV in 2015." … Continue reading C&C with Empire – A Mitre Att&ck T1071 and T1086 Demo