How to Disable IP Autoconfiguration

If DHCP service is enabled and DHCP server is temporarily or permanently unavailable, TCP/IP assigns a class B IP address from 169.254.0.0 to 169.254.255.255 to the machine. This function in Windows is called “Automatic Private IP Addressing”. If you want to use static IP addresses in the machine, you need to disable IP autoconfiguration. To disable; 1- Check in which interface autoconfiguration is on.…Continue Reading

Verify Your WhatsApp Code

Last week, Meta announced that they developed a web browser add-on – Code Verify – to verify the code being served to browser. As the reason of developing this extension, more and more people are using WhatsApp Web day by day after introduced multi-device capability last year. The company thinks this is another layer of security. Instead of a mobile application, a web browser…Continue Reading

Carbon Black Critical Bug

VMware Carbon Black has published an update to resolve critical authentication bypass vulnerability on Carbon Black App Control product. App Control is a solution to lock down critical systems and servers to prevent unwanted changes and ensure continuous compliance with regulatory mandates. This authentication bypass vulnerability was followed by CVE-2021-21998. VMware Carbon Black App Control versions 8.6.x, 8.5.x, 8.1.x, and 8.0.x are affected by…Continue Reading

Prometei Exploits MS Exchange Vulnerabilities

A new malicious called Prometei has been determined, that including Exchange servers have ProxyLogon vulnerability to cryptocurrency network. Prometei is a modular malicious code and has different features like credential dumping, usage of the system for cryptocurrency minning, and lateral movement. Prometei has two different versions for both Windows and GNU/Linux. Prometei exploits the ProxyLogon vulnerabilities (CVE-2021-27065 and CVE-2021-26858) and uploads China Chopper web…Continue Reading

OpenVAS Vulnerability Scanner

OpenVAS is a preinstalled vulnerability tool in both Kali and Parrot. It is completely free and even if it is preinstalled in these OSs, you need to do something before you use it. First, you need to start a new installation; Meanwhile, if you updated your Kali or Parrot, it is possible you see such error while trying to run OpenVAS; “the default postgresql…Continue Reading

A Quick Guide for Ransomware Protection

Unfortunately, ransomware problem is growing every day, although a lot of cases we hear and tens of articles and webinars are published about it. In this post, I try to explain the Protection processes against ransomware. Then, with more posts, I will try to explain every steps deeper. If you have been exposed to it and your files are encrypted, there is nothing much…Continue Reading

wget with Powershell

 function global:wget($Address, [switch]$NoCache){ $client = New-Object Net.WebClient $proxy = New-object System.Net.WebProxy “10.0.0.10:8080” $proxy.Credentials = New-Object System.Net.NetworkCredential (“DOMAIN\user”, “password”) $client.proxy=$proxy$Client.Headers.Add(“user-agent”, “Windows Powershell WebClient Header”) if ($NoCache) {# doesn’t use the cache at all$client.CachePolicy = New-Object Net.Cache.RequestCachePolicy([Net.Cache.RequestCacheLevel]::NoCacheNoStore)}$client.DownloadString($Address)}wget -Address “http://www.be4sec.com” -NoCacheContinue Reading

FireEye NX SmartVision SC Killswitch

SmartVision is the lateral movement detection module of the network security product (NX) of FireEye. There are too many documents and descriptions about it on FireEye’s website, so I will not touch on it here. I just want to explain what SC Killswitch is in the SmartVision configuration, since there is no any explanation about it anywhere. The SC Killswitch is not a user…Continue Reading