Parrot Security OS  for Pentesting, Computer Forensic, Reverse engineering, Hacking, Cloud pentesting, Privacy/Anonimity and Cryptography

Parrot security OS is an open source distribution of Linux based on the well known and award winning Debian GNU/Linux operating system. As its developers describe, it is a masterpiece that gathers together all the necessary tools for hacking, penetration testing, security and privacy tasks.

According to its developers, Parrot Security OS is a security oriented operating system designed for Penetration Testing, Computer Forensic, Reverse engineering, Hacking, Privacy/Anonymity and Cryptography.

Instead of installing the OS then painstakingly assembling your collection of security tools (and package dependencies), using something like Parrot Security OS takes care of all that for you

It is based on Debian and developed by Frozenbox network. Parrot is designed for everyone, from the Pro pen-tester to the newbie, because it provides the most professional tools combined in a easy to use, fast and lightweight pen-testing environment, and it can be used also for an everyday use.

Most of the penetration testing tools can be found under the Parrot entry of the main menu, where they’re organized in subsections. In addition, an anonymous surfing mode is available for those who don’t want to be traced.

Among the included applications, we can mention TrueCrypt, Ettercap, Iceweasel, Vidalia, Wireshark, VLC Media Player, RecordMyDesktop, BleachBit, XRCed, PyCrust, aircrack-ng, Hydra, Nmap, and many others.

Features

• Updated pen-testing tools
• Great for forensic analysis
• Custom hardened 3.16 kernel
• MATE interface with custom themes, wallpapers and icons
• Fast lightweight system designed also for old computers
• PenMode + AirMode
• AnonSurf functionality (tor & i2p)
• Pandora’s box ram cleaner at shutdown
• Encrypted installation
• Cryptocurrency friendly
• All the necessary for programming out of the box
• Cloud compatible

Rather than downloading the whole ISO, there’s also a BASH script version which turns a regular Debian Stable install into Parrot Security OS, you can find the script here:

parrot-install.sh

You can download Parrot Security OS here:

amd64 Parrot Full – Parrot-full-1.9_amd64.iso
i386 Parrot Full – Parrot-1.9_i386.iso

The popular hacker Kevin Mitnick explains how it is easy to steal data from a network tapping the cable, even if it’s a fiber optic network.

Kevin Mitnick demonstrates how easy it is for a hacker to tap into your network and read your email messages, even if it’s a fiber optic network.

Kevin Mitnick is the father of the art of hacking, hacking is a philosophy of life and today the Master demonstrates how easy it is for an attacker to tap into a network to steal sensitive data, access emails, even if it’s a fiber optic network.

Kevin Mitnick clamped onto a fiber optic cable, CAT5x or CAT6x network wire, and by using the popular network analyzer Wireshark demonstrated how is simple to sniff any unencrypted information is a few minutes without leaving any trace. Mitnick used in his attack an optic fiber clip-on coupler that provides non-invasive bi-directional coupling into 250 micron coated single-modefibers.

“The FOD 5503 offers the ability to couple fiber optic talk sets at any intermediate point along a fiber span where access to a terminated end is not available.” states the description of the optic fiber clip-on coupler.

Such kind of hardware is not used to hack into fiber, but it is designed for maintenance purpose and fiber identification.

Kevin Mitnick published a video to demonstrate the attack, it shows the popular hacker while is sniffing an email directly from the tapped cable.

The hackers can easily tap without cutting the wire by using alligator clips to attach to the cable or they can cut the cable and plug both ends into a small hub to intercept the traffic.

In both cases, it is essential to prevent physical access to the wire, but most important is to use encrypted connections, while accessing any kind of web services, including email, chat, web browsing.

An attack like the one presented by Kevin Mitnick is very easy to arrange, clever attackers could use a cheap and tiny Raspberry Pi hide the tap used to grab the data. A similar scenario is scaring because an attacker can exfiltrate data from the targeted network for a long period without arousing suspicions.

Let me suggest to watch the video.

Author:Pierluigi Paganini

A brief introduction to several malware-related terms in an easy-to-understand manner. A useful glossary to better understand the “malware” terminology.

Introduction

The world that we live in is constantly changing; it is always evolving. The sophistication of the technology at the disposal of both those who “wear” a white hat (the good guys) and those who wear a black hat (the bad guys) is increasing at a rapid rate. As new mitigation tools are released, new attack methods and malicious software are produced; we are constantly playing catch-up with the bad guys. Whether your occupation falls under the technology category or not, we all have read about–and likely have been infected at one time or another–with some type of malware.Someone with a technical background or that works in the field certainly has some inherent knowledge of the several different terms that are used to describe different types of malware, attacks, etcetera. For someone with little-to-no technological background, though, these same terms may seem like a foreign language. I wrote this article to address this issue; to briefly define several malware-related terms in an easy-to-understand manner. Disclaimer: The below definitions/descriptions have been derived from my knowledge; my understanding of each term.Disclaimer: The below definitions/descriptions have been derived from my knowledge; my understanding of each term.

---

Malware Classifications

MalwareMalware is essentially any software that performs actions that are not known and authorized by the user. While most of the malware that we read about in the news or on forums for the most part have damaging effects on the infected device, the term malware also encompasses less damaging software, such as PUPs.Virus

Viruses are a type of malware that require user intervention to infect a device. What this means, is that the victim must actually run the software that contains the virus’ code. Viruses have often been spread via e-mail, i.e. through “chain e-mails” as attachments that are named as something else. Viruses are often spread as files that contain solely malicious code. This means that rather than spreading and masquerading as a legitimate application, viruses are often files that contain nothing but malicious code, which places the burden on the sender to convince their target to download and launch the malicious software.

There are several types of viruses, but one that I will mention are Macro viruses. Macro viruses are spread via Macro code (code that can be embedded inside a Microsoft Office document (e.g. Microsoft Word document, Microsoft Excel spreadsheets) that are launched when the document is opened. There are a very large quantity of Macro viruses still being spread in-the-wild today.

Trojan

Trojans are a type of malware that also require user intervention to infect a device. Like viruses, victims must run the software that contains the Trojan’s code in order for it to successfully compromise the victim’s device. However, Trojans (hence the name “Trojan Horse”) are different from viruses in the sense that they often appear to be a legitimate application that the victim may have been searching for. Often, the malicious code launched by a Trojan is actually appended to the end of a legitimate application to better deceive their targets.

Additionally, there are several types of Trojans. The three that I believe are worth mentioning are:

Trojan Downloader – A Trojan that, when launched, downloads additional file(s) that actually contain the final payload (e.g. ransomware, a DLL containing a backdoor).
Trojan Injector – A Trojan that, when launched, injects malicious code into another process, often a legitimate process, to evade detection.
Trojan Dropper – A Trojan that, when launched, drops an additional file (usually) containing the malware’s payload. Usually an executable file or DLL containing an additional payload (i.e. the final, most damaging payload) and/or used for persistence (maintaining access to the compromised device).

Worm

Worms are a type of malware that differ from Trojans and Viruses. Worms cause arguably the most damage to the device(s) that they compromise; this is because worms are self-replicating. Worms can spread without user intervention, and in effect, a single worm infection can spread to an entire network. Worms in the news includeStuxnet, Koobface, and Conficker. I set up a vulnerable device and let it run for a couple weeks and logged hundreds of unique Conficker variants within the first week on a brand new device. Worms are still out there, and Conficker is still very active.

Ransomware

Ransomware has been around for quite some time, though it made national headlines a few years ago with the development and spread of CryptoLocker. As can be derived from the name, Ransomware is a type of malware spread by attackers with the goal of demanding a ransom from their victims; most often for financial gain.

Specifically, Crypto Ransomware will go through all of the directories, files and sometimes network shares and mapped drives of the victim’s device. It will open supported files (varies by variant) and then encrypt the contents of each supported file. This renders the files useless, and if the file contains pertinent data and no backup of it exists, this can be quite damaging to an individual or an organization as a whole. Ransomware authors generally demand a ransom payment in order restore affected files to their previous state, usually paid in Bitcoin. However, trusting criminals and funding their activity is never recommended.

Rootkit

Malware that is capable of evading all anti-malware utilities, the affected device’s operating system itself, and that may be extremely hard to remove. Rootkits often infect theMBR of the targeted device, and are distributed by attackers as a “hard-to-detect”, persistent method of accessing their targets. Rootkits often function as keyloggers, and their removal often requires the user to format their device; deleting the infected partition and re-partitioning the device is the most accepted remediation method.

Many people think that system restores are effective methods of restoring a compromised device. For one, they aren’t, but even more so in the case of a rootkit infection. Rootkits are generally installed as drivers; as new restore points are created, older ones are purged, and it’s important to remember that these restore points include copies of drivers and other configuration items. Meaning, eventually, the system restore points will become infected as well.

Keylogger

As the name states, keyloggers record keystrokes on the affected device, usually dumping all logged keystrokes to a file in a discrete location, to later be sent over to the attacker, often via SMTP (e-mail). Keylogging is an easy way for attackers to obtain usernames, passwords, and credit card numbers of their targets.

Remote Access Trojan (RAT)

A type of malware, specifically under the Trojan category, that allows a remote attacker to gain full control of an infected device.

---

Additional Terminology

Zombie (or “Bot”)A zombie is a device that has been compromised with malware that listens for commands from a remote attacker (via a command-and-control server), that the remote attacker often has complete control of. Zombies comprise a botnet, and are most often leveraged when carrying out DDoS attacks.Command-and-Control Server (or “C2 Server”)

A command-and-control server (or “C2 Server”) is a server dedicated to managing a botnet (network of zombies). While C2 servers can be dedicated devices set-up and configured by the attacker(s), legitimate websites with known vulnerabilities (commonly: websites running vulnerable versions of WordPress) have often been compromised by attackers and converted into C2 servers. It is not uncommon for an attacker to take control of a vulnerable website and implement the command-and-control functionality in the background, remaining undetected by the actual site owner for quite some time.

Exploit Kit

Many define exploit kits as a type of malware but I disagree. An exploit kit is a full software suite (usually a complete web application written in PHP) that is used to distribute malware in an automated fashion, leveraging exploits to install the malware on vulnerable devices without user intervention (other than browsing a specially crafted page).

Exploit kits serve a landing page that carries out the core functions; this page will scan the target to determine their browser, browser version, installed plug-ins, and other identifying information. Exploit kits have an arsenal of commonly-known vulnerabilities, and sometimes zero-day vulnerabilities. If the target is found to be vulnerable to one of the vulnerabilities in its arsenal, the exploit kit will then leverage the vulnerability to force the download and execution of malware onto the target system.

Zero-Day

A zero-day or zero-day vulnerability is a vulnerability that (was) not previously known to exist by the security community nor the vendor. Attackers exploit these previously unknown vulnerabilities to compromise even the most recently updated, hardened devices. Zero-days are often kept secret for as long as possible by attackers, and are sometimes even sold in “underground” markets.

Obfuscate

Often we see the term "obfuscated" when reading malware analysis reports, but what does this mean? Well, to obfuscate somethinig essentially means to hide something or make something illegible. Malware authors obfuscate their code to render it unreadable and hide its malicious nature; often you will see malicious JavaScripts files to be obfuscated, although in my experience, they’re not quite difficult to deobfuscate.

The obfuscation of code is often done not only to deem it illegible, but different obfuscation methods could lead to different file sizes, giving the file containing the obfuscated a code a different signature, to evade anti-virus detection.

Deobfuscate

Referencing the above definition of obfuscate, to deobfuscate is to do the obfuscate; to take illegible, masked code and turn it into code that can be understood and interpreted. Deobfuscation routines are used to deobfuscate code, and are included with obfuscated code in order to convert the code into a language that can be interpreted by the (host) device.

Packer

Packers are used to obfuscate code, in a sense. Essentially, a malware author will take a malicious binary file (executable, DLL, etc.) and scramble the code around to change the file’s signature, to evade anti-virus detection, increasing the rate of successful infection.

---

Final Thoughts

I hope that the above terms and their definitions are simple enough to supplement your current understanding of the several different types of malware and additional malware/analysis terminology. Remember, the above are only a subset of the terminology used in malware analysis and forensics. If you wish to see some terms added, or have a suggestion, feel free to chime in with your thoughts.

About the Author Michael Fratello

Michael Fratello is a Security Engineer employed by CipherTechs, Inc., a privately held information security services provider located in downtown Manhattan, New York.  Specializing in Penetration Testing and Digital Forensics, Michael, a St. John’s University graduate majoring in Computer Security Systems, has developed a passion for information security and often spends his free time studying, programming, and researching the exponentially growing number of threats found in-the-wild today.

ISIS supporters are spreading online a collection of tutorial titled the Book of Terror to teach how Hack a Wi-FI network and which are main spying tools.

ISIS militants are spreading a small package, titled Book of Terror, containing data of various spy tools, as well as tutorials on how to hack Wi-Fi networks in order to evade detection.

The Book of Terror has been posted online by the ISIS sympathizers a week ago, it is a 5,232-page PDF document.

“It’s difficult to tell if the guide is actually being used by the group, but the 5,232-page PDF was uploaded to a Pastebin-style site just over a a week ago, and then linked to from an ISIS supporter forum on Saturday, the pseudonymous security researcher known as “Switched” told Motherboard.” reported Motherboard that first published the news. 

The package includes a guide to teach ISIS militant on how to use encryption to evade surveillance and a manual on the use of firing weapons.

Many Twitter accounts were used the by ISIS to spread copies of the Book of Terror, many websites and forums used for propaganda are also informing sympathizers about the existence of the package, which is written in English.

The package includes an entire section, titled “Secret Spy Devices,” related to electronic equipment. The section includes information on “high power” mobile phone jammer, for recording landline telephone calls and a spy camera hidden within a pen.

The experts who examined the Book of Terror confirmed that it is not a guide written from scratch by the ISIS members, instead it is a cut and paste from consumer electronic sites.

The Book of Terror also explains hot to crack Wi-Fi networks by using the popular Kali Linux distribution to hack WPA and WEP encrypted networks.

“If you live in an area where there are Muslims