Powered by Blogger.

Popular Posts

Latest Release

Friday, October 27, 2023

 Learn ElasticSearch to Lose your Brain Virginity 



So i was installing and configuring the Wazuh app to meet a few requirements of PCI/DSS.

Wazuh App is a complete SIEM that fulfills a few requirements of PCI/DSS, Moreover, it gives you recommendations about your System, Network, and other security measures as recommended by PCI/DSS.

The beauty of the Wazuh App is that it's free, comprehensive, and easy to deploy. Managing Wazuh app is something Else!

Here is the Link for review at your own risk.

Wazuh Installation Guide

Wazuh is deployed on top of ELK Stack, which is the recommended solution for managing large data files. Elastic is a search engine, a fast and recommended one to visualize large data.

Elastic Search Stores data in the form of indices, and visualize in a kibana dashboard.

Mostly there is very less help available regarding the elasticsearch. 




if your plan is to learn Big Data do a give look at the elasticsearch


Monday, June 22, 2015

The Linux Foundation on Wednesday announced that it was more than doubling the number of scholarships to be awarded this year for Linux training.
The Linux Foundation is a nonprofit organization dedicated to accelerating the growth of Linux and collaborative development.
Its announcement opened the door for the submission of applications for the 2015 Linux Training Scholarship Program.
The foundation will award 14 scholarships this year, up from last year's five.
It added two new categories: Linux Newbies and Teens-in-Training. That brings the number of training categories to seven.
"Formal Linux training is just one piece of the solution to the current shortage of Linux talent in the market," said Amanda McPherson, CMO and VP of developer programs at the Linux Foundation.
"While traditionally we have seen most people who end up with a career in Linux teaching themselves or starting as a hobbyist, Linux is simply too prevalent now for those types of individuals to meet the demand," she told LinuxInsider.

Certified Winners

Another new benefit added this year is certifications awarded as part of the scholarship. Recipients will have the opportunity to take a Linux Foundation Certified System Administrator (LFCS) or Linux Foundation Certified Engineer (LFCE) exam.



Linux Foundation certifications are widely recognized for being performance-based, distribution-flexible, and available anytime, anywhere.
The Linux Foundation training programs are essential for the continued growth of Linux, noted Rob Enderle, principal analyst at the Enderle Group.
"If you want to sustain a platform, you have to ensure people are formally trained in it. Proprietary firms fund colleges and universities to ensure this," he told LinuxInsider. "It follows that this is no less important, but often far more difficult for standards-based efforts due to more limited funding."

Candidate Qualifications

The scholarship program is open to individuals who demonstrate need and who have already displayed interest in or knowledge of Linux and open source software. Applications will be reviewed by a panel at the Linux Foundation.
Scholarship recipients will be notified by mid-August. The foundation will publicly announce the winning candidates shortly thereafter.
Applications are due by 11:59 p.m. PT on July 10, 2015.
Serious Competition
The Linux Foundation received more than 1,000 applications for last year's five scholarships awarded. The average age of applicants was 29 years old.
The Linux Foundation Training Scholarship Program provides funds to applicants who otherwise would not have the ability to attend Linux Foundation training courses. It attempts to help developers, IT professionals, and promising students to build Linux careers and contribute to shaping the future of the operating system and the enterprise.
The scholarship program ensures that more people who want to advance into this area are given the opportunity for an education in it, noted Enderle. It also helps ensure the longevity of the effort.
"If done right, it should improve the quality of the products that result by putting more rigor into the education of the practitioners," he said.

Categorical Excellence

The two training categories added this year show the developmental growth of the Linux training program.
Linux Newbies is for individuals new to Linux but who have learned the basics by completing the Intro to Linux online course (LFS101x through edX).
Teens-in-Training is for students under the age of 18 who already have started using Linux and want to get a head start on a career in the field. This is the first time The Linux Foundation has offered scholarships to pre-college students.
Whiz Kids is for 2015 high school or college grads already familiar with Linux but who want to prepare for their career with extra training. Applicants must be 18 years or older.
Women in Linux is for women doing amazing things with Linux.
SysAdmin Super Stars targets applicants who already have begun using Linux in their workplace but want to take their work to the next level with additional training.
Developer Do-Gooder is for developers using Linux for good, so that they might expand that good work while enhancing their Linux skills.
Linux Kernel Guru is a category for individuals who already have contributed to the Linux kernel community and who show promise toward becoming a Linux kernel developer or maintainer.

Popular Education

Few organized Linux training programs exist. The educational series the Linux Foundation sponsors has grown rapidly.
For example, to date more than 400,000 people have registered for the free Intro to Linux course. It is one of the biggest courses ever hosted by edX, said McPherson.
One course alone is not going to get anyone a job -- but it helps increase enrollees' knowledge of a specialized area, and it allows them to ask questions of a live instructor.
The foundation's training course enrollments continue to increase. It regularly adds new courses to keep up with changes in technology, as well as demand.
Specialized training will give scholarship winners "a leg up on the competition when looking for job opportunities," said the Linux Foundation's McPherson. "By almost tripling the number of scholarship recipients for 2015, we are trying to give that opportunity to more people."

Competitive Market

There continues to be demand for people who have the kind of training a well-managed program like this could produce. The question is whether this program will be well-managed.
"Often the problem, even with proprietary firms, is they focus on the grant process more than the quality of the related training," observed Enderle.
Interest in Linux careers is evident, said McPherson. More than nine in 10 hiring managers planned to hire Linux talent this year, according to the Linux Foundation's 2015 Linux Jobs Report.
Plus, 54 percent expected sysadmin job candidates to have formal training or a certification.
Dice.com always has thousands of Linux jobs listed, and that is only expected to grow as more and more organizations -- tech companies and otherwise -- move toward open source, noted McPherson.
"When you consider that," she said, "and that over 1,000 people applied for our scholarship program last year, it is clear there is huge interest in Linux careers." 

CMSmap is a python open source CMS scanner that automates the process of detecting security flaws of the most popular CMSs. The main purpose of CMSmap is to integrate common vulnerabilities for different types of CMSs in a single tool.
At the moment, CMSs supported by CMSmap are WordPress, Joomla and Drupal.
Please note that this project is an early state. As such, you might find bugs, flaws or mulfunctions. Use it at your own risk!

Installation

You can download the latest version of CMSmap by cloning the GitHub repository:
git clone https://github.com/Dionach/CMSmap.git

usage 

Notes

30/03/2015: Created a new repo to remove big wordlist. Users who have originally cloned the previous repo are invited to clone the new one.

Disclaimer

Usage of CMSmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume NO liability and are NOT responsible for any misuse or damage caused by this program.

Parrot Security OS  for Pentesting, Computer Forensic, Reverse engineering, Hacking, Cloud pentesting, Privacy/Anonimity and Cryptography

Parrot security OS is an open source distribution of Linux based on the well known and award winning Debian GNU/Linux operating system. As its developers describe, it is a masterpiece that gathers together all the necessary tools for hacking, penetration testing, security and privacy tasks.
According to its developers, Parrot Security OS is a security oriented operating system designed for Penetration Testing, Computer Forensic, Reverse engineering, Hacking, Privacy/Anonymity and Cryptography.
Parrot Security OS  for Pentesting, Computer Forensic, Reverse engineering, Hacking, Cloud pentesting, Privacy/Anonimity and Cryptography
Instead of installing the OS then painstakingly assembling your collection of security tools (and package dependencies), using something like Parrot Security OS takes care of all that for you
It is based on Debian and developed by Frozenbox network. Parrot is designed for everyone, from the Pro pen-tester to the newbie, because it provides the most professional tools combined in a easy to use, fast and lightweight pen-testing environment, and it can be used also for an everyday use.
Most of the penetration testing tools can be found under the Parrot entry of the main menu, where they’re organized in subsections. In addition, an anonymous surfing mode is available for those who don’t want to be traced.
Among the included applications, we can mention TrueCrypt, Ettercap, Iceweasel, Vidalia, Wireshark, VLC Media Player, RecordMyDesktop, BleachBit, XRCed, PyCrust, aircrack-ng, Hydra, Nmap, and many others.

Features

  • Updated pen-testing tools
  • Great for forensic analysis
  • Custom hardened 3.16 kernel
  • MATE interface with custom themes, wallpapers and icons
  • Fast lightweight system designed also for old computers
  • PenMode + AirMode
  • AnonSurf functionality (tor & i2p)
  • Pandora’s box ram cleaner at shutdown
  • Encrypted installation
  • Cryptocurrency friendly
  • All the necessary for programming out of the box
  • Cloud compatible
Rather than downloading the whole ISO, there’s also a BASH script version which turns a regular Debian Stable install into Parrot Security OS, you can find the script here:
You can download Parrot Security OS here:
amd64 Parrot Full – Parrot-full-1.9_amd64.iso
i386 Parrot Full – Parrot-1.9_i386.iso
Here is a demo of mssql data dumper plus a full take over tool



Enjoy

Thanks

The popular hacker Kevin Mitnick explains how it is easy to steal data from a network tapping the cable, even if it’s a fiber optic network.

Kevin Mitnick demonstrates how easy it is for a hacker to tap into your network and read your email messages, even if it’s a fiber optic network.
Kevin Mitnick is the father of the art of hacking, hacking is a philosophy of life and today the Master demonstrates how easy it is for an attacker to tap into a network to steal sensitive data, access emails, even if it’s a fiber optic network.
Kevin Mitnick clamped onto a fiber optic cable, CAT5x or CAT6x network wire, and by using the popular network analyzer Wireshark demonstrated how is simple to sniff any unencrypted information is a few minutes without leaving any trace. Mitnick used in his attack an optic fiber clip-on coupler that provides non-invasive bi-directional coupling into 250 micron coated single-modefibers.
“The FOD 5503 offers the ability to couple fiber optic talk sets at any intermediate point along a fiber span where access to a terminated end is not available.” states the description of the optic fiber clip-on coupler.
Kevin Mitnick sniffs fibers
Such kind of hardware is not used to hack into fiber, but it is designed for maintenance purpose and fiber identification.
Kevin Mitnick published a video to demonstrate the attack, it shows the popular hacker while is sniffing an email directly from the tapped cable.
The hackers can easily tap without cutting the wire by using alligator clips to attach to the cable or they can cut the cable and plug both ends into a small hub to intercept the traffic.
In both cases, it is essential to prevent physical access to the wire, but most important is to use encrypted connections, while accessing any kind of web services, including email, chat, web browsing.
An attack like the one presented by Kevin Mitnick is very easy to arrange, clever attackers could use a cheap and tiny Raspberry Pi hide the tap used to grab the data. A similar scenario is scaring because an attacker can exfiltrate data from the targeted network for a long period without arousing suspicions.
Let me suggest to watch the video.

Thursday, June 18, 2015

A brief introduction to several malware-related terms in an easy-to-understand manner. A useful glossary to better understand the “malware” terminology.

Introduction