Archive for the ‘education’ Category

When it comes to web application security one often thinks about the obvious: Sanitize user input, transmit data over encrypted channels and use secure functions. Often overlooked are the positive effects that HTTP-Response-Headers in conjunction with a modern web browser can have on web security.

Active Security

Here we will take a look at the headers recommended by the Open Web Application Security Project (OWASP). These headers can be utilised to actively increase the security of the web application.

X-FRAME-OPTIONS

This header gives instructions to the browser if and when a page should be displayed as part of another page (i.e. in an IFRAME). Allowing a page to be loaded inside an IFRAME opens up the risk of a so called Clickjacking attack. In this attack the target site is loaded in the background, hidden to the victim. The victim is then enticed to perform clicks on the website (e.g. through a survey or a prize draw), these clicks are secretly executed on the target site in the background. If the victim is currently logged in to the target site then those clicks are performed in the context of this user’s session. Via this method it is possible to execute commands as the user, as well as exfiltrating information from the user’s context.

The X-Frame-Options can be used with the following options:

  • DENY
  • SAMEORIGIN
  • ALLOW-FROM ( is your desired URI, including protocol handler)

Unless your application explicitly requires to be loaded inside an IFRAME you should set the header to deny.

X-Frame-Options: DENY

If your application uses IFRAMEs within the application itself, then you should set the header to SAMEORIGIN:

X-Frame-Options: SAMEORIGIN

If you want your page to be frameable across a different origin, then you should explicitly define the external origin:

X-Frame-Options: ALLOW-FROM contextis.co.uk

Please note that the ALLOW-FROM directive of the X-Frame-Options header expects exactly one domain. No protocol, no port, no path and no wildcard.

STRICT-TRANSPORT-SECURITY

This header, often abbreviated as HSTS (HTTP Strict Transport Security), tells the browser to enforce an HTTPS connection whenever a user tries to reach the site sending this header.  All major browsers support this feature, and should:

  1. Only connect to the site via HTTPS
  2. Convert all HTTP references on the site (e.g. JavaScript includes) to HTTPS and
  3. Refuse to load the website in case of errors with the SSL certificate (e.g. Certificate expired, broken certificate chain, …)

It is important to notice that as this header can only be set via an HTTPS response, the user therefore needs to connect to the site at least once via HTTPS, unless you make some special preparations, more on that in a few sentences. It is also important to note that the header is only valid for a certain amount of time: the lifetime is specified in seconds. Context recommends the following setting, which tells the browser to obey the STS-Setting for half a year:

Strict-Transport-Security: max-age=15768000

Should this rule be extended to cover all subdomains, then the header can be extended by adding the attribute ‘includeSubDomains’:

Strict-Transport-Security: max-age=15768000; includeSubDomains

Some browsers (at least Chrome, Firefox, IE11/Edge and Safari) ship with a “preload list”, a list of URLs that have explicitly declared that they want to use HSTS. If the users tries to access a listed URL, then the browser automatically enforces the HSTS rule, even for the very first connection, that otherwise would have been vulnerable to a man-in-the-middle attack. To enter your own websites to this preload list you have to submit the URL on this page, and append the preload directive to the header, e.g.:

Strict-Transport-Security: max-age=15768000; includeSubDomains; preload

X-XSS-PROTECTION

This header is surrounded by a little controversy and different people recommend different settings, some even recommend to explicitly disabling it. So what is the deal with this header?

The purpose of this header is to instruct the web browser to utilize its Cross-Site Scripting protection, if present (X-XSS-Protection: 1). Currently only Chrome, Internet Explorer and Safari have such an engine built-in and understand this header (Firefox seems to rely on the third party addon NoScript).

It might seem like a good idea to try and filter malicious requests where the attack happens, at the browser, but filtering is very hard. Especially when one tries to heuristically detect malicious code, sanitize it and at the same time try to maintain a working site. This lead to several filter bypasses and even introduced Cross-Site Scripting vulnerabilities on previously healthy sites.

Once it became apparent that a building a heuristic filter that tries to sanitize unknown code is a Sisyphus task, a new all or nothing approach was invented: X-XSS-Protection: 1; mode=block. If this mode is set the browser is instructed not to render the page at all, but instead displays an empty page (about:blank). But even that approach had flaws in its early implementations, leading some major sites (such as facebook.com, live.com and slack.com) to explicitly disable the XSS filter (X-XSS-Protection: 0).

So while it is difficult to give a definitive recommendation for this header, it seems that the variant ‘X-XSS-Protection: 1; mode=block’ has matured rather well and has outgrown its early flaws. Besides that, the best protection against Cross-Site Scripting is still sanitizing all your in- and output ;-).

To explicitly enable the filter that tries to sanitize malicious input set the following header:

X-XSS-Protection: 1;

To use the all-or-nothing approach that blocks a site when malicious input is detected set the following header:

X-XSS-Protection: 1; mode=block

Additional one can set a parameter ‘report’ that contains an URL. If one of the Webkit-XSS-Auditors (Chrome, Safari) encounters an attack it will send a POST message to this URL, containing details about the incident:

X-XSS-Protection: 1; mode=block; report=https://domain.tld/folder/file.ext

X-CONTENT-TYPE-OPTIONS

This header can be used to prevent certain versions of Internet Explorer from ‘sniffing’ the MIME type of a page. It is a feature of Internet Explorer to interpret sites of ‘Content-Type: text/plaintext’ as HTML when it contains HTML-tags. This however introduces cross-site scripting risks, when one has to deal with user provided content. The X-Content-Type-Options knows only one option – ‘nosniff’ – which prevents the browser from trying to sniff the MIME type.

X-Content-Type-Options: nosniff

PUBLIC-KEY-PINS

Public-Key-Pinning, also known as HTTP Public Key Pinning (short HPKP), is still relatively new and is not yet widely used. However it has great security potential as it allows site operators to specify (‘pin’) a valid certificate and rely less on CAs – that in the past have proven to be susceptible to attack (e.g. any CA could create a technically valid and trusted certificate that has not been issued by you) . Similar to HSTS, the browser is then supposed to remember this pin and only accept connections to a site if the certificate pin matches the pin provided by the header. This however means that an unexpected certificate change can leave visitors locked out of the web presence. For this reason it is required to provide a backup certificate pin that can be used when the first one fails. It also must include a max-age attribute, which once again, specifies the lifetime in seconds. Please bear in mind that this is also the potential lockout time for an unaware user.

Public-Key-Pins: pin-sha256="<sha256>"; pin-sha256="<sha256>"; max-age=15768000;

Should this rule be extended to cover all subdomains, then the header can be extended by adding the attribute ‘includeSubDomains’:

Public-Key-Pins: pin-sha256="<sha256>"; pin-sha256="<sha256>"; max-age=15768000; includeSubDomains

CONTENT-SECURITY-POLICY (SUPERSEDES X-CONTENT-SECURITY-POLICY AND X-WEBKIT-CSP)

The Content-Security-Policy (short CSP) is a flexible approach to specify which content in a site may be executed and which not. One of the current problems is that the web browser does not know which sources to trust and which not to trust, e.g. is a third-party JavaScript include from apis.google.com good or bad? The only proper solution to this is source whitelisting, where the developer specifies legitimate resource locations. A very basic example on how to allow JavaScript (script-src) from both the local site (‘self’) and apis.google.com:

Content-Security-Policy: script-src 'self' https://apis.google.com

CSP has a few additional keywords that allow for a very granular access control. It is important to notice that CSP is intended as a per-site model so that every site needs an own http-headers set.

Passive Security

The following headers do not actively enable any security related features, but rather have a passive impact on security, typically by revealing more information than necessary. By now it is well established that security by obscurity is a more than questionable security concept if you rely solely on it. However there is little to no gain to leave the cards lying open on the table and provide an attacker with valuable information, just don’t think that this alone would be enough.

COOKIE ATTRIBUTES (HTTPONLY AND SECURE)

Often overlooked are the special attributes that can be associated with cookies, which can drastically reduce the risks of cookie theft.

HttpOnly

The HttpOnly attribute tells the browser to deny JavaScript access to this cookie, making it more difficult to access via cross-site scripting.

Set-Cookie: cookie=xxxxxxxxx; HttpOnly

Secure

The secure attribute tells the browser to send this cookie only over an HTTPS connection. This should be the norm for all session and authentication related cookies, as it prevents easy intercepting via an unencrypted HTTP connection.

Set-Cookie: cookie=xxxxxxxxx; Secure

Of course these attributes can be combined:

Set-Cookie: cookie=xxxxxxxxx; HttpOnly; Secure

SERVER / X-POWERED-BY

Both of these headers advertise the server software in use and its version number. While these headers might be nice for debugging purposes they do not contribute to the user experience in any way and should either be omitted entirely or reduced to an amount that does not leak any version details.

CACHING DIRECTIVES

Another issue that is often overlooked is the caching of sensitive information by the browser. A browser frequently stores elements of a website to a local cache to speed up the browsing experience. While this behaviour is fine for non-sensitive sites and elements like graphics and stylesheet information it has to be avoided for sensitive information (e.g. pages from an authenticated area of a web application). This problem gets worse in a shared computing environment (e.g. office, school, internet café …), where other users can easily access your browser cache. To tell the browser (and possible intermediate caches such as proxies) not to store anything in its cache one should use the following directives:

Cache-Control: no-cache, no-store
Expires: 0
Pragma: no-cache

It is important to notice that the often encountered directive “Cache-Control: private” cannot be considered secure in a shared computing environment, as it allows the browser to store these elements in its cache.

ETag

The “Entity Tag” (short ETag) header is used for caching purposes. The server uses a special algorithm to calculate an individual ETag for every revision of a file it serves. The browser is then able to ask the server if the file is still available under this ETag. If it is, the server responds with a short HTTP 304 status telling the browser to use the locally cached version, otherwise it sends the full resource as part of an HTTP 200 status.

While this is a useful header you’ll sometimes find a reference to it in vulnerability related articles or reports. The problem is that certain versions of Apache (versions before 2.3.14) used to disclose the inode for the file that is being served in their default configuration. The inode can be used for further attacks, e.g. via the Network File System (NFS), that uses these inodes to create file handles. The problematic default configuration has been corrected in more recent Apache versions, but you should nonetheless make sure that your corresponding FileETag setting in httpd.conf does not contain the INode attribute. The following line is fine:

FileETag MTime Size

The following line is NOT: 

FileETag INode MTime Size

X-ROBOTS-TAG AND ROBOTS.TXT

The X-Robots-Tag header can be used to give search engines, which support this header, directives on how a page or file should be indexed. The advantage of the X-Robots-Tag over a single robots.txt file or the robots-meta-tag is that this header can be set and configured globally, can be adjusted to a very granular and flexible level (e.g. a regular expression that matches certain URLs). Sending a meta-tag with a media file – not possible. Sending an HTTP-header with a media file – no problem. It also has the advantage of disclosing information on a per request basis instead of a single file. Just think about the secret directories that you don’t want anyone to know about: Listing them in a robots.txt file with a disallow entry? Probably a bad idea since this lets everyone immediately know what you want to hide – you might as well just put a link on your website.

So should you ditch the robots.txt altogether and rely solely on the X-Robots-Tag? Probably not, instead combine them for the greatest compatibility. However keep in mind that the robots.txt file should only contain files and directories that you want to be indexed. You should neverlist files that you want to block, instead place a general disallow entry in the robots.txt:

An example to block everything:

User-Agent: *
Disallow: /

An example that tells the crawler to index everything under /Public/ but not the rest:

User-Agent: *
Allow: /Public/
Disallow: /

ADDING CUSTOM HEADERS IN VARIOUS HTTP SERVERS

Below you can find a general example on how to set a static custom HTTP header in different HTTP server software, as well as links to a more in-depth manual for setting more complex header rules.

Apache

For apache it is recommended to use the apache module ‘mod_headers’ to control http headers. The directive ‘Header’ can be placed almost anywhere in the configuration file, e.g.:

<Directory "/var/www/dir1">
    Options +Indexes
    Header set X-XSS-Protection “1; mode=block”
</Directory>

For a more detailed guide on how to set HTTP headers with mod_headers please refer to this page.

Internet Information Services (IIS)

For IIS there are two ways to set custom headers:

1. Via command line:

appcmd set config /section:httpProtocol /+customHeaders.[name='X-XSS-Protection',value='1; mode=block']

2. Via graphical interface Open IIS Manager and use the Connections pane to find the appropriate level you want to enable the header for. In the Home pane, double-click on ‘HTTP Response Headers’. Now look for the Actions pane and click on ‘Add…’ and set both the name and the value for the header you want to set. In our example the name would be ‘X-XSS-Protection’ and the value would be ‘1; mode=block’.

For a more detailed guide on how to set HTTP headers with IIS please refer to this page.

Lighttpd

For Lighthttpd it is recommended to use the module ‘mod_setenvs’ to control apache headers. The directive ‘setenv.add-response-header’ can be placed almost anywhere in the configuration file, e.g.:

setenv.add-response-header = (
      "X-XSS-Protection" => "1; mode=Block" 
    )

For a more detailed guide on how to set HTTP headers with NGINX please refer to this page.

NGINX

For NGINX it is recommended to use the module ‘ngx_http_headers_module’ to control http headers. The directive ‘add_header’ can be placed in the appropriate location in the configuration file, e.g.:

server {
    listen       80;
    server_name  domain1.com www.domain1.com;
    root         html;

    location / {
      add_header X-XSS-Protection 1; mode=Block always
    }
  }

For a more detailed guide on how to set HTTP headers with NGINX please refer to this page.

Summary and Conclusions

We have seen that there are quite a few more or less new HTTP headers that can actively contribute to a web site’s security. We have also seen that there are a few well-established headers that might be worth revisiting to decrease the amount of information that is leaked.

References

Following are a few references for the technically interested reader that wants to get a more in-depth understanding of the different headers as well as HTTP headers in general. Please refer to ‘Adding custom headers in various HTTP servers’ above, if you simply want to know how to activate the various headers in your HTTP server software.

Advertisements

  1. wifite
    Link Project: https://github.com/derv82/wifite
    Wifite is for Linux only.Wifite is an automated wireless attack tool.Wifite was designed for use with pentesting distributions of Linux, such as Kali LinuxPentooBackBox; any Linux distributions with wireless drivers patched for injection. The script appears to also operate with Ubuntu 11/10, Debian 6, and Fedora 16.Wifite must be run as root. This is required by the suite of programs it uses. Running downloaded scripts as root is a bad idea. I recommend using the Kali Linux bootable Live CD, a bootable USB stick (for persistent), or a virtual machine. Note that Virtual Machines cannot directly access hardware so a wireless USB dongle would be required.Wifite assumes that you have a wireless card and the appropriate drivers that are patched for injection and promiscuous/monitor mode.
  2. wifiphisher
    Link Project: https://github.com/sophron/wifiphisher
    Wifiphisher is a security tool that performs Wi-Fi automatic association attacks to force wireless clients to unknowingly connect to an attacker-controlled Access Point. It is a rogue Access Point framework that can be used to mount automated victim-customized phishing attacks against WiFi clients in order to obtain credentials or infect the victims with malwares. It can work a social engineering attack tool that unlike other methods it does not include any brute forcing. It is an easy way for obtaining credentials from captive portals and third party login pages (e.g. in social networks) or WPA/WPA2 pre-shared keys.Wifiphisher works on Kali Linux and is licensed under the GPL license.
  3. wifi-pumpkin
    Link Project: https://github.com/P0cL4bs/WiFi-Pumpkin
    Very friendly graphic user interface, good handling, my favorite one is the establishment of phishing wifi attack tools, rich functional interface, ease of use is excellent. Compatibility is also very good. Researcher  is actively update them, we can continue to focus on this fun project
  4. fruitywifi
    Link Project: https://github.com/xtr4nge/FruityWifi
    FruityWifi is an open source tool to audit wireless networks. It allows the user to deploy advanced attacks by directly using the web interface or by sending messages to it.
    Initially the application was created to be used with the Raspberry-Pi, but it can be installed on any Debian based system
  5. mama toolkit
    Link Project: https://github.com/sensepost/mana
    A toolkit for rogue access point (evilAP) attacks first presented at Defcon 22.
    More specifically, it contains the improvements to KARMA attacks we implemented into hostapd, as well as some useful configs for conducting MitM once you’ve managed to get a victim to connect.
  6. 3vilTwinAttacker
    Link Project:https://github.com/wi-fi-analyzer/3vilTwinAttacker
    Much like wifi-pumpkin interface. Has a good graphical interface, the overall experience is very good, good ease of use. Good compatibility. Researcher has hardly been updated.
  7. ghost-phisher
    Link Project: http://tools.kali.org/information-gathering/ghost-phisher
    It has a good graphical interface, but almost no fault tolerance, many options easily confusing, but the overall feeling is still very good use. It can be a key to establish rogue ap, and protect dhcp, dns services interface, easy to launch a variety of middle attack, ease of use is good. Compatible good. Kali has been made official team updated original repo.
  8. fluxion
    Link Project: https://github.com/wi-fi-analyzer/fluxion
    Fluxion is a remake of linset by vk496 with (hopefully) less bugs and more functionality. It’s compatible with the latest release of Kali (rolling). The attack is mostly manual, but experimental versions will automatically handle most functionality from the stable releases.

Happy Hunting

tv-justice

Here is some help for you guys and gals that are looking for some forensic tools, they can also be good fun to mess around with.

1. Disk tools and data capture

————————————————————————————————————–
Arsenal Image Mounter :
Mounts disk images as complete disks in Windows, giving access to Volume Shadow Copies, etc.
https://www.arsenalrecon.com/apps/image-mounter/
————————————————————————————————————–
DumpIt :
Generates physical memory dump of Windows machines, 32 bits 64 bit. Can run from a USB flash drive.
http://www.moonsols.com/2011/07/18/moonsols-dumpit-goes-mainstream/
————————————————————————————————————–
EnCase :
Create EnCase evidence files and EnCase logical evidence files
http://www1.guidancesoftware.com/Order-Forensic-Imager.aspx
————————————————————————————————————–
Encrypted Disk Detector :
Checks local physical drives on a system for TrueCrypt, PGP, or Bitlocker encrypted volumes
http://info.magnetforensics.com/encrypted-disk-detector
————————————————————————————————————–
EWF MetaEditor :
Edit EWF (E01) meta data, remove passwords (Encase v6 and earlier)
http://www.4discovery.com/our-tools/
————————————————————————————————————–
FAT32 Format :
Enables large capacity disks to be formatted as FAT32
http://www.ridgecrop.demon.co.uk/index.htm?fat32format.htm
————————————————————————————————————–
Forensics Acquisition of Websites :
Browser designed to forensically capture web pages
http://www.fawproject.com/en/default.aspx
————————————————————————————————————–
FTK Imager :
Imaging tool, disk viewer and image mounter
http://www.accessdata.com/support/product-downloads
————————————————————————————————————–
Guymager :
Multi-threaded GUI imager under running under Linux
http://guymager.sourceforge.net/
————————————————————————————————————–
Live RAM Capturer :
Extracts RAM dump including that protected by an anti-debugging or anti-dumping system. 32 and 64 bit builds
http://forensic.belkasoft.com/en/ram-capturer
————————————————————————————————————–
NetworkMiner :
Network analysis tool. Detects OS, hostname and open ports of network hosts through packet sniffing/PCAP parsing
http://sourceforge.net/projects/networkminer/
————————————————————————————————————–
Nmap :
Utility for network discovery and security auditing
http://nmap.org/
————————————————————————————————————–
Magnet RAM :
Captures physical memory of a suspect’s computer. Windows XP to Windows 10, and 2003, 2008, 2012. 32 & 64 bit
http://www.magnetforensics.com/ram-capture/
————————————————————————————————————–
OSFClone :
Boot utility for CD/DVD or USB flash drives to create dd or AFF images/clones.
http://www.osforensics.com/tools/create-disk-images.html
————————————————————————————————————–
OSFMount :
Mounts a wide range of disk images. Also allows creation of RAM disks
http://www.osforensics.com/tools/mount-disk-images.html
————————————————————————————————————–
Wireshark :
Network protocol capture and analysis
https://www.wireshark.org/
————————————————————————————————————–
Disk2vhd :
Creates Virtual Hard Disks versions of physical disks for use in Microsoft Virtual PC or Microsoft Hyper-V VMs
https://technet.microsoft.com/en-gb/sysinternals/ee656415.aspx

————————————————————————————————————–
2. Email analysis

————————————————————————————————————–
EDB Viewer :
Open and view (not export) Outlook EDB files without an Exchange server
http://www.nucleustechnologies.com/exchange-edb-viewer.html
————————————————————————————————————–
Mail Viewer :
Viewer for Outlook Express, Windows Mail/Windows Live Mail, Mozilla Thunderbird message databases and single EML files
http://www.mitec.cz/mailview.html
————————————————————————————————————–
MBOX Viewer :
View MBOX emails and attachments
http://www.systoolsgroup.com/mbox-viewer.html
————————————————————————————————————–
OST Viewer  :
Open and view (not export) Outlook OST files without connecting to an Exchange server
http://www.nucleustechnologies.com/ost-viewer.html
————————————————————————————————————–
PST Viewer  :
Open and view (not export) Outlook PST files without needing Outlook
http://www.nucleustechnologies.com/pst-viewer.html
————————————————————————————————————–
3. General tools

————————————————————————————————————–
Agent Ransack :
Search multiple files using Boolean operators and Perl Regex
http://www.mythicsoft.com/page.aspx?type=agentransack&page=home
————————————————————————————————————–
Computer Forensic Reference Data Sets :
Collated forensic images for training, practice and validation
http://www.cfreds.nist.gov/
————————————————————————————————————–
EvidenceMover :
Copies data between locations, with file comparison, verification, logging
http://www.nuix.com/Nuix-evidence-mover
————————————————————————————————————–
FastCopy :
Self labelled ‘fastest’ copy/delete Windows software. Can verify with SHA-1, etc.
http://ipmsg.org/tools/fastcopy.html.en
————————————————————————————————————–
File Signatures :
Table of file signatures
http://www.garykessler.net/library/file_sigs.html
————————————————————————————————————–
HexBrowser :
Identifies over 1000 file types by examining their signatures
http://www.hexbrowser.com/
————————————————————————————————————–
HashMyFiles :
Calculate MD5 and SHA1 hashes
http://www.nirsoft.net/utils/hash_my_files.html
————————————————————————————————————–
MobaLiveCD :
Run Linux live CDs from their ISO image without having to boot to them
http://mobalivecd-en.mobatek.net/
————————————————————————————————————–
Mouse Jiggler :
Automatically moves mouse pointer stopping screen saver, hibernation etc.
http://mousejiggler.codeplex.com/
————————————————————————————————————–
Notepad ++ :
Advanced Notepad replacement
http://notepad-plus-plus.org/
————————————————————————————————————–
NSRL :
Hash sets of ‘known’ (ignorable) files
http://www.nsrl.nist.gov/Downloads.htm
————————————————————————————————————–
Quick Hash :
A Linux & Windows GUI for individual and recursive SHA1 hashing of files
http://sourceforge.net/projects/quickhash/
————————————————————————————————————–
USB Write Blocker :
Enables software write-blocking of USB ports
http://dsicovery.com/dsicovery-software/usb-write-blocker/
————————————————————————————————————–
Volix :
Application that simplifies the use of the Volatility Framework
http://www.it-forensik.fh-aachen.de/projekte/volix/13
————————————————————————————————————–
Windows Forensic Environment :
Guide by Brett Shavers to creating and working with a Windows boot CD
http://winfe.wordpress.com/
————————————————————————————————————–
4. File and data analysis

————————————————————————————————————–
Advanced Prefetch Analyser :
Reads Windows XP,Vista and Windows 7 prefetch files
http://www.ash368.com/
————————————————————————————————————–
analyzeMFT :
Parses the MFT from an NTFS file system allowing results to be analysed with other tools
https://github.com/dkovar/analyzeMFT
————————————————————————————————————–
bstrings :
Find strings in binary data, including regular expression searching.
https://binaryforay.blogspot.co.uk/2015/07/introducing-bstrings-better-strings.html
————————————————————————————————————–
CapAnalysis :
PCAP viewer
http://www.capanalysis.net/site/
————————————————————————————————————–
Crowd Reponse :
Windows console application to aid gathering of system information for incident response and security engagements.
http://www.crowdstrike.com/community-tools/
————————————————————————————————————–
Crowd Inspect :
Details network processes, listing binaries associated with each process. Queries VirusTotal, other malware repositories & reputation services to produce “at-a-glance” state of the system
http://www.crowdstrike.com/community-tools/
————————————————————————————————————–
DCode :
Converts various data types to date/time values
http://www.digital-detective.net/digital-forensic-software/free-tools/
————————————————————————————————————–
Defraser :
Detects full and partial multimedia files in unallocated space
http://sourceforge.net/projects/defraser/
————————————————————————————————————–
eCryptfs Parser :
Recursively parses headers of every eCryptfs file in selected directory. Outputs encryption algorithm used, original file size, signature used, etc.
http://sourceforge.net/projects/ecryptfs-p/
————————————————————————————————————–
Encryption Analyzer :
Scans a computer for password-protected & encrypted files, reports encryption complexity and decryption options for each file
http://www.lostpassword.com/encryption-analyzer.htm
————————————————————————————————————–
ExifTool :
Read, write and edit Exif data in a large number of file types
http://www.sno.phy.queensu.ca/~phil/exiftool/
————————————————————————————————————–
File Identifier :
Drag and drop web-browser JavaScript tool for identification of over 2000 file types
http://www.toolsley.com/
————————————————————————————————————–
Forensic Image Viewer :
View various picture formats, image enhancer, extraction of embedded Exif, GPS data
http://www.sandersonforensics.com/forum/list.php?category/46-Free-Software
————————————————————————————————————–
Ghiro :
In-depth analysis of image (picture) files
http://www.getghiro.org/
————————————————————————————————————–
Highlighter :
Examine log files using text, graphic or histogram views
http://www.mandiant.com/products/free_software/highlighter/
————————————————————————————————————–
Link Parser :
Recursively parses folders extracting 30+ attributes from Windows .lnk (shortcut) files
http://www.4discovery.com/our-tools/
————————————————————————————————————–
LiveContactsView :
View and export Windows Live Messenger contact details
http://www.nirsoft.net/utils/live_messenger_contacts.html
————————————————————————————————————–
PECmd :
Prefetch Explorer
https://binaryforay.blogspot.co.uk/2016/01/pecmd-v0600-released.html
————————————————————————————————————–
PlatformAuditProbe :
Command Line Windows forensic/ incident response tool that collects many artefacts. Manual
https://appliedalgo.com/
————————————————————————————————————–
RSA Netwitness Investigator :
Network packet capture and analysis
http://www.emc.com/security/rsa-netwitness.htm#!freeware
————————————————————————————————————–
Memoryze :
Acquire and/or analyse RAM images, including the page file on live systems
http://www.mandiant.com/products/free_software/memoryze/
————————————————————————————————————–
MetaExtractor :
Recursively parses folders to extract meta data from MS Office, OpenOffice and PDF files
http://www.4discovery.com/our-tools/
————————————————————————————————————–
MFTview :
Displays and decodes contents of an extracted MFT file
http://www.sandersonforensics.com/forum/list.php?category/46-Free-Software
————————————————————————————————————–
PictureBox :
Lists EXIF, and where available, GPS data for all photographs present in a directory. Export data to .xls or Google Earth KML format
http://www.mikesforensictools.co.uk/MFTPB.html
————————————————————————————————————–
PsTools :
Suite of command-line Windows utilities
http://technet.microsoft.com/en-us/sysinternals/bb896649.aspx
————————————————————————————————————–
Shadow Explorer :
Browse and extract files from shadow copies
http://www.shadowexplorer.com/
————————————————————————————————————–
SQLite Manager :
Firefox add-on enabling viewing of any SQLite
https://addons.mozilla.org/en-US/firefox/addon/sqlite-manager/
————————————————————————————————————–
Strings :
Command-line tool for text searches
http://technet.microsoft.com/en-gb/sysinternals/bb897439.aspx
————————————————————————————————————–
Structured Storage Viewer :
View and manage MS OLE Structured Storage based files
http://www.mitec.cz/ssv.html
————————————————————————————————————–
Switch-a-Roo :
Text replacement/converter/decoder for when dealing with URL encoding, etc
http://www.mikesforensictools.co.uk/MFTSAR.html
————————————————————————————————————–
Windows File Analyzer :
Analyse thumbs.db, Prefetch, INFO2 and .lnk files
http://www.mitec.cz/wfa.html
————————————————————————————————————–
Xplico :
Network forensics analysis tool
http://www.xplico.org/
————————————————————————————————————–
5. Mac OS tools

————————————————————————————————————–
Audit :
Audit Preference Pane and Log Reader for OS X
https://github.com/twocanoes/audit
————————————————————————————————————–
ChainBreaker :
Parses keychain structure, extracting user’s confidential information such as application account/password, encrypted volume password (e.g. filevault), etc
http://forensic.n0fate.com/?page_id=412
————————————————————————————————————–
Disk Arbitrator :
Blocks the mounting of file systems, complimenting a write blocker in disabling disk arbitration
https://github.com/aburgh/Disk-Arbitrator
————————————————————————————————————–
Epoch Converter :
Converts epoch times to local time and UTC
https://www.blackbagtech.com/resources/freetools/epochconverter.html
————————————————————————————————————–
FTK Imager CLI for Mac OS :
Command line Mac OS version of AccessData’s FTK Imager
http://accessdata.com/product-download/digital-forensics/mac-os-10.5-and-10.6x-version-3.1.1
————————————————————————————————————–
IORegInfo :
Lists items connected to the computer (e.g., SATA, USB and FireWire Drives, software RAID sets). Can locate partition information, including sizes, types, and the bus to which the device is connected
https://www.blackbagtech.com/resources/freetools/ioreg-info.html
————————————————————————————————————–
PMAP Info :
Displays the physical partitioning of the specified device. Can be used to map out all the drive information, accounting for all used sectors
https://www.blackbagtech.com/resources/freetools/pmap-info.html
————————————————————————————————————–
Volafox :
Memory forensic toolkit for Mac OS X
http://forensic.n0fate.com/?page_id=412
————————————————————————————————————–
6. Mobile devices

————————————————————————————————————–
iPBA2 :
Explore iOS backups
http://ipbackupanalyzer.com/
————————————————————————————————————–
iPhone Analyzer :
Explore the internal file structure of Pad, iPod and iPhones
http://sourceforge.net/projects/iphoneanalyzer/
————————————————————————————————————–
ivMeta :
Extracts phone model and software version and created date and GPS data from iPhone videos.
http://www.csitech.co.uk/ivmeta-iphone-metadata/
————————————————————————————————————–
Last SIM Details :
Parses physical flash dumps and Nokia PM records to find details of previously inserted SIM cards.
http://lastsimdetails.blogspot.co.uk/p/downloads.html
————————————————————————————————————–
Rubus :
Deconstructs Blackberry .ipd backup files
http://www.cclgroupltd.com/Buy-Software/rubus-ipd-de-constructor-utility.html
————————————————————————————————————–
SAFT :
Obtain SMS Messages, call logs and contacts from Android devices
http://www.signalsec.com/saft/
————————————————————————————————————–
7. Data analysis suites

————————————————————————————————————–
Autopsy :
Graphical interface to the command line digital investigation analysis tools in The Sleuth Kit (see below)
http://www.sleuthkit.org/autopsy/
————————————————————————————————————–
Backtrack :
Penetration testing and security audit with forensic boot capability
http://www.backtrack-linux.org/
————————————————————————————————————–
Caine :
Linux based live CD, featuring a number of analysis tools
http://www.caine-live.net/
————————————————————————————————————–
Deft :
Linux based live CD, featuring a number of analysis tools
http://www.deftlinux.net/
————————————————————————————————————–
Digital Forensics Framework :
Analyses volumes, file systems, user and applications data, extracting metadata, deleted and hidden items
http://www.digital-forensic.org/
————————————————————————————————————–
Forensic Scanner :
Automates ‘repetitive tasks of data collection’. Fuller description here
https://github.com/appliedsec/forensicscanner
————————————————————————————————————–
Paladin :
Ubuntu based live boot CD for imaging and analysis
http://www.sumuri.com/
————————————————————————————————————–
SIFT :
VMware Appliance pre-configured with multiple tools allowing digital forensic examinations
http://computer-forensics.sans.org/community/downloads/
————————————————————————————————————–
The Sleuth Kit :
Collection of UNIX-based command line file and volume system forensic analysis tools
http://www.sleuthkit.org/sleuthkit/
————————————————————————————————————–
Volatility Framework :
Collection of tools for the extraction of artefacts from RAM
http://www.volatilityfoundation.org/
————————————————————————————————————–

8. Internet analysis

http://www.nirsoft.net/utils/mzcv.html
————————————————————————————————————–
MozillaHistoryView :
Reads the history.dat of Firefox/Mozilla/Netscape Web browsers, and displays the list of all visited Web page
http://www.nirsoft.net/utils/mozilla_history_view.html
————————————————————————————————————–
MyLastSearch :
Extracts search queries made with popular search engines (Google, Yahoo and MSN) and social networking sites (Twitter, Facebook, MySpace)
http://www.nirsoft.net/utils/my_last_search.html
————————————————————————————————————–
PasswordFox :
Extracts the user names and passwords stored by Mozilla Firefox Web browser
http://www.nirsoft.net/utils/passwordfox.html
————————————————————————————————————–
OperaCacheView :
Reads the cache folder of Opera Web browser, and displays the list of all files currently stored in the cache
http://www.nirsoft.net/utils/opera_cache_view.html
————————————————————————————————————–
OperaPassView :
Decrypts the content of the Opera Web browser password file, wand.dat
http://www.nirsoft.net/utils/opera_password_recovery.html
————————————————————————————————————–
Web Historian :
Reviews list of URLs stored in the history files of the most commonly used browsers
http://www.mandiant.com/resources/download/web-historian
————————————————————————————————————–
Web Page Saver :
Takes list of URLs saving scrolling captures of each page. Produces HTML report file containing the saved pages
http://info.magnetforensics.com/web-page-saver
————————————————————————————————————–

9. Registry analysis

————————————————————————————————————–
AppCompatCache Parser :
Dumps list of shimcache entries showing which executables were run and their modification dates. Further details.
http://binaryforay.blogspot.co.uk/p/software.html
————————————————————————————————————–
ForensicUserInfo :
Extracts user information from the SAM, SOFTWARE and SYSTEM hives files and decrypts the LM/NT hashes from the SAM file
http://www.woanware.co.uk/forensics/forensicuserinfo.html
————————————————————————————————————–
Process Monitor :
Examine Windows processes and registry threads in real time
http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx
————————————————————————————————————–
RECmd :
Command line access to offline Registry hives. Supports simple & regular expression searches as well as searching by last write timestamp. Further details.
http://binaryforay.blogspot.co.uk/p/software.html
————————————————————————————————————–
Registry Decoder :
For the acquisition, analysis, and reporting of registry contents
http://www.digitalforensicssolutions.com/registrydecoder/
————————————————————————————————————–
Registry Explorer :
Offline Registry viewer. Provides deleted artefact recovery, value slack support, and robust searching. Further details.
http://binaryforay.blogspot.co.uk/p/software.html
————————————————————————————————————–
RegRipper :
Registry data extraction and correlation tool
http://regripper.wordpress.com/
————————————————————————————————————–
Regshot :
Takes snapshots of the registry allowing comparisons e.g., show registry changes after installing software
http://sourceforge.net/projects/regshot/files/
————————————————————————————————————–
ShellBags Explorer  :
Presents visual representation of what a user’s directory structure looked like. Additionally exposes various timestamps (e.g., first explored, last explored for a given folder. Further details.
http://binaryforay.blogspot.co.uk/p/software.html
————————————————————————————————————–
USB Device Forensics :
Details previously attached USB devices on exported registry hives
http://www.woanware.co.uk/forensics/usbdeviceforensics.html
————————————————————————————————————–
USB Historian :
Displays 20+ attributes relating to USB device use on Windows systems
http://www.4discovery.com/our-tools/
————————————————————————————————————–
USBDeview :
Details previously attached USB devices
http://www.nirsoft.net/utils/usb_devices_view.html
————————————————————————————————————–
User Assist Analysis :
Extracts SID, User Names, Indexes, Application Names, Run Counts, Session, and Last Run Time Attributes from UserAssist keys
http://www.4discovery.com/our-tools/
————————————————————————————————————–
UserAssist :
Displays list of programs run, with run count and last run date and time
http://blog.didierstevens.com/programs/userassist/
————————————————————————————————————–
Windows Registry Recovery :
Extracts configuration settings and other information from the Registry
http://www.mitec.cz/wrr.html
————————————————————————————————————–
10. Application analysis

————————————————————————————————————–
Dropbox Decryptor :
Decrypts the Dropbox filecache.dbx file which stores information about files that have been synced to the cloud using Dropbox
http://info.magnetforensics.com/dropbox-decryptor
————————————————————————————————————–
Google Maps Tile Investigator :
Takes x,y,z coordinates found in a tile filename and downloads surrounding tiles providing more context
http://info.magnetforensics.com/google-maps-tile-investigator
————————————————————————————————————–
KaZAlyser :
Extracts various data from the KaZaA application
http://www.sandersonforensics.com/forum/list.php?category/46-Free-Software
————————————————————————————————————–
LiveContactsView :
View and export Windows Live Messenger contact details
http://www.nirsoft.net/utils/live_messenger_contacts.html
————————————————————————————————————–
SkypeLogView :
View Skype calls and chats
http://www.nirsoft.net/utils/skype_log_view.html
————————————————————————————————————–

TV failureInfoSec skills are in such high demand right now. As the world continues to turn everything into an app and connect even the most basic devices to the internet, the demand is only going to grow, so it’s no surprise everyone wants to learn hacking these days.

However, almost every day I come across a forum post where someone is asking where they should begin to learn hacking or how to practice hacking. I’ve compiled this list of some of the best hacking sites to hopefully be a valuable resource for those wondering how they can build and practice their hacking skill set. I hope you find this list helpful, and if you know of any other quality hacking sites, please let me know in the comments, so I can add them to the list.

1.CTF365:
On CTF365 users build and defend their own servers while launching attacks on other users’ servers. The CTF365 training environment is designed for security professionals who are interested in training their offensive skills or sysadmins interested in improving their defensive skills. If you are a beginner to infosec, you can sign up for a free beginner account and get your feet wet with some pre-configured vulnerable servers.

2. OVERTHEWIRE:
OverTheWire is designed for people of all experience levels to learn and practice security concepts. Absolute beginners are going to want to start on the Bandit challenges because they are the building blocks you’ll use to complete the other challenges.

3. HACKING-LAB:
Hacking-Lab provides the CTF challenges for the European Cyber Security Challenge, but they also host ongoing challenges on their platform that anyone can participate in. Just register a free account, setup vpn and start exploring the challenges they offer.

4. PWNABLE.KR:
pwnable.kr focuses on ‘pwn’ challenges, similar to CTF, which require you find, read and submit ‘flag’ files corresponding to each challenge. You must use some sort of programming, reverse-engineering or exploitation skill to access the content of the files before you are able to submit the solution.

They divide up the challenge into 4 skill levels: Toddler’s Bottle, Rookiss, Grotesque and Hacker’s Secret. Toddler’s Bottle are very easy challenges for beginners, Rookiss is rookie level exploitation challenges, Grotesque challenges become much more difficult and painful to solve and, finally, Hacker’s Secret challenges require special techniques to solve.

5. IO:
IO is a wargame from the createors of netgarage.org, a community project where like-minded people share knowledge about security, AI, VR and more. They’ve created 3 versions, IO, IO64 and IOarm, with IO being the most mature. Connect to IO via SSH and you can begin hacking on their challenges.

6. SMASHTHESTACK:
SmashTheStack is comprised of 7 different wargames – Amateria, Apfel (currently offline), Blackbox, Blowfish, CTF (currently offline), Logic and Tux. Every wargame has a variety of challenges ranging from standard vulnerabilities to reverse engineering challenges.

7. MICROCORRUPTION:
Microcorruption is an embedded security CTF where you have to reverse engineer fictional Lockitall electronic lock devices. The Lockitall devices secure the bearer bounds housed in warehouses owned by the also fictional Cy Yombinator company. Along the way you’ll learn some assembly, how to use a debugger, how to single step the lock code, set breakpoints, and examine memory all in an attempt to steal the bearer bonds from the warehouses.

8. REVERSING.KR:
reversing.kr has 26 challenges to test your cracking and reverse engineering abilities. The site hasn’t been updated since the end of 2012, but the challenges available are still valuable learning resources.

9. HACK THIS SITE:
Hack This Site is a free wargames site to test and expand your hacking skills. It features numerous hacking missions across multiple categories including Basic, Realistic, Application, Programming, Phonephreaking, JavaScript, Forensic, Extbasic, Stego and IRC missions. It also boasts a large community with a large catalog of hacking articles and a forum for to have discussions on security related topics. Finally, they’ve recently announced they are going to be overhauling the dated site and codebase, so expect some big improvements in the coming months.

10. W3CHALLS:
W3Challs is a pentesting training platform with numerous challenges across different categories including Hacking, Cracking, Wargames, Forensic, Cryptography, Steganography and Programming. The aim of the platform is to provide realistic challenges, not simulations and points are awarded based on the difficulty of the challenge (easy, medium, hard). There’s a forum where you can discuss and walkthrough the challenges with other members.

11. PWN0:
pwn0 is the VPN where (almost) anything goes. Go up against pwn0bots or other users and score points by gaining root on other systems.

12. EXPLOIT EXERCISES:
Exploit Exercises provides a variety of virtual machines, documentation and challenges that can be used to learn about a variety of computer security issues such as privilege escalation, vulnerability analysis, exploit development, debugging, reverse engineering, and general cyber security issues.

13. RINGZER0 TEAM ONLINE CTF:
RingZer0 Team Online CTF offers a ton of challenges, 234 as of this post, that will test your hacking skills across multiple categories including Cryptography, Jail Escaping, Malware Analysis, SQL Injection, Shellcoding and more. After you successfully complete a challenge, you can write up your solution and submit it to the RingZer0 Team. If your write up is accepted, you’ll earn RingZer0Gold which can be exchanged for hints during future challenges.

14. HELLBOUND HACKERS:
Hellbound Hackers offers traditional exploit challenges, but they also offer some challenges that others don’t such as web and app patching and timed challenges. The web and app patching challenges have you evaluating a small snippet of code, identifying the exploitable line of code and suggesting a the code to patch it. The timed challenges have the extra constraint of solving the challenge in a set amount of time. I thought these two categories were a cool differentiator from most other CTF sites.

15. TRY2HACK:
Try2Hack provides several security oriented challenges for your entertainment and is one of the oldest challenge sites still around. The challenges are diverse and get progressively harder.

16. HACK.ME:
Hack.me is a large collection of vulnerable web apps for practicing your offensive hacking skills. All vulnerable web apps are contributed by the community and each one can be run on the fly in a safe, isolated sandbox.

17. HACKTHIS!!:
HackThis!! is comprised of 50+ hacking levels with each worth a set number of points depending on its difficulty level. Similar to Hack This Site, HackThis!! also features a lively community, numerous hacking related articles and news, and a forum where you can discuss the levels and a security related topics that might be of interest to you.

18. ENIGMA GROUP:
Enigma Group has over 300 challenges with a focus on the OWASP Top 10 exploits. They boast nearly 48,000 active members and host weekly CTF challenges as well as weekly and monthly contests.

19. GOOGLE GRUYERE:
Google Gruyere shows how web application vulnerabilities can be exploited and how to defend against these attacks. You’ll get a chance to do some real penetration testing and actually exploit a real application with attacks like XSS and XSRF.

20. GAME OF HACKS:
Game of Hacks presents you with a series of code snippets, multiple choice quiz style, and you must identify the correct vulnerability in the code. While it’s not nearly as in depth as the others on this list, it’s a nice game for identifying vulnerabilities within source code.

21. ROOT ME:
Root Me hosts over 200 hacking challenges and 50 virtual environments allowing you to practice your hacking skills across a variety of scenarios. It’s definitely one of the best sites on this list.

22. CTFTIME:
While CTFtime is not a hacking site like the others on this list, it is great resource to stay up to date on CTF events happening around the globe. So if you’re interested in joining a CTF team or participating in an event, then this is the resource for you.

tv crime2
How Ping of Death attack works?
Not all computers can handle data larger than a fixed size. So, when a ping of death packet is sent from a source computer to a target machine, the ping packet gets fragmented into smaller groups of packets.

One fragment is of 8 octets size. When these packets reach the target computer, they arrive in fragments. So, the target computer reassembles the malformed packets which are received in chunks. But, the whole assembled packet causes buffer overflow at the target computer.

This buffer flow often causes the system crash making the system more vulnerable to attack.

Once the system becomes more vulnerable to attack, it allows more attacks like the injection of a trojan horse on the target machine.

A simple tutorial on how to perform DoS attack using ping of death using CMD:

Disclaimer: This is just for educational purposes. It’s nothing great but you can use it to learn.

Here are the steps:

  • Open Notepad
  • Copy the following text on the notepad

:loop
ping <IP Address> -l 65500 -w 1 -n 1
goto :loop

In the above command, replace <IP Address> with an IP address.

  • Save the Notepad with any name. Let’s say dos.txt
  • Right click on the dos.txt and click on rename.
  • Change the extension from .txt to .bat
  • So, now the file name should be dos.bat
  • Double click on it and you will see a command prompt running with a lot of pings.

tv-wordpress

 

WordPress is the most popular Content Management System (CMS) used to power digital assets of websites and blogs on the Internet.

In fact, about 75 million sites (representing about 26% of all sites) depend on WordPress to make their online presence known.

Because of its increasing popularity, WordPress powered platforms are normally targeted by malicious hacking attacks and other types of security vulnerabilities.

In early 2016, Wordfence, a site providing security plugin for WordPress users, reported over 6 million password attacks  targeting over 72,000 individual sites within a 16-hour period.

And, what’s the most vulnerable point in the security of any WordPress site?

Yes, you are right, it’s the P A S S W O R D.

If an unauthorized person is able to guess, crack, or retrieve your password, then you could be in for a long, very long day.

Currently, with the modern advancement in technology, password-cracking techniques have equally become better. Some passwords could be very easy for a computer to break and strenuous for a person to keep in memory or type.

One of the most advanced password cracking tools can attempt up to 350 billion password guesses every second.

So, creating unbreakable passwords is key to maintaining the security of your blog.

Here are some useful tips.

  1. Keep away from the world’s worst passwords

In the current digital age, having a password to access your online accounts is simply indispensable.

SplashData, which focuses on making password management software, compiled a list of commonly used passwords among Internet users. The company analyzed the data from more than 2 million passwords retrieved in 2015.

If this list contains the password or its related combinations you use for accessing your WordPress site, then move swiftly to a more secure one.

Here is a list of the 25 commonly used passwords:

Keep away from the world’s worst passwords

  1. Use a unique and creative password for your WordPress site

Do not make the fatal mistake of using the same password for your email account, social media accounts, and other places for accessing your WordPress website or blog.

Regurgitating your passwords is a risky affair you should avoid as plague. In case a malicious hacker discovers the password you use for one account, he or she could simply make your online life unbearable.

Desist from using names of places and dictionary words in your passwords. Currently, the methods of cracking passwords have advanced such that hackers are able to “brute force“; that is, try out different dictionary words and other common phrases to break the passwords.

Furthermore, to be unique, you can avoid using a password that’s related to your WordPress site and use a creative mixture of upper case and lower case letters, numbers, and symbols. This way, you will be making the work of someone trying to guess your password hard.

For instance, you can choose a random word or phrase and insert letters and numbers throughout it to increase complexity (such as “uTo7pyr$ll0%w4Ge”).

To make such complex passwords easier to remember but difficult for others to guess, you can take a sentence and convert it into a password by abbreviating words and creatively adding other memorable components.

For example, “I and my wife went for a holiday to Singapore for $3,500” could be “Iamww4@h2S4$35”. And, “Woohoo! I Blog Seven times a Week for money and fun” could translate to something like “WOO!IbG7#aWk4$+f”.

Here is how you can substitute some of the alphabets:

A= @

I= 1

L=!

o= 0 (zero)

S=$

Z= 2

Better still, you can use convenience software like LastPass and 1Password for remembering your strong, complex passwords.

As earlier mentioned here at Legit Blogger, avoid using commonly used words or sequential patterns that make the work of hackers easy.

The reason why “1qaz2wsx” made it to the list of the 25 worst passwords of 2015 (though it seems to be strong) is because it’s based on a sequential pattern of the initial two column keys on a standard computer keyboard.

So, better be safe than sorry and inject uniqueness and some creativity into your passwords.

  1. Do not fall prey of “phishing” attacks

If you receive an email from your hosting company or another source prompting you to change the login details of your cPanel, update the login details of your site, or provide other sensitive information, be careful before responding to such a message.

Before clicking on any links, ensure that the source is legitimate or you may fall a victim of a “phishing” attack.

If you provide your password details to a malicious website, a hacker could get hold of the information and make you curse, instead of blessing, your blogging life.

  1. Consider using WordPress security plugins

It prevents WordPress users with administrative access privileges from entering weak passwords. With this innovative plugin, a user can only publish posts, upload files, or edit posts only with a strong verified password.

These plugins will incorporate an additional layer of security to your WordPress blog by using a combination of two separate security credentials, for example, sending you a unique code to your mobile phone each time you want to log into your site, in addition to requiring you to enter your usual log in details.

As the name suggests, this innovative plugin will restrict the number of times a user can enter a password to gain access to a site. Therefore, someone trying to use a brute force attack to compromise your site has fewer chances.

With this powerful plugin, your WordPress site will be protected from malicious attacks by giving you frequent security updates, enforcing strong passwords, and accomplishing several other things.

  1. Length of password is key

The longer the password, the more secure it becomes in protecting your digital assets from malicious intrusions. It’s recommended to have passwords of at least 8 characters long. A good way to have longer passwords is to use passphrases.

Passphrases are just like passwords apart from being constructed from an unsystematic mixture of words, instead of just a single word. For example, press demonstrate blog million.

To create a passphrase, simply select a list of random numbers or use the free password creator tool. Thereafter, you can add some extra layer of robustness by a mixture of symbols, upper case letters, and lower case letters. Remember to avoid placing words in an easily predictable pattern and including easily identifiable phrases.

Furthermore, to have longer and stronger passwords, you can consider using a password manager. With such an application, you can safely create strong, lengthy passwords, which are kept in a secure database.

You can use a single passphrase to access the password manager; thereafter, the application will automatically enter your details on the login page of your WordPress site.

Because of the innovative capabilities of the password managers, it will not be necessary to remember your lengthy passwords every time you want to login into your site.

Click here for a list of the best passwords managers you can consider using.

  1. Keep your backup password options secure and up-to-date

Since WordPress.com uses your email address as the primary means of identification, you need to ensure that you frequently update your recovery email address.

Failure to keep the details of your email address up-to-date and secure could make an attacker to easily reset your passwords and login to your WordPress site.

Most free email service providers, such as Gmail and Yahoo mail, have a multi-factor authentication process.

When you enable this feature on your email account, you will be required to enter a short code sent to your mobile device and answer a series of security questions before accessing your account from an unrecognized device.

This way, the possibility of your account going into the wrong hands is greatly reduced.

  1. Be proactive
  • After creating a password, check its strength using this free tool. If it’s weak, you may continue modifying it until you get something solid.
  • Change your WordPress login details as frequently as possible. Using “Admin” as username and the name of your site as the password without frequently making improvements could land you into the land controlled by hackers.
  • Do not dish your passwords to anyone, even your “close” friends. You may never know how much they are concerned about the security of your site.
  • If you have to send your passwords through email, use a secure method of transmission such as com and select the password expiry time. If you send naked passwords through emails, which are rarely encrypted, the bad guys could get old of them.
  • When on a public computer, avoid saving your passwords or using the “Remember Me” feature, Further, watch out for people trying to look at your screen over your shoulder and remember to log out or close down your computer after you have finished your work.

Conclusion

Having your site compromised by an attacker is a horror that few webmasters are prepared to endure. Ensuring that your site is up and running normally after a successful attack requires thick skin, patience, and money.

Nonetheless, security issues are vital for the optimal performance of any WordPress website or blog. Therefore, instituting ample security measures beforehand is normally better than tackling the aftermath.

Fortunately, the robust WordPress platform, which is trusted by a large number of site owners, is generally very safe. And, one of the vital ways of keeping a WordPress site free from attackers is by vigilantly using strong and secure passwords.

tv - programerWhat is Penetration Testing?

Pen tests can be automated with software applications or they can be performed manually. Either way, the process includes gathering information about the target before the test (reconnaissance), identifying possible entry points, attempting to break in (either virtually or for real) and reporting the findings.

The main objective of penetration testing is to determine security weaknesses. A pen test can also be used to test an organization’s security policy compliance, its employees’ security awareness and the organization’s ability to identify and respond to security incidents.

Penetration tests are sometimes called white hat attacks because in a pen test, the good guys are attempting to break in.

What’s Kali Linux ?

Kali Linux is a Debian-based Linux distribution aimed at advanced Penetration Testing and Security Auditing. Kali contains several hundred tools aimed at various information security tasks, such as Penetration Testing, Forensics and Reverse Engineering. Kali Linux is developed, funded and maintained by Offensive Security, a leading information security training company.

Top 19 Penetration Testing Tool In Kali linux 2.0

 

meta1. Metasploit

This is the most advanced and popular Framework that can be used to for pen-testing. It is based on the concept of ‘exploit’ which is a code that can surpass the security measures and enter a certain system. If entered, it runs a ‘payload’, a code that performs operations on a target machine, thus creating the perfect framework for penetration testing.

It can be used on web applications, networks, servers etc. It has a command-line and a GUI clickable interface, works on Linux, Apple Mac OS X and Microsoft Windows. This is a commercial product, although there might be free limited trials available.

armi2. Armitage

Armitage is a scriptable red team collaboration tool for Metasploit that visualizes targets, recommends exploits, and exposes the advanced post-exploitation features in the framework.

Through one Metasploit instance, your team will:

 

Use the same sessions

Share hosts, captured data, and downloaded files

Communicate through a shared event log.

Run bots to automate red team tasks.

wire3. Wireshark

This is basically a network protocol analyzer –popular for providing the minutest details about your network protocols, packet information, decryption etc. It can be used on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many other systems. The information that is retrieved via this tool can be viewed through a GUI, or the TTY-mode TShark utility.

 

burp4. Burpsuite

Burp suite is also essentially a scanner (with a limited “intruder” tool for attacks), although many security testing specialists swear that pen-testing without this tool is unimaginable. The tool is not free, but very cost effective. Take a look at it on below download page. It mainly works wonders with intercepting proxy, crawling content and functionality, web application scanning etc.  You can use this on Windows, Mac OS X and Linux environments.

 

acun5. Acunetix

Acunetix is essentially a web vulnerability scanner targeted at web applications. It provides SQL injection, cross site scripting testing, PCI compliance reports etc. along with identifying a multitude of vulnerabilities. While this is among the more ‘pricey’ tools.

 

john6. John The Ripper

Another password cracker in line is, John the Ripper. This tool works on most of the environments, although it’s primarily for UNIX systems. It is considered one of the fastest tools in this genre. Password hash code and strength-checking code are also made available to be integrated to your own software/code which I think is very unique. This tool comes in a pro and free form.

 

set7. Social Engineer Toolkit

The Social-Engineer Toolkit (SET) is a unique tool in terms that the attacks are targeted at the human element than on the system element. It has features that let you send emails, java applets, etc containing the attack code. It goes without saying that this tool is to be used very carefully and only for ‘white-hat’ reasons.  It has a command-line interface, works on Linux, Apple Mac OS X and Microsoft Windows.

nmap8. Nmap

“Network Mapper” though not necessarily a pen-testing tool, it is a must-have for the ethical hackers. This is a very popular tool that predominantly aids in understanding the characteristics of any target network. The characteristics can include: host, services, OS, packet filters/firewalls etc.  It works on most of the environments and is open sourced.

 

beef9. BeEF

BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser- what this means is that, it takes advantage of the fact that an open web-browser is the window(or crack) into a target system and designs its attacks to go on from this point on . It has a GUI interface, works on Linux, Apple Mac OS X and Microsoft Windows.

 

air10. Aircrack-ng

Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, as well as the PTW attack, thus making the attack much faster compared to other WEP cracking tools.

In fact, Aircrack-ng is a set of tools for auditing wireless networks.

sqlmap11. Sqlmap

Sqlmap is again a good open source pen testing tool. This tool is mainly used for detecting and exploiting SQL injection issues in an application and hacking over of database servers. It comes with command-line interface. Platform: Linux, Apple Mac OS X and Microsoft Windows are supported platforms.

etta12. Ettercap

Ettercap is a free and open source network security tool for man-in-the-middle attacks on LAN. It can be used for computer network protocol analysis and security auditing. It runs on various Unix-like operating systems including Linux, Mac OS X, BSD and Solaris, and on Microsoft Windows.

hydra13. Hydra

Hydra is a parallelized login cracker which supports numerous protocols to attack. It is very fast and flexible, and new modules are easy to add. This tool makes it possible for researchers and security consultants to show how easy it would be to gain unauthorized access to a system remotely.

It supports: Cisco AAA, Cisco auth, Cisco enable, CVS, FTP, HTTP(S)-FORM-GET, HTTP(S)-FORM-POST, HTTP(S)-GET, HTTP(S)-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MySQL, NNTP, Oracle Listener, Oracle SID, PC-Anywhere, PC-NFS, POP3, PostgreSQL, RDP, Rexec, Rlogin, Rsh, SIP, SMB(NT), SMTP, SMTP Enum, SNMP v1+v2+v3, SOCKS5, SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP.

malt14. Maltego

Maltego is a program built into Kali Linux that lets you do reconnaissance on any person, by scraping up data from all publicly available areas of the Internets. Maltego is used for information gathering and data-mining, and can be useful for anyone who needs to gather data on a person or company

 

nikkto15. Nikto

Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6400 potentially dangerous files/CGIs, checks for outdated versions of over 1200 servers, and version specific problems on over 270 servers.

 

ninja16. Sqlninja

Sqlninja, as the name indicates is all about taking over the DB server using SQL injection in any environment. This product by itself claims to be not so stable its popularity indicates how robust it is already with the DB related vulnerability exploitation. It has a command-line interface, works on Linux, Apple Mac OS X and not on Microsoft Windows.

 

core17. CORE Impact

CORE Impact Pro can be used to test mobile device penetration, network/network devise penetration, password identification and cracking, etc. It has a command-line and a GUI clickable interface, works Microsoft Windows. This is one of the expensive tools in this line.

canvas18. Canvas

Immunity’s CANVAS is a widely used tool that contains more than 400 exploits and multiple payload options. It renders itself useful for web applications, wireless systems, networks etc. It has a command-line and GUI interface, works on Linux, Apple Mac OS X and Microsoft Windows. It is not free of charge and can more information can be found at below page.

retina19. Retina

As opposed to a certain application or a server, Retina targets the entire environment at a particular company/firm. It comes as a package called Retina Community. It is a commercial product and is more of a vulnerability management tool more than a pen-testing tool. It works on having scheduled assessments and presenting results. Check out more about this package at below page.