The cybersecurity landscape is constantly evolving, and attackers are always finding new ways to breach security systems. Recently, a new malware called AuKill has been discovered, which is actively being used to disable Endpoint Detection and Response (EDR) systems in ongoing attacks.

EDR is a crucial security tool used by many organizations to detect and respond to cyber threats in real-time. It monitors endpoints like computers and mobile devices for any suspicious activity and alerts security teams if it detects anything unusual. However, AuKill malware is specifically designed to evade EDR systems, making it a significant threat to organizations.

How does AuKill malware work?

AuKill malware is typically delivered through a phishing email, a fake software update, or a malicious website. Once it infects a system, it immediately starts to disable EDR systems by killing their processes and deleting their files. This allows the attackers to carry out their activities without being detected by the EDR system.

AuKill malware is also designed to avoid detection by traditional antivirus software. It uses several techniques, including encryption and code obfuscation, to evade detection and bypass security measures.

What can organizations do to protect themselves?

The best way for organizations to protect themselves from AuKill malware is to implement a multi-layered security approach. This includes:

1. User education: Educate employees on how to identify phishing emails, fake software updates, and malicious websites. Conduct regular security awareness training sessions to keep employees informed about the latest threats.

2. Endpoint protection: Implement endpoint protection software that can detect and block malware, including AuKill. This software should be regularly updated to ensure that it can detect the latest threats.

3. Network segmentation: Segment your network to prevent the spread of malware in case of a breach. This can help contain the damage and limit the impact of the attack.

4. Incident response plan: Develop an incident response plan to guide your organization’s response to a cyber attack. This plan should include procedures for isolating infected systems, restoring data, and communicating with stakeholders.

Conclusion

AuKill malware is a serious threat to organizations that use EDR systems. It is highly effective at evading detection and disabling security measures, allowing attackers to carry out their activities undetected. By implementing a multi-layered security approach that includes user education, endpoint protection, network segmentation, and an incident response plan, organizations can better protect themselves from this and other cyber threats.

The post How does AuKill malware work? appeared first on Vednam.

Black box hacking refers to the process of testing a system, network or application for vulnerabilities without having any prior knowledge of its internal workings or architecture. Essentially, a black box hacker approaches the target as an outsider with no privileged access, just as a real attacker would.

Black box hacking is an important part of penetration testing, which is used to identify and mitigate security weaknesses in a system. Penetration testing can be done in a variety of ways, including black box testing, white box testing, and gray box testing.

Black box hacking involves a variety of techniques, including scanning, enumeration, and exploitation. Scanning involves probing the system or network to identify open ports, services, and vulnerabilities. Enumeration is the process of identifying usernames, passwords, and other information that can be used to gain access to the system. Exploitation involves using known vulnerabilities to gain unauthorized access to the system.

One of the key advantages of black box hacking is that it simulates a real-world attack scenario. A hacker who is attempting to breach a system or network will typically have little or no knowledge of the target’s internal workings. As such, a black box test is a more accurate representation of the types of attacks that a real-world attacker might attempt.

However, black box hacking also has some limitations. Because the tester has no prior knowledge of the system or network, they may overlook vulnerabilities that would be obvious to an insider. Additionally, black box testing can be time-consuming, as the tester must spend time scanning and probing the system to identify vulnerabilities.

Despite its limitations, black box testing is an important tool for security professionals. It can help identify weaknesses in a system that might be overlooked by other testing methodologies. By simulating a real-world attack scenario, black box testing can provide valuable insights into how to better secure a system or network against unauthorized access.

In conclusion, black box hacking is an essential part of the arsenal of security professionals. By simulating a real-world attack scenario, it can help identify vulnerabilities in a system or network that might be overlooked by other testing methodologies. While it has some limitations, it remains an important tool in the ongoing effort to improve the security of digital systems and networks.

Found this article informative? Follow Vednam on Facebook, Twitter, Mix, Tumbler, and Linkedin to know more exclusive content we post.

You can Also read Articles :

What is Penetration testing ?
Is hacking Ethical or Unethical ?

The post What is Black box hacking ? How Does it works ? appeared first on Vednam.

Penetration testing, or PenTesting for short, is a critical part of any comprehensive cybersecurity program. It involves testing the security of computer systems, networks, and applications by simulating an attack from a malicious hacker.

PenTesting aims to identify vulnerabilities, weaknesses, and other potential security risks before they can be exploited by attackers. This proactive approach helps organizations strengthen their security posture, reduce the risk of data breaches, and protect their sensitive information.

Penetration testing is a comprehensive process that involves several phases, including:

1. Planning and preparation: In this phase, the PenTester defines the scope of the testing, sets objectives, and determines the tools and techniques that will be used.

2. Reconnaissance: This phase involves gathering information about the target system or network, such as IP addresses, open ports, and network topology. This information is critical for identifying potential vulnerabilities and attack vectors.

3. Scanning and enumeration: In this phase, the PenTester uses automated tools to scan the target system or network for vulnerabilities and weaknesses. The goal is to identify potential entry points for an attacker.

4. Exploitation: In this phase, the PenTester attempts to exploit vulnerabilities and weaknesses identified in the previous phase. The goal is to gain access to the target system or network.

5. Post-exploitation: Once access has been gained, the PenTester performs further reconnaissance and pivots to other systems or networks. This phase is critical for assessing the full extent of a potential breach.

6. Reporting: In this final phase, the PenTester documents all findings and provides recommendations for remediation. The report should include a summary of the vulnerabilities discovered, the potential impact of a successful attack, and specific steps that can be taken to mitigate the risks.

PenTesting can be performed by internal teams or by external consultants. Internal teams are often more familiar with the organization’s systems and processes, but may lack the expertise or resources to perform comprehensive testing. External consultants can provide a fresh perspective and access to specialized tools and techniques, but may be less familiar with the organization’s systems.

It’s important to note that PenTesting is not a one-time event, but rather an ongoing process. Cyber threats are constantly evolving, and new vulnerabilities and attack vectors are discovered all the time. Regular PenTesting is essential for identifying new risks and ensuring that security measures are effective.

In conclusion, Penetration testing is a critical component of any comprehensive cybersecurity program. It helps organizations identify vulnerabilities, weaknesses, and other potential security risks before they can be exploited by attackers. By performing regular PenTesting, organizations can strengthen their security posture and reduce the risk of data breaches.

Found this article informative? Follow Vednam on Facebook, Twitter, Mix, Tumbler, and Linkedin to know more exclusive content we post.

You can Also read Articles :

Is hacking Ethical or Unethical ?

Infostealer Targets Windows in Recent Phishing Campaign

The post What is Penetration testing ? How does it works ? appeared first on Vednam.

What is Hacking?

Hacking is the process of gaining unauthorized access to a system or computer network. It can be done for various reasons, including stealing sensitive information, disrupting computer systems, or gaining access to premium content without paying for it. In recent times, hacking has become more common due to the increased use of technology in everyday life.

Hacking Learning Websites

Learning websites are online platforms that offer courses, tutorials, and other educational resources to users. Some learning websites charge a fee for accessing their content, while others offer free access. However, some individuals are interested in gaining access to premium content without paying for it, and thus, they resort to hacking.

Hacking learning websites can be done in different ways. Some individuals may use hacking tools to exploit vulnerabilities in the website’s code, while others may use phishing techniques to steal login credentials. Whatever method is used, the act of hacking is illegal and unethical.

The Ethics of Hacking Learning Websites

Hacking learning websites raises several ethical questions. Is it ethical to hack into a learning website to gain access to premium content? Is it ethical to steal someone’s intellectual property by hacking into their website? Is it ethical to disrupt a website’s operations by hacking into it?

The answer to all these questions is a resounding no. Hacking into a learning website to gain access to premium content is illegal and immoral. It is equivalent to stealing someone’s property without their permission. It is also unethical to disrupt a website’s operations by hacking into it, as this can cause financial and reputational damage to the website owners.

The Consequences of Hacking Learning Websites

Hacking learning websites can have severe consequences for the individuals involved. If caught, hackers can face legal charges and fines. They can also face civil lawsuits for damages caused by their actions. Additionally, hacking can damage the hacker’s reputation and employability, as many employers view hacking as a criminal activity.

Conclusion

In conclusion, hacking learning websites is illegal, unethical, and immoral. It is not only harmful to the website owners but also to the individuals involved. The Internet offers a wealth of information and learning resources, and individuals should use them in an ethical and legal manner. It is essential to remember that every action has consequences, and hacking is no exception. Therefore, it is crucial to make ethical and responsible decisions when using the Internet.

The post Is hacking Ethical or Unethical ? appeared first on Vednam.

In this blog, we’ll take a closer look at Trigona ransomware, how it works, and what steps you can take to protect your organization.

What is Trigona Ransomware?

Trigona ransomware is a new strain of ransomware that targets Microsoft SQL servers. It was first discovered by researchers at the security firm Binary Defense in March 2021. Like other ransomware strains, Trigona encrypts files on infected systems and demands a ransom payment in exchange for the decryption key.

How Trigona Works

Trigona ransomware is distributed through a variety of methods, including phishing emails, brute-force attacks, and exploiting vulnerabilities in Microsoft SQL servers. Once it infects a system, Trigona first attempts to disable any security software or services that might detect or prevent it from running.

Trigona then scans the infected system for Microsoft SQL servers that are weakly configured and can be exploited. If it finds a vulnerable server, Trigona will use a SQL injection attack to gain access to the server and encrypt the data stored on it. The ransom note left by Trigona demands a payment of $250,000 in Bitcoin in exchange for the decryption key.

How to Protect Your Organization

To protect your organization from Trigona ransomware, it’s important to take the following steps:

1. Keep your systems and software up-to-date: Ensure that all of your systems and software are up-to-date with the latest security patches and updates. This can help prevent vulnerabilities from being exploited by attackers.
2. Use strong passwords: Make sure that all user accounts and passwords are strong and complex. Avoid using default or easily guessable passwords.
3. Monitor your network: Regularly monitor your network for signs of suspicious activity or unauthorized access. This can help you detect and respond to attacks before they can cause damage.
4. Backup your data: Regularly backup all of your important data and store it in a secure, off-site location. This can help you recover your data in the event of a ransomware attack.
5. Educate your employees: Train your employees on how to recognize and respond to phishing emails and other types of social engineering attacks. This can help prevent attackers from gaining access to your systems in the first place.

Conclusion

Trigona ransomware is a serious threat to organisations that use Microsoft SQL servers. By taking the steps outlined above, you can help protect your organization from this and other types of ransomware attacks. Remember, prevention is key when it comes to ransomware, so be proactive in securing your systems and data.

The post Trigona Ransomware Targets Weakly Configured Microsoft SQL Servers appeared first on Vednam.

A computer worm is the family member of malware and that spreads the copies of itself from computer to computer. This Worms can active and do the jobs itself without any human interaction and do not need to attach it with any software program in order to cause damage.

How Does it work?

Worms can be transmitted from the software vulnerabilities where some Worms could arrive as an attachment in spam emails or instant messages. When the file is open you could find a link to a malicious website or then automatically download the Worms. After that, the installation process started and it worked silently and the machine without the user’s knowledge.

The Worms can modify and delete the files and even it can inject the additional malicious software onto a computer. Sometimes we found that that the computer worm’s purpose is only to make copies of itself over and over which can block the size and speed of the hard drive space or bandwidth and create overloading tasks in a shared network. Some Worms can steal data and install a backdoor and allow hackers to gain the control of entire system setting.

Famous Computer Worm

Around July 2010, The first computer worm was found and used as the cyber weapon and discovered by the security researcher after a long string of incidents in Iran.

 The name of the worm is “Stuxnet”. This attracts the interest of high profile specialists around the world. After finding the details about this worm it comes that the “Worm” is designed to attack an Iranian power plant with the ultimate goal of sabotaging nuclear weapon production. But at last, it failed and the vulnerabilities are found.

How do you know about the Computer Worm in your system?

If you feel that your system is infected by the computer worm, run a scan immediately with an anti-virus. Even if the scan is not useful and the result is negative and then follow some steps below :

1. Keep an eye on your hard drive space: The worm can utilize the free space of your computer.
2. If you find some files are missing: Computer worm can delete and replace files on a computer.
3. Monitor the performance and speed: If you find lagging and crashing issues in the computer even the processing speed feels slow.

Found this article informative ? Follow Vednam on Facebook, Twitter, Mix, Tumbler and Linkedin to know more exclusive content we post.

The post What is Computer Worm? How does it work ? appeared first on Vednam.

The adware is unwanted software designed to throw advertisements up on your screen that most of the time you find it in a web browser. The security professional view it as the forerunner of the modern-day PUP means (Potentially unwanted program). It uses an underhanded method to either disguise itself as legitimate or piggyback on another program to trick you into installing it on your PC, tablet, or mobile device.

Adware helps to generate revenue for the developer automatically when the online advertising displays on the user interface software or on a screen that pops up in the user’s face during the installation process.

Just for example, when you start seeing the weight loss programs and showing you the offer to get-rich-quick secrets and bogus virus warnings that invite your click.

You might experience new tabs opening and change the homepage findings from the search engines you never heard of or may redirect to any advertisement website.

It happens that the legitimate software application d uses online advertisement with ads that are typically bundled with the program and that display in ways about the program developer.

Adwords is an altogether different kettle of rotten fish. Sometimes you download it without understanding the intent.

Once adware hijacks your devices and carries all sorts of unwanted tasks. The Software’s functions may be designed to focus on your location and which internet website you visit more often.

Even the adware author sells your browsing behavior and information to third parties and they can even use it to target you with a bunch of advertisements that are customized to your viewing habits. It doesn’t matter which browser you are using, it affects all the browsers

There are few signs of adware on your system :

1. .Your browser crashes sometimes.
2. Your machine starts automatically and installs unwanted software applications.
3. Your web browser slows to a crawl.
4. Website links redirect to sites different from what you never expected.
5. Your web browser homepage has a different search homepage.

What are the types of Adware?

There are different ways adware tries to dig into your machine and other devices which have most adware strategies qualify as browser hijackers. The interlopers specialize in modifying internet browser settings without the user’s knowledge or consent. Hijackers change the homepage and default search settings and after that, you start browsing and suddenly the ads start pummeling you. You might assume the ads originated from the site you’re visiting but they aren’t. The form pop-ups or pop-under they seem that they are embedded in the site itself.

There are adware programs that change your start page and your search engine or even fiddle with the shortcuts on your computer that open your browsers. Different adware for different devices and operating systems.

Found this article informative? Follow Vednam on Facebook, Twitter, Mix, Tumbler, and Linkedin to know more exclusive content we post.

The post What is Adware ? What are the types of Adware ? appeared first on Vednam.

There are mainly two types :

Active Sniffing:

When we talk about the active sniffing. A switch is a point to point network device The switch plays an important role in the flow of data between its ports which actively monitor the MAC address on each port that helps to pass the data only to its intended target. If you want to capture the traffic between the target sniffers which has actively injected traffic into the LAN to enable sniffing of the traffic. You can do it in various ways.

Passive Sniffing :

The process of sniffing through the hub where any traffic that is passed through the non-switched or unabridged network segment which can be seen by all machines on that segment.

Sniffers operate at the data link layer of the network. Any data which sent across the LAN is actually sent to each and every machine connected to the LAN. The passive sniffers wait for the data to be sent and captured.

Found this article informative? Follow Vednam on Facebook, Twitter, Mix, Tumbler, and Linkedin to know more exclusive content we post.

The post What is Network sniffing and their types ? appeared first on Vednam.

This is the most common browser applications and web applications used for session hijacking. In most scenarios when you log into the web application and the server creates a temporary session cookie in your browser to remember that you are currently logged in and authenticated.

When you are accessing through HTTP that is a stateless protocol and session cookies attached to every HTTP header are the most popular way for the server to identify your browser and current session.

When you perform session hijacking, as an attacker you need to know the victim’s session ID (Session Key). It can be obtained by stealing the session cookie or persuading the user to click a malicious link containing a prepared session ID.

In both the scenarios, the user is authenticated on the server and the attacker can take over (hijack) the session by using the same session ID for their own browser. The Server at that time fooled into treating the attacker’s connection as the original user’s valid session.

What are the main differences between session hijacking and Session spoofing?

Hijacking and spoofing differ in the timing of the attack. Session hijacking is performed against a user who is currently logged in and authenticated. The Victim’s point of view the attack will often cause the targeted application to behave unpredictably or crash. The attacker uses the stolen or counterfeit session tokens to initiate a new session and impersonate the original user which might not be aware of the attack.

What are the methods used for the session hijacking?

The attackers have many options for the session hijacking which can depend on the attack vector and the attacker’s position. The first broad category :

• Brute Force: The attacker can simply use it to try and guess the session key of a user’s active session which is feasible only. The application uses a prediction session identifier. Sequential keys were a typical weak point and the modern applications and protocol versions session IDs are long and randomly generated. Endure the resistance to the brute force attacks and the key generation algorithm must give truly unpredictable values with enough entropy to make guessing attacks impractical.

• Cookie theft by malware or direct access: The common way of obtaining session cookies is to install malware on the user’s machine to perform automated session sniffing. The user has visited a malicious website or clicked a link in a spam email, the malware scans the user’s network traffic for the session cookies and sends them to the attacker. when the session key is to directly access the cookie file in the client browser’s temporary local storage (often called the cookie jar). The task can be performed by the malware but the attacker with local or remote access to the system.

• Session Fixation: The Victim’s cookie, the attackers may simply supply a known session key, and the trick the user came into the access of the vulnerable server. By using the HTTP query parameters in a crafted link that was sent by e-mail or provided by on the malicious website. When the victims click the link and they are taken to validate the login form but the session key that will be used to supply by the attackers. After final authentication, the attacker can use the known session key to hijack the session.

• Session side Hijacking: The attack requires the attacker’s active participation and the first thing that comes to mind when people think of “being hacked”. The packet sniffing, attackers can monitors the user’s network traffic and intercept session cookies after the user is authenticated on the server. If the website only uses SSL/TLS encryption for the login pages and not for the entire session, the attacker can use the Sniffied session key to jack the session and impersonate the user to perform actions in the target web application. The attackers need access to the victim’s network, typical attack scenarios involve unsecured Wi-Fi hotspots attacker can either monitor traffic in public networker set up thor own access point and perform man-in-the-middle attacks.
• Cross-site Scripting (XSS): The most dangerous and widespread method of web session hijacking. By exploiting server or application vulnerabilities, attackers can inject client-side scripts (typically javascript) into web pages cause your browser to execute arbitrary code when it loads a compromised page. The Http Only attribute in session cookies, injected scripts can gain access to your session key, providing attackers with the necessary information for session hijacking.

If any suggestions for this article.Please! Comment in the comment section.

The post What is Session Hijacking ? what are the methods ? appeared first on Vednam.

TIDoS Framework can perform both the types of reconnaissance which in the form of active and passive reconnaissance. The passive reconnaissance in which the toolkit can perform different lookups like the reverse IP, DNS configuration, sub-domains, GeoIP, and Whois lookup.

The tools which gather have useful information about the target from the available social media profiles. The videos framework can do ping enumeration, cms detection, and discovering interesting files via brute-forcing.

The toolkits have performed the security analysis of the web application for the different vulnerabilities like the SQL injection, LDAP injections, HTML injections, XPATH injections, CRLF injections, Cross-Site Scripting, Subdomain takeovers, and PHP injections.

The TIDoS framework can brute force the credentials of the plaintext protocols like FTP, TELNET, SMTP, XMPP, and SQL protocol.

TIDoS Framework Installation 

https://github.com/theinfecteddrake/tidos-framework.git

The dependencies can be also installed by the command

cd tidos-frameworkchmod +x install./install

TIDoS WORK

When the installation is successful then the framework can be set into action by simply typing its name in the terminal.

tidos

After the loading of the tool, you can simply type the web URL terminal. The TIDoS framework confirms the website address and provides the available option to start the scanning or auditing of the target website.

You see each option loaded with a number of modules that can perform special tasks. The available “Reconnaissance & OSINIT” Option has 48 modules which can perform the active reconnaissance, passive reconnaissance, and the information disclosure tasks.

Every option is loaded with the module part. If you called about the scanning and Enumeration which can contain 15 modules that can perform port scanning and tasks like web applications Firewall analysis. As similar, every port has its option and modules.

When you select the available options, load all the associated modules to further refine the scanning objective. If you select the “Reconnaissance & OSINT” that option contains different modules you can see in the picture.

The post TIDoS- Web Application Audit Framework and Open Source appeared first on Vednam.