Wednesday, March 12, 2014
Sunday, March 9, 2014
Vigilance complaints pile up as Delhi Police doesn’t know password | The Indian Express
Over 600 complaints regarding the Delhi Police forwarded by the Central Vigilance Commission
to an online portal have been pending for the past eight years. The
reason: the Delhi Police didn’t know the password to access the portal
or how to operate it, a lapse that went undetected since 2006.
to an online portal have been pending for the past eight years. The
reason: the Delhi Police didn’t know the password to access the portal
or how to operate it, a lapse that went undetected since 2006.
In January finally, two Delhi Police officers, one of the level of
deputy commissioner of police and another an inspector, were imparted
“training” by the CVC on the same.
deputy commissioner of police and another an inspector, were imparted
“training” by the CVC on the same.
Sources in the CVC said 667 complaints had piled up, with no action taken by the police.
Each Delhi government department under the CVC, including the MCD,
DDA and several investigating agencies, have a chief vigilance officer
to look into complaints. If a complaint reaches the CVC, either it
tackles it independently or it sends it to the concerned department
Read Full Story :Vigilance complaints pile up as Delhi Police doesn’t know password | The Indian Express
Friday, March 7, 2014
Computer Forensics Investigation – A Case Study - InfoSec Institute
Computer technology is the major integral part of everyday human
life, and it is growing rapidly, as are computer crimes such as
financial fraud, unauthorized intrusion, identity theft and intellectual
theft. To counteract those computer-related crimes, Computer Forensics
plays a very important role. “Computer Forensics involves obtaining and
analysing digital information for use as evidence in civil, criminal or
administrative cases (Nelson, B., et al., 2008)”.
A Computer Forensic Investigation generally investigates the data
which could be taken from computer hard disks or any other storage
devices with adherence to standard policies and procedures to determine
if those devices have been compromised by unauthorised access or not.
Computer Forensics Investigators work as a team to investigate the
incident and conduct the forensic analysis by using various
methodologies (e.g. Static and Dynamic) and tools (e.g. ProDiscover or
Encase) to ensure the computer network system is secure in an
organization. A successful Computer Forensic Investigator must be
familiar with various laws and regulations related to computer crimes in
their country (e.g. Computer Misuse Act 1990, the UK) and various
computer operating systems (e.g. Windows, Linux) and network operating
systems (e.g. Win NT). According to Nelson, B., et al., (2008), Public
Investigations and Private or Corporate Investigations are the two
distinctive categories that fall under Computer Forensics
Investigations. Public investigations will be conducted by government
agencies, and private investigations will be conducted by private
computer forensic team. This report will be focused on private
investigations, since an incident occurred at a new start-up SME based
in Luton.
This report also includes a computer investigation model, data
collections and its types, evidence acquisitions, forensics tools,
malicious investigation, legal aspects of computer forensics, and
finally this report also provides necessary recommendations,
countermeasures and policies to ensure this SME will be placed in a
secure network environment.
Read Full Article at Here : Computer Forensics Investigation – A Case Study - InfoSec Institute
life, and it is growing rapidly, as are computer crimes such as
financial fraud, unauthorized intrusion, identity theft and intellectual
theft. To counteract those computer-related crimes, Computer Forensics
plays a very important role. “Computer Forensics involves obtaining and
analysing digital information for use as evidence in civil, criminal or
administrative cases (Nelson, B., et al., 2008)”.
A Computer Forensic Investigation generally investigates the data
which could be taken from computer hard disks or any other storage
devices with adherence to standard policies and procedures to determine
if those devices have been compromised by unauthorised access or not.
Computer Forensics Investigators work as a team to investigate the
incident and conduct the forensic analysis by using various
methodologies (e.g. Static and Dynamic) and tools (e.g. ProDiscover or
Encase) to ensure the computer network system is secure in an
organization. A successful Computer Forensic Investigator must be
familiar with various laws and regulations related to computer crimes in
their country (e.g. Computer Misuse Act 1990, the UK) and various
computer operating systems (e.g. Windows, Linux) and network operating
systems (e.g. Win NT). According to Nelson, B., et al., (2008), Public
Investigations and Private or Corporate Investigations are the two
distinctive categories that fall under Computer Forensics
Investigations. Public investigations will be conducted by government
agencies, and private investigations will be conducted by private
computer forensic team. This report will be focused on private
investigations, since an incident occurred at a new start-up SME based
in Luton.
This report also includes a computer investigation model, data
collections and its types, evidence acquisitions, forensics tools,
malicious investigation, legal aspects of computer forensics, and
finally this report also provides necessary recommendations,
countermeasures and policies to ensure this SME will be placed in a
secure network environment.
Read Full Article at Here : Computer Forensics Investigation – A Case Study - InfoSec Institute
Thursday, March 6, 2014
Congress vs BJP vs AAP : How Media is Biased ?
Today the 3 major political parties – Congress, BJP and AAP had rallies of Rahul Gandhi, Narendra Modi and Arvind Kejriwal respectively.
Even the “Tickr”(scrolling news at the bottom of the channel” on both the channel talks only about Modi and Rahul… Headlines on Tickr show only statements of Rahul and Modi.
Also, I checked the Timeline of Times Now’s Twitter handle @timesnow for last 5 hours. Not a single tweet on Kejriwal’s speech while they have live-tweeted both Narendra Modi and Rahul Gandhi. Have taken Screenshots of the TL.
I checked the Timeline of CNN-IBN’s Twitter Handle @ibnlive for last 5 hours. They have live-tweeted both Narendra Modi and Rahul Gandhi. There was only one tweet on Arvind Kejriwal’s rally (that too an anti-Congress statement that AK made).
(Screenshots of Twitter TL are at the end of this blog)
I Called Times Now Office at 02224999944 and spoke to the News desk member. Someone by name Preeti answered my call and she was able yo hear me until I asked the question. Then she started saying “hello.. hello” as if she cant hear me and then hung up… called back again and got connected to some other lady. She refused to reveal her name. When I asked her why they are not showing Kejriwal’s rally, she asked me to send a mail to their mail id “nowdesk@gmail.com” as she is not authorized to answer me.
Then I called CNN-IBN at 01204341818 and I was connected to news room guy Saharsh. He says they have covered Kejriwal’s rally as well and says may be I have missed the braodcast. I asked him for a mail ID where I can send a mail about this. He gave ” Assignment@network18online.com”
I guess we should start questioning these guys on such things to tame them. Its a known fact that these news channels are controlled by corporates that are closely connected to politicians. And as long as we dont question them, they will continue to show the biased news.
I will be sending a mail to the given mail IDs and also, will send a mail to News Broadcasting Association of India.
Until I get a satisfactory answer from them, the channels will be boycotted by me.
Note- I have recorded these calls : https://drive.google.com/folderview?id=0B7DWrSEAJy5_RVp1YzA0OW1PSFU#
Have uploaded the audio files again into a new folder. Please check this – Call Recordings New – https://docs.google.com/folder/d/0B7DWrSEAJy5_OHBTZER1ZWNfeVE/edit
Here is alternate link to access the audio files: https://drive.google.com/?authuser=0#folders/0B7DWrSEAJy5_MG5PQmx2QmQ5UUU
Read more @ http://syedshahalihussaini.wordpress.com/2014/02/23/biased-media/
While ABP news and NDTV were live telecasting all the three rallies alternatively, Times Now and CNN-IBN were only showing Rahul Gandhi and Narendra Modi’s rallies.
Even the “Tickr”(scrolling news at the bottom of the channel” on both the channel talks only about Modi and Rahul… Headlines on Tickr show only statements of Rahul and Modi.
Also, I checked the Timeline of Times Now’s Twitter handle @timesnow for last 5 hours. Not a single tweet on Kejriwal’s speech while they have live-tweeted both Narendra Modi and Rahul Gandhi. Have taken Screenshots of the TL.
I checked the Timeline of CNN-IBN’s Twitter Handle @ibnlive for last 5 hours. They have live-tweeted both Narendra Modi and Rahul Gandhi. There was only one tweet on Arvind Kejriwal’s rally (that too an anti-Congress statement that AK made).
(Screenshots of Twitter TL are at the end of this blog)
I Called Times Now Office at 02224999944 and spoke to the News desk member. Someone by name Preeti answered my call and she was able yo hear me until I asked the question. Then she started saying “hello.. hello” as if she cant hear me and then hung up… called back again and got connected to some other lady. She refused to reveal her name. When I asked her why they are not showing Kejriwal’s rally, she asked me to send a mail to their mail id “nowdesk@gmail.com” as she is not authorized to answer me.
Then I called CNN-IBN at 01204341818 and I was connected to news room guy Saharsh. He says they have covered Kejriwal’s rally as well and says may be I have missed the braodcast. I asked him for a mail ID where I can send a mail about this. He gave ” Assignment@network18online.com”
I guess we should start questioning these guys on such things to tame them. Its a known fact that these news channels are controlled by corporates that are closely connected to politicians. And as long as we dont question them, they will continue to show the biased news.
I will be sending a mail to the given mail IDs and also, will send a mail to News Broadcasting Association of India.
Until I get a satisfactory answer from them, the channels will be boycotted by me.
Note- I have recorded these calls : https://drive.google.com/folderview?id=0B7DWrSEAJy5_RVp1YzA0OW1PSFU#
Have uploaded the audio files again into a new folder. Please check this – Call Recordings New – https://docs.google.com/folder/d/0B7DWrSEAJy5_OHBTZER1ZWNfeVE/edit
Here is alternate link to access the audio files: https://drive.google.com/?authuser=0#folders/0B7DWrSEAJy5_MG5PQmx2QmQ5UUU
Read more @ http://syedshahalihussaini.wordpress.com/2014/02/23/biased-media/
Thursday, February 20, 2014
Manual Web Application Penetration Testing – Finding XSS by Playing With Parameters
Introduction
In my previous article we saw the different ways of fuzzing, including suffix and prefix. We used those fuzzing techniques in order to find error messages in web applications. Now that we know how to fuzz, we will use that skill to find XSS, generally known as cross site scripting.
Testing For XSS
Without wasting any time, let’s go to the Document Viewer page under the A3 cross site scripting (XSS) module. Various methods of exploiting XSS are in there, but first we will choose a simple method which is HTTP attribute.
Monday, February 10, 2014
Manual Web Application Penetration Testing – Suffix & Prefix in Fuzzing
Introduction
In this series of articles, last time we talked about fuzzing and various SQL statement special characters which can be used in fuzzing a web application. In this article, I am going to focus on various prefixes and suffixes of fuzzing in order to fuzz the target web application.
CLICK HERE TO READ FULL ARTICLE
In this series of articles, last time we talked about fuzzing and various SQL statement special characters which can be used in fuzzing a web application. In this article, I am going to focus on various prefixes and suffixes of fuzzing in order to fuzz the target web application.
CLICK HERE TO READ FULL ARTICLE
Saturday, February 8, 2014
How to install and use Veil-Catapult in backtrack?
Today we are gonna talk about Veil-Catapult.Veil-Catapult is payload delivery for when metasploit’s psexec getting caught by AV.It utilizes Veil-Evasion to generate AV-evading binaries, impacket to upload/host the binaries, and the passing-the-hash toolkit to trigger execution.It officially supported on kali linux only.I`m going to show you how to install Veil-Catapult in backtrack?
First if you have not already installed veil-evasion framework then first install it as mentioned here.After installing Veil-evasion follow steps.
root@bt:~wget https://github.com/Veil-Framework/Veil-Catapult/archive/master.zip
root@bt:~unzip master.zip
root@bt:~cd Veil-Catapult-master/
root@bt:~sh setup.sh
Now veil-catapult require impacket library & passing the hash toolkit.So setup script try to install PTH suite but we got error.So we have to manually do it.
First if you have not already installed veil-evasion framework then first install it as mentioned here.After installing Veil-evasion follow steps.
root@bt:~wget https://github.com/Veil-Framework/Veil-Catapult/archive/master.zip
root@bt:~unzip master.zip
root@bt:~cd Veil-Catapult-master/
root@bt:~sh setup.sh
Now veil-catapult require impacket library & passing the hash toolkit.So setup script try to install PTH suite but we got error.So we have to manually do it.
Install passing the hash.
root@bt:~wget https://passing-the-hash.googlecode.com/files/wmiPTH-1.0-1.deb
root@bt:~wget https://passing-the-hash.googlecode.com/files/winexePTH1.1.0-1.deb
root@bt:~dpkg -i winexePTH1.1.0-1.deb
root@bt:~dpkg -i wmiPTH-1.0-1.deb
If you are using other OS then you have to manually build it as mentioned here .
It installed into the /opt/pth/bin folder , we have to move it into /usr/bin.
root@bt:~# ln -s /opt/pth/bin/wmis /usr/bin/pth-wmis
root@bt:~# ln -s /opt/pth/bin/winexe /usr/bin/pth-winexe
root@bt:~# ln -s /opt/pth/bin/wmic /usr/bin/pth-wmic
Installing impacket library
root@bt:~# wget http://corelabs.coresecurity.com/index.php?module=Wiki&action=attachment&type=tool&page=Impacket&file=impacket-0.9.11.tar.gz
root@bt:~# tar -xvzf impacket-0.9.11.tar.gz
root@bt:~# cd impacket
root@bt:~# python setup.py build
I know you have question that we can install it , but when we tried to install , it installed succesfully ;but some of modules are missing.So we first gonna build it then copy it. Now copy folder impacket from build/lib.linux-i686-2.6/ and paste it into /usr/lib/pymodules/python2.6
Now everything is ready ,we can run it. Before that open /etc/veil/settings.py and checkout all path.
root@bt:~/Veil-Catapult-master# python Veil-Catapult.py
Now select number according to your choice & fill out necessary option.
Powershell injector
Barebones python injector
Sethc backdoor
Cleanup resource script is generated , you can use it after your work completed for kill process & remove exe.
You can also host exe using temporary SMB server.This will load the payload executable into memory without touching disk, allowing otherwise disk-detectable executable to bypass detection
Subscribe to:
Posts (Atom)