Show notes for Linux Basix podcast:
Zeus botnet ring: Thirty-seven people are being charged in the U.S. for their alleged role in an international fraud ring based in East Europe that stole more than $3 million from bank accounts belonging primarily to small businesses and municipalities, according to indictments released Thursday.
The sophisticated ring included a multitude of East Europeans who entered the U.S. on student visas and fake passports to operate as so-called “money mules,” laundering funds stolen from U.S. accounts and sending the money overseas.
Bye Bye Bios: New PCs could start in just seconds, thanks to an update to one of the oldest parts of desktop computers.The upgrade will spell the end for the 25-year-old PC start-up software known as Bios that initialises a machine so its operating system can get going.
The code was not intended to live nearly this long, and adapting it to modern PCs is one reason they take as long as they do to warm up. Bios’ replacement, known as UEFI, will predominate in new PCs by 2011.The acronym stands for Unified Extensible Firmware Interface and is designed to be more flexible than its venerable predecessor.
Data collection Andriod:Something as simple as changing your Android phone’s wallpaper or downloading a ringtone could transmit personal data about you, including your location, without your knowledge.
Sound farfetched? It’s not: About 15 of 30 randomly selected, popular, free Android apps sent sent users’ private information to remote advertising servers and two-thirds of the apps handled data in ambiguous
ways, say researchers.
DHS Launches Cyber Attack Exercise:For three or four days this week, the Internet will come under a virtual attack from an unknown adversary, and it will be up to the government and private sector’s coordinated efforts to root out the cause and work together to keep systems up and running — at least within the simulated confines of the Department of Homeland Security’s Cyber Storm III exercise, which begins Tuesday.
The Cyber Storm series of exercises simulates large cyber attacks on critical infrastructure and government IT assets in order to test the government’s preparedness. Specifically, this year’s exercise will be the first time DHS will test both the draft National Cyber Incident Response Plan (an effort to provide a coordinated response to major cybersecurity incidents) that will be publicly released later this year and the new National Cybersecurity and Communications Integration Center (the hub of DHS’ cybersecurity coordination efforts).
Tech segment: “Nessus Bridge for Metasploit ”
The idea for this segment and a future blog post that I will be releasing tomorrow with an interview from the author,came about from a posting I saw on twitter this week. After reading the author’s site I said to myself this is some “prety cool stuff”
The general concept is to allow you to do various tasks with your Nessus server, from within the msf command line. By that I mean scan with Nessus, review the results, import the results and then exploit the results.
Below is the current and future list of feature that the author is currently developing:
Checkout his blog and keep an eye on this project –> http://blog.zate.org
What do you need to start testing:
- A host with Metasploit installed and configured (I recommend BackTrack 4)
- A host with a Nessus server installed and updated (I recommend you install on your BT4 host)
- A vulnerable host to test with (I recommend you download metasploitable)
Once you have the above criteria met, log into your Nessus server via the web interface and create your test policy. From this point onwards you can log-out of your server and close your web browser.
Next do the following:
1- Load up your Metasploit console via /pentest/exploit/framework3/msfconsole
2- Ensure you have the most updated version “svn up”
3- Load the nessus module “load nessus”
4- Connect to your nessus server with “nessus_connect user@myhost:8834 ok”
5- Next start your first scan with “nessus_scan_new <policy id> <scan name> <targets>”
6- While running you can issues “nessus_scan_status” to view when its completed
7- Next you can need to get your report ID with the following command “nessus_report_list”
8- Create db workspace and import scanned results “db_connect” then “nessus_report_get <report id>”
9- Choose a report ID number and use the following to view the details so you can see if your host has any high risk vulnerability to exploit with MSF “nessus_report_hosts <report id>” .
From here on you can issue the db_autopwn commands and have fun:
Usage: db_autopwn [options]
-h Display this help text
-t Show all matching exploit modules
-x Select modules based on vulnerability references
-p Select modules based on open ports
-e Launch exploits against all matched targets
-r Use a reverse connect shell
-b Use a bind shell on a random port (default)
-q Disable exploit module output
-R [rank] Only run modules with a minimal rank
-I [range] Only exploit hosts inside this range
-X [range] Always exclude hosts inside this range
-PI [range] Only exploit hosts with these ports open
-PX [range] Always exclude hosts with these ports open
-m [regex] Only run modules whose name matches the regex
-T [secs] Maximum runtime for any exploit in seconds
Go out and have some fun,and look for my follow-up post tomorrow.