GALERIA FOTOGRAFICA

Todas las fotos de familia, amigos y eventos realizados por los grupos al cual pertenesco estan en este segmento...

martes, 30 de junio de 2020

Top 17 Best Websites To Learn Ethical Hacking

  1. Packet Storm: Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers.
  2. Metasploit: Find security issues, verify vulnerability mitigations & manage security assessments with Metasploit. Get the worlds best penetration testing software now.
  3. Offensive Security Training: Developers of Kali Linux and Exploit DB, and the creators of the Metasploit Unleashed and Penetration Testing with Kali Linux course.
  4. SecTools.Org: List of 75 security tools based on a 2003 vote by hackers.
  5. HackRead: HackRead is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance, and Hacking News with full-scale reviews on Social Media Platforms.
  6. DEFCON: Information about the largest annual hacker convention in the US, including past speeches, video, archives, and updates on the next upcoming show as well as links and other details.
  7. Hack Forums: Emphasis on white hat, with categories for hacking, coding and computer security.
  8. Hakin9: E-magazine offering in-depth looks at both attack and defense techniques and concentrates on difficult technical issues.
  9. SecurityFocus: Provides security information to all members of the security community, from end users, security hobbyists and network administrators to security consultants, IT Managers, CIOs and CSOs.
  10. Makezine: Magazine that celebrates your right to tweak, hack, and bend any technology to your own will.
  11. Phrack Magazine: Digital hacking magazine.
  12. KitPloit: Leading source of Security Tools, Hacking Tools, CyberSecurity and Network Security.
  13. Hacked Gadgets: A resource for DIY project documentation as well as general gadget and technology news.
  14. NFOHump: Offers up-to-date .NFO files and reviews on the latest pirate software releases.
  15. The Hacker News: The Hacker News — most trusted and widely-acknowledged online cyber security news magazine with in-depth technical coverage for cybersecurity.
  16. Exploit DB: An archive of exploits and vulnerable software by Offensive Security. The site collects exploits from submissions and mailing lists and concentrates them in a single database.
  17. Black Hat: The Black Hat Briefings have become the biggest and the most important security conference series in the world by sticking to our core value: serving the information security community by delivering timely, actionable security information in a friendly, vendor-neutral environment.

Read more...

jueves, 11 de junio de 2020

Apple Sigue Usando Empresas Externas Para Analizar Las Conversaciones Recopiladas Por Siri (Un Año Después)

En una dura carta enviada por Thomas Le Bonniec el 20 de mayo de 2020 (hace menos de un mes) a las autoridades de protección de datos en Europa (EU y EFTA), este advertía de la violación de privacidad de los ciudadanos europeos por parte de Apple. El asunto, como vamos a ver, es que los mensajes de Siri van a los servidores de Apple, y allí se procesan.... y algunas veces manualmente.

Figura 1: Apple sigue usando empresas externas para analizar
las conversaciones recopiladas por Siri (un año después)


Thomas había estado trabajando para Global Technical Services, una de las subcontratas de Apple en IrlandaSu cometido era sencillo: Transcribir las conversaciones grabadas por Siri (en proyecto que se llamó internamente "Bulk Data") con el objetivo de corregir y mejorar la interpretación de dichas ordenes obtenidas desde cualquier dispositivo Apple (iPhones, iPad, Apple Watch, etcétera). El problema que destaca en su carta es que Siri grababa más de la cuenta de forma accidental. 

Figura 2: Carta enviada por Thomas Le Boniec


A veces el usuario intenta hacer una petición, algo falla, pero no se da cuenta que Siri se ha activado y está lista para recibir información. Eso provoca que se recolecten conversaciones que no estaban pensadas inicialmente para ser utilizadas con Siri. Pero aún hay más, en estos estados de "activación no controlada" también se estaban grabando conversaciones de terceros, es decir, de niños, familiares, etcétera.

Es decir, de cualquier persona que estuviera en esos momentos cerca del dispositivo. De hecho, cuenta en la carta que llegó a escuchar cientos de conversaciones relacionadas con temas tan personales como enfermedades, pornografía, política, etcétera. Esto realmente grave de por sí, pero por lo menos esa información es anónima y no está relacionada con los usuarios … ¿o no? 


En la carta habla de otro proyecto interno cuyo nombre era "Development data". Y aquí es donde está lo realmente preocupante (aunque ya de por sí lo anterior, grabar conversaciones no autorizadas de manera "accidental" lo era de por sí), ya que el contexto de este equipo era etiquetar las palabras y asociarlas con los usuarios, es decir, una vez procesadas las conversaciones, estas se añadían al perfil personal de los mismos. El objetivo era obtener un dataset muy preciso de los usuarios para de esta forma optimizar el funcionamiento de Siri pero a su vez, utilizarlos en otros dispositivos Apple.

Figura 4: Configuración de Siri

La preocupación por Siri ha sido grande en los últimos años, y hemos visto cómo se ha convertido en un problema para la privacidad de los usuarios en el dispositivo iPhone, donde ha sido parte de muchos trucos de Hacking en iOS para iPhone & iPad. Se ha usado para controlar tus cuentas de Facebook, para leer y enviar mensajes de e-mail en nombre del dueño del dispositivo, leer los mensajes de WhatsApp y hasta para robar las cuentas de correo Gmail o Hotmail usando Siri, como contaba en este vídeo Chema Alonso.


Figura 5: Robar una cuenta de Gmail o Hotmail con Siri

Pero lo más grave de todo, es que en agosto de 2019 ya fue denunciado este hecho, llegando Apple incluso a afirmar (hasta llegó a pedir perdón) que había puesto en pausa el uso de subcontratas externas para realizar este proceso de la información obtenida por Siri


Una cosa es procesar internamente esta información (dentro del marco legal que la empresa ofrece a sus clientes) pero otra muy distinta es contratar a otras empresas para realizar esta función, ya que amplía el vector o las posibilidades de filtración de dichos datos recopilados.

Figura 7: Libro de Hacking iOS: iPhone & iPad 2ª Edición

Como vemos, parece que no ha cambiado mucho en menos de año después de la denuncia inicial que advertía de estas prácticas. Apple repitió varias veces que pondría solución a este problema y movería toda esta práctica a sus instalaciones y empleados internos, pero pesar de las presiones y la denuncia, como hemos visto al comienzo de este artículo, Apple sigue contratando empresas externas para realizar este cometido tan sensible.

Figura 8: Eliminar el Historial de Siri

Muchos medios como Forbes, The Guardian, etcétera, se están haciendo eco de esta noticia, ya que ha pasado casi un año desde la primera denuncia y parece que no ha habido ninguna reacción por parte de las autoridades europeas (este hecho lo denuncia el mismo Le Bonniec en el documento). Además, cierra la carta con una frase lapidaria 

"Estoy extremadamente preocupado ya que ellos están básicamente escuchando ("wiretapping") a la población". 

En defensa de Apple, la versión 13.2 iOS permite al usuario eliminar las conversaciones obtenidas por Siri en cualquier dispositivo como se explica en este artículo de su web de soporte. Pero esto no es caso asilado que afecta únicamente a la empresa de la manzana.  Otras grandes compañías como Amazon, Google o Facebook han reconocido realizar prácticas similares, y el historial está disponible. En este artículo, podéis ver cómo se localizan las grabaciones de voz que hace Google

Figura 9: Accediendo a la lista de grabaciones desde Android

Podemos asumir que a la hora de utilizar un asistente digital nos exponemos a una cierta exposición de la información que le transmitimos, pero es deber de la empresa mantener de forma anónima, pero, sobre todo, esta debe cumplir las regulaciones legales de la zona en la cual se encuentran sus clientes. Vamos a ver cómo acaba toda esta historia.

Autor:

Fran Ramírez, (@cyberhadesblog) es investigador de seguridad y miembro del equipo de Ideas Locas en CDO en Telefónica, co-autor del libro "Microhistorias: Anécdotas y Curiosidades de la historia de la informática (y los hackers)", del libro "Docker: SecDevOps", también de "Machine Learning aplicado a la Ciberseguridad" además del blog CyberHades. Puedes contactar con Fran Ramirez en MyPublicInbox.


 Figura 10: Contactar con Fran Ramírez en MyPublicInbox

Related links


  1. Hacking The Art Of Exploitation
  2. Pentest Iso
  3. Pentest Windows
  4. Hacking With Linux
  5. Pentest Report
  6. Pentest Questions
  7. What Hacking Is
  8. Pentest Vs Red Team
  9. Hacking Youtube
  10. Hacking Programs
  11. Hacker Forum
  12. Pentest Blog

Read more...

Facebook Plans To Launch Its Own Cryptocurrency

Facebook Plans To Launch Its Own Cryptocurrency

Facebook Plans To Launch Its Own Cryptocurrency

Facebook Plans To Launch Its Own Cryptocurrency

The social network giant, Facebook is going through a bad phase with lots of ups and down. The recent scandal with Cambridge Analytica has caused the world's largest social network giant Facebook to change its stance on user privacy and to be more transparent about its use of the data it collects.
Since then, some social networks based in Blockchain have been popularized, namely Sphere, Steemit, and Howdoo. However, recently, something unusual announcement is announced by the social network giant Facebook itself, in which Facebook stated that it is investing in a Blockchain-based solution development team, but, the purpose of the project is not yet known.
It was with a post on the Facebook page that David Marcus confirmed his departure from the Messenger team and the creation of a small group dedicated to finding solutions based on the potential of Blockchain technology for Facebook.
David Marcus has not given much detail on the work he will do with his new group, saying only that they will study Blockchain from scratch so that they can use this revolutionary technology for Facebook.
"I'm setting up a small group to explore how to leverage Blockchain across Facebook, starting from scratch," stated David Marcus.
Despite being connected to Facebook's Messenger since 2014, David Marcus is no novice in these financial issues related to money transfers. In addition to having introduced the possibility of P2P payments in Messenger itself, David Marcus was President of PayPal and CEO of Zong, a company dedicated to payments on mobile devices.
However, his experience in this segment does not allow us to conclude that Facebook will create or support a crypto coin, but, it also doesn't mean that it will launch or support any crypto coin of its own. Blockchain technology has become famous thanks to crypto-coins, especially Bitcoin, but its potential expands dramatically to other areas.
The potential of Blockchain goes from the crypto-coins to the creation of real ecosystems online, supported by the users of the network. Sharing and storing data is a legacy that Blockchain allows you to explore and maybe the fact that Facebook will use it in your favor.
The lead post in Messenger was then handed over to Stan Chudnovsky, who now heads one of the most widely used communication services around the world, alongside WhatsApp.
Rumors also point out that James Everingham and Kevin Weil, both from Instagram, will also join David Marcus in this new onslaught of Facebook to one of today's most acclaimed technologies.
Related links

  1. Pentest Tools Github
  2. Pentest Owasp Top 10
  3. Pentestbox
  4. Hacker News
  5. Pentest Free
  6. Pentest Basics
  7. Pentestgeek
  8. Pentest App
  9. Pentestgeek
  10. Pentest Vs Ethical Hacking
  11. Pentest Box
  12. Pentest Guide
  13. Pentest Checklist
  14. Hacking Games Online
  15. Pentest Plus
  16. Pentest Plus
  17. Hacking Games Online
  18. Hacker Box
  19. Pentest Online Course

Read more...

miércoles, 10 de junio de 2020

BruteSpray: A Brute-forcer From Nmap Output And Automatically Attempts Default Creds On Found Services


About BruteSpray: BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.

BruteSpay's Installation
   With Debian users, the only thing you need to do is this command:
sudo apt install brutespray

   For Arch Linux user, you must install Medusa first: sudo pacman -S medusa

   And then, enter these commands to install BruteSpray:


Supported Services: ssh, ftp, telnet, vnc, mssql, mysql, postgresql, rsh, imap, nntpp, canywhere, pop3, rexec, rlogin, smbnt, smtp, svn, vmauthdv, snmp.

How to use BruteSpray?

   First do an Nmap scan with -oG nmap.gnmap or -oX nmap.xml.
   Command: python3 brutespray.py -h
   Command: python3 brutespray.py --file nmap.gnmap
   Command: python3 brutesrpay.py --file nmap.xml
   Command: python3 brutespray.py --file nmap.xml -i

   You can watch more details here:

Examples

   Using Custom Wordlists:
python3 brutespray.py --file nmap.gnmap -U /usr/share/wordlist/user.txt -P /usr/share/wordlist/pass.txt --threads 5 --hosts 5

   Brute-Forcing Specific Services:
python3 brutespray.py --file nmap.gnmap --service ftp,ssh,telnet --threads 5 --hosts 5

   Specific Credentials:
python3 brutespray.py --file nmap.gnmap -u admin -p password --threads 5 --hosts 5

   Continue After Success:
python3 brutespray.py --file nmap.gnmap --threads 5 --hosts 5 -c

   Use Nmap XML Output:
python3 brutespray.py --file nmap.xml --threads 5 --hosts 5

   Use JSON Output:
python3 brutespray.py --file out.json --threads 5 --hosts 5

   Interactive Mode: python3 brutespray.py --file nmap.xml -i

Data Specs
{"host":"127.0.0.1","port":"3306","service":"mysql"}
{"host":"127.0.0.10","port":"3306","service":"mysql"}
...


Changelog: Changelog notes are available at CHANGELOG.md.

You might like these similar tools:

Related news

Read more...

Hacktivity 2018 Badge - Quick Start Guide For Beginners

You either landed on this blog post because 
  • you are a huge fan of Hacktivity
  • you bought this badge around a year ago
  • you are just interested in hacker conference badge hacking. 
or maybe all of the above. Whatever the reasons, this guide should be helpful for those who never had any real-life experience with these little gadgets. 
But first things first, here is a list what you need for hacking the badge:
  • a computer with USB port and macOS, Linux or Windows. You can use other OS as well, but this guide covers these
  • USB mini cable to connect the badge to the computer
  • the Hacktivity badge from 2018
By default, this is how your badge looks like.


Let's get started

Luckily, you don't need any soldering skills for the first steps. Just connect the USB mini port to the bottom left connector on the badge, connect the other part of the USB cable to your computer, and within some seconds you will be able to see that the lights on your badge are blinking. So far so good. 

Now, depending on which OS you use, you should choose your destiny here.

Linux

The best source of information about a new device being connected is
# dmesg

The tail of the output should look like
[267300.206966] usb 2-2.2: new full-speed USB device number 14 using uhci_hcd
[267300.326484] usb 2-2.2: New USB device found, idVendor=0403, idProduct=6001
[267300.326486] usb 2-2.2: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[267300.326487] usb 2-2.2: Product: FT232R USB UART
[267300.326488] usb 2-2.2: Manufacturer: FTDI
[267300.326489] usb 2-2.2: SerialNumber: AC01U4XN
[267300.558684] usbcore: registered new interface driver usbserial_generic
[267300.558692] usbserial: USB Serial support registered for generic
[267300.639673] usbcore: registered new interface driver ftdi_sio
[267300.639684] usbserial: USB Serial support registered for FTDI USB Serial Device
[267300.639713] ftdi_sio 2-2.2:1.0: FTDI USB Serial Device converter detected
[267300.639741] usb 2-2.2: Detected FT232RL
[267300.643235] usb 2-2.2: FTDI USB Serial Device converter now attached to ttyUSB0

Dmesg is pretty kind to us, as it even notifies us that the device is now attached to ttyUSB0. 

From now on, connecting to the device is exactly the same as it is in the macOS section, so please find the "Linux users, read it from here" section below. 

macOS

There are multiple commands you can type into Terminal to get an idea about what you are looking at. One command is:
# ioreg -p IOUSB -w0 -l

With this command, you should get output similar to this:

+-o FT232R USB UART@14100000  <class AppleUSBDevice, id 0x100005465, registered, matched, active, busy 0 (712 ms), retain 20>
    |   {
    |     "sessionID" = 71217335583342
    |     "iManufacturer" = 1
    |     "bNumConfigurations" = 1
    |     "idProduct" = 24577
    |     "bcdDevice" = 1536
    |     "Bus Power Available" = 250
    |     "USB Address" = 2
    |     "bMaxPacketSize0" = 8
    |     "iProduct" = 2
    |     "iSerialNumber" = 3
    |     "bDeviceClass" = 0
    |     "Built-In" = No
    |     "locationID" = 336592896
    |     "bDeviceSubClass" = 0
    |     "bcdUSB" = 512
    |     "USB Product Name" = "FT232R USB UART"
    |     "PortNum" = 1
    |     "non-removable" = "no"
    |     "IOCFPlugInTypes" = {"9dc7b780-9ec0-11d4-a54f-000a27052861"="IOUSBFamily.kext/Contents/PlugIns/IOUSBLib.bundle"}
    |     "bDeviceProtocol" = 0
    |     "IOUserClientClass" = "IOUSBDeviceUserClientV2"
    |     "IOPowerManagement" = {"DevicePowerState"=0,"CurrentPowerState"=3,"CapabilityFlags"=65536,"MaxPowerState"=4,"DriverPowerState"=3}
    |     "kUSBCurrentConfiguration" = 1
    |     "Device Speed" = 1
    |     "USB Vendor Name" = "FTDI"
    |     "idVendor" = 1027
    |     "IOGeneralInterest" = "IOCommand is not serializable"
    |     "USB Serial Number" = "AC01U4XN"
    |     "IOClassNameOverride" = "IOUSBDevice"
    |   } 
The most important information you get is the USB serial number - AC01U4XN in my case.
Another way to get this information is
# system_profiler SPUSBDataType

which will give back something similar to:
FT232R USB UART:

          Product ID: 0x6001
          Vendor ID: 0x0403  (Future Technology Devices International Limited)
          Version: 6.00
          Serial Number: AC01U4XN
          Speed: Up to 12 Mb/sec
          Manufacturer: FTDI
          Location ID: 0x14100000 / 2
          Current Available (mA): 500
          Current Required (mA): 90
          Extra Operating Current (mA): 0

The serial number you got is the same.

What you are trying to achieve here is to connect to the device, but in order to connect to it, you have to know where the device in the /dev folder is mapped to. A quick and dirty solution is to list all devices under /dev when the device is disconnected, once when it is connected, and diff the outputs. For example, the following should do the job:

ls -lha /dev/tty* > plugged.txt
ls -lha /dev/tty* > np.txt
vimdiff plugged.txt np.txt

The result should be obvious, /dev/tty.usbserial-AC01U4XN is the new device in case macOS. In the case of Linux, it was /dev/ttyUSB0.

Linux users, read it from here. macOS users, please continue reading

Now you can use either the built-in screen command or minicom to get data out from the badge. Usually, you need three information in order to communicate with a badge. Path on /dev (you already got that), speed in baud, and the async config parameters. Either you can guess the speed or you can Google that for the specific device. Standard baud rates include 110, 300, 600, 1200, 2400, 4800, 9600, 14400, 19200, 38400, 57600, 115200, 128000 and 256000 bits per second. I usually found 1200, 9600 and 115200 a common choice, but that is just me.
Regarding the async config parameters, the default is that 8 bits are used, there is no parity bit, and 1 stop bit is used. The short abbreviation for this is 8n1. In the next example, you will use the screen command. By default, it uses 8n1, but it is called cs8 to confuse the beginners.

If you type:
# screen /dev/tty.usbserial-AC01U4XN 9600
or
# screen /dev/ttyUSB0 9600
and wait for minutes and nothing happens, it is because the badge already tried to communicate via the USB port, but no-one was listening there. Disconnect the badge from the computer, connect again, and type the screen command above to connect. If you are quick enough you can see that the amber LED will stop blinking and your screen command is greeted with some interesting information. By quick enough I mean ˜90 seconds, as it takes the device 1.5 minutes to boot the OS and the CTF app.

Windows

When you connect the device to Windows, you will be greeted with a pop-up.

Just click on the popup and you will see the COM port number the device is connected to:


In this case, it is connected to COM3. So let's fire up our favorite putty.exe, select Serial, choose COM3, add speed 9600, and you are ready to go!


You might check the end of the macOS section in case you can't see anything. Timing is everything.

The CTF

Welcome to the Hacktivity 2018 badge challenge!

This challenge consists of several tasks with one or more levels of
difficulty. They are all connected in some way or another to HW RE
and there's no competition, the whole purpose is to learn things.

Note: we recommend turning on local echo in your terminal!
Also, feel free to ask for hints at the Hackcenter!

Choose your destiny below:

1. Visual HW debugging
2. Reverse engineering
3. RF hacking
4. Crypto protection

Enter the number of the challenge you're interested in and press [
Excellent, now you are ready to hack this! In case you are lost in controlling the screen command, go to https://linuxize.com/post/how-to-use-linux-screen/.

I will not spoil any fun in giving out the challenge solutions here. It is still your task to find solutions for these.

But here is a catch. You can get a root shell on the device. And it is pretty straightforward. Just carefully remove the Omega shield from the badge. Now you see two jumpers; by default, these are connected together as UART1. As seen below.



But what happens if you move these jumpers to UART0? Guess what, you can get a root shell! This is what I call privilege escalation on the HW level :) But first, let's connect the Omega shield back. Also, for added fun, this new interface speaks on 115200 baud, so you should change your screen parameters to 115200. Also, the new interface has a different ID under /dev, but I am sure you can figure this out from now on.




If you connect to the device during boot time, you can see a lot of exciting debug information about the device. And after it boots, you just get a root prompt. Woohoo! 
But what can you do with this root access? Well, for starters, how about running 
# strings hello | less

From now on, you are on your own to hack this badge. Happy hacking.
Big thanks to Attila Marosi-Bauer and Hackerspace Budapest for developing this badge and the contests.

PS: In case you want to use the radio functionality of the badge, see below how you should solder the parts to it. By default, you can process slow speed radio frequency signals on GPIO19. But for higher transfer speeds, you should wire the RF module DATA OUT pin with the RX1 free together.



More information


  1. Pentestlab
  2. Pentestgeek
  3. Hacking Tools
  4. Hacking Apps
  5. Pentest Tools
  6. Hacking The Art Of Exploitation
  7. Pentest Cheat Sheet
  8. Hacking
  9. Pentest Open Source
  10. Pentest Box
  11. Pentest Environment
  12. Pentest Wifi
  13. Pentest Vpn
  14. Pentest Jobs
  15. Pentest As A Service

Read more...

DSniff


"dsniff is a collection of tools for network auditing and penetration testing. dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively monitor a network for interesting data (passwords, e-mail, files, etc.). arpspoof, dnsspoof, and macof facilitate the interception of network traffic normally unavailable to an attacker (e.g, due to layer-2 switching). sshmitm and webmitm implement active monkey-in-the-middle attacks against redirected SSH and HTTPS sessions by exploiting weak bindings in ad-hoc PKI." read more...

Website: http://www.monkey.org/~dugsong/dsniff/

Related posts
  1. Pentest Ios
  2. Hacking Groups
  3. Pentester Academy
  4. Pentesting Tools
  5. Pentest Tools Github
  6. Pentest Guide
  7. Hacker Prank
  8. Pentest Distro
  9. Pentest Box
  10. Hacking Site
  11. Pentestgeek
  12. Pentest Windows 7
  13. Pentest Dns Server
  14. Hacking Bluetooth
  15. Hacking Apps
  16. Pentest Nmap
  17. Hacking Websites
  18. Pentest News

Read more...

martes, 9 de junio de 2020

Parrot Security OS 4.7 Released With New Linux Kernel, Menu Structure, Tools Improvements And Many Changes


In Sep 18 2019, Parrot Security OS 4.7 has released, with many new following changes below.

Latest Linux 5.2.x series
   The new ISO files of Parrot 4.7 are being released only now, but we were the first Debian derivative distribution to introduce Linux 5.1 and 5.2 to all our users, and now ParrotSec team is ready to offer it also with our ISO files rebild cycle to support more devices and integrate all the latest linux features from the beginning.

New sandbox behavior (opt-in rather than opt-out)
   Sandboxing is a great thing, and ParrotSec team was in the first line when they introduced our custom Firejail and AppArmor solution for the first time many years ago. We still want to improve such feature and ParrotSec team has a whole team dedicated to improve sandboxing and hardening of the Parrot Security OS system, but ParrotSec team had to face the many users with issues caused by the restrictions of our sandbox.

   In Parrot Security OS 4.7 the sandbox is disabled by default, and users can decide wether to start an application sandboxed or not. You can easily start the sandboxed version of an installed program from the /sandbox/ folder or from a dedicated menu that ParrotSec team plans to improve in the future (meanwhile the search feature of the bottom menu will fit all your needs), or you can re-enable it by default by using the firecfg tool.

New menu structure and tools improvements
   The pentesting menu structure was refactored and re-designed to make tools easier to access in a more logical hierarchical structure. New tools were also added to the project, and ParrotSec team plans to add even more in the future. Not all of them are going to be pre-installed, but a good set of tools in our repository enables pentesters to build up the perfect pentest system for their specific needs, regardless the default package selection picked by ParrotSec team.

Domain changes
   To reflect the neutrality of a distro that started as a pentest-only system and became more general purpose later with Parro Home, the community voted through a democratic process to switch to parrotlinux.org as the new default domain of the project.

   ParrotSec team will still use ParrotSec.org for other things (included the old email addresses), and they introduced other project domains to handle specific parts of the infrastructure.

Repository changes
   ParrotSec team is preparing to integrate a future LTS branch, so they decided to rename the current repository from stable to rolling. Nothing changes for the end user, and the current Parrot Security OS branch will continue to behave the same as before, but now with a different name to better reflect the rolling release nature of the system, waiting for the LTS edition to join the Parrot Security OS family along side the rolling branch in a similar way OpenSUSE does.

New MATE 1.22 release: Parrot Security OS 4.7 ships with the latest MATE 1.22 desktop environment.

Miscellaneous: New Firefox Browser 69, the latest Radare2 and cutter versions and many other important upgrades are all aboard as expected in a properly developed rolling release distro.

How to upgrade to the lastest Parrot Security OS version
   You can update your existing Parrot Security OS system with this command:
sudo parrot-upgrade

   Or use the raw apt command
sudo apt update
sudo apt full-upgrade


   Don't forget to use this command regularly (at least once a week) to receive the latest security updates and bugfixes from the Parrot Security OS repository.

   Or you can download the latest release from official download page.

More info

Read more...

lunes, 8 de junio de 2020

SANS SEC575 Mentor Class

Hi everyone,

Great news! I will be mentoring SANS 575: Mobile Device Security and Ethical Hacking in Luxembourg on Thursday evenings 18:00-20:00, starting from January 15, 2015.

Mentor classes are special, 10 week-format SANS classroom sessions that give the students time to absorb and master the same material with the guidance of a trained security professional.

Students receive all the same course materials used at SANS conferences and study at a more leisurely pace, so students will have:
  • Hardcopy set of SANS course books
  • Mentor Program study materials
  • Weekly Mentor led sessions
Prior to the weekly Mentor-led classroom sessions, students study SANS course material at their own pace. Each week, students meet with other professionals in their hometown area and the SANS mentor, who leads topical discussions pointing out the most salient features of the weekly material studied, provides hands-on demonstrations, and answer questions. The Mentor's goal is to help student's grasp the more difficult material, master the exercises, demonstrate the tools and prepare for GIAC certification.

On SANS SEC575, we will learn about mobile device infrastructures, policies and management, we will see the security models of the different platforms, like the data storage and file system architecture. We will also see how to unlock, root and jailbreak mobile devices in order to prepare them for data extraction and further testing. In the second half of the course, we will learn how to perform static and dynamic mobile application analysis, the usage of automated application analysis tools and how to manipulate application behavior. Last but not least, we will see how to perform mobile penetration testing that includes fingerprinting mobile devices, wireless network probing and scanning, attacking wireless infrastructures, using network manipulation attacks and attacks against mobile applications and back-end applications.

For more info, here is the link for the class: http://www.sans.org/mentor/class/sec575-luxembourg-15jan2015-david-szili
My Mentor bio: http://www.sans.org/mentor/bios#david-szili 

Information on the class, special discounts and applying for the class: szili_(dot)_david_(at)_hotmail_(dot)_com

Additional info can be also found at: https://www.sans.org/mentor
Some special price is also available for this course. A few examples: http://www.sans.org/mentor/specials

Best regards,
David

Such low price. Very SANS. Much learning. Wow!

More info


  1. Hackintosh
  2. Hacker Google
  3. Pentest Firewall
  4. Pentest Iso
  5. Pentest Report
  6. Pentest Jobs
  7. Pentest Wiki
  8. Hacker On Computer
  9. Hacking Images
  10. Pentest Methodology
  11. Hacking With Python

Read more...

Blog Archive

  © Blogger templates ProBlogger Template by Ourblogtemplates.com 2008

Back to TOP