Encrypted Disk Detector is a free Windows command line tool for computer forensics that can detect Truecrypt, PGP, Bitlocker, Safeboot, Sophos Safeguard, Endpoint Security FDE, Symantec Endpoint FDE and Bestcrypt encrypted volumes. The software checks for encryption signatures in the Master Boot Record and Volume Boot Records, where encryption tools store the authentication hashing mechanism that decrypt data, it also displays OEM ID and volume label partition where applicable, when the encryption software hasn’t got any identifiable signature Encrypted Disk Detector scans for running processes indicative of disk encryption.
This tool is useful to incident response practitioners to quickly determine if encryption is being used in any of the company or network computers before deciding what steps to take next, e.g. mirror drives, prior to pulling the plug. Encrypted Disk Detector runs in read mode and does not make any file changes, its intuitive coloured notification arrangement makes it effortless to interpret the results.
Encrypted Disk Detector finds BestCrypt volume
Encrypted Disk Detector is not a threat to home users, the software does not attempt to guess what drives are encrypted, it only checks for volumes that are already mounted on live systems, it will not detect encryption in unmounted disks, TCHunt is more appropriate for that task, this is a time saving tool that can be deployed in a matter of seconds in a large network.
Efemr is a free web and mobile app to post time limited messages on Twitter, it works by adding a timestamp hashtag at the end of your message, for example adding #8m at the end of a post would erase your Twitter message in eight minutes, time can be set to a few hours too but no more than that. The app backups all messages keepimng a private list of deleted posts next to a retweet button in case you change your mind and to remember you what you have posted in the past even if it is no longer visible.
Efemr self-destructing Twitter messages
Being able to limit how long for something will remain on the Internet it is a step in the right direction to protect people’s privacy but it will not replace common sense, there is still the possibility of someone taking a screenshot of the Tweet, the time frame is not perfect either, Twitter feeds take longer than the specified limit to be erased and anyone could copy and paste or retweet your message, if you truly want to keep your Tweets private then encrypt them with AnonTwi or any text encryption utility and make them only available to people you know, if anyone takes a screenshot it will only show cihphered text.
Another way to achieve Twitter privacy is by never using your real name when opening an account, never post personal identifying data when posting and always use Tor or a VPN to log into Twitter.
HackaServer is a security testing platform where companies can send their applications and apps for skilled hackers to find bugs and exploits, when a server vulnerability is found the hacker gets paid a reward. Big companies like Google and Facebook have their own security team to test code and online applications before they are released to the public, small companies can not afford the thousands of dollars that this costs, HackaServer crowd sources hundreds of hackers looking at code vulnerabilities and misconfiguration testing security and only paying if something is found, with a confidentiality clause protecting the company reputation and real production infrastructure.
Any system administrator can deploy a custom testing server with the most popular operating systems hosting apps in just a few minutes, before you start hacking a virtual server there is a sandbox called “Training Arena” where people can get a feel of the platform and test their pen testing skills.
HackaServer account creation
There are two kind of hacking challenges, one called “Capture the Flag” where the hacker has to penetrate the server and capture all the details as evidence that he was inside, and another challenge where the hacker finds a flaw or vulnerability rating it as critical, medium or low and getting paid by the company for a full report with all the details. The report is the most important part and it will have to comply with standard penetration test reports, HackaServer only grants hacking rights to the “Playground Arena” after you have passed an IT test showing skills equivalent to a Certified Expert Penetration Tester (CEPT) exam but without being charged for it.
A good way for penetration testing students to improve their skills on HackaServer and increase their income while learning as well as way for black hat hackers to make some money the legal way.
The Active Defense Harbinger Distribution is a security Linux distribution based on Ubuntu 12.04 Long Term Support, Ubuntu LTS has 5 years support from Ubuntu developers Canonical, it is useful for enterprises and those who don’t need to run cutting edge software and are more interested in an stable operating system that will be supported for a long time without the need to constantly upgrade to another version to patch up security holes.
ADHD announces itself as an active defence distribution with preconfigured strike back tools, able to interfere with an attacker’s system fingerprinting, the first reconnaissance stage previous to a hacking attack. Just like Ubuntu, you can run ADHD as a live DVD or install it in your computer, when you first boot you will be given the choice of logging in as adhd user or guest user, the login password is adhd. The default window manager is the lightweight XFCE, you could change it using Synaptic package manager, a package management tool for Debian that can be used to install, remove and upgrade software packages.
The Active Defense Harbinger Distribution (ADHD)
On the surface you will not appreciate too many differences in between The Active Defense Harbinger Distribution and any other end user Linux distribution, it comes with The Gimp and gThumb for image editing, the full LibreOffice suite to work with documents, Thunderbird and Firefox, Catfish to search documents, basic network tools to ping, traceroute, port scan, finger and whois computer IPs, Xchat for IRC, Zenmap scanner, Gigolo, a front end to connect to remote file system, Parole Media player to watch videos, gmusic browser and Gwibber, an open source microblogging tool with access to the most popular social networking services like Twitter and Flickr. The most geeky tool included in ADHD is pgAdmin to edit PostgreSQL databases you will not find any hacking or penetration testing software on the list.
The Active Defense Harbinger Distribution protects you deploying honeypots that waste an attacker’s time, alert the administrator of the attack while still harmless and gathers information on the sources of the attack.
One of ADHD main defences is The Network Obfuscation and Virtualized Anti-Reconnaissance (Nova), it doesn’t use signature based detection for malware, instead it creates decoy systems for an attacker to interact with and alert the system administrator via email or logs that someone is attacking a dummy folder, port, etc. You can have infinite recursive directories so the attacker never really gets to his target or you can instruct Nova to automatically shut down a port when someone touches it.
The Active Defense Harbinger Distribution system monitor
ADHD also comes with Honeybadger, able to create a webpage that looks like a Cisco administration interface or something interesting for an attacker to access, the dummy page can run a Java app on the attacker’s machine, gather his IP address and add it to a report page with Google API showing approximate information about an attacker’s computer IP location in the world.
The best thing of The Active Defense Harbinger Distribution is that you should not notice it is there until something happens, on the minus side there are no offensive tools other than gathering attacker’s information but you could add more aggressive digital tools with the package manager.
Viproy is a tool for testing SIP servers security, the Session Initiation Protocol is widely used for voice and video calls over IP, the software comes with different modules performing specific tasks, all of the modules support debugging and verbose mode, this is a Linux only command line tool, instructions are included and it should not be difficult for a Linux beginner to understand them.
Software modules consist of options, register, invite, enumerator, brute force, trust analyzer and SIP proxy, you can set target networks and port numbers. Before carrying out any attack you should fingerprint and enumerate SIP services first, after that you should register with the server and start intercepting, making calls or create havoc at will.
Viproy VoIP penetration tests include targeting a local client address and port, discovering SIP services with valid credentials, setting username and password in Asterisk PBX, issuing direct invites and spoofing without credentials, enumerating all users, launching a denial of service to all valid users so that nobody can accept calls and brute forcing a target account or numeric range using a dictionary list to test users password strength.
Viproy VoIP penetration testing and hacking tool
Viproy homepage lists a vulnerable VoIP server where you can evaluate your hacking skills without harming anybody, in a real life scenario after successful hacking a VoIP server you can listen in or record inbound and outbound calls as well as setting up usernames and passwords, the damage that can be done will depend no how many vulnerabilities exist, not all of the modules will be necessary successful penetrating the server.
Another tool you might want to add to your VoIP hacking arsenal is SIPVicious suite you can use it to audit VoIP systems scanning SIP devices IP range and cracking SIP PBX. VPN services protect VoIP calls in transit but the first and last point remain vulnerable, it is possible to listen in to a VoIP encrypted call by hacking into a server before encryption takes place or when the call is decrypted at the end of the line.
HookME is a free open source Windows tool to intercept network communications hooking up desired processes and API calls, including SSL clear data, the unencrypted SSL headers.
The software download is initially tiny (125Kb), when you try to install it you will get a message saying it requires supplemental .dll and .db files to work, over 30MB of files will be automatically downloaded by HookME from a third party site, you will also be asked to register the new .dll dependencies giving administrative rights to Windows Command Processor, the installation process could make some people feel uneasy about this tool containing malware, the only guarantee you have is that HookME is developed by well known OSINT FOCA creators.
Every time you start the software you will be shown a small Netkra Deviare unregistered license splash screen, you don’t have to buy a license but it will get rid of the initial screen if you do.
TCP data tampering tool HookME
The software has a tabbed user interface that can be used to intercept any hooked API call and read the data that is being sent and received, you can change intercepted packets in real time, dropping or forwarding them, a Python plugin system allows for anyone to create their own custom addon, there are some templates for that. HookME developer showed in BlackHat Europe 2013 conference how to easily intercept MySQL data and inject a backdoor on the fly with a few clicks executing remote commands.
Real time intercepted data can be seen in the user interface Hex editor showing you hexadecimal numbers and their corresponding text meaning, you can highlight data packets and click on the “Drop” or “Forward” buttons, a small window below the program lets you know what process is hooked, for example it will show firefox.exe if you are eavesdropping on a Firefox browser session.
This tool can be used for penetration testing creating malware and backdoors in network protocols or to uncover rootkits hooking up API calls, the main challenge for an attacker to use HookME against you would be getting access to your network first.
The Multifarious On-demand Systems Cracker is a Perl application based on Aircrack-NG to crack wireless WPA keys using cluster computers, it can be deployed in Mosix, an operating system distributed across multiple Linux machines taking advantage of conglomerated computer processors or run in collective SSH nodes, clusters can be build up with any Unix operating system, including the iPhone, MacOSX, or Windows and Cygwin, it has also been tested on an Android phone running as a SSH node, best of all you can run Moscrack on the cheap from the Amazon EC2 cloud computing platform.
The program splits a word list into chunks and processes them in parallel in between all of the nodes. If you don’t have access to a computer cluster it is possible to use Moscrack with CUDA, an NVIDIA parallel computing platform implemented in graphics cards, you will need to install aircrack-ng-cuda and adjust moscrack.conf (configuration file).
Moscrack cloud wireless WPA cracking
Moscrack command line interface shows a word list progress expressed in percentage, estimated completion time, running time, server status, cluster speed and other very complete verbose data, GUI interface is optional, it will be more suitable that you run the command line version to feel comfortable from the shell helping you to understand how concepts work, the GUI is pretty basic.
The program has been designed to run for weeks or months, you can leave it on and forget about the program until the job is done, functions go beyond WPA cracking, adding the Dehasher plugin will compare SHA256/512, DES, MD5 and Blowfish hashes to crack them, if you don’t wish to install this tool in your computer, a Moscrack Live CD running Suse Linux is available for download.
