Banking Trojan – Trojans with specific intention on Banking

Hi,We many time read documents about trojan, study about malwares, Create worms, execute keyloggers and analyze these packets..
Here are those files name of trojan that intentionally used for BANKING.

# Tinba
# Zeus
# Capberp
# Ramnit
# many more (Keep Adding)..
Google helps lot for analyzing such things, lets do something on analyzing our new topic known as Banking Trojans.

Share your sample files for analyzing purpose ! add your banking trojan list in this topic

(This knowledge is only for learning purpose, we are not enthusiast you to do illegal harm to any objects, its your responsibility)

Advertisements

Introduction To Malware Analysis

In this session, Lenny Zeltser will introduce you to the process of reverse-engineering malicious software. He will outline behavioral and code analysis phases, to make this topic accessible even to individuals with a limited exposure to programming concepts. You’ll learn the fundamentals and associated tools to get started with malware analysis.

Keep updating the list, so that newbie can learn it ! Let me know new URL we will update it here.. Thank you guys

Source link 1: http://www.securitytube.net/video/882
Source link 1: http://www.securitytube.net/video/5154

Dexter – Android apps analysis !!

“Dexter” reminds us lot about Cartoon Network channel in 20’s century. Now its Android phone time to remind and recollect lot memories for next generation.

Here is the another Dexter that introduced by Bluebox. Lets share the knowledge and link about it.

Bluebox Labs is proud to present Dexter, a free Android application analysis framework with a rich web-based user interface. The tool extracts information from either legitimate or malicious Android application packages (APKs) and produces various views of the package & application contents.

Source URL:
http://bluebox.com/technical/blueboxs-dexter-free-android-analysis-tool/
Homepage URL:
https://dexter.bluebox.com/

Source link of mobile thread report analysis:
http://www.juniper.net/us/en/local/pdf/additional-resources/jnpr-2011-mobile-threats-report.pdf

Happy Learning !!

 

International IT Security and Hacking Conference c0c0n 2014 – CFP

c0c0nCall For Papers and Call For Workshops

August 22-23, 2014 – Cochin, India

Buenos Dias from the God’s Own Country!

We are extremely delighted to announce the Call for Papers and Call for Workshops for c0c0n 2014 c0c0n 2014 , a 3-day Security and Hacking Conference (1 day pre-conference workshop and 2 day conference), full of interesting presentations, talks and of course filled with fun!

The conference topics are divided into four domains as follows:

  • Info Sec – Technical
  • Info Sec – Management
  • Digital Forensics and Investigations
  • Cyber Laws and Governance

We are expecting conference and workshop submissions on the following topics, but are not limited to:

  • Cloud Security
  • Browser Security
  • Honeypots/Honeynets
  • Offensive forensics
  • Software Testing/Fuzzing
  • Network and Router Hacking
  • WLAN and Bluetooth Security
  • Hacking virtualized environment
  • Lockpicking & physical security
  • National Security & Cyber Warfare
  • Open Source Security & Hacking Tools
  • Web Application Security & Hacking
  • Exploiting Layer 8/Social Engineering
  • Malware analysis & Reverse Engineering
  • New Vulnerabilities and Exploits/0-days
  • Advanced Penetration testing techniques
  • Antivirus/Firewall/UTM Evasion Techniques
  • IT Auditing/Risk management and IS Management
  • Cyber Forensics, Cyber Crime & Law Enforcement
  • Mobile Application Security-Threats and Exploits
  • Critical Infrastructure & SCADA networks Security

Presentations/topics that haven’t been presented before will be preferred. We are looking for the hottest presentation topics based on the research and *HOTNESS* of the topic. To follow a fair process of speaker selection, the selection committee is only given the abstract without revealing the identities, ensuring a transparent and fair policy for all submissions.

Source URL:

http://www.is-ra.org/c0c0n/cfp

 Read More >>

Continue Reading

Load Balance Detector – Halberd

Simply another word to express about LBD – its “Headache Detection”

“What is headache & Who is Headache ?”

Lets find out the actual meaning of load balancing in
1. Telephone Switching & Signaling
2. LBD in Computer Networking

Telephone Switching & Signaling:
Recently we are also working on mobile networking & becoming master in it. Here is some point that i would like to introduce bit in the field of Load Sharing in Telephone Exchange Environment. Is this information connected with our IT security platform ? yes definitely, Just find out how our telephone exchange work on wired or wireless communication ?

(short note points cycle to learn) Telephone Switching & Signaling => Stored Program Control => Exchange Environment => Load Sharing Mode

Above cycle has particular meaning in the field of Telephone switching and signaling, studying mobile networking is very huge, i am sharing such points, to sake of understanding the Load balancing in Technology, lets compare that between telephone/mobile communication with Computer Networking.. Right ?

LBD in Computer Networking:
Load Balancing is a computer networking method for distributing workloads across multiple computing resources, such as computers, a computer cluster, network links, central processing units or disk drives.

Load balancing can be useful in applications with redundant communications links. For example, a company may have multiple Internet connections ensuring network access if one of the connections fails.

Wikipedia Source Code: http://en.wikipedia.org/wiki/Load_balancing_(computing)

LBD
Above figure gives you short imagination about load balancing – Load Balancing With ISA Server
Check out the link to configure Load Balancing in ISA server here.

Now time to move our focus on Detection – Headache Detection =>

LBD
Above figure give clarification on load balancer position in infrastructure, If our target is behind the load balancer then it will not respond that we are expecting in one to one connection. We have to observe lot in web auditing or Vulnerability assessment and penetration testing projects. Like target name, server name, session id during packet sent, date, time stamp etc..

Here we go with another tool to detect load balancer.. Halberd

Halberd discovers HTTP load balancers. It is useful for web application security auditing and for  load balancer configuration testing.

To cope with heavy traffic loads, web site administrators often install load balancer devices.  These machines hide (possibly) many real web servers behind a virtual IP. They receive HTTP  requests and redirect them to the real web servers in order to share the traffic between them. There are a few ways to map the servers behind the VIP and to reach them individually. Identifying and being able to reach all real servers individually (effectively bypassing the load balancer) is  very important for an attacker trying to break into a site. It is often the case that there are  configuration differences ranging from the slight:

  • server software versions,
  • server modules

to the extreme:

  • different platforms
  • server software.

For an attacker, this information is crucial because he might find vulnerable configurations that  otherwise (without mapping the real servers) could have gone unnoticed. But someone trying to  break into a web site doesn’t have server software as its only target. He will try to subvert dynamic server pages in several ways. By identifying all the real servers and scanning them individually for vulnerabilities, he might find bugs affecting only one or a few of the web servers. Even if all machines are running the same server software, halberd can enumerate them allowing more thorough vulnerability scans on the application level.

Tool Link:
https://github.com/jmbr/halberd
http://users.ices.utexas.edu/~jmb/

Halberd’s Manual PDF: halberd manual
Video URL: http://www.securitytube.net/video/699

OWASP Mantra – Fully Loaded Browser with Pentest Bookmarks !!

Hi Leaders,

Before going further, read my previous topic on ” Is your browser teaching Ethical Hacking ? “, Absolutely !

I would like to introduce another best part of OWASP Mantra browser is Pentest Bookmarks !
Another best reference material / food / b33r for learner / Beginner / Professional in IT security field.

With lots of General Categories as,

HACKERY – Open Penetration Testing Bookmarks Collection

Hackery

GALLEY – Online Penetration Testing Tools Index

Galley

Let we know one thing – “Is your browser teaching Ethical hacking ?” Then make it like OWASP Mantra !!
Download the Fully Loaded Browser with bunch of arsenal from here.
4 Tutorials click here.

What is in your mind now ? Go and check those collection and learn as much as you can.
Hack The Gibson” Make ready your arsenal with OWASP Mantra for your next Assignments !

Small but effective script on Domain Scanning by (Fierce)ha.ckers.org !

Hi Auditors,

After a long break with new people and new terms, Here is my next share on, too small, but effective script known as Domain Scanning.
Yes, Its Fierce Domain Scan !

Well the whole story of the author is written on their website – so, I am directly pasting some command that help web sec auditor to find out many things of target terminal.

  • perl fierce.pl -dns target-domain.com -search string1,string2
  • perl fierce.pl -range 10.10.10.0-255 -dnsserver ns1.example.com
  • perl fierce.pl -dns example.com -wide -file output.txt
  • perl fierce.pl -dns example.com -connect headers.txt -fulloutput -file output.txt
  • perl fierce.pl -dns example.com -wordlist dictionary.txt -file output.txt
  • perl fierce.pl -help

Thanks to RSnake and team for wonderful efforts on such perl scripts.
We can easily understand the script and read the function. fierce script is written in PERL.

Here is the two files of Fierce Domain Scan: fierce.pl  &  hosts.txt

Do you think to describe it ?? Naaa.. Its awesome while working on script !!

Happy Scripting !!