Thursday, April 28, 2016

Meeting with Dr. Jamie Saunders


Met Dr. Jamie Saunders, Director of UK's National Cyber Crime Unit at the London office of National Crime Agency .Had a good knowledge sharing session and also I presented him my Book on Cyber Crime & Cyber Law.

Prashant Mali 

Wednesday, April 27, 2016

Fast Flux Networks An Introduction


A Fast Flux Network is a network of compromised computers and some public DNS records that change frequently. As a result, the IP address associated with the corresponding domain name changes frequently. This technique is often used by the attackers to hide their malicious websites from detection. Botnets are large groups of compromised machines (bots) used by miscreants for the most illegal activities (e.g., sending spam emails, denial-of-service attacks, phishing and other web scams). To protect the identity and to maximise the availability of the core components of their business, miscreants have recently started to use fast-flux service networks, large groups of bots acting as front-end proxies to these components. Motivated by the conviction that prompt detection and monitoring of these networks is an essential step to contrast the problem posed by botnets,

Attackers typically compromise one or more victim computer systems with malware and exploit those to establish a fraudulent website like a Phishing website. The problem of the attackers with this approach is, these websites can be easily tracked down by public DNS name and IP address to shut them down immediately.

Peer-to-Peer (P2P) botnets have emerged as a serious threat against the network security. They are used to carry out various illicit activities like click fraud, DDOS attacks and for information exfiltration. These botnets use distributed concept for command dissemination. These botnets are resilient to dynamic churn and to take-down attempts. Earlier P2P botnet detection techniques have some shortcomings such as they have less accuracy, unable to detect stealthy botnets and advanced botnets using fast-flux networks. In this paper, we list recent P2P botnet detection techniques that overcome the weaknesses of previous techniques with higher detection accuracy.

So, the attackers started using server address obfuscation. They often use a group of proxy servers to redirect network. But, this approach also does not prove to be much convenient for them because of limited scalability. Moreover, these websites can still be tracked down quickly by international cooperation.

So, the attackers started using Fast Flux Networks.
The basic idea behind a Fast Flux Network is to associate multiple IP addresses to a malicious domain name. These IP addresses are swapped in and out with extremely high frequency, may be in every 3 minutes, with the help of changing DNS records. As a result, a browser connecting to the same malicious website in every three minutes will see different IP address each time and connect to the actual malicious website via different infected computers every time.

In Fast Flux Networks, attackers compromise a number of computer systems with malware and then exploit their bandwidth and computation power to build the Fast Flux Network.
In Fast Flux Networks, attackers often use a number of compromised computers as front end systems. These front end systems get the requests from the victims to connect to the malicious website and redirect those requests to the back-end servers.
So, the large pool of rotating IP addresses do not correspond to the actual back-end servers. Instead, they fluctuate among many front end servers which in turn funnel the requests and redirect them to the actual back-end servers.
Fast Flux motherships are the main controlling elements behind the front end servers. They are similar to Command & Control or C & C servers, though they have much more features compared to the C & C servers.This mothership node is hidden by the front end servers, which make them extremely difficult to track down. They often host both DNS and HTTP services and use web server virtual hosting configuration to manage content availability.

Fast Flux Networks are responsible for many illegal practices like online pharmacy shops, money mule recruitment sites, phishing websites, illegal adult contents, distribution of malware etc. Even other services like SMTP, POP, IMAP etc can be delivered using Fast Flux Networks.



image courtesy : Wikipedia

Monday, April 4, 2016

Black Software List

This List is Public šŸ˜‡
šŸ”µ Password Hacking Software 

1.haviz
2.metasploit
3.hydra
4.wireshark
5.Dsniff
6.InSSIDer
7.Aircrack-ng
8.Aircrack
9.Brutus
10.Cain And Abel
11.IKECrack

šŸ”“Wireless Hacking Software

12.Kismet
13.KisMAC
14.Firesheep
15.NetStumbler
16.WepLab

šŸ”µNetwork Hacking Software

17.Map
18.SuperScan
19.Angry IP Scanner

šŸ”“Packet Crafting To Exploit Firewall Weaknesses software

20.Hping
21.Scapy
22.Netcat
23.Yersinia
24.Nemesis
25.Socat

šŸ”µTraffic Monitoring for Network Related Hacking software

26.Splunk
27.Nagios
28.P0f
29.Ngrep

šŸ”µPacket Sniffers To Analyze Traffic software

30.Wireshark
31.Tcpdump
32.Ettercap
33.Dsniff
34.EtherApe
35.Paros
36.Fiddler
37.Ratproxy
38.Sslstrip
39.SSL/TLS Security 

šŸ”“Test By High-Tech Bridge
Rootkit Detectors To Hack File Systemsoftware

40.Netfilter
41.PF: OpenBSD Packet Filter
42.Skipfish
43.Wfuzz
44.Wapiti
45.W3af
46.Sleuth Kit
47.Helix
48.Maltego
49.Encase

šŸ”“Debuggers To Hack Running Programs software

50.Immunity Debugger
51.Netcat
52.Traceroute
53.Ping.eu
54.Dig
55.CURL

šŸ”µHacking Operating Systems software

56.Backtrack 5r3
57.Kali Linux
58.SELinux
59.Knoppix
60.BackBox Linux
61.Pentoo
62.Matriux Krypton
63.NodeZero
64.Blackbuntu
65.Samurai Web Testing Framework
66.WEAKERTH4N
67.OpenSSL
68.Open PuTTy
69.Tor
70.openvpn
72.Stunnel
73.KeePass

šŸ”“Intrusion Detection System And The IDS Tools

74.Snort
75.NetCop

šŸ”µHacking Vulnerability Exploitation Tools

76.Sqlmap
77.Sqlninja
78.Social Engineer Toolkit
79.NetSparker
80.BeEF
81.Dradis

šŸ”µVulnerability Scanners tools

82.nessus
83.OpenVAS
84.Nipper
85.Secunia PSI
86.Retina
87.QualysGuard
88.NexPose

šŸ”“Web Vulnerability Scanners tools

89.Burp Suite
90.Webscarab
91.Websecurify
92.Nikto
93.W3af

Navy man in Jail for 2 years for Child Pornography, cyber crime in India

Navy man gets 2 years Jail for Child Pornography, cyber crime in India : Cyber crime conviction By Prashant Mali In the case of D...