Sunday, August 30, 2020

The OWASP Foundation Has Selected The Technical Writer For Google Season Of Docs

The OWASP Foundation has selected the technical writer for Google Season of Docs by Fabio Cerullo


The OWASP Foundation has been accepted as the organization for the Google Seasons of Docs, a project whose goals are to give technical writers an opportunity to gain experience in contributing to open source projects and to give open-source projects an opportunity to engage the technical writing community.

During the program, technical writers spend a few months working closely with an open-source community. They bring their technical writing expertise to the project's documentation, and at the same time learn about open source and new technologies.

The open-source projects work with the technical writers to improve the project's documentation and processes. Together they may choose to build a new documentation set, or redesign the existing docs, or improve and document the open-source community's contribution procedures and onboarding experience. Together, we raise public awareness of open source docs, of technical writing, and of how we can work together to the benefit of the global open source community.

After a careful review and selection process, the OWASP Foundation has picked the primary technical writer who will work along the OWASP ZAP Team for the next 3 months to create the API documentation of this flagship project.

Congratulations to Nirojan Selvanathan!

Please refer to the linked document where you could look at the deliverables and work execution plan.
https://drive.google.com/open?id=1kwxAzaqSuvWhis9Xn1VKNJTJZPM2UV20



Related articles
  1. Pentest Tools For Windows
  2. Termux Hacking Tools 2019
  3. Computer Hacker
  4. Nsa Hacker Tools
  5. Pentest Tools Windows
  6. Pentest Tools For Windows
  7. Growth Hacker Tools
  8. Hacking Tools For Pc
  9. Top Pentest Tools
  10. Blackhat Hacker Tools
  11. Pentest Tools
  12. Install Pentest Tools Ubuntu
  13. Pentest Tools Port Scanner
  14. Pentest Tools Download
  15. Hacker Tools Free
  16. Hack Tools For Windows
  17. Hack Apps
  18. Hacker
  19. Best Pentesting Tools 2018
  20. Hacking Tools Windows
  21. Install Pentest Tools Ubuntu
  22. How To Install Pentest Tools In Ubuntu
  23. Hacking Tools For Mac
  24. Pentest Tools For Mac
  25. Beginner Hacker Tools
  26. Hacker Tools Software
  27. New Hacker Tools
  28. Hack Tools
  29. Hacking Tools For Windows
  30. Hack Tools Github
  31. Hack Tools Github
  32. What Are Hacking Tools
  33. Pentest Tools
  34. Pentest Tools For Mac
  35. Hacker
  36. Pentest Automation Tools
  37. Hacker Tools Apk Download
  38. Pentest Tools Bluekeep
  39. Hacker Tools Apk
  40. Hacker Tool Kit
  41. Hacking Tools Pc
  42. Hacking Tools For Games
  43. Pentest Tools Alternative
  44. Hackrf Tools
  45. Pentest Tools Website
  46. Hacking Tools For Pc
  47. Pentest Automation Tools
  48. Hacker Tools Free Download
  49. Hack Tools
  50. Pentest Tools Url Fuzzer
  51. Hackrf Tools
  52. Hacker Security Tools
  53. Hacking Tools Name
  54. Hacker Tools For Windows
  55. Install Pentest Tools Ubuntu
  56. Pentest Tools Find Subdomains
  57. Pentest Tools Bluekeep
  58. Hacking Tools For Beginners
  59. Pentest Tools Free
  60. Hacker Tools Github
  61. Growth Hacker Tools
  62. Kik Hack Tools
  63. Hack Tools Pc
  64. Kik Hack Tools
  65. Nsa Hack Tools
  66. Easy Hack Tools
  67. Computer Hacker
  68. Hacking Tools
  69. Pentest Tools Alternative
  70. Hacking Tools Online
  71. Tools Used For Hacking
  72. Tools 4 Hack
  73. Pentest Tools Url Fuzzer
  74. Pentest Tools Free
  75. Pentest Tools Tcp Port Scanner
  76. Kik Hack Tools
  77. Hack Tool Apk No Root
  78. Pentest Tools
  79. Hacker Tools Software
  80. Pentest Tools Framework
  81. Hacking Tools Usb
  82. Hacker Tools 2020
  83. Pentest Automation Tools
  84. How To Install Pentest Tools In Ubuntu
  85. Hacker Tools Online
  86. Top Pentest Tools
  87. Pentest Tools Kali Linux
  88. Hacking Tools Github
  89. Hacker Tools Apk
  90. Black Hat Hacker Tools
  91. Hack Tools Download
  92. Hacking Tools Usb
  93. Hacker Tools For Pc
  94. Hack Tool Apk No Root
  95. Wifi Hacker Tools For Windows
  96. Hacker Tools 2019
  97. Growth Hacker Tools
  98. Pentest Tools Find Subdomains
  99. Hacking Tools For Beginners
  100. Hacking Tools For Kali Linux
  101. Pentest Reporting Tools
  102. Kik Hack Tools
  103. Pentest Tools Tcp Port Scanner
  104. Hack Tools Mac
  105. New Hacker Tools
  106. Pentest Automation Tools
  107. Pentest Recon Tools
  108. Best Pentesting Tools 2018
  109. Hacking Tools Name
  110. Pentest Tools Nmap
  111. Hacking Tools For Windows 7
  112. Hacking Tools For Beginners
  113. Tools 4 Hack
  114. Pentest Tools Tcp Port Scanner
  115. Hacks And Tools
  116. How To Make Hacking Tools
  117. Hackers Toolbox
  118. Hacking Tools Pc
  119. Hacking Tools For Windows
  120. Tools 4 Hack
  121. Hacking Tools Free Download
  122. Hacker Tools Apk
  123. Hacker Tools Github
  124. Hacking Tools Windows
  125. Ethical Hacker Tools
  126. Blackhat Hacker Tools
  127. Hacker Security Tools
  128. Pentest Tools
  129. Hacking Tools Software
  130. Hacking Tools For Windows 7
  131. Hacking Tools Windows
  132. Pentest Tools Android
  133. Pentest Tools Apk
  134. Pentest Tools Apk
  135. Hak5 Tools
  136. Hacking Tools Github
  137. Pentest Tools Github
  138. Hacker Techniques Tools And Incident Handling
  139. Hacking Tools For Windows Free Download
  140. Hacking Tools For Games
  141. Hacker Techniques Tools And Incident Handling
  142. Hacker Techniques Tools And Incident Handling
  143. Hacking Tools For Pc
  144. Hacking Tools For Pc
Posted by at No comments:

Mythbusters: Is An Open (Unencrypted) WiFi More Dangerous Than A WPA2-PSK? Actually, It Is Not.

Introduction


Whenever security professionals recommend the 5 most important IT security practices to average users, one of the items is usually something like: "Avoid using open Wifi" or "Always use VPN while using open WiFi" or "Avoid sensitive websites (e.g. online banking) while using open WiFI", etc.

What I think about this? It is bullshit. But let's not jump to the conclusions. Let's analyze all risks and factors here.


During the following analysis, I made two assumptions. The first one is that we are comparing public WiFi hotspots with no encryption at all (referred to as Open), and we compare this to public WiFi hotspots with WPA2-PSK (and just hope WEP died years before). The other assumption is there are people who are security-aware, and those who just don't care. They just want to browse the web, access Facebook, write e-mails, etc.

The risks


Let's discuss the different threats people face using public hotspots, compared to home/work internet usage:
1. Where the website session data is not protected with SSL/TLS (and the cookie is not protected with secure flag), attackers on the same hotspot can obtain the session data and use it in session/login credentials stealing. Typical protocols affected:

  • HTTP sites
  • HTTPS sites but unsecured cookie
  • FTP without encryption
  • IMAP/SMTP/POP3 without SSL/TLS or STARTTLS

2. Attackers can inject extra data into the HTTP traffic, which can be used for exploits, or social engineer attacks (e.g. update Flash player with our malware) – see the Dark Hotel campaign

3. Attackers can use tools like SSLStrip to keep the user's traffic on clear text HTTP and steal password/session data/personal information

4. Attackers can monitor and track user activity

5. Attackers can directly attack the user's machine (e.g. SMB service)

WPA2-PSK security


So, why is a public WPA2-PSK WiFi safer than an open WiFi? Spoiler alert: it is not!

In a generic public WPA2-PSK scenario, all users share the same password. And guess what, the whole traffic can be decrypted with the following information: SSID + shared password + information from the 4-way handshake. https://wiki.wireshark.org/HowToDecrypt802.11
If you want to see it in action, here is a nice tutorial for you
Decrypted WPA2-PSK traffic

Any user having access to the same WPA2-PSK network knows this information. So they can instantly decrypt your traffic. Or the attackers can just set up an access point with the same SSID, same password, and stronger signal. And now, the attacker can instantly launch active man-in-the-middle attacks. It is a common belief (even among ITSEC experts) that WPA2-PSK is not vulnerable to this attack. I am not sure why this vulnerability was left in the protocol, if you have the answer, let me know. Edit (2015-08-03): I think the key message here is that without server authentication (e.g. via PKI), it is not possible to solve this.
Let me link here one of my previous posts here with a great skiddie tool:

To sum up, attackers on a WPA2-PSK network can:

  • Decrypt all HTTP/FTP/IMAP/SMTP/POP3 passwords or other sensitive information
  • Can launch active attacks like SSLStrip, or modify HTTP traffic to include exploit/social engineer attacks
  • Can monitor/track user activity

The only difference between open and WPA2-PSK networks is that an open network can be hacked with an attacker of the skill level of 1 from 10, while the WPA2-PSK network needs and an attacker with a skill level of 1.5. That is the difference.

The real solutions



1. Website owners, service providers should deploy proper (trusted) SSL/TLS infrastructure, protect session cookies, etc. Whenever a user (or security professional) notices a problem with the quality of the service (e.g. missing SSL/TLS), the service provider has to be notified. If no change is made, it is recommended to drop the service provider and choose a more secure one. Users have to use HTTPS Everywhere plugin.

2. Protect the device against exploits by patching the software on it, use a secure browser (Chrome, IE11 + enhanced protection), disable unnecessary plugins (Java, Flash, Silverlight), or at least use it via click-to-play. Also, the use of exploit mitigations tools (EMET, HitmanPro Alert, Malwarebytes AntiExploit) and a good internet security suite is a good idea.

3. Website owners have to deploy HSTS, and optionally include their site in an HSTS preload list

4. Don't click blindly on fake downloads (like fake Flash Player updates)


5. The benefits of a VPN is usually overestimated. A VPN provider is just another provider, like the hotspot provider, or the ISP. They can do the same malicious stuff (traffic injecting, traffic monitoring, user tracking). Especially when people use free VPNs. And "Average Joe" will choose a free VPN. Also, VPN connections tend to be disconnected, and almost none of the VPN providers provide fail secure VPNs. Also, for the price of a good VPN service you can buy a good data plan and use 4G/3G instead of low-quality public hotspots. But besides this, on mobile OSes (Android, iOS, etc.) I strongly recommend the use of VPN, because it is not practically feasible to know for users which app is using SSL/TLS and which is not.

6. Use a location-aware firewall, and whenever the network is not trusted, set it to a Public.

7. In a small-business/home environment, buy a WiFi router with guest WiFi access possibility, where the different passwords can be set to guest networks than used for the other.

Asking the question "Are you using open WiFi?", or "Do you do online banking on open WiFi?" are the wrong questions. The good questions are:
  • Do you trust the operator(s) of the network you are using?
  • Are the clients separated?
  • If clients are not separated, is it possible that there are people with malicious intent on the network?
  • Are you security-aware, and are you following the rules previously mentioned? If you do follow these rules, those will protect you on whatever network you are.

And call me an idiot, but I do online banking, e-shopping, and all the other sensitive stuff while I'm using open WiFi. And whenever I order pizza from an HTTP website, attackers can learn my address. Which is already in the phone book, on Facebook, and in every photo metadata I took with my smartphone about my cat and uploaded to the Internet (http://iknowwhereyourcatlives.com/).


Most articles and research publications are full of FUD about what people can learn from others. Maybe they are just outdated, maybe they are not. But it is totally safe to use Gmail on an open WiFi, no one will be able to read my e-mails.

PS: I know "Average Joe" won't find my blog post, won't start to read it, won't understand half I wrote. But even if they do, they won't patch their browser plugins, pay for a VPN, or check the session cookie. So they are doomed to fail. That's life. Deal with it.

More information


  1. Pentest Tools Port Scanner
  2. Pentest Tools Android
  3. Hacker Tools For Pc
  4. Hacker Tools List
  5. Hacking Tools Pc
  6. Pentest Recon Tools
  7. Pentest Tools Review
  8. Pentest Tools Review
  9. Hacker Tools 2020
  10. Hacking Tools Pc
  11. Hacker Tools For Ios
  12. New Hacker Tools
  13. Pentest Tools Tcp Port Scanner
  14. Pentest Tools Kali Linux
  15. Hacker Tool Kit
  16. Hacking App
  17. Hack Tools Online
  18. Hacker Tool Kit
  19. Pentest Automation Tools
  20. Pentest Tools Bluekeep
  21. Hacking Tools And Software
  22. Pentest Tools For Ubuntu
  23. Pentest Tools Port Scanner
  24. Hacker Tools Linux
  25. Hacking Tools For Mac
  26. Hacker
  27. Pentest Reporting Tools
  28. Pentest Tools Open Source
  29. Hacker Tools
  30. Hack Tools Online
  31. Hacker Tools Software
  32. Pentest Box Tools Download
  33. Pentest Tools List
  34. Pentest Tools Free
  35. Pentest Reporting Tools
  36. Hack Tools For Pc
  37. How To Install Pentest Tools In Ubuntu
  38. Install Pentest Tools Ubuntu
  39. How To Make Hacking Tools
  40. Best Hacking Tools 2019
  41. Game Hacking
  42. Pentest Tools Tcp Port Scanner
  43. Hacking Tools Software
  44. Pentest Tools Website Vulnerability
  45. How To Hack
  46. Pentest Tools Subdomain
  47. New Hack Tools
  48. Hack Tools Github
  49. Pentest Tools Alternative
  50. Hacker Tools Mac
  51. Hacking Tools For Pc
  52. Hack Tools 2019
  53. Tools Used For Hacking
  54. Pentest Tools Windows
  55. Hacker Tools Software
  56. Hackrf Tools
  57. Hacker Hardware Tools
  58. Blackhat Hacker Tools
  59. Hacker Tools Apk
  60. Hack Tools Online
  61. Hack Tools Download
  62. Hacker Tools Free
  63. Hacking Tools For Mac
  64. Hacking Tools For Mac
  65. Hacking Tools Windows
  66. Install Pentest Tools Ubuntu
  67. Pentest Tools Apk
  68. Pentest Tools Open Source
  69. Pentest Tools For Ubuntu
  70. Hacking Tools 2020
  71. Hack Tools For Ubuntu
  72. Hack Tools Mac
  73. Hack Tool Apk No Root
  74. Bluetooth Hacking Tools Kali
  75. Hack Rom Tools
  76. Hack Tools For Windows
  77. Tools For Hacker
  78. Hack Website Online Tool
Posted by at No comments:

HiddenWasp Linux Malware Backdoor Samples



Here are Hidden Wasp Linux backdoor samples. 
Enjoy

Reference




 Intezer HiddenWasp Malware Stings Targeted Linux Systems 




Download
File informatio


8914fd1cfade5059e626be90f18972ec963bbed75101c7fbf4a88a6da2bc671b
8f1c51c4963c0bad6cf04444feb411d7
 shell

f321685342fa373c33eb9479176a086a1c56c90a1826a0aef3450809ffc01e5d
52137157fdf019145d7f524d1da884d7
elf

f38ab11c28e944536e00ca14954df5f4d08c1222811fef49baded5009bbbc9a2
ba02a964d08c2afe41963bf897d385e7
shell

e9e2e84ed423bfc8e82eb434cede5c9568ab44e7af410a85e5d5eb24b1e622e3
cbcda5c0dba07faced5f4641aab1e2cd
 elf shared-lib

d66bbbccd19587e67632585d0ac944e34e4d5fa2b9f3bb3f900f517c7bbf518b
2b13e6f7d9fafd2eca809bba4b5ea9a6
64bits elf shared-lib

2ea291aeb0905c31716fe5e39ff111724a3c461e3029830d2bfa77c1b3656fc0
568d1ebd8b6fb17744d3c70837e801b9
shell

8e3b92e49447a67ed32b3afadbc24c51975ff22acbd0cf8090b078c0a4a7b53d
33c3f807caea64293add29719596f156
 shell

609bbf4ccc2cb0fcbe0d5891eea7d97a05a0b29431c468bf3badd83fc4414578
71d78c97eb0735ec6152a6ff6725b9b2
tar-bundle gzip contains-elf

d596acc70426a16760a2b2cc78ca2cc65c5a23bb79316627c0b2e16489bf86c0
6d1cd68384de9839357a8be27894182b
 tar-bundle gzip

0fe1248ecab199bee383cef69f2de77d33b269ad1664127b366a4e745b1199c8
5b134e0a1a89a6c85f13e08e82ea35c3
64bits elf 

More articles


  1. Hacker Tools For Ios
  2. Pentest Tools Windows
  3. Hackers Toolbox
  4. Hacker Tools For Mac
  5. New Hacker Tools
  6. Hack App
  7. What Are Hacking Tools
  8. Hack Tools For Windows
  9. Hacking Tools Usb
  10. Hacking Tools For Games
  11. Hacker Tools For Windows
  12. Pentest Automation Tools
  13. Hacking Tools Github
  14. Pentest Tools Url Fuzzer
  15. Pentest Reporting Tools
  16. Hacking Tools Github
  17. Best Pentesting Tools 2018
  18. Hacker Tools Linux
  19. Pentest Tools Port Scanner
  20. Pentest Tools Download
  21. Hacker Tools For Windows
  22. Pentest Tools For Ubuntu
  23. Hacking Tools Github
  24. Pentest Tools For Mac
  25. Hack Tools For Pc
  26. Blackhat Hacker Tools
  27. Tools For Hacker
  28. Blackhat Hacker Tools
  29. Pentest Tools Url Fuzzer
  30. Growth Hacker Tools
  31. Kik Hack Tools
  32. Pentest Tools Review
  33. Hacker Tools Hardware
  34. Pentest Tools Bluekeep
  35. Hack Tool Apk
  36. Hack Tool Apk
  37. Game Hacking
  38. Pentest Tools Apk
  39. Best Pentesting Tools 2018
  40. Termux Hacking Tools 2019
  41. Pentest Tools For Windows
  42. Hack Tools For Games
  43. Pentest Tools Find Subdomains
  44. Termux Hacking Tools 2019
  45. Nsa Hacker Tools
  46. Black Hat Hacker Tools
  47. Github Hacking Tools
  48. Pentest Reporting Tools
  49. Underground Hacker Sites
  50. Hacking Tools For Games
  51. Pentest Tools Framework
  52. Hacking Tools For Kali Linux
  53. Pentest Tools For Android
  54. Hacking Tools
  55. Android Hack Tools Github
  56. Pentest Automation Tools
  57. Pentest Tools Website Vulnerability
  58. Hacker Tools Linux
  59. Hack Rom Tools
  60. Hacker Tools For Mac
  61. Hacker Tools Free Download
  62. Hacking Tools Software
  63. Hacker
  64. Hack Tools Github
  65. Hacking Tools Hardware
  66. Usb Pentest Tools
  67. What Are Hacking Tools
  68. Hack Tools For Windows
  69. Hacker Tools Online
  70. Pentest Tools Free
  71. Ethical Hacker Tools
  72. Hacking Tools
  73. Physical Pentest Tools
  74. Pentest Tools Download
  75. Hacking Tools For Windows Free Download
  76. Hack Tools 2019
  77. Pentest Tools Open Source
  78. Hacker Techniques Tools And Incident Handling
  79. Pentest Tools Tcp Port Scanner
  80. Hacking Tools For Windows
  81. Hack Tools For Games
  82. Hack Rom Tools
  83. Pentest Tools Review
  84. Hack Rom Tools
  85. Hacking Tools Windows
  86. Hack Tools
  87. Pentest Tools Website
  88. Hackers Toolbox
  89. Tools 4 Hack
  90. Hacking Tools Online
  91. Hacking Tools For Pc
  92. Pentest Tools Framework
  93. Hack Website Online Tool
  94. Nsa Hack Tools
  95. Pentest Tools Port Scanner
  96. Kik Hack Tools
  97. Pentest Tools Find Subdomains
  98. Hack Tool Apk
  99. Pentest Tools Nmap
  100. Hacker Tools
  101. Hacker Tool Kit
  102. Hack Tools Pc
  103. Hacker Search Tools
  104. Kik Hack Tools
  105. Best Hacking Tools 2020
  106. Hack Website Online Tool
  107. Beginner Hacker Tools
  108. Pentest Tools Tcp Port Scanner
  109. New Hacker Tools
  110. Pentest Tools For Ubuntu
  111. Nsa Hack Tools Download
  112. Hacking Tools For Pc
  113. Best Hacking Tools 2019
  114. Pentest Tools Nmap
  115. Usb Pentest Tools
  116. Hacker Tools Linux
  117. Hacking Tools Pc
  118. Hack Tools For Games
  119. Free Pentest Tools For Windows
  120. Hack Tools Online
  121. Kik Hack Tools
  122. Hacking Tools And Software
  123. Underground Hacker Sites
  124. Hacking Tools 2019
  125. Pentest Tools Nmap
  126. Hacker Tools For Windows
  127. Hackrf Tools
  128. Hacking Tools For Windows
  129. Pentest Tools Linux
  130. Hack Tools Mac
  131. Pentest Tools List
  132. Hacker Tools Free
  133. Hacking Tools 2020
  134. Pentest Tools Website
  135. Hackers Toolbox
  136. Tools 4 Hack
  137. Hack Apps
  138. Hacking Tools For Windows Free Download
  139. Hak5 Tools
  140. Hacker Tools Mac
  141. Pentest Tools Kali Linux
  142. Best Hacking Tools 2020
  143. Hacking Tools For Windows
  144. Pentest Tools Framework
  145. Hacker Tools Mac
  146. Pentest Automation Tools
  147. Physical Pentest Tools
  148. How To Install Pentest Tools In Ubuntu
  149. Best Hacking Tools 2020
  150. Pentest Tools Tcp Port Scanner
  151. Hack Tools For Windows
  152. Hacker Tools
  153. Hacker Tool Kit
  154. Hacker
  155. Hacking Tools Usb
  156. Hack Apps
  157. Hacker Tools For Windows
  158. Hacker Tools Software
  159. Hacking Tools For Mac
Posted by at No comments:
Subscribe to: Posts (Atom)