Mar 30, 2015

Tools: Malcom - Malware Communication Analyzer

Malcom is a tool designed to analyze a system's network communication using graphical representations of network traffic, and cross-reference them with known malware sources. This comes handy when analyzing how certain malware species try to communicate with the outside world.

Malcom can help you:
  • detect central command and control (C&C) servers
  • understand peer-to-peer networks
  • observe DNS fast-flux infrastructures
  • quickly determine if a network artifact is 'known-bad'
The aim of Malcom is to make malware analysis and intel gathering faster by providing a human-readable version of network traffic originating from a given host or network. Convert network traffic information to actionable intelligence faster.


Tools: Troubleshooter - Exploit SELinux (Setroubleshoot)

The revenge of GingerBreak

Abstract: This paper demonstrates vulnerabilities within the SELinux framework as well as shortcomings in the type enforcement setup. I will show how to deconstruct a SELinux setup with some simple 80's style exploit techniques. While reading this paper, I recommend listening to this music from the year of morrisworm.
When in 2012 the SELinux developers analyzed the behaivior of an exploit that was not designed to run on a SELinux system at page 32 of these slides - it triggered a review-selector for SELinux and I put it to the list of my audit targets. Not surprisingly, GingerBreak lost that "competition", just because it was not made for it. Using my QUANTUM AUDIT techniques I was now able to have a deeper look into SELinux itself to see whether the claims that were made really hold.



Tools: Paramiko - Python SSH Backdoor

SSH Backdoor using Paramiko


Mar 27, 2015

Howto: Fix "Gem::InstallError: metasploit_data_models requires Ruby version >= 2.1" in Metasploit

If you found error "Gem::InstallError: metasploit_data_models requires Ruby version >= 2.1", try to change your ruby to version >=2.1.0

if you use rvm
(#source /usr/local/rvm/scripts/rvm)
# rvm use ruby-2.2.0

if you use ubuntu
# update-alternatives --config ruby

Mar 25, 2015

Tools: Commix - Automated All-in-One OS Command Injection and Exploitation Tool

Commix (short for [com]mand [i]njection e[x]ploiter) has a simple environment and it can be used, from web developers, penetration testers or even security researchers to test web applications with the view to find bugs, errors or vulnerabilities related to command injection attacks. By using this tool, it is very easy to find and exploit a command injection vulnerability in a certain vulnerable parameter or string. Commix is written in Python programming language.


Mar 24, 2015

Solaris Auditd Log Class

0x00000001:fr:file read
0x00000002:fw:file write
0x00000008:fm:file attribute modify
0x00000010:fc:file create
0x00000020:fd:file delete
0x00001000:lo:login or logout
0xffffffff:all:all classes   


Mar 23, 2015

Howto: Install and use ssllabs-scan on Ubuntu

1. Install GO Language
# apt-get install golang

2. Download ssllab-scan
# git clone

3. Run with
# go run ssllabs-scan.go <Target>

# go run ssl-labs-scan.go


If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Mar 19, 2015

Tools: FastNetMon - high performance DoS/DDoS analyzer with sflow/netflow/mirror support

FastNetMon - A high performance DoS/DDoS and netflowk load analyzer built on top of multiple packet capture engines (netmap, PF_RING, sFLOW, Netflow, PCAP).
What can we do? We can detect hosts in our own network with a large amount of packets per second/bytes per second or flow per second incoming or outgoing from certain hosts. And we can call an external script which can notify you, switch off a server or blackhole the client.
Why did we write this? Because we can't find any software for solving this problem in the open source world!



Mar 18, 2015

Tools: Flawfinder - Static/Dynamic code analysis - Apple IOS

a simple program that examines C/C++ source code and reports possible security weaknesses (“flaws”) sorted by risk level. It’s very useful for quickly finding and removing at least some potential security problems before a program is widely released to the public


Tools: Fast Incident Response

FIR (Fast Incident Response) is an cybersecurity incident management platform designed with agility and speed in mind. It allows for easy creation, tracking, and reporting of cybersecurity incidents.
FIR is for anyone needing to track cybersecurity incidents (CSIRTs, CERTs, SOCs, etc.). It's was tailored to suit our needs and our team's habits, but we put a great deal of effort into making it as generic as possible before releasing it so that other teams around the world may also use it and customize it as they see fit.