Intrusion Detection System
Showing posts with label Intrusion Detection System. Show all posts
Showing posts with label Intrusion Detection System. Show all posts

Apparatus - A Graphical Security Analysis Tool For IoT Networks

7:28:00 AM Add Comment
Apparatus - A Graphical Security Analysis Tool For IoT Networks


ASTo - Apparatus Software Tool

An IoT network security analysis tool and visualizer


Apparatus is a security framework to facilitate security analysis in IoT systems. To make the usage of the Apparatus framework easier the ASTo app was created (ASTo stands for Apparatus Software Tool).

ASTo is security analysis tool for IoT networks. It is developed to support the Apparatus security framework. ASTo is based on electron and cytoscape.js. The icons are provided by Google's MaterialDesign.

The application is still in prototyping stage, which means a lot of functionality is being added with each commit, along with massive changes in almost everything.

To Use

To clone and run this repository you'll need Git and Node.js installed on your computer.
To download and install the app, type the following in your terminal:

# Clone this repository
git clone https://github.com/Or3stis/apparatus.git
# Go into the repository
cd apparatus
# Install dependencies
npm install
# to run the app

 npm start

Because the app is still in prototype stage, it is best to keep up to date with the most recent commits. To do so, before starting the app, type:

# inside the apparatus directory

# update to latest
git pull

The first window (home screen) will ask you to choose which modeling phase would you like to perform analysis in. After you select a phase, a native dialog window will be displayed and ask you choose a file to load. By default, you can only choose .js or .json files.

You will find some example graphs in the graphs folder.

The architecture of ASTo

ASTo was designed with modularity and extendability in mind. Each module performs a specific function.

As with any Electron application, the first file that is being executed is the main.js. The main.js renders the index.html which is used as the home page of the app, so we can navigate to the different development phases.

Each phase has its own .html file where its graphical interface is declared.

  • Design phase -> design.html
  • Design state phase -> design-state.html
  • Implementation phase -> implementation.html
  • Implementation state phase ->implementation-state.html

Instructions

If you want to contribute that's great news Check the contributing guide. The application is being developed on Mac. That means that new commits might introduce breaking changes in other platforms. Especially commits that involve access to the file system. If something is not working, don't hesitate to create an issue.

If you want to find out how the app works check the wiki.
You can check the project's planned features in the roadmap.

Download Apparatus

WireShark Version 2.4.0 Released With New Features

5:07:00 AM Add Comment
WireShark Version 2.4.0 Released With New Features


WireShark Version 2.4.0 Released With New Features.


Wireshark is the world’s most open source popular network protocol analyzer. It is used for troubleshooting, analysis, development and education. 


New and Updated Capture File Support with ERF, IxVeriWave, Libpcap, and Pcap-ng, also there are major API Changes like IEEE802.11: wlan_mgt display filter element got renamed to wlan and Libgcrypt is now a required dependency.

There are total 21 issues were fixed in Wireshark 2.2.8

  1. Experimental 32-bit and 64-bit Windows Installer (.msi) packages are available. It is recommended that you use these independently of the NSIS (.exe) installers. That is, you should make sure the NSIS package is completely uninstalled before installing the Windows Installer package and vice-versa.
  2. Source packages are now compressed using xz instead of bzip2.
  3. The legacy (GTK+) UI is disabled by default in the Windows installers.
  4. The legacy (GTK+) UI is disabled by default in the development environment (Autotools and CMake).
  5. SS7 Point Codes can now be resolved into names with a hosts-like file.
  6. Wireshark can now go fullscreen to have more room for packets.
  7. TShark can now export objects like the other GUI interfaces.
  8. Support for G.722 and G.726 codecs in the RTP Player (via the SpanDSP library).
  9. You can now choose the output device when playing RTP streams.
  10. Added support for dissectors to include a unit name natively in their hf field. A field can now automatically append "seconds" or "ms" to its value without additional printf-style APIs.
  11. The Default profile can now be reset to default values.
  12. You can move back and forth in the selection history in the Qt UI.
  13. IEEE 802.15.4 dissector now uses an UAT for decryption keys. The original decryption key preference has been obsoleted.
  14. Extcap utilities can now provide configuration for a GUI interface toolbar to control the extcap utility while capturing.
  15. Extcap utilities can now validate the capture filter.
  16. Display filter function len() can now be used on all string and byte fields.
  17. Added an experimental timeline view for 802.11 wireless packet data which can be enabled via the "802.11 radio information" preferences.
  18. Added TLS 1.3 (draft 21) dissection and decryption support (Bug 12779).
  19. The (D)TLS Application Layer protocol (e.g. HTTP or CoAP) can now be changed via the Decode As dialog.
  20. The RSA keys dialog for SSL keys has improved feedback for invalid settings and no longer requires the IP address, Port or Protocol fields to be set in addition to the Key File.
  21. TCP Analysis will detect and flag more spurious retransmissions.

New Protocol Support


Bluetooth HCI Vendor Intel, CAN FD, Citrix NetScaler Metric Exchange Protocol, Citrix NetScaler RPC Protocol, DirectPlay 8 protocol, Ericsson A-bis P-GSL, Ericsson A-bis TFP (Traffic Forwarding Protocol), Facebook Zero, Fc00/cjdns Protocol, Generic Netlink (genl), GSM Osmux, GSMTAP based logging, Health Level 7 (HL7), High-speed SECS message service (HSMS), HomePNA, IndigoCare iCall protocol, IndigoCare Netrix protocol, iPerf2, ISO 15765, Linux 802.11 Netlink (nl80211), Local Service Discovery (LSD), M2 Application Protocol, Mesh Link Establishment (MLE), MUDURL, Netgear Ensemble Protocol, NetScaler HA Protocol, NetScaler Metric Exchange Protocol, NetScaler RPC Protocol, NM protocol, Nordic BLE Sniffer, NVMe, NVMe Fabrics RDMA, OBD-II PIDs, OpenThread simulator, RFTap Protocol, SCTE-35 Digital Program Insertion Messages, Snort Post-dissector, Thread CoAP, UDP based FTP w/ multicast (UFTP and UFTP4), Unified Diagnostic Services (UDS), vSocket, Windows Cluster Management API (clusapi), and X-Rite i1 Display Pro (and derivatives) USB protocol.

You can download Wireshark here

MongoDB-HoneyProxy: A Honeypot Proxy For MongoDB Server

9:15:00 AM Add Comment

MongoDB-HoneyProxy: A Honeypot Proxy For MongoDB Server

When run, this will proxy and log all traffic to a dummy mongodb server. MongoDB-HoneyProxy was created in response to the 'MongoDB Apocolypse'

Pre-requisites:

  • sudo apt-get install nodejs npm gcc g++
  • You'll also need to install MongoDB for this to function, as this project works as a logging proxy.
Cyber Criminals Attacking On Web Databases And Asking To Pay For Ransom

Setup

  • Create a MongoDB database. Some good dummy data can be found here. Another good tool is JSON Generator, which generates fake json that can then be converted to bson.
  • Then, install the project
git clone https://github.com/Plazmaz/MongoDB-HoneyProxy.git

cd MongoDB-HoneyProxy
sudo npm install

To run the project, simply use node index.js

 Download

Inspeckage - The Android Package Inspector For Dynamic Analysis With API Hooks

5:59:00 AM Add Comment
Inspeckage- The Android Package Inspector For Dynamic Analysis With API Hooks


Android Package Inspector - dynamic analysis with api hooks, start unexported activities and more. 


Inspeckage is a tool developed to offer dynamic analysis of Android applications. By applying hooks to functions of the Android API, Inspeckage will help you understand what an Android application is doing at runtime.

Features

With Inspeckage, we can get a good amount of information about the application's behavior:

Information gathering

  • Requested Permissions;
  • App Permissions;
  • Shared Libraries;
  • Exported and Non-exported Activities, Content Providers,Broadcast Receivers and Services;
  • Check if the app is debuggable or not;
  • Version, UID and GIDs;
  • etc.

Hooks (so far)

With the hooks, we can see what the application is doing in real time:

  • Shared Preferences (log and file);
  • Serialization;
  • Crypto;
  • Hashes;
  • SQLite;
  • HTTP (an HTTP proxy tool is still the best alternative);
  • File System;
  • Miscellaneous (Clipboard, URL.Parse());
  • WebView;
  • IPC;
  • + Hooks (add new hooks dynamically)


Actions

With Xposed it's possible to perform actions such as start a unexported activity and much else:

  • Start any activity (exported and unexported);
  • Call any provider (exported and unexported);
  • Disable FLAG_SECURE;
  • SSL uncheck (bypass certificate pinning - JSSE, Apache and okhttp3);
  • Start, stop and restart the application;

Extras

  • APK Download;
  • View the app's directory tree;
  • Download the app's files;
  • Download the output generated by hooks in text file format;
  • Take a screen capture;
  • Send text to android clipboard.


Configuration

Even though our tool has some hooks to the HTTP libraries, using an external proxy tool is still the best option to analyze the app's traffic. With Inspeckage, you can:

  • Add a proxy to the target app;
  • Enable and disable proxy;
  • Add entries in the arp table.


Logcat

Logcat.html page. A experimental page with websocket to show some information from the logcat.


Installation

Requirements: Xposed Framework

Xposed Installer

  1. Go to Xposed Installer, select "Download"
  2. Refresh and search for "Inspeckage"
  3. Download the latest version and install
  4. Enable it in Xposed
  5. Reboot and enjoy!


Xposed Repository

Get it from Xposed repo: http://repo.xposed.info/module/mobi.acpm.inspeckage

 adb install mobi.acpm.inspeckage.apk

  • Enable it in Xposed
  • Reboot and enjoy!
  • Replace params and return value (+Hooks tab).

cgPwn - Cyber Grand Pwnage Box For Hardware Hacking

5:53:00 AM Add Comment
cgPwn - Cyber Grand Pwnage Box For Hardware Hacking

cgPwn - Cyber Grand Pwnage Box For Hardware Hacking. 

Ubuntu VM tailored for hardware hacking, RE and Wargaming.

Install VirtualBox

Check Virtualbox for information on installing Virtualbox on your respective operating system.


Install Vagrant

Check VagrantUp for information on installing vagrant.

Fire up the VM

git clone https://github.com/0xM3R/cgPwn
cd cgPwn
vagrant up
... Just wait until everything is getting setup for you.
vagrant ssh





Default settings

By default, personal dotfiles are installed onto the VM. Simply comment out the following lines in cgPwn.sh if you don't want my settings.

# Personal config
sudo apt-get -y install stow
cd ~
rm .bashrc
git clone https://github.com/0xM3R/dotfiles
cd dotfiles
chmod a+x ./install.sh
./install.sh


Shared folder

Drop files in the sharedFolder folder on your host to find them on your VM at /home/vagrant/sharedFolder

Tools Included


  • Pwndbg
  • Pwntools
  • Binwalk
  • Radare2
  • Capstone, Unicorn and Keystone Engines
  • Qira Timeless Debugger
  • AFL
  • Valgrind , VGdb
  • ROPGadget, XRop, Ropper, rp++
  • Intel PIN
  • Angr
  • z3
  • frida
  • Compiler tools: CLANG, LLVM, GDBMultiarch, GDBArm
  • Useful tools: htop, lynx, socat, p7zip, mc

Download cgPwn
Subscribe to: Posts (Atom)

Popular Posts