Archivos de la categoría wh0s

Forensics analysis: Windows Registry (I)

Within the information we can get in a forensic analysis of a Windows computer, windows registry provide us with interesting information about the computer installation, users, installed programs …

Where can we find these files?

On Windows XP, Windows Vista, Windows 7 and Windows 8 operating systems (among others), log files can be found in the following path:

C:\Windows\System32\config\

The interesting records will be:

  • \DEFAULT
  • \SAM
  • \SECURITY
  • \SOFTWARE
  • \SYSTEM

The first thing we do is extract these files from a test environment to see what information we can get from each of them. The program that we use to see the information they contain is Windows Registry Recovery“.

The records that provide us with more information are SAM, SOFTWARE and SYSTEM, in this post we will see some of the information stored in SYSTEM, and in the next post we will show you the results of the SAM and SOFTWARE files.

C:\Windows\System32\config\SYSTEM:

Network configuration:

post 1 edit.png

Last known hardware configuration:

post 1 edit.png

We hope that this post has been of interest to you. We will write much more about stored data into Windows Registry in our next post. J

Translated by @ANAgarneg

Creepy, where have you been?

Creepy is a geolocation OSINT tool that can be used as part of the footprinting phase. This tool is developed in python and it is a cross-platform. It has been developed for educational purposes to see how much geolocation information is contained in publications made with the location option on.

OSINT tools (Open-Source Intelligence) collect information from public sources that are accessible via Internet, i.e free and declassified information fonts.

Keeping this in mind, what Creepy does is to collect location data from those users considered as targets. This data is collected from publications on social networks like twitter, instagram or flicker whose users have their location on.

Below you’ll find some pictures showing how Creepy works and the results it shows.

  1. Once the objective has been specified a research is done in order to find every published location:

post 1 edit.png

We can appreciate that most part of the findings are in Spain and that there’s one in Belgium.

  1. Let’s approach the zoom to see the findings more in detail:

post 1 edit.png

post 1 edit.png

As you can see it is very easy to track someone who publishes their location on social networks, so it is important that you turn it off and turn it on only when needed.

Translated by Ana García Negrillo  (@ANAgarneg)

Have I Been Pwned?

The lack of awareness we have about our digital identities got our attention and it has always been of great interest to us here in Wh0s.

Since the popularization of internet we all exist in some way in it, and it is becoming difficult for many of us to know how many accounts we have, in fact, how many of us are able to know how many social networks, forums or websites we have registered on? What if we talk about applications? How many applications have you downloaded where you have to enter personal information such as your name, surname or email? Although it may seem unimportant, when we do a registration we are creating a digital identity, with which we are providing with some of our data to companies that record them in their databases. What if they lose this information? Maybe nothing or maybe your ID, address, etc. are freely surfing the web. And when something is on the Internet…it will be there forever.

When a case of information loss is given, it is known as pwned. In the hacker jargon, pwn means to compromise or control, specifically another computer (server or PC), web site, gateway device, or application against the owner desire, in these cases, it’s simple:

pwned.jpg

But, how important are these cases? It may sound a bit paranoid, but there have been more cases than we think, some of them even causing very serious information losses, such as PS3 or adobe (links to official news) that mainly because of ignorance they weren’t consider important at all.

As for us, we would like to talk about a web site: https://haveibeenpwned.com/ , where you can check if any of your account has been affected by these cases. (There are some more, but in our opinion this is the most complete one.)

HaveIBeenPwned.png

In @haveibeenpwned you will be able to follow every corrupted database update as they add them to the system. To conclude, we leave you a very curious case for you to check: admin@sony.com and some basic recommendations:

  1. Don’t ever give your real data unless it’s necessary.
  2. Don’t reuse any password, nor use the same identifiable pattern.
  3. Use double safety factors, or systems that add security such as the latch implementation we talked about earlier.

We hope that this post has been of interest to you, and if you know about any curious case like the one in admin@sony.com, don’t hesitate to leave a comment. J

Cheers!

Translated by Ana García Negrillo  (@ANAgarneg)

10 ways to keep your Smartphone safe

It’s been a while since we wanted to talk about something that we find interesting and are also concerned about: Smartphone safety.

With the popularization of these “intelligent” phones, almost everybody is carrying in their pocket one of the newest target for malicious attacks.  But why?  Well, it stores a lot of personal data not properly protected.

Movil_seguro

In order to make it difficult for someone to attack us, we will provide you with some tips to protect yourself as much as possible from this threat. Most of them are just logical, but it is not a bad idea to remind them, as the main defense is common sense.

  1. Download apps only from official repositories:  You have to make sure that the download is legitimate and pay special attention to the permissions required by the application. Although it may happen with some applications, it is not normal for a dictionary app to ask us for access to our contact list or location. If you have an Android device, you must be even more vigilant, as the Android Market is less restrictive when publishing applications and infected ones can be found for sale.
  2. Beware of links to suspicious domains: don’t access links from emails, Whatsapp, etc. from an unknown origin. For example, those ads that promise the moon and the stars:  “Congratulations! You are our 1,000,000th  user! You have won this fabulous car! Click ‘here’ to get it.”
  3. Make sure that we are where we really want to be: as we will see in a forthcoming post, there are sites cloning others in order to obtain your passwords and gain access to your account and data. It is very important to know where we are getting into.
  4. It is highly recommended not to root or jailbreak it: mostly if you don’t have enough knowledge in this field. When you do it you will become the administrator from the terminal, so if you are attacked they will have full access to all your data and even make your phone useless.
  5. Deactivate Bluetooth and Wifi: just activate them when you are going to use them, the rest of the time they are like an open door to other devices.
  6. Activate localization only for certain applications: for example, maps or GPS. But Twitter or Facebook do not need it, that’s just extra information for those who may try to attack you.
  7. Install an antivirus: you have to think of it like a pocket computer, so the antivirus will protect us from known attacks. A good choice may be AVAST (for Android).
  8. Make regular backups: it is better to have backups in order not to lose our data in case of theft, loss or damage of the phone.
  9. Keep you Smartphone updated: both in the operating system and applications, most of the updates include bug fixes and security enhancements.
  10. Encrypt your Smartphone contents with applications like Sophos Mobile encryption and install applications to enhance safety as Lookout, which, among other things, allows you to locate your Smartphone if lost or stolen.

Besides all these recommendations you can always go a step further. Some Smartphones focused on protecting information have been currently developed. Two examples would be:

BlackPhone (475€ + taxes,shipping costs and custom duties), it is considered the safest phone in the world.

Hoox M2 (around 2000€), made by Bull and designed to warrant the phone safety, it is known as “the first European Smartphone with in-depth security”.

As you see, I could give you much more advice, these are just a few.

If you want to share your tricks to make your Smartphone as safe as possible, please don’t hesitate to leave a comment.

I hope that this post has been of interest to you J

Translated by Ana García Negrillo  (@ANAgarneg)

bWAPP: learning IT security with an app

Today we want to talk about bWAPP, an insecure web application with educational purposes, founded by Malik Masellem (@MME_IT).

There are more applications of this type, but we discovered this one in our stay in Belgium last week, and we found it interesting.

What is bWAPP?

bWAPP is an insecure open-source web application designed to improve the skills of students, developers or people interested in IT security in order to discover and prevent web vulnerabilities.

This app has more than 70 vulnerabilities such as SQL injection, Cross-Site Scripting (XSS) or Denial of Service (DoS).

We can install this app with two different steps:

  • We can download the bWAPP application and install it afterwards in our server (Apache/ISS) or in XAMPP or WAMPP.
  • In addition, we have the possibility of downloading ‘bee-box’, a virtual machine with bWAPP already installed. It takes up 7.3 Gb.

Once installed, it is time to play… here we have two examples of exploiting vulnerabilities:

XSS – Reflected:

1. We choose the vulnerability we want to exploit, in this case, ‘Cross-Site Scripting – Reflected (GET)

2. We write ‘<script>alert(“XSS”)</script>’ in ‘First name’:

3. Result:


SQL Injection:

1. Insert characters: in this case we have enough with an inverted comma  :

2. We receive the information from the database:

You can find all the information of this app, together with the download and the explanation in the following link:

http://itsecgames.com/

Here you have some other applications where you can learn hacking techniques without getting into trouble:

  • Gruyere, a project from Google. You can find more information about this in @fluproject.
  • WebGoat, an OWASP project.
  • Hack.me, an eLearnSecurity project where you can have access to several web applications with vulnerabilities to improve and learn pentesting techniques.

Time to enjoy playing and learning!

Translated by Cristina Serrano (@parole_errante)