viernes, 28 de agosto de 2020

Rastrea2R - Collecting & Hunting For IOCs With Gusto And Style



Ever wanted to turn your AV console into an Incident Response & Threat Hunting machine? Rastrea2r (pronounced "rastreador" - hunter- in Spanish) is a multi-platform open source tool that allows incident responders and SOC analysts to triage suspect systems and hunt for Indicators of Compromise (IOCs) across thousands of endpoints in minutes. To parse and collect artifacts of interest from remote systems (including memory dumps), rastrea2r can execute sysinternal, system commands and other 3rd party tools across multiples endpoints, saving the output to a centralized share for automated or manual analysis. By using a client/server RESTful API, rastrea2r can also hunt for IOCs on disk and memory across multiple systems using YARA rules. As a command line tool, rastrea2r can be easily integrated within McAfee ePO, as well as other AV consoles and orchestration tools, allowing incident responders and SOC analysts to collect forensic evidence and hunt for IOCs without the need for an additional agent, with 'gusto' and style!


Dependencies
  • Python 2.7.x
  • git
  • bottle
  • requests
  • yara-python

Quickstart
  • Clone the project to your local directory (or download the zip file of the project)
$git clone https://github.com/rastrea2r/rastrea2r.git
$cd rastrea2r
  • All the dependencies necessary for the tool to run can be installed within a virtual environment via the provided makefile.
$make help
help - display this makefile's help information
venv - create a virtual environment for development
clean - clean all files using .gitignore rules
scrub - clean all files, even untracked files
test - run tests
test-verbose - run tests [verbosely]
check-coverage - perform test coverage checks
check-style - perform pep8 check
fix-style - perform check with autopep8 fixes
docs - generate project documentation
check-docs - quick check docs consistency
serve-docs - serve project html documentation
dist - create a wheel distribution package
dist-test - test a wheel distribution package
dist-upload - upload a wheel distribution package
  • Create a virtual environment with all dependencies
$make venv
//Upon successful creation of the virtualenvironment, enter the virtualenvironment as instructed, for ex:
$source /Users/ssbhat/.venvs/rastrea2r/bin/activate
  • Start the rastrea2r server by going to $PROJECT_HOME/src/rastrea2r/server folder
$cd src/rastrea2r/server/
$python rastrea2r_server_v0.3.py
Bottle v0.12.13 server starting up (using WSGIRefServer())...
Listening on http://0.0.0.0:8080/
  • Now execute the client program, depending on which platform you are trying to scan choose the target python script appropriately. Currently Windows, Linux and Mac platforms are supported.
$python rastrea2r_osx_v0.3.py -h
usage: rastrea2r_osx_v0.3.py [-h] [-v] {yara-disk,yara-mem,triage} ...

Rastrea2r RESTful remote Yara/Triage tool for Incident Responders

positional arguments: {yara-disk,yara-mem,triage}

modes of operation
yara-disk Yara scan for file/directory objects on disk
yara-mem Yara scan for running processes in memory
triage Collect triage information from endpoint

optional arguments:
-h, --help show this help message and exit
-v, --version show program's version number and exit


Further more, the available options under each command can be viewed by executing the help option. i,e

$python rastrea2r_osx_v0.3.py yara-disk -h
usage: rastrea2r_osx_v0.3.py yara-disk [-h] [-s] path server rule

positional arguments:
path File or directory path to scan
server rastrea2r REST server
rule Yara rule on REST server

optional arguments:
-h, --help show this help message and exit
-s, --silent Suppresses standard output
  • For ex, on a Mac or Unix system you would do:
$cd src/rastrea2r/osx/

$python rastrea2r_osx_v0.3.py yara-disk /opt http://127.0.0.1:8080/ test.yar

Executing rastrea2r on Windows

Currently Supported functionality
  • yara-disk: Yara scan for file/directory objects on disk
  • yara-mem: Yara scan for running processes in memory
  • memdump: Acquires a memory dump from the endpoint ** Windows only
  • triage: Collects triage information from the endpoint ** Windows only

Notes
For memdump and triage modules, SMB shares must be set up in this specific way:
  • Binaries (sysinternals, batch files and others) must be located in a shared folder called TOOLS (read only)
    \path-to-share-foldertools
  • Output is sent to a shared folder called DATA (write only)
    \path-to-share-folderdata
  • For yara-mem and yara-disk scans, the yara rules must be in the same directory where the server is executed from.
  • The RESTful API server stores data received in a file called results.txt in the same directory.

Contributing to rastrea2r project
The Developer Documentation provides complete information on how to contribute to rastrea2r project

Demo videos on Youtube

Presentations

Credits & References



More info


  1. Hack Tools Online
  2. Beginner Hacker Tools
  3. Easy Hack Tools
  4. Hacker Tool Kit
  5. Pentest Tools Windows
  6. Hacker Hardware Tools
  7. New Hack Tools
  8. Hackers Toolbox
  9. Blackhat Hacker Tools
  10. Hacking Tools 2020
  11. Pentest Tools For Ubuntu
  12. Hack Tools For Ubuntu
  13. Hack Tool Apk
  14. Android Hack Tools Github
  15. Pentest Tools For Android
  16. World No 1 Hacker Software
  17. What Is Hacking Tools
  18. Pentest Tools Linux
  19. Hack Tools 2019
  20. Hacking Tools For Beginners
  21. Hacks And Tools
  22. Hacking Tools Kit
  23. Free Pentest Tools For Windows
  24. Hacking Tools Name
  25. Hacking Apps
  26. What Are Hacking Tools
  27. Pentest Tools Bluekeep
  28. Pentest Tools Nmap
  29. Pentest Tools Alternative
  30. Termux Hacking Tools 2019
  31. Hacking Tools
  32. Pentest Tools Find Subdomains
  33. Hacker Tools For Windows
  34. Hacking Tools And Software
  35. Pentest Tools For Android
  36. Blackhat Hacker Tools
  37. Hack Tools For Windows
  38. Hacking Tools
  39. Pentest Tools Github
  40. Hacking Tools 2020
  41. How To Make Hacking Tools
  42. Pentest Box Tools Download
  43. Hacking Tools For Windows 7
  44. Black Hat Hacker Tools
  45. Hacker Tools Apk
  46. New Hacker Tools
  47. Ethical Hacker Tools
  48. Hacking Tools Mac
  49. Pentest Tools Bluekeep
  50. Hacking Tools Github
  51. Ethical Hacker Tools
  52. Pentest Tools Website Vulnerability
  53. Hacking Tools For Pc
  54. Hacking Tools For Windows 7
  55. Nsa Hack Tools
  56. Pentest Tools Online
  57. Pentest Tools For Ubuntu
  58. Nsa Hack Tools Download
  59. Android Hack Tools Github
  60. Hacking Tools For Windows
  61. Hacker Tools For Pc
  62. Pentest Tools Tcp Port Scanner
  63. Hacker Tools Free
  64. How To Install Pentest Tools In Ubuntu
  65. Install Pentest Tools Ubuntu
  66. Hack Tools
  67. How To Hack
  68. Pentest Tools Online
  69. Underground Hacker Sites
  70. What Are Hacking Tools
  71. How To Make Hacking Tools
  72. What Is Hacking Tools
  73. Hacking Tools Windows
  74. Hacking Tools 2019
  75. Game Hacking
  76. Pentest Tools For Android
  77. Hackrf Tools
  78. Hacker Tools Apk Download
  79. Hack Tools For Mac
  80. Pentest Tools Windows
  81. Hacker Tools Windows
  82. Pentest Tools Online
  83. Pentest Automation Tools
  84. Hacking Tools And Software
  85. Bluetooth Hacking Tools Kali
  86. Hacking Tools Windows 10
  87. Pentest Tools Apk
  88. Hak5 Tools
  89. Hacker Tools Free Download
  90. Hacking Tools Software
  91. Pentest Tools For Ubuntu
  92. Pentest Tools For Ubuntu
  93. Hacking Tools Online
  94. Hacker Tools Apk Download
  95. Hacker Tools Free
  96. Hacker Security Tools
  97. Pentest Tools Online
  98. New Hack Tools
  99. Hack Website Online Tool
  100. Blackhat Hacker Tools
  101. Top Pentest Tools
  102. World No 1 Hacker Software
  103. Hacking Tools Hardware
  104. Best Pentesting Tools 2018
  105. Hacker Tools Linux
  106. Hack Tools Download
  107. Hacker Tools For Windows
  108. Computer Hacker
  109. Tools 4 Hack
  110. Nsa Hack Tools
  111. Hacker Tools List
  112. Hacking Tools For Beginners
  113. Hack Tools
  114. Growth Hacker Tools
  115. Hacking Tools Mac
  116. Free Pentest Tools For Windows
  117. How To Install Pentest Tools In Ubuntu
  118. Pentest Tools Url Fuzzer
  119. Pentest Tools For Android
  120. Hacker Tools Online
  121. Hacking Tools Free Download
  122. Hacker Tools For Windows
  123. Computer Hacker
  124. Hacking Tools Kit
  125. Physical Pentest Tools
  126. Pentest Tools Free
  127. Hacking App
  128. Hacking Tools 2019
  129. Hack Tools
  130. New Hack Tools
  131. Hacking Tools 2019
  132. Hacker Tools Apk Download
  133. Nsa Hack Tools Download
  134. Kik Hack Tools
  135. Hacking Tools Windows
  136. Hack Tools
  137. Hacking Tools For Kali Linux
  138. Hacker Tools Free Download
  139. Hack Tools For Mac
  140. New Hacker Tools
  141. Pentest Tools Find Subdomains
  142. Pentest Tools List
  143. Pentest Tools For Mac
  144. World No 1 Hacker Software
  145. Ethical Hacker Tools
  146. Pentest Tools Linux
  147. Hack Tools Pc
  148. How To Make Hacking Tools
  149. Tools For Hacker
  150. Hack Tools For Games
  151. Hacking Tools Software
  152. Pentest Tools For Mac
  153. Ethical Hacker Tools
  154. Hacking Tools Usb
  155. Underground Hacker Sites
  156. Tools 4 Hack
  157. Hacking Tools Download
  158. Pentest Tools List
  159. Pentest Tools For Windows
  160. Game Hacking
  161. Pentest Tools Github
  162. Hacker Tools Mac
  163. Pentest Tools Free
  164. Hack Tools Online
  165. Hacking Tools And Software
  166. How To Install Pentest Tools In Ubuntu
  167. Hacker Tools For Ios
  168. Tools Used For Hacking
  169. Hacking Tools Windows 10
  170. Hack App
  171. Pentest Recon Tools
  172. Pentest Tools Apk
  173. Pentest Tools For Android
  174. Growth Hacker Tools
  175. Hack And Tools
  176. Hacking Tools For Mac
  177. Best Hacking Tools 2020

Nom 035 - Claves para una implementación efectiva.

Buenos día
Quise aprovechar la oportunidad de hacerte una invitación para tomar nuestro:
 
Nombre: NOM 035. Claves para una implementación efectiva.
Fecha: Martes 01 de Septiembre
Horario: 10:00 am a 13:00 pm
Formato: En línea con interacción en vivo.
Precio: $550.00 + IVA
Lugar: En Vivo desde su computadora
Instructor:Consultora de Recursos Humanos con 14 años de experiencia trabajando en proyectos para impulsar el capital humano en las organizaciones.

Este curso permite a los participantes identificar los principales retos en la implementación de la NOM 035 dentro de sus centros de trabajo, así como claves prácticas para superarlos y obtener los beneficios que esta norma brinda.

Objetivos Específicos:

- Será capaz de identificar los conceptos relacionados con la norma. 
-  Conocerá de manera general los requisitos base de cumplimiento, así como el impacto de estos en la productividad y desarrollo de sus organizaciones.
-  Descubrirá una alternativa para facilitar la implementación de la NOM 035 en sus organizaciones.

Solicita información respondiendo a este correo con la palabra Norma, junto con los siguientes datos:

Nombre:
Correo electrónico:
Número telefónico:
Email Alterno:

Para información inmediata llamar al:
(+52)
55 15 54 66 30 - (+52) 55 30 16 70 85

o puede enviarnos un Whatsapp. 

Qué tengas un gran día.
Saludos.

Innova Learn México - innovalearn. mx - Mérida, Yucatán, México

Top 15 Best Operating System Professional Hackers Use

Top 10 Best Operating System Professional Hackers Use

Top 15 Best Operating System Professional Hackers Use

Top 15 Best Operating System Professional Hackers Use

A hacker is someone who seeks and exploits the weaknesses of a computer system or network computing. Hackers may be motivated by a multitude of reasons, such as profit, protest, challenge, enjoyment or to assess these weaknesses to help in removing them.
The listed operating systems are based on the Linux kernel so it is all free operating systems.

1. Kali Linux

Kali Linux maintained and funded by Offensive Security Ltd. and it is first on our list. Kali Linux is a Debian-derived Linux distribution designed for digital forensics and penetration testing. It was developed by Mati Aharoni and Devon Kearns of Offensive Security through rewriting BackTrack, its previous forensics Linux distribution based on Ubuntu. Kali Linux has a specific project for the withdrawal of compatibility and portability of Android-specific devices, called Kali Linux NetHunter. It is the first open test platform penetration Source for Nexus Android devices, created as a joint effort between the member of the Kali "BinkyBear" Security and offensive community. It supports Wireless 802.11 frame injection, one-click configurations MANA Evil access point, keyboard HID (Teensy as attacks), as well as attacks MITM USB Mala.

2. Back Box

Back Box is an evaluation penetration testing Linux distribution and Ubuntu-based security aimed at providing an analysis of computer network systems and toolkit. Desktop environment back box includes a complete set of tools needed for ethical hacking and security testing.

3. Parrot Security OS

Parrot Security OS is a GNU / Linux distribution based on Debian. Fue built in order to perform penetration tests (safety information), vulnerability assessment and mitigation, Computer Forensics and Anonymous Surfing. Ha been developed by the team of Frozen box.
Parrot is based on the stable branch (Jessie) of Debian, a Linux 4.1 kernel hardened customized with a branch grsecurity patched available. The desktop environment is MATE fork of Gnome 2, and the default display manager is LightDM. The project is certified to run on machines with 265MB of RAM minimum follow and it is suitable for both 32-bit (i386) and 64-bit (amd64), with a special edition that works on 32-bit machines of age (486). Moreover, the project is available for Armel and armhf architectures. It even offers an edition (both 32 bit and 64 bit) developed for servers only for pen testing cloud.

4. Live Hacking OS

Live Hacking OS is a Linux distribution packed with tools and utilities for ethical hacking, penetration testing, and countermeasure verification. It includes embedded GUI GNOME user. There is a second variation available which has only the command line and requires much fewer hardware requirements.

5. DEFT Linux

DEFT stands for Digital Evidence and Forensic Toolkit and it is a distribution of Linux open source software built around the DART (Toolkit for Advanced Response Digital) and is based on the Ubuntu operating system. It has been designed from scratch to offer some of the best computer forensics open source and incident response tools that can be used by individuals, IT auditors, investigators, military, and police.

6. Samurai Web Testing Framework

The Samurai Web Testing Framework is a live Linux environment which has been pre-configured to function as a web pen-testing environment. The CD contains the best of open source and free tools that focus on testing and websites that attack. In the development of this environment, it is based on our selection of tools that we use in our practice of security. Hence, it includes the tools that were used in the four steps of a pen-test web.

7. Network Security Toolkit

The Network Security Toolkit (NST) is a Live CD based on Linux that provides a set of security tools computing and open source network to carry out routine security tasks and diagnostic networks and tracing. The distribution can be used as an analysis of network security, validation and monitoring tool for servers hosting virtual machines. NST has management capabilities similar to Fedora packages and maintains its own repository of additional packages.

8. Bugtraq

Bugtraq is a mailing list dedicated to safety issues in computers. On-topic issues new discussions about vulnerabilities, security-related notices providers, operating methods, and how to fix them. This is a mailing list of large volume, and almost all new vulnerabilities are there. Bugtraq computer freaks and experienced developers are discussed, is available in Debian, Ubuntu and openSUSE 32 and 64-bit architectures.

9. NodeZero

NodeZero is an open source system based on the operating core derived from the most popular Linux distribution in the world, Ubuntu, and designed to be used for penetration testing operations. The distribution can be downloaded as an ISO image live DVD, which will also take place on computers that support both 32-bit (x86) and 64-bit (x86_64) instruction set. Besides the fact that it allows you to start the live system, start menu contains several advanced features such as the ability to perform a diagnostic test of system memory, boot from local disk options, start the installer directly and to start in safe graphics mode, text mode or in debug mode.
Default graphical desktop environment NodeZero is powered by GNOME, which uses the classic GNOME interface. It has a design of two panels and uses the default software repositories of Ubuntu.

10. Pentoo

Pentoo is a Live CD and Live USB OS designed for penetration testing and security assessment. It is based on Gentoo Linux, Pentoo is offered both as 32-bit and 64-bit live cd which is installable. Pentoo is also available as a superposition of an existing Gentoo installation. It has conductors packet injection patched wifi, GPGPU cracking software, and plenty of tools for penetration testing and security assessment. The kernel includes Pentoo grsecurity and PAX hardening and additional patches with the binary compiled from a string of hardened with the latest nightly versions of some tools that are available.

#11 Live Hacking OS

Well, this Linux distro actually comes with some useful hacking tools which are often used in penetration testing or ethical hacking purpose. Live Hacking OS consists of the GNOME inbuilt. The operating system is really easy to operate and it can work on less RAM.

#12 Knoppix STD

This is another best Linux distro which focuses on tools for computer security. Knoppix STD brings some advanced tools for Password cracking, Firewalls, Network Utilities, Honeypots, Wireless Networking and more. This is one of the most used operating systems for Hackers.

#13 Cyborg Hawk

Cyborg Hawk is a new operating system which is based on Ubuntu Linux. Well, lots of hackers talk about Cyborg hawk and its one of the most powerful and cutting-edge penetration testing distribution that has ever been created. The operating system houses more than 700 tools for different purposes.

#14 Blackbuntu

Well, this is another operating system which is based on Linux and it was specially developed for penetration testing. Well, the operating system is very famous amongst hackers and it offers an awesome platform to learn Information security.

#15 Weakerth4n

Well, this is another best operating system which is used by professional hackers. WeakerTh4n actually comes with lots of hacking tools and it's actually a modern operating system for WiFi Hacking. Some of the wireless tools include SQL Hacking, Password Cracking, WiFi attacks, Cisco exploitation and more.

Read more


  1. Hacks And Tools
  2. Hack Tools For Pc
  3. Hacker Tools Hardware
  4. Hack Tools Mac
  5. Hacker Tools List
  6. Blackhat Hacker Tools
  7. Hacker Tools List
  8. Hacker Tools Free Download
  9. Hacker Tools Free
  10. Pentest Tools Website Vulnerability
  11. Hacker Tools
  12. Hacker Search Tools
  13. Nsa Hack Tools
  14. Nsa Hacker Tools
  15. Hack Tools Pc
  16. Hack Tools Online
  17. Hack Tools For Windows
  18. Black Hat Hacker Tools
  19. How To Install Pentest Tools In Ubuntu
  20. Hacker Techniques Tools And Incident Handling
  21. Hacking Tools 2019
  22. Ethical Hacker Tools
  23. Hacking Tools Hardware
  24. Android Hack Tools Github
  25. Easy Hack Tools
  26. Hacking Tools Windows
  27. Pentest Tools Online
  28. Nsa Hack Tools Download
  29. How To Install Pentest Tools In Ubuntu
  30. New Hack Tools
  31. Pentest Tools Open Source
  32. Hacking Tools Windows 10
  33. Pentest Tools
  34. Best Hacking Tools 2019
  35. Hacker Tools
  36. Pentest Tools Framework
  37. Tools Used For Hacking
  38. Bluetooth Hacking Tools Kali
  39. Hacker Tools Free
  40. Hacker Tool Kit
  41. Pentest Tools Linux
  42. Tools 4 Hack
  43. Tools 4 Hack
  44. Usb Pentest Tools
  45. Pentest Box Tools Download
  46. Hacking Tools For Pc
  47. Pentest Automation Tools
  48. Hacker Tools Linux
  49. Hack And Tools
  50. Hacker Security Tools
  51. Pentest Tools Find Subdomains
  52. Hacking App
  53. Pentest Reporting Tools
  54. Hacking Tools Mac
  55. Hacking Tools 2019
  56. How To Install Pentest Tools In Ubuntu
  57. Pentest Tools Kali Linux
  58. Best Pentesting Tools 2018
  59. Pentest Tools Nmap
  60. Pentest Recon Tools
  61. Tools For Hacker
  62. Hacking Tools And Software
  63. Hacker Tools Windows

Linux Command Line Hackery Series - Part 6


Welcome back to Linux Command Line Hackery series, I hope you've enjoyed this series so far and would have learned something (at least a bit). Today we're going to get into user management, that is we are going to learn commands that will help us add and remove users and groups. So bring it on...

Before we get into adding new users to our system lets first talk about a command that will be useful if you are a non-root user.

Command: sudo
Syntax: sudo [options] command
Description: sudo allows a permitted user to execute a command as a superuser or another user.

Since the commands to follow need root privileges, if you are not root then don't forget to prefix these commands with sudo command. And yes you'll need to enter the root password in order to execute any command with sudo as root.

Command: useradd
Syntax: useradd [options] username
Description: this command is used for creating new user but is kinda old school.
Lets try to add a new user to our box.
[Note: I'm performing these commands as root user, you'll need root privileges to add a new user to your box. If you aren't root then you can try these commands by prefixing the sudo command at the very beginning of these command like this sudo useradd joe. You'll be prompted for your root password, enter it and you're good to go]

useradd joe

To verify that this command has really added a user to our box we can look at three files that store a users data on a Linux box, which are:

/etc/passwd -> this file stores information about a user separated by colons in this manner, first is login name, then in past there used to be an encrypted password hash at the second place however since the password hashes were moved to shadow file now it has a cross (x) there, then there is user id, after it is the user's group id, following it is a comment field, then the next field contains users home directory, and at last is the login shell of the user.

/etc/group  -> this file stores information about groups, that is id of the group and to which group an user belongs.

/etc/shadow -> this file stores the encrypted password of users.

Using our command line techniques we learned so far lets check out these files and verify if our user has been created:

cat /etc/passwd /etc/group /etc/shadow | grep joe



In the above screenshot you can notice an ! in the /etc/shadow, this means the password of this user has not been set yet. That means we have to set the password of user joe manually, lets do just that.

Command: passwd
Syntax: passwd [options] [username]
Description: this command is used to change the password of user accounts.
Note that this command needs root privileges. So if you are not root then prefix this command with sudo.

passwd joe



After typing this command, you'll be prompted password and then for verifying your password. The password won't show up on the terminal.
Now joe's account is up and running with a password.

The useradd command is a old school command, lets create a new user with a different command which is kinda interactive.

Command: adduser
Syntax: adduser [options] user
Description: adduser command adds a user to the system. It is more friendly front-end to the useradd command.

So lets create a new user with adduser.

adduser jane



as seen in the image it prompts for password, full name and many other things and thus is easy to use.

OK now we know how to create a user its time to create a group which is very easy.

Command: addgroup
Syntax: addgroup [options] groupname
Description: This command is used to create a new group or add an existing user to an existing group.

We create a new group like this

addgroup grownups



So now we have a group called grownups, you can verify it by looking at /etc/group file.
Since joe is not a grownup user yet but jane is we'll add jane to grownups group like this:

addgroup jane grownups



Now jane is the member of grownups.

Its time to learn how to remove a user from our system and how to remove a group from the system, lets get straight to that.

Command: deluser
Syntax: deluser [options] username
Description: remove a user from system.

Lets remove joe from our system

deluser joe

Yes its as easy as that. But remember by default deluser will remove the user without removing the home directory or any other files owned by the user. Removing the home directory can be achieved by using the --remove-home option.

deluser jane --remove-home

Also the --remove-all-files option removes all the files from the system owned by the user (better watch-out). And to create a backup of all the files before deleting use the --backup option.

We don't need grownups group so lets remove it.

Command: delgroup
Syntax: delgroup [options] groupname
Description: remove a group from the system.

To remove grownups group just type:

delgroup grownups



That's it for today hope you got something in your head.

Continue reading