Tech News - Penetration Testing

On November 26, the Kali Linux team announced its fourth and final release of 2019, Kali Linux 2019.4, which is readily available for download. A few features of Kali Linux 2019.4 include a new default desktop environment, Xfce; a new GTK3 theme (for Gnome and Xfce); Kali Undercover” mode, the kernel has been upgraded to version 5.3.9, and much more. Talking about ARM the team highlighted, “2019.4 is the last release that will support 8GB sdcards on ARM. Starting in 2020.1, a 16GB sdcard will be the minimum we support.” What’s new in Kali Linux 2019.4? New desktop environment, Xfce and GTK3 theme The much-awaited desktop environment update is here. The older versions had certain performance issues resulting in fractured user experience. To address this, they developed a new theme running on Xfce. Its lightweight design can run on all levels of Kali installs. The new theme can handle various needs of the average user with no changes. It uses standard UI concepts and there is no learning curve to it. It looks great with modern UI elements that make efficient use of screen space. Kali Undercover mode For pentesters doing their work in a public environment, the team has made a little script that will change the user’s Kali theme to look like a default Windows installation. This way, users can work a bit more incognito. “After you are done and in a more private place, run the script again and you switch back to your Kali theme. Like magic!”, the official blog post reads. BTRFS during setup Another significant new addition to the documentation is the use of BTRFS as a root file system. This gives users the ability to do file system rollbacks after upgrades. In cases when users are in a VM and about to try something new, they will often take a snapshot in case things go wrong. However, running Kali bare metal is not easy. There is also a manual clean up included. With BTRFS, users can have a similar snapshot capability on a bare metal install! NetHunter Kex – Full Kali Desktop on Android phones With NetHunter Kex, users can attach their Android devices to an HDMI output along with Bluetooth keyboard and mouse and get a full, no compromise, Kali desktop from their phones. To get a full breakdown on how to use NetHunter Kex, check out its official documents on the Kali Linux website. Kali Linux users are excited about this release and look forward to trying the newly added features. https://twitter.com/firefart/status/1199372224026861568 https://twitter.com/azelhajjar/status/1199648846470615040 To know more about other features in detail, read the Kali Linux 2019.4  official release on Kali Linux website. Glen Singh on why Kali Linux is an arsenal for any cybersecurity professional [Interview] Kali Linux 2019.1 released with support for Metasploit 5.0 Kali Linux 2018 for testing and maintaining Windows security – Wolf Halton and Bo Weaver [Interview]

Yesterday, the security engineers at Netflix reported several TCP networking vulnerabilities in FreeBSD and Linux kernels. Out of these vulnerabilities, the most serious one is called “SACK Panic” that allows a remote attacker to trigger a kernel panic on recent Linux kernels. Details on the TCP networking vulnerabilities Netflix security engineers found four vulnerabilities in total. These were specifically related to the maximum segment size (MSS) and TCP Selective Acknowledgement (SACK) capabilities. MSS is a parameter in the TCP header of a packet that specifies the total amount of data a computer can receive in a single TCP segment. SACK is a mechanism that enables the data receiver to inform the sender about all the segments that have arrived successfully. Soon after, Red Hat also listed the vulnerabilities, background, and patches on their website and credited Netflix for reporting them. According to Red Hat, the extent of the impact of these vulnerabilities is limited to denial of service. “No privilege escalation or information leak is currently suspected,” Red Hat wrote in its post. Following are the vulnerabilities that were reported: SACK Panic (CVE-2019-11477) Sack Panic is the most severe vulnerability of all, that can be exploited by an attacker to induce an integer overflow by sending a crafted sequence of SACKs on a TCP connection with small MSS value. This can lead to a kernel panic that makes it difficult for the operating system to recover back to its normal state. This forces a restart and hence causes a denial of service attack. This vulnerability was found in Linux 2.6.29 or later versions. SACK Slowness (CVE-2019-11478 and CVE-2019-5599) The TCP retransmission queue in Linux kernels and the Rack send map in FreeBSD can be fragmented by sending a crafted sequence of SACKs. The attacker will then be able to exploit this fragmented queue to cause “an expensive linked-list walk for subsequent SACKs received” for that particular TCP connection. This vulnerability was found in Linux 4.15 or previous versions and FreeBSD 12 using the RACK TCP Stack Excess Resource Consumption Due to Low MSS Values (CVE-2019-11479) A Linux kernel can be forced by an attacker to divide its responses into multiple TCP segments accommodating 8 bytes of data. Sending the same amount of data will now require more bandwidth and will also consume additional resources like CPU and NIC processing power. This vulnerability was found in all Linux versions. Next steps The Netflix team has also mentioned the patches and workaround against each vulnerability in the official report. Red Hat has recommended two options to mitigate the CVE-2019-11477 and CVE-2019-11478 vulnerabilities: Disabling the vulnerable component Using iptables to drop connections with an MSS size that is able to exploit the vulnerability. Red Hat will be making a ‘kpatch’ available for customers running supported versions of Red Hat Enterprise Linux 7 or greater. Red Hat customers using the affected versions are recommended to update them as soon as Red Hat makes the errata available. Additionally, they have also provided an Ansible playbook, ‘disable_tcpsack_mitigate.yml’, which will disable selective acknowledgments and make the change permanent. More information about the mitigation steps is available on Red Hat’s official website. NSA warns users of BlueKeep vulnerability; urges them to update their Windows systems Over 19 years of ANU(Australian National University) students’ and staff data breached PyPI announces 2FA for securing Python package downloads

Yesterday, Kali Linux’s first release for 2019 was announced. Kali Linux 2019.1 comes with a variety of changes and new features including, support for Metasploit version 5.0, kernel up to version 4.19.13, ARM updates and numerous bug fixes. Users with a Kali installation can upgrade using: root@kali:~# apt update && apt -y full-upgrade You can also download new Kali Linux ISOs directly from the official website or from the Torrent network. What’s new in Kali Linux 2019.1? Support for Metasploit 5.0 The new version of Kali Linux now supports Metasploit version 5.0, which was released last month. Metasploit 5.0 introduces multiple new features including Metasploit’s new database and automation APIs, evasion modules and libraries, expanded language support, improved performance, and more. Kali Linux 2019.1 also includes updated packages for theHarvester, DBeaver, and more. theHarvester helps Penetration testers in the early stages of the penetration test to gather emails, subdomains, hosts, employee names, open ports and banners from different public sources. DBeaver is an SQL client and a database administration tool. Updates to ARM The 2019.1 Kali release for ARM include: The operating system has an upgraded kernel (v4.19.13) that supports the use of both Banana Pi and Banana Pro single board computers. Veyron has also been moved to a 4.19 kernel The Offensive Security virtual machine and ARM images have also been updated to 2019.1 Raspberry Pi images have been simplified. Separate Raspberry Pi images are no longer there for users with TFT LCDs because Kali 2019.1 now comes with re4son’s kalipi-tft-config script on all of them.  For setting up a board with a TFT, users can run ‘kalipi-tft-config’ and follow the prompts. You can go through the changelog to know detailed bug fixes. Kali Linux 2018 for testing and maintaining Windows security – Wolf Halton and Bo Weaver [Interview] Implementing Web application vulnerability scanners with Kali Linux [Tutorial] Kali Linux 2018.2 released

Last week, the Metasploit team announced the release of its fifth version, Metasploit 5.0. This latest update introduces multiple new features including Metasploit’s new database and automation APIs, evasion modules and libraries, expanded language support, improved performance, and more. Metasploit 5.0 includes support for three different module languages; Go, Python, and Ruby. What’s New in Metasploit 5.0? Database as a RESTful service The latest Metasploit 5.0 now adds the ability to run the database by itself as a RESTful service on top of the existing PostgreSQL database backend from the 4.x versions. With this, multiple Metasploit consoles can easily interact. This change also offloads some bulk operations to the database service, which improves performance by allowing parallel processing of the database and regular msfconsole operations. New JSON-RPC API This new API will be beneficial for users who want to integrate Metasploit with new tools and languages. Till now, Metasploit supported automation via its own unique network protocol, which made it difficult to test or debug using standard tools like ‘curl’. A new common web service framework Metasploit 5.0 also adds a common web service framework to expose both the database and the automation APIs; this framework supports advanced authentication and concurrent operations and paves the way for future services. New evasion modules and libraries The Metasploit team announced a new evasion module type in Metasploit along with a couple of example modules in 2008. Using these module types, users can easily develop their own evasions and also add a set of convenient libraries that developers can use to add new on-the-fly mutations to payloads. A recent module uses these evasion libraries to generate unique persistent services. With Metasploit 5.0’s generation libraries, users can now write shellcode in C. Execution of an exploit module The ability to execute an exploit module against more than one target at a given point of time was a long-requested feature. Usage of the exploit module was limited to only one host at a time, which means any attempt at mass exploitation required writing a script or manual interaction. With Metasploit 5.0, any module can now target multiple hosts in the same way by setting RHOSTS to a range of IPs or referencing a hosts file with the file:// option. Improved search mechanism With a new improved search mechanism, Metasploit’s slow search has been upgraded and it now starts much faster out of the box. This means that searching for modules is always fast, regardless of how you use Metasploit. In addition, modules have gained a lot of new metadata capabilities. New metashell feature The new metashell feature allows users to background sessions with the background command, upload/download files, or even run resource scripts, all without needing to upgrade to a Meterpreter session first. As backward compatibility, Metasploit 5.0 still supports running with just a local database, or with no database at all. It also supports the original MessagePack-based RPC protocol. To know more about this news in detail, read its release notes on GitHub. Weaponizing PowerShell with Metasploit and how to defend against PowerShell attacks [Tutorial] Pentest tool in focus: Metasploit Getting Started with Metasploitable2 and Kali Linux

Have you heard about the latest VPNFilter Malware attack? In brief, the software networking firm and its network analysis department known as ‘Talos’ identified a malware known as VPNFilter a few weeks ago. Something about these attacks made them particularly risky. If you are an individual or any small or medium business organization accessing the internet using routers from companies such as Linksys, Netgear, QNAP, TP-Link, ASUS, D-Link, Huawei, Ubiquiti, UPVEL, and ZTE then you are vulnerable to the VPNFilter malware attack. Read on to understand where do you stand and what you can do to avoid falling victim of this vicious malware attack. How VPNFilter malware works? The first thing that you need to understand is that VPNFilter has a 3 stage attack procedure. The first stage, which is one of the most potent and dangerous one too, plants itself into the router firmware. In most malware attack cases, a reboot would make the malware go away. That’s where VPNFilter stands out. It persists through the reboot and after the reboot it initiates the second stage. The second stage is about spying on the user activity and data and then storing and accessing user data, tracking the URLs and getting to know more about the victim. The most terrifying factor is that the user never realizes that they have been attacked. The reason being that VPNFilter uses the technique of “Man in the Middle” or MitT attack. What happens in this form of cyber attack is that the spyware gets attached to the router and then collects user data and prepares for a larger assault while the user is completely unaware of it. The image below explains the process.     Source: Yeahhub.com If this seems scary to you then you haven’t yet heard the interesting bit yet. The third stage is about introducing different plugins which can perform different types of actions. One of them is it can downgrade the security level of your requests from HTTPS to HTTP protocol. This in turn makes your data unencrypted and also makes your passwords and other valuable data open to anyone who is snooping on your network. The rest of the hacking process then eventually becomes much easier. Imagine what could happen if you logged in to a social media platform or into your netbanking application and the data is phished away. The worst part is that you won’t even know that your account is hacked until the hackers expose themselves by making malicious transactions. The horror story doesn’t end here, it also comes with a “Remote Destroy” button. This enables the hackers to delete important network and configuration files from your router before destroying the malware and this means your router will be rendered useless after they choose to do so. This gives them the power to disrupt internet connectivity on a global scale since the number of routers presently affected can be anywhere around 500k. Is there a way out? How can you save your router from this onslaught. Rebooting doesn’t work. The only way that some groups have suggested is to restore factory defaults of your router, upgrade the firmware of your router, and log in with your credentials. This three step process might be the only way you can get away from this attack. How to know that your router is no good? Try updating it to the latest version of firmware, if it says unable to upgrade, you can be damn sure of the fact that it’s time for you to buy a new one. BeyondCorp is transforming enterprise security Top 5 cybersecurity assessment tools for networking professionals IoT Forensics: Security in an always connected world where things talk

Parrot, a Debian-based platform, announced the release of its latest version, Parrot 4.0. This release puts an end to all the development and testing processes of many new features, which were experimented in the previous releases since the release of Parrot 3.9. It also consists of all the updated packages and bug fixes announced since its previous version, Parrot 3.11. So, What’s new in Parrot 4.0? Netinstall Images Introduced Netinstall images are a powerful tool, which enables one to install just the necessary software components. One can even use them to install other desktop environments and to build a system of choice. With the provision of netinstall images in Parrot 4.0,  one can use Parrot as a pentest distribution, and also as a framework to build their very own working environment with ease. Docker images This version includes a release of Parrot’s own Docker templates. Docker is a powerful container technology that allows Parrot users to quickly download a Parrot template and immediately spawn unlimited and completely isolated Parrot instances on top of any host OS. Linux Kernel 4.16 The introduction of the new Linux 4.16 kernel is a very important step forward for Linux distributions. The Linux Kernel 4.16 version includes important updates, such as AMDGPU multi-display fixes, optimized in-kernel filesystem operations and so on. Sandbox Parrot system is secure and sandboxed. This is because of its custom firejail profiles with the underlying AppArmor support. This 4.0 version includes sandboxed applications that are stable and reliable. MATE 1.20 The MATE Desktop Environment is updated to its 1.20 release. This includes many graphic bug fixes and new features, such as HiDPI support, and the ability to auto-resize windows by simply dragging them to the screen corner and can also divide them into new layouts. Nginx This version introduces Nginx as Parrot’s new default web server daemon replacing Apache 2. Apache2 is the most famous web server out there, but it is heavy and complex to configure and maintain. On the other hand, Nginx is very lightweight and easy to use. It is not only a fast and secure web server but also a powerful proxy, cache, load-balancer and general purpose forwarder. And its configuration syntax is very easy to use. Apache2 will be available in the repository or pre-installed as a dependency of some security tools that rely on it. LibreOffice 6 LibreOffice 6 is now included as default in Parrot 4.0, with better documents support, memory efficiency and stability. MD Raid Support The Parrot 4.0 now includes a default MD raid support, which was absent in the previous versions. This is because parrot is also used for forensic analysis, and to open software, raids can be crucial while reading disks in a server environment. Mdadm is also introduced, which can be used as a pre-installed tool. This means that parrot can be installed in a software raid for better reliability. To know more about the new changes in detail, read the release notes. Pentest tool in focus: Metasploit 5 pen testing rules of engagement: What to consider while performing Penetration testing Top 5 penetration testing tools for ethical hackers

Offensive security released their second incremental update on Kali Linux i.e Kali Linux 2018.2.  This release comprises of all the updated packages and bug fixes from the last release in February i.e 2018.1. 2018.2 release is focused on Kernel version 4.15, which contains most-awaited patch fixes for Meltdown and Spectre malwares. Some exciting features of Kali Linux 2018.2 are: Metasploit script access made simple This release comes  for metasploit script writers. Popular metasploit scripts such as pattern_create, pattern_offset, msf- egghunter etc. can be called directly by prepending these script names with msf. These scripts were hidden under /usr/share/metasploit-framework/tools/exploit/ until this release, which made it really difficult for the writers to call these scripts. Kernel Updates Kali Linux 2018.2 is focussed on Kernel version 4.15, which includes x86 and x64 fixes focussed on Malware vulnerabilities. It also comes up with better support for AMD GPUs and support for AMD Secure Encrypted Virtualization, which allows encryption of Virtual Machine memory so that not even Hypervisor has the rights to access it. Package updates Kali Linux has a suite of in-built tools for pentesting different environments. The new release sees some significant updates to these tools. Some of them are as follows: Bloodhound is a tool which uses graph theory to reveal the path of attacks in an Active Directory environment. It has been updated to V1.5 BurpSuite has been updated to V1.7.3.1 Reaver WPS, widely used for WiFi security has been updated to V1.6.4 PixieWPF, the tool launched for pixie dust attack has been updated to V1.2.2 Hashcat, the world’s fastest and advanced password utility has been updated to V4.0.0 Ropper, the ROP gadget finder and binary information tool has been updated to V1.10.10 For the complete set of bug fixes and new features, refer to Kali Linux blog. Top-5-penetration-testing-tools-for-ethical-hackers Introduction to Penetration Testing with Kali Linux [Tutorial] Wireless Attacks in Kali Linux [ Tutorial]

In this ever-growing technology era, one has to ensure the data they put on the internet is in safe hands. No matter which platform you use to share data, there is always a risk of your data being misused. Recently, a group of hackers managed to breach Vevo’s YouTube channel taking down their most-watched videos. This security breach alarmed a lot of viewers as they witnessed something unexpected when searching for popular music videos like ‘Despacito’. The hackers not only took down these videos but also replaced them with a different thumbnail and video title. Apparently, the thumbnail picture used was of a masked gang with guns taken from a Netflix show Casa de Papel and the video title consisted of their nicknames (Prosox and Kuroi’sh). Immediately after this news spread like wildfire, YouTube claimed that it was Vevo that was hacked and not YouTube.  Vevo is owned by the big three record companies in the United States: Warner Music Group, Universal Music Group, and Sony Music Entertainment. Vevo only hosts music videos from artists signed to Sony Music Entertainment and Universal Music Group and those are published on YouTube. YouTube also claimed that there is a big difference between YouTube and Vevo. Anyone with a google account can upload a video to YouTube’s mainstream. But this isn’t the case for Vevo. Vevo is managed by administrators responsible for uploading videos to the website and the Vevo YouTube channel. This means only authorized personnel have access to Vevo’s platform, which is broadcasted on YouTube. This personnel does not have any access to the rest of YouTube overall. It was Vevo’s servers that were hacked as all the affected videos came from that server. Since this attack catered to specific music artists it is still unclear if the hackers got through individual artist accounts or had a wider breakthrough Vevo accounts. So far, only one hacker has claimed that they used scripts to alter video titles. Vevo has already started fixing their security breaches where they have claimed that their affected videos and catalog have been restored to full working order. They are also currently investigating the source of the breach. You can know more about this developing news originally reported by BBC. Check out other latest news: Cryptojacking is a growing cybersecurity threat, report warns Top 5 cloud security threats to look out for in 2018

Kali Linux 2018.1, the first of the many versions of Kali Linux for this year is now available. This release contains all the updates and bug fixes since the last version 2017.3, released in November 2017. The 2018.1 version is boosted by the new Linux 4.14.12 kernel. This brings in an added support for newer hardware and an improved performance. This means, ethical hackers and penetration testers can now use Kali in a more efficient manner to enhance security.   The release also has two exceptional features which include, AMD Secure Memory Encryption, a new feature in the AMD processors that enables automatic encryption and decryption of DRAM. The addition of this feature means that systems will no longer be vulnerable to cold-boot attacks because, even with physical access, the memory will be not be readable. Increased Memory Limits – This release also includes a support for 5-level paging, a new feature of the upcoming processors. These new processors will support 4 PB (petabytes) of physical memory and 128 PB of virtual memory. Several packages including zaproxy, secure-socket-funneling, pixiewps, seclists, burpsuite, dbeaver, and reaver have been updated in Kali 2018.1. Also, for those using Hyper-V to run Kali virtual machines provided by Offensive Security, the Hyper-V virtual machine is now generation 2. This means, the Hyper-V VM is now UEFI-based and supports expanding/shrinking of HDD. The generation 2 also includes Hyper-V integration services, which supports Dynamic Memory, Network Monitoring/Scaling, and Replication. Know more about Kali’s latest release on the Kali Linux Blog.

An example of a social engineering attack using Kali Linux - use a credential harvester to gather the victim's credentials. Redirect your victim to a spoofed website and then collect the login credentials. Part of Kali Linux - Backtrack Evolved: Assuring Security by Penetration Testing. For the full course visit: https://www.packtpub.com/networking-and-servers/kali-linux-backtrack-evolved-assuring-security-penetration-testing-video