Thứ Tư, 3 tháng 6, 2020

An Overview Of Exploit Packs (Update 25) May 2015


Update May 12, 2015

Added CVE-2015-0359 and updates for CVE-2015-0336


Reference table : Exploit References 2014-2015


Update March 20, 2015

Added CVE-2015-0336

------------------------
Update February 19, 2015

Added Hanjuan Exploit kit and CVE-2015-3013 for Angler 

Update January 24, 2015 
http://www.kahusecurity.com

Added CVE-2015-3010, CVE-2015-3011 for Agler and a few reference articles. 
If you notice any errors, or some CVE that need to be removed (were retired by the pack authors), please let me know. Thank you very much!


Update December 12, 2014


Update Jan 8, 2014

 This is version 20 of the exploit pack table - see the added exploit packs and vulnerabilities listed below.

                                             Exploit Pack Table Update 20                                           
  Click to view or download from Google Apps

I want to give special thanks to Kafeine  L0NGC47,  Fibon and  Curt Shaffer for their help and update they made.  Note the new Yara rules sheet / tab for yara rules for exploit kit.
I also want to thank Kahu securityKafeineMalforsec and all security companies listed in References for their research.

If you wish to be a contributor (be able to update/change the exploits or add yara rules), please contact me :)
If you have additions or corrections, please email, leave post comments, or tweet (@snowfl0w) < thank you!

The Wild Wild West image was created by Kahu Security  - It shows current and retired (retiring) kits.

List of changed kits
Gong Da / GonDad Redkit 2.2 x2o (Redkit Light)Fiesta (=Neosploit)  Cool  Styxy DotkaChef
CVE-2011-3544CVE-2013-2551CVE-2013-2465CVE-2010-0188CVE-2010-0188CVE-2012-5692
CVE-2012-0507CVE-2013-2471CVE-2013-0074/3896CVE-2011-3402CVE-2013-1493
CVE-2012-1723CVE-2013-1493CVE-2013-0431
CVE-2013-0431
CVE-2013-2423
CVE-2012-1889CVE-2013-2460CVE-2013-0634 CVE-2013-1493
CVE-2012-4681CVE-2013-2551 CVE-2013-2423
CVE-2012-5076
CVE-2013-0422
CVE-2013-0634
CVE-2013-2465



Angler FlashPack = SafePack White Lotus Magnitude (Popads)Nuclear 3.x Sweet Orange 
CVE-2013-0074/3896CVE-2013-0074/3896CVE-2011-3544CVE-2011-3402CVE-2010-0188CVE-2013-2423
CVE-2013-0634CVE-2013-2551CVE-2013-2465CVE-2012-0507CVE-2012-1723CVE-2013-2471
CVE-2013-2551 CVE-2013-2551CVE-2013-0634CVE-2013-0422CVE-2013-2551
CVE-2013-5329CVE-2013-2460CVE-2013-2423
CVE-2013-2471 ??CVE-2013-2471CVE-2013-2460
CVE-2013-2551CVE-2013-2551

CK HiManNeutrino  Blackhole (last)Grandsoft  Private EK
CVE-2011-3544CVE-2010-0188CVE-2013-0431CVE-2013-0422CVE-2010-0188 CVE-2006-0003
CVE-2012-1889CVE-2011-3544CVE-2013-2460CVE-2013-2460CVE-2011-3544CVE-2010-0188
CVE-2012-4681CVE-2013-0634CVE-2013-2463*CVE-2013-2471CVE-2013-0422CVE-2011-3544
CVE-2012-4792*CVE-2013-2465CVE-2013-2465*and + all or someCVE-2013-2423CVE-2013-1347
CVE-2013-0422CVE-2013-2551CVE-2013-2551exploitsCVE-2013-2463CVE-2013-1493
CVE-2013-0634* switch 2463*<>2465*from the previousCVE-2013-2423
CVE-2013-3897Possibly + exploitsversionCVE-2013-2460
* removedfrom the previous
version

Sakura 1.x LightsOutGlazunov Rawin Flimkit  Cool EK (Kore-sh)Kore (formely Sibhost) 
cve-2013-2471CVE-2012-1723CVE-2013-2463CVE-2012-0507CVE-2012-1723CVE-2013-2460CVE-2013-2423
CVE-2013-2460CVE-2013-1347cve-2013-2471CVE-2013-1493CVE-2013-2423CVE-2013-2463CVE-2013-2460
and + all or someCVE-2013-1690CVE-2013-2423CVE-2013-2471CVE-2013-2463
exploitsCVE-2013-2465CVE-2013-2471
from the previous
version


Styx 4.0Cool Topic EK Nice EK
CVE-2010-0188CVE-2012-0755CVE-2013-2423CVE-2012-1723
CVE-2011-3402CVE-2012-1876
CVE-2012-1723CVE-2013-0634
CVE-2013-0422CVE-2013-2465
CVE-2013-1493cve-2013-2471
CVE-2013-2423and + all or some
CVE-2013-2460exploits
CVE-2013-2463from the previous
CVE-2013-2472version
CVE-2013-2551
Social Eng








=================================================================

The Explot Pack Table has been updated and you can view it here.

Exploit Pack Table Update 19.1  - View or Download from Google Apps

If you keep track of exploit packs and can/wish  to contribute and be able to make changes, please contact me (see email in my profile)
I want to thank L0NGC47, Fibon, and Kafeine,  Francois Paget, Eric Romang, and other researchers who sent information for their help.




Update April 28, 2013 - added CVE-2013-2423 (Released April 17, 2013) to several packs. 
Now the following packs serve the latest Java exploit (update your Java!)

  1. Styx
  2. Sweet Orange
  3. Neutrino
  4. Sakura
  5. Whitehole
  6. Cool
  7. Safe Pack
  8. Crime Boss
  9. CritX



Other changes
Updated:
  1. Whitehole
  2. Redkit
  3. Nuclear
  4. Sakura
  5. Cool Pack
  6. Blackhole
  7. Gong Da
Added:
  1. KaiXin
  2. Sibhost
  3. Popads 
  4. Alpha Pack
  5. Safe Pack
  6. Serenity
  7. SPL Pack

    There are 5 tabs in the bottom of the sheet
  1. 2011-2013
  2. References
  3. 2011 and older
  4. List of exploit kits
  5. V. 16 with older credits



March 2013
The Explot Pack Table, which has been just updated, has migrated to Google Apps - the link is below. The new format will allow easier viewing and access for those who volunteered their time to keep it up to date.

In particular, I want to thank
L0NGC47, Fibon, and Kafeine  for their help.

There are 5 tabs in the bottom of the sheet
  1. 2011-2013
  2. References
  3. 2011 and older
  4. List of exploit kits
  5. V. 16 with older credits
The updates include
  1. Neutrino  - new
  2. Cool Pack - update
  3. Sweet Orange - update
  4. SofosFO aka Stamp EK - new
  5. Styx 2.0 - new
  6. Impact - new
  7. CritXPack - new
  8. Gong Da  - update
  9. Redkit - update
  10. Whitehole - new
  11. Red Dot  - new





The long overdue Exploit pack table Update 17 is finally here. It got a colorful facelift and has newer packs (Dec. 2011-today) on a separate sheet for easier reading.
Updates / new entries for the following 13 packs have been added (see exploit listing below)


  1. Redkit 
  2. Neo Sploit
  3. Cool Pack
  4. Black hole 2.0
  5. Black hole 1.2.5
  6. Private no name
  7. Nuclear 2.2 (Update to 2.0 - actual v. # is unknown)
  8. Nuclear 2.1  (Update to 2.0 - actual v. # is unknown)
  9. CrimeBoss
  10. Grandsoft
  11. Sweet Orange 1.1 Update to 1.0 actual v. # is unknown)
  12. Sweet Orange 1.0
  13. Phoenix  3.1.15
  14. NucSoft
  15. Sakura 1.1 (Update to 1.0  actual v. # is unknown)
  16. AssocAID (unconfirmed)  






Exploit lists for the added/updated packs
AssocAID (unconfirmed)
09-'12
CVE-2011-3106
CVE-2012-1876
CVE-2012-1880
CVE-2012-3683
Unknown CVE
5


Redkit
08-'12
CVE-2010-0188
CVE-2012-0507
CVE-2012-4681
3

Neo Sploit
09-'12
CVE-2012-1723
CVE-2012-4681
2?

Cool
08-'12
CVE-2006-0003
CVE-2010-0188
CVE-2011-3402
CVE-2012-0507
CVE-2012-1723
CVE-2012-4681
5

Black hole 2.0
09-'12
CVE-2006-0003
CVE-2010-0188
CVE-2012-0507
CVE-2012-1723
CVE-2012-4681
CVE-2012-4969 promised
5

Black hole 1.2.5
08-'12
CVE-2006-0003
CVE-2007-5659 /2008-0655
CVE-2008-2992
CVE-2009-0927
CVE-2010-0188
CVE-2010-1885
CVE-2011-0559
CVE-2011-2110
CVE-2012-1723
CVE-2012-1889
CVE-2012-4681
11

Private no name
09-'12
CVE-2010-0188
CVE-2012-1723
CVE-2012-4681
3

Nuclear 2.2 (Update to 2.0 - actual v. # is unknown)
03-'12
CVE-2010-0188
CVE-2011-3544
CVE-2012-1723
CVE-2012-4681
4

Nuclear 2.1 (Update to 2.0 - actual v. # is unknown)
03-'12
CVE-2010-0188
CVE-2011-3544
CVE-2012-1723
3

CrimeBoss
09-'12
Java Signed Applet
CVE-2011-3544
CVE-2012-4681
3

Grandsoft
09-'12
CVE-2010-0188
CVE-2011-3544
2?

Sweet Orange 1.1
09-'12
CVE-2006-0003
CVE-2010-0188
CVE-2011-3544
CVE-2012-4681
4?

Sweet Orange 1.0
05-'12
CVE-2006-0003
CVE-2010-0188
CVE-2011-3544
3?

Phoenix  3.1.15
05-'12
CVE-2010-0842
CVE: 2010-0248
CVE-2011-2110
CVE-2011-2140
CVE: 2011-2371
CVE-2011-3544
CVE-2011-3659
Firefox social
CVE: 2012-0500
CVE-2012-0507
CVE-2012-0779
11

NucSoft
2012
CVE-2010-0188
CVE-2012-0507
2

Sakura 1.1
08-'12
CVE-2006-0003
CVE-2010-0806
CVE-2010-0842
CVE-2011-3544
CVE-2012-4681
5


Version 16. April 2, 2012
Thanks to Kahu security
for Wild Wild West graphic 

The full table in xls format - Version 16 can be downloaded from here. 



 










ADDITIONS AND CHANGES:

1. Blackhole Exploit Kit 1.2.3
Added:
  1. CVE-2011-0559 - Flash memory corruption via F-Secure
  2. CVE-2012-0507 - Java Atomic via Krebs on Security
  3. CVE-2011-3544 - Java Rhino  via Krebs on Security
2. Eleonore Exploit Kit 1.8.91 and above- via Kahu Security
Added:
  1. CVE-2012-0507 - Java Atomic- after 1.8.91was released
  2. CVE-2011-3544 - Java Rhino
  3. CVE-2011-3521 - Java Upd.27  see Timo HirvonenContagio, Kahu Security and Michael 'mihi' Schierl 
  4. CVE-2011-2462 - Adobe PDF U3D
Also includes
"Flash pack" (presumably the same as before)
"Quicktime" - CVE-2010-1818 ?
3. Incognito Exploit Pack v.2 and above 
there are rumors that Incognito development stopped after v.2 in 2011 and it is a different pack now. If you know, please send links or files.

Added after v.2 was released:
  1. CVE-2012-0507 - Java Atomic
See V.2 analysis via StopMalvertizing

4. Phoenix Exploit Kit v3.1 - via Malware Don't Need Coffee
Added:
  1. CVE-2012-0507 -  Java Atomic
  2. CVE-2011-3544 -  Java Rhino + Java TC (in one file)

5. Nuclear Pack v.2 - via TrustWave Spiderlabs


  1. CVE-2011-3544 Oracle Java Rhino
  2. CVE-2010-0840 JRE Trusted Method Chaining
  3. CVE-2010-0188 Acrobat Reader  – LibTIFF
  4. CVE-2006-0003 MDAC
6. Sakura Exploit Pack > v.1 via DaMaGeLaB

  1. CVE-2011-3544 - Java Rhino (It was in Exploitpack table v15, listing it to show all packs with this exploit)

7. Chinese Zhi Zhu Pack via Kahu Security and Francois Paget (McAfee)
  1. CVE-2012-0003 -  WMP MIDI 
  2. CVE-2011-1255 - IE Time Element Memory Corruption
  3. CVE-2011-2140 - Flash 10.3.183.x
  4. CVE-2011-2110 - Flash 10.3.181.x 
  5. CVE-2010-0806 - IEPeers

8. Gong Da Pack via Kahu Security 
  1. CVE-2011-2140  - Flash 10.3.183.x
  2. CVE-2012-0003 -  WMP MIDI  
  3. CVE-2011-3544 - Java Rhino 





  1. CVE-2010-0886 - Java SMB
  2. CVE-2010-0840 - JRE Trusted Method Chaining
  3. CVE-2008-2463 - Snapshot
  4. CVE-2010-0806 - IEPeers
  5. CVE-2007-5659/2008-0655 - Collab.collectEmailInfo
  6. CVE-2008-2992 - util.printf
  7. CVE-2009-0927 - getIco
  8. CVE-2009-4324 - newPlayer



Version 15. January 28, 2012

Additions - with many thanks to Kahu Security

 Hierarchy Exploit Pack
=================
CVE-2006-0003
CVE-2009-0927
CVE-2010-0094
CVE-2010-0188
CVE-2010-0806
CVE-2010-0840
CVE-2010-1297
CVE-2010-1885
CVE-2011-0611
JavaSignedApplet

Siberia Private
==========
CVE-2005-0055
CVE-2006-0003
CVE-2007-5659
CVE-2008-2463
CVE-2008-2992
CVE-2009-0075
CVE-2009-0927
CVE-2009-3867
CVE-2009-4324
CVE-2010-0806

Techno XPack
===========
CVE-2008-2992
CVE-2010-0188
CVE-2010-0842
CVE-2010-1297
CVE-2010-2884
CVE-2010-3552
CVE-2010-3654
JavaSignedApplet

"Yang Pack"
=========
CVE-2010-0806
CVE-2011-2110
CVE-2011-2140
CVE-2011-354
Version 14. January 19, 2012
Version 14 Exploit Pack table additions:

Credits for the excellent Wild Wild West (October 2011 edition) go to kahusecurity.com

With many thanks to  XyliBox (Xylitol - Steven),  Malware Intelligence blog,  and xakepy.cc for the information:

  1. Blackhole 1.2.1  (Java Rhino added, weaker Java exploits removed)
  2. Blackhole 1.2.1 (Java Skyline added)
  3. Sakura Exploit Pack 1.0  (new kid on the block, private pack)
  4. Phoenix 2.8. mini (condensed version of 2.7)
  5. Fragus Black (weak Spanish twist on the original, black colored admin panel, a few old exploits added)
If you find any errors or CVE information for packs not featured , please send it to my email (in my profile above, thank you very much) .
























 
The full table in xls format - Version 14 can be downloaded from here. 

The exploit pack table in XLSX format
The exploit pack table in csv format 

 P.S. There are always corrections and additions thanks to your feedback after the document release, come back in a day or two to check in case v.15 is out.



Version 13. Aug 20, 2011


Kahusecurity issued an updated version of their Wild Wild West graphic that will help you learn Who is Who in the world of exploit packs. You can view the full version of their post in the link above.

Version 13 exploit pack table additions:
  1. Bleeding Life 3.0
  2. Merry Christmas Pack (many thanks to kahusecurity.com)+
  3. Best Pack (many thanks to kahusecurity.com)
  4. Sava Pack (many thanks to kahusecurity.com)
  5. LinuQ 
  6. Eleonore 1.6.5
  7. Zero Pack
  8. Salo Pack (incomplete but it is also old)



List of packs in the table in alphabetical order
  1. Best Pack
  2. Blackhole Exploit 1.0
  3. Blackhole Exploit 1.1
  4. Bleeding Life 2.0
  5. Bleeding Life 3.0
  6. Bomba
  7. CRIMEPACK 2.2.1
  8. CRIMEPACK 2.2.8
  9. CRIMEPACK 3.0
  10. CRIMEPACK 3.1.3
  11. Dloader
  12. EL Fiiesta
  13. Eleonore 1.3.2
  14. Eleonore 1.4.1
  15. Eleonore 1.4.4 Moded
  16. Eleonore 1.6.3a
  17. Eleonore 1.6.4
  18. Eleonore 1.6.5
  19. Fragus 1
  20. Icepack
  21. Impassioned Framework 1.0
  22. Incognito
  23. iPack
  24. JustExploit
  25. Katrin
  26. Merry Christmas Pack
  27. Liberty  1.0.7
  28. Liberty 2.1.0*
  29. LinuQ pack
  30. Lupit
  31. Mpack
  32. Mushroom/unknown
  33. Open Source Exploit (Metapack)
  34. Papka
  35. Phoenix  2.0 
  36. Phoenix 2.1
  37. Phoenix 2.2
  38. Phoenix 2.3
  39. Phoenix 2.4
  40. Phoenix 2.5
  41. Phoenix 2.7
  42. Robopak
  43. Salo pack
  44. Sava Pack
  45. SEO Sploit pack
  46. Siberia
  47. T-Iframer
  48. Unique Pack Sploit 2.1
  49. Webattack
  50. Yes Exploit 3.0RC
  51. Zero Pack
  52. Zombie Infection kit
  53. Zopack


----------------------------------------------
Bleeding Life 3.0
New Version Ad is here 

Merry Christmas Pack
read analysis at
kahusecurity.com
  
Best Pack
read analysis at 
kahusecurity.com
 Sava Pack
read analysis at
kahusecurity.com
Eleonore 1.6.5 
[+] CVE-2011-0611
[+] CVE-2011-0559
[+] CVE-2010-4452
[-] CVE-2010-0886
Salo Pack
Old (2009), added just for
the collection


Zero Pack
62 exploits from various packs (mostly Open Source pack)
LinuQ pack
Designed to compromise linux servers using vulnerable PHPMyAdmin. Comes with DDoS bot but any kind of code can be loaded for Linux botnet creation.
LinuQ pack is PhpMyAdmin exploit pack with 4 PMA exploits based on a previous Russian version of the Romanian PMA scanner ZmEu. it is not considered to be original, unique, new, or anything special. All exploits are public and known well.


It is designed to be installed on an IRC server (like UnrealIRCD). IP ranges already listed in bios.txt can be scanned, vulnerable IPs and specific PMA vulnerabilities will be listed in vuln.txt, then the corresponding exploits can be launched against the vulnerable server. It is more like a bot using PMA vulnerabilities than exploit pack.
It is using
CVE-2009-1148 (unconfirmed)
CVE-2009-1149 (unconfirmed)
CVE-2009-1150 (unconfirmed)
CVE-2009-1151 (confirmed)



 ====================================================================
Version 12. May 26, 2011
additional changes (many thanks to kahusecurity.com)
Bomba
Papka

See the list of packs covered in the list below


The full table in xls format - Version 12 can be downloaded from here.
I want to thank everyone who sent packs and information  :)





Version 11 May 26, 2011 Changes:
    1. Phoenix2.7
    2. "Dloader" (well, dloader is a loader but the pack is  some unnamed pack http://damagelab.org/lofiversion/index.php?t=20852)
    3. nuclear pack
    4. Katrin
    5. Robopak
    6. Blackhole exploit kit 1.1.0
    7. Mushroom/unknown
    8. Open Source Exploit kit






    ====================================================================

    10. May 8, 2011 Version 10        Exploit Pack Table_V10May11
    First, I want to thank everyone who sent and posted comments for updates and corrections. 

    *** The Wild Wild West picture is from a great post about evolution of exploit packs by Kahu Security  Wild Wild West Update


     As usual, send your corrections and update lists.


    Changes:
    • Eleonore 1.6.4
    • Eleonore 1.6.3a
    • Incognito
    • Blackhole
    Go1Pack  (not included) as reported as being a fake pack, here is a gui. Here is a threatpost article referencing it as it was used for an attack 
    Also, here is another article claiming it is not a fake http://community.websense.com/blogs/securitylabs/archive/2011/04/19/Mass-Injections-Leading-to-g01pack-Exploit-Kit.aspx
    Go1 Pack CVE are reportedly
    CVE-2006-0003
    CVE-2009-0927
    CVE-2010-1423
    CVE-2010-1885
    Does anyone have this pack or see it offered for sale?

    Exploit kits I am planning to analyze and add (and/or find CVE listing for) are:

    • Open Source Exploit Kit
    • SALO
    • K0de

    Legend: 
    Black color entries by Francois Paget
    Red color entries by Gunther
    Blue color entries by Mila

    Also, here is a great presentation by Ratsoul (Donato Ferrante) about Java Exploits (http://www.inreverse.net/?p=1687)

    --------------------------------------------------------
     9.  April 5, 2011  Version 9        ExploitPackTable_V9Apr11

    It actually needs another update but I am posting it now and will issue version 10 as soon as I can.

    Changes:
    Phoenix 2.5
    IFramer
    Tornado
    Bleeding life

    Many thanks to Gunther for his contributions.
    If you wish to add some, please send your info together with the reference links. Also please feel free to send corrections if you notice any mistakes






    8. Update 8 Oct 22, 2010 Version 8 ExploitPackTable_V8Oct22-10

    Changes: 
    1. Eleonore 1.4.4 Moded added (thanks to malwareint.blogspot.com)
    2. Correction on CVE-2010-0746 in Phoenix 2.2 and 2.3. It is a mistake and the correct CVE is CVE-2010-0886 (thanks to etonshell for noticing)
    3. SEO Sploit pack added (thanks to whsbehind.blogspot.com,  evilcodecave.blogspot.com and blog.ahnlab.com)


    7. Update 7 Oct 18, 2010 Version 7 ExploitPackTable_V7Oct18-10 released
     thanks to SecNiche we have updates for Phoenix 2.4 :)
      
    We also added shorthand/slang/abbreviated names for exploits for easy matching of exploits to CVE in the future. Please send us more information re packs, exploit names that can be added in the list. Thank you!

     
    6. Update 6 Sept 27, 2010 Version 6 ExploitPackTable_V6Sept26-10 released
     Thanks to Francois Paget (McAfee) we have updates for Phoenix 2.2 and Phoenix 2.3


    5. Update 5. Sept 27, 2010 Version 5 ExploitPackTable_V5Sept26-10 released
    Added updates for Phoenix 2.1 and Crimepack 3.1.3

      
    4 Update 4  July 23, 2010  Version 4 ExploitPackTable_V4Ju23-10 released. Added a new Russian exploit kit called Zombie Infection Kit to the table. Read more at malwareview.com
    Update 3  July 7, 2010. Please read more about this on the Brian Krebs' blog Pirate Bay Hack Exposes User Booty 
    Update 2 June 27, 2010 Sorry but Impassioned Framework is back where it belongs - blue
    Update 1 June 24, 2010 Eleonore 1.4.1 columns was updated to include the correct list of the current exploits.

    Francois Paget  www.avertlabs.com kindly agreed to allow us to make additions to his Overview of Exploit Packs table published on Avertlabs (McAfee Blog)

    Many thanks to Gunther from ARTeam for his help with the update. There are a few blanks and question marks, please do no hesitate to email me if you know the answer or if you see any errors.



    Please click on the image below to expand it (it is a partial screenshot)  Impassioned Framework is tentatively marked a different color because the author claims it is a security audit tool not exploit pack. However, there was no sufficient information provided yet to validate such claims. The pack is temporarily/tentatively marked a different color. We'll keep you posted.


    Related links


    Người đăng: vào lúc Không có nhận xét nào:

    How To Track Iphone Without Them Knowing

    Few feelings are as stomach-sinkingly awful as the thought of losing an expensive new iPhone. Whether you left it on the bus or someone slid it out of your back pocket, we put so much store in our phones that their loss leaves is saddened and angered. Most of us keep at least copies of everything in our lives on our phones, from personal conversations to emails, 


    To say nothing of all our personal information and social media accounts. Of course there are security measures in place, but nobody wants to risk having all that information fall into the hands of the wrong people. In this article, I will show you how to find a phone that has been lost, whether your own phone or the phone of a friend or family member.

    Can you track an iPhone without them knowing?

    First off, hopefully you activated the Find My Phone feature of your iPhone when you still had it in your possession. Secondly, if your phone doesn't have service (and thus a connection to the Internet) or if you don't have iCloud set up, then these solutions are not going to work for you. Unfortunately phone technology is advanced but it isn't magical; if your phone isn't talking to the network or if you haven't turned on Find My Phone, then unfortunately the technological solution is probably not going to work. (Seriously. If you have possession of your phone(s) then stop reading this article, pick up your devices, go to Settings and select "Find My Phone" (iPhone) or "Find My Device" (Android) and make sure they are toggled on. TTjem upi cam dp ot/"

    Without further ado, let's find your phone!

    Can I Tell if Someone is Tracking my iPhone?

     

    image1-3

    Usually yes, if someone is using the "Find my Phone" feature, it will be displaying things on the iPhone screen. Thankfully, "Find My iPhone" comes pre-loaded on all phones with iOs 9 or newer. "Find my iPhone" is the gold standard when it comes to locating your lost iPhone. The service is integrated as part of iCloud. Here's how to use it to find your missing iPhone then track down your phone's exact location.

    Step 1: Open up the "Find My iPhone" on a different device

    It doesn't matter if you decide to use your iPad, your laptop, or a friend's iPhone – you can run the Find My Phone app fr0m Mac. You can use the Find my Phone app.

    If you are using an Apple product like another phone or an iPad, you can simply click on the app.

    If you are using a computer (even a Windows PC will work), go to icloud.com then click on the "Find iPhone" icon. Once you've clicked on the "Find iPhone" icon the website process and "Find my iPhone" app process are the same.

    Step 2: Input Your Apple ID Credentials (they are the same as your iCloud info)

    Since you are not using your phone, you won't be automatically logged in.

    Once you log in to the app, select the "All Devices" drop-down option and then find the device that you want to locate.

    Step 3: Once You Select Your Phone, Options Will Appear

    As soon as you select your device on the page, iCloud will begin to search for it. If the search is successful, you will see your device on a map, pinpointing it's location. Before you sprint out the door to get it, there are some other options you should take a look at.

    Once you select your device you will have three additional options in addition to seeing your phone's location. These options are playing a sound, activating "Lost Mode" and erase the phone.

    Playing the sound is a great way to find your phone if you lost it somewhere around your house. If you click the option, an audio alert will go off on your phone which will hopefully help you find it. The alert will sound like a loud pinging noise alerting you that your phone is at home with you and not at the coffee shop you just visited. If you hear the pinging sound then you'll quickly find your phone by just following the sound.

    When enabled, Lost Mode will lock your phone with a passcode and will display a message of your choice. This can either ensure it will be safe until you can find it, or will alert the thief what you expect of them and that you know where they are. This mode can also enable location services on your phone too.

    However, if things have gone too far and you think there is a very slim chance you will ever get your device back – perhaps your phone has already crossed an international border – the best course of action is to simply erase it. Yes, this is giving up, but it also prevents your personal information getting into the hands of someone who could abuse it.

    If you follow these steps, you should have your phone back in your pocket in no time. 

    Is there an app to track someones phone without them knowing?

    maxresdefault-11

    What if you're looking for someone else's phone? I'm sorry to burst your bubble, but you are not allowed to track someone else's phone without their knowledge. While there are supposedly apps that you can install on a target's phone to track it and keep tabs on what they are doing on it, that is completely illegal and immoral. In addition to the moral issue, there is the practical fact that they could find the app which could lead to a very awkward situation, possibly one involving the police.

    However, there are times when you want to find a friend's phone and you have a legitimate reason, and (the important part) they have given you permission to find it. Just as when you were looking for your own phone, there is an app that can help you find the phones of your friends and family with ease. The "Find My Friends" app used to be an extra download, but now it comes with iOS, so if your friends have ever updated their phone, they should have it.

    "Find My Friends" is an app that basically allows you to share your location with others and vice versa. It can be great for keeping track of where your kids are, knowing what your significant other is doing, or just keeping tabs on your friends. It can also help them find a lost phone (as long as you have "Shared Locations" with them). Here is how to set it up:

    Step 1: Open the app on your phone and the phone of the person you want to be able to share locations with.

    Step 2: Click your profile in the bottom left of the screen.

    Step 3: Enable "Share My Location" and make sure AirDrop is enabled on your own phone.

    Step 4: From there, your friends and family will be able to search/add you to share your location with them and vice versa. You each will need to accept the "Shared Location" request from the other. Now, you can just click on their profile in the app and keep track of them.

    As you likely realized while reading this article, it is a much better idea to be proactive than reactive when it comes to tracking phones. If you set up "Find My iPhone" and "Find My Friends" before your phone gets stolen or lost, it will save you a lot of potential hassle down the road. While it may be a bit worrisome to have someone be able to see your location at all times, it can really save you once your phone goes missing and you need to track it down. It is obviously best to pick someone who you trust not to take advantage of the information an app like "Find My Friends" can provide them.

    No one deserves to have their phone stolen or go missing, but thankfully, there are some ways to find it, or at least have the information deleted. Hopefully, this guide helped you be able to find your phone or the phone of your friends and family, or at least prepared you for when it may happen.

    If you have other ways of finding a lost phone, please share them with us below!

    @EVERYTHING NT

    Read more
    1. Pentest Ubuntu
    2. Pentest Wifi
    3. Hacking Device
    4. Hacking Bluetooth
    5. Pentest With Kali Linux
    6. Pentest Website
    7. Hacking Tools
    8. Pentest Tools
    9. Hacker Lab
    10. Pentest Plus
    11. Hacker0Ne
    12. Hacking With Raspberry Pi
    13. Pentest +
    Người đăng: vào lúc Không có nhận xét nào:

    Ask And You Shall Receive



    I get emails from readers asking for specific malware samples and thought I would make a mini post about it.

    Yes, I often obtain samples from various sources for my own research.

     I am sometimes too lazy/busy to post them but don't mind sharing.
    If you are looking for a particular sample, feel free to ask. I might have it.

    Send MD5 (several or few samples). I cannot provide hundreds/thousands of samples or any kind of feeds. If you ask for a particular family, I might be able to help if I already have it.

    Unfortunately, I do not have time to do homework for students and provide very specific sets for malware with specific features as well as guarantee the C2s are still active.  Send your MD5(s) or at least malware family and I check if I have it :) If i have it, I will either send you or will post on the blog where you can download.

    If you emailed me in the past and never got an answer, please remind me. Sometimes emails are long with many questions and I flag them to reply to later, when I have time and they get buried or I forget. It does not happen very often but accept my apologies if it happened to you.

    Before you ask, check if it is already available via Contagio or Contagio Mobile.
    1. Search the blog using the search box on the right side
    2. Search here https://www.mediafire.com/folder/b8xxm22zrrqm4/BADINFECT
    3. Search here https://www.mediafire.com/folder/c2az029ch6cke/TRAFFIC_PATTERNS_COLLECTION
    4. Search here https://www.mediafire.com/folder/78npy8h7h0g9y/MOBILEMALWARE

    Cheers,  Mila

    Read more


    Người đăng: vào lúc Không có nhận xét nào:

    KPOT Info Stealer Samples


    KPOT Stealer is a "stealer" malware that focuses on stealing account information and other data from various software applications and services

    References

    1.  2020-04-19 Didier Stevens posted analysis of KPOT infostealer on the Infosec Handlers Diary blog "KPOT Analysis: Obtaining the Decrypted KPOT EXE"
    These are samples to follow his analysis routine.

    2. 2019-05-09 Proofpoint. New KPOT v2.0 stealer brings zero persistence and in-memory features to silently steal credentials


    Download

                 Other malware




    Download. Email me if you need the password (see in my profile)




    Hashes

    1. From Didier Stevens' post

    MD5  56ad7b243511ee7398d43df7643dc904
    SHA-1  ae5ab7798ca267b1265a0496c562f219821d17cf
    SHA-256  3fd4aa339bdfee23684ff495d884aa842165e61af85fd09411abfd64b9780146

    2. From Proofpoint

    MD5 7d7667ddce8fd69a0fd50bb08c287d10
    SHA-1 087fc3e9a082983ee6a2b25f0ccb09eb723e0f39

    SHA-256 67f8302a2fd28d15f62d6d20d748bfe350334e5353cbdef112bd1f8231b5599d

    MD5 45ddc687f88b45fc3fec79f9dc8b38e2
    SHA-1 de37b748e0e32d96c31f469f9ba4ea4f11e3e78b
    SHA-256 36dcd40aee6a42b8733ec3390501502824f570a23640c2c78a788805164f77cecontagio.deependresearch.org/crime/kpotstealer(proofpoint)_win_samp.zip
    Related news
    1. Pentest Dns
    2. Pentest Lab Setup
    3. Pentest Enumeration
    4. Pentesting Tools
    5. Pentest Vs Ethical Hacking
    6. Pentest Ftp
    7. Hacking Growth
    8. Rapid7 Pentest
    9. Hacking Wifi
    10. Pentest Usb
    11. Pentest Standard
    12. Hacking Link
    13. Pentest With Kali
    14. Pentest As A Service
    15. Hacking Books
    16. Hacker Computer
    17. Pentestmonkey
    18. Hacking Resources
    Người đăng: vào lúc Không có nhận xét nào:

    Top 20 Best Free Hacking Apps For Android |2019|

     20 Best Free hacking apps For Android |2019|. 

    Android is now one of the most popular operating systems. So, hackers have also started using Android devices for their tasks. Now Android devices are used for penetration testing and other hacking activities including IT security administrator, Wi-Fi hacking and network monitoring. There are several hacking apps or Android devices. So, we have curated a list of best hacking apps for Android.


    Before you start using these apps, you must take a backup of your important data. I also recommend the use of these apps on a separate device. Using this on your primary phone is not recommended. It is because many of these apps require a rooted device and app can also harm your phone.


    Note: Hacking apps can be used for educational and malicious purpose. But we never encourage malicious operations. We are listing the apps here just for educational purpose. You should only use these apps to learn. We do not support any unethical use of these apps.

    1.  AndroRAT

    AndroRAT stands for Android RAT. RAT is the short form of Remote Administrative Tool and it allows an attacker to remotely control and fetch information from a device. AndroRAT does the same thing. It has a server developed in Java/Swing but the Android application has been developed in Java Android.

    AndroRAT allows you to connect information like call logs, contacts, messages, location and more. You can remotely monitor sent and received messages send texts, use the camera, open a URL in the browser, make phone calls and remotely monitor the device.

    The connection to the server can be triggered by an SMS or a call. From the server GUI, you can check all the connected clients and access information.

    As the app allows silent remote access, it is not available on Play Store.

                    Download APK

    2. zANTI

    zANTI is a known penetration testing suite of applications you can install locally on Android smartphone. This tool brings scanning tools Diagnostic features and Reporting tools. You can use this malicious software to attack a network and check for any loopholes in your network. This tool is used to test redirect and SSL stripping attacks. You can edit request and response messages from web servers, the host takes websites from your Android phone and more.


                      Download 

    3. FaceNiff

    FaceNiff is another good Android hacking that allows you to intercept the traffic of your WiFi network. You can use this tool to snoop what people are doing on the network you are. You can snoop on services like Facebook, Twitter, Amazon, YouTube and more. This is one of the notable too for steal cookies from the WiFi network and gives the attacker unauthorized access to other people's account.

    This app requires a rooted device. So, you can only use the app if you have a rooted phone.

    Download APK

    4. Droidsheep

    Droidsheep is also a similar app that helps security analysts understand what is happening in your Wi-Fi network. Like Face Sniff, this app can also hijack the web session profiles over a network and supports most of the services and websites.

    The primary difference between Droidsheep and FaceSniff is that Droidsheep works with almost all the websites while FaceSniff has limited support.

                         Download APK

    5. Hackode

    Hackode is another good hacking apps for Android. It is not a single app but a collection of tools for ethical hackers and penetration testers. The app comes with three modules including Reconnaissance, Scanning and Security Feed. You can use this app for SQL Injection, Google hacking, MySQL Server, Whois, Scanning, DNS Dif, DNS lookup, IP, MX Records, Security RSS Feed, Exploits etc.

    The app is still in beta, but available in Play Store.

                      Download Here

    6. cSploit

    cSploit is also a good security tool for Android. It comes with several options like cracking Wi-Fi password, installing backdoors, finding vulnerabilities and their exploits. If you are looking for a good hacking app or hacker app for Android, you should try this one for sure.

                      Download APK

    7. DroidBox

    DroidBox is also a similar kind of app that allows you to do the dynamic analysis of Android applications. You can use this app to get information like hashes of APK package, network traffic, SMS & phone calls, Incoming/outgoing network data, Listing broadcast receivers and more.

                        Download

    8. Nmap

    If you are into security or hacking, I am sure you already know the name of this too. Like the desktop tool, Nmap for Android also allows you to scan

    It works on both on non-rooted and rooted phones. If you are a beginner, you should try this app and learn from it.

                          Download

    9. SSHDroid

    SSHDroid is SSH tool developed for Android. It lets you connect to a remote computer and run terminal commands, transfer and edit files. The app also provided features like shared-key authentication, WiFi autostart whitelist, extended notification control etc,

    This app is available on Play Store.

                        Download

    10. Kali Linux NetHunter

    Kali Linux NetHunter is an open source penetration testing platform for Android. It officially supports Nexus and OnePlus devices. It provides the ultimate penetration testing platform that allows you to perform a wide range of attacks.

                         Download

    11. APKInspector

    APKInspector allows you to perform reverse engineering on an APK. you can use this to get a deep insight or APK and get the source code of any Android app. You can do modifications in the APK and visualize the DEX code to erase the credits and license.

                     Download APK

    12. Shark for Root

    Shark for Root is an advanced hacking tool for security experts and hackers. It can work as a traffic snipper. You can use the tcpdump command on rooted devices. It works on Wi-Fi, 3G, and FroYo tethered mode.

                        Download

    13. dSploit

    dSploit is an Android network penetrating testing suit. You can download and install it on your device to perform network security testing. It supports all Android devices running on Android 2.3 Gingerbread or higher. You need to root this phone for using the app. After rooting the phone, you need to download BusyBox from Google Play Store

    The app comes with several modules including Port Scanner, Inspector, RouterPWN, Trace, Login Cracker, Packet Forger, Vulnerability Finder, and MITM.

                          Download

    14. WPScan

    WPScan is a WordPress vulnerability scanner for Android. This app is used to scan WordPress based websites and find possible vulnerabilities. WPScan is a popular desktop tool but this WPScan for Android is not related to that. So, do not think of it as an official WPScan app.

                          Download

    15. Network Mapper

    Network Mapper is a network scanner tool for network admins. It used to scan the network, lists all devices connected and find Open ports of various servers like FTP servers, SSH servers, SMB servers etc on the network. The tool is available on Play Store.

                         Download

    16. Andosid

    Andosid is like LOIC for the desktop. This tool is used to perform DOS attacks from Android mobile phones. You can use this tool to set a target URL and perform a DOS attack in one click. The tool will start flooding target URL with fake requests.

                         Download

    17. DroidSQLi

    DroidSQLi app allows attackers to perform SQL Injection on a target URL. You just need to find a target URL and this tool will start the fully automated SQL Injection attack.

                         Download

    18. AppUse

    AppUse is a Virtual Machine developed by AppSec Labs. It is a freely available mobile application security testing platform that comes with lots of custom made tools by AppSec Labs. If you want to sue your Android phone as your penetration testing tool, this one is for you.

                       Download

    19. Network Spoofer

    Network Spoofer is also a good hacking app for android. It lets you change the website on other people's computer from your Android phone. Connect to a WiFI network and then choose a spoof to use with the app. this tool is to demonstrate how vulnerable a network is. Do not try this on any unauthorized networks.

                     Download

    20. DroidSheep Guard

    As the name suggests, DroidSheep Guard works against DroidSheep. It monitors Android devices' ARP-table and tries to detect ARP-Spoofing attack on your network. It does not require a rooted device.

                   Download


    @EVERYTHING NT


    Related posts


    1. Hacking Names
    2. Pentest Blog
    3. Hacking With Python
    4. Hacking Tutorials
    5. Pentest Security
    6. Hacker Software
    7. Pentest Web Application
    8. Hacking To The Gate
    9. Hacking Apps
    10. Hacker Google
    11. Pentest News
    12. Pentest Partners
    13. Hacking Google
    14. Pentest Firewall
    15. Pentest Plus
    16. Pentest Os
    Người đăng: vào lúc Không có nhận xét nào:

    Thứ Ba, 2 tháng 6, 2020

    Linux/AirDropBot Samples



    Reference








    Download

           
          Other malware


    Hashes

    MD5
    SHA256
    SHA1
    85a8aad8d938c44c3f3f51089a60ec16
    1a75642976449d37acd14b19f67ed7d69499c41aa6304e78c7b2d977e0910e37
    2f0079bb42d5088f1fec341cb68f15cdd447ac43
    2c0afe7b13cdd642336ccc7b3e952d8d
    64c0e594d4926a293a1f1771187db8cfb44a0dda80d8b25b4f0c975e1e77745c
    fef65085a92654cbcf1e3e0d851c6cda8dd3b03d
    94b8337a2d217286775bcc36d9c862d2
    71c02b99046c3be12e31577aa6623ce47dfb7f369e67af564d2bd499080c03b6
    d5deeb1b61026479acb421583b7b82d09d63e921
    417151777eaaccfc62f778d33fd183ff
    bf6941e644a430fef43afc749479859665a57b711d5483c2c7072049c7db17b7
    f76b9447db23229edae17a3160e04df41bc35a9d
    d31f047c125deb4c2f879d88b083b9d5
    2785845c97a69e15c9c1535216732a9d24bcf8f7244ce7872a2b0d2d4bcb92c3
    4693505ef4c029112c4b85a16762cf90f0d69c15
    ff1eb225f31e5c29dde47c147f40627e
    f7ab3d315961d84da43f30a186136a56f5aa1e9afe6b56a0d357accd5f0ab81a
    d5f2a976b703b5e687ffc58c408e0bc880838ae7
    f3aed39202b51afdd1354adc8362d6bf
    fa2bc8d988c8dfbdc965f1373bd80e9f5862868397c1bcb5e84b1e9c1756e0e2
    31f0bca917cfbffcc126219439d38fe80d5c8460
    083a5f463cb84f7ae8868cb2eb6a22eb
    d654850f7785a5adb34f0808e2952f66e3784c0a32427fab9e97c75f0a48d9f5
    ed4359a2805ce69771253d2257598b5c63c36c8e
    9ce4decd27c303a44ab2e187625934f3
    a2a245f12ae44cca79f03a465e2dc3dfa222dfcfda1017824b16abf397f16255
    710e85ae3d362d3c8f3759319c308ff9b4dcdc86
    b6c6c1b2e89de81db8633144f4cb4b7d
    2480be0d00193250bc9eb50b35403399ed44f53d5d919600ee5bab14ef769530
    ee77141054ac8d2fad062bcd79832b5f481c7dfb
    abd5008522f69cca92f8eefeb5f160e2
    509299df2f6150f59ed777873d3b7c708587c68a4004b4654a8cf2a640dd50aa
    15cf94828c07e080b9c455738f3219859d9ab732
    a84bbf660ace4f0159f3d13e058235e9
    565deb4b1a7397d2497c75c9635b81d2e3b6427f0c576e5cd3c4224660712b56
    c56fea8c1c949394e539d5ab3e3df7dfd329844a
    5fec65455bd8c842d672171d475460b6
    121c7ebfb99d8ef39f72bf7c787be4c15e2e08b731f01172605a4d34d27f08eb
    3b6ca4525c3aad0583400b911b015071a0ea6133
    4d3cab2d0c51081e509ad25fbd7ff596
    7f71577b63b449c1a9e9aa516fa9e4320fe5f79548a00025a430894a269ab57b
    d521f25362791de4d8a82a2683f032c1dd816e74
    252e2dfdf04290e7e9fc3c4d61bb3529
    834fc5c0ccfde1f3d52d88355717f119221118ee2d26018b417c50d066e9e978
    c8f3130e64a6f825b1e97060cf258e9086a2b650
    5dcdace449052a596bce05328bd23a3b
    22949a7a3424f3b3bdf7d92c5e7a7a0de4eb6bbe9c523d57469944f6a8b1d012
    f2c072560559a3f112e2000c8e28ee975b2b9db3
    9c66fbe776a97a8613bfa983c7dca149
    18c08d3c39170652d4770b2f7785e402b58c1f6c51ba1338be4330498ef268f4
    18a99ec770109357d1adbc1c2475b17d4dcca651
    59af44a74873ac034bd24ca1c3275af5
    1c345b5e7c7fdcc79daa5829e0f93f6ae2646f493ae0ec5e8d66ab84a12a2426
    98f789e91809203fbf1b7255bd0579fc86a982ba
    9642b8aff1fda24baa6abe0aa8c8b173
    98165c65d83fd95379e2e7878ac690c492ac54143d7b12beec525a9d048bedae
    bd447e0e77a9192b29da032db8e1216b7b97f9ed
    e56cec6001f2f6efc0ad7c2fb840aceb
    7a2bf405c5d75e4294c980a26d32e80e108908241751de4c556298826f0960f1
    b1c271d11797baac2504916ac80fd9e6fac61973
    54d93673f9539f1914008cfe8fd2bbdd
    c396a1214956eb35c89b62abc68f7d9e1e5bd0e487f330ed692dd49afed37d5a
    72a9b8d499cce2de352644a8ffeb63fd0edd414b
    6d202084d4f25a0aa2225589dab536e7
    c691fecb7f0d121b5a9b8b807c5767ad17ae3dd9981c47f114d253615d0ef171
    a68149c19bfddcdfc537811a3a78cd48c7c74740
    cfbf1bd882ae7b87d4b04122d2ab42cb
    892986403d33acb57fca1f61fc87d088b721bdd4b8de3cd99942e1735188125b
    a067a0cf99650345a32a65f5bc14ab0da97789b6

    Related articles

    1. Pentest Companies
    2. Pentest Stages
    3. Hacking Resources
    4. Pentest +
    5. Hacking Books
    6. What Hacking Is
    7. Pentest Example Report
    8. Hackerrank Sql
    9. Hacking Jacket
    10. Pentest Ubuntu
    11. Pentest Questions
    12. Hacker Types
    Người đăng: vào lúc Không có nhận xét nào:

    Thứ Hai, 1 tháng 6, 2020

    🔔 See Nguyen Jacques's photo tag and other notifications you've missed

     
      A lot has happened on Facebook since you last logged in. Here are some notifications you've missed from your friends.       Nguyen Huu Tai             9 messages           3 pokes           81 friend requests           3 photo tags           23 new notifications    
       
     
       You have new notifications.
     
    		   
       
     
    A lot has happened on Facebook since you last logged in. Here are some notifications you've missed from your friends.
     
       
    Nguyen Huu Tai
     
     
          9 messages
     
          3 pokes
     
          81 friend requests
     
          3 photo tags
     
          23 new notifications
     
     
    		   
       
     
    Go to Facebook
    		   
    View Notifications
     
    		   
       
     
    This message was sent to nguyenhuutai_yct.caohongtham@blogger.com. If you don't want to receive these emails from Facebook in the future, please unsubscribe.
    Facebook, Inc., Attention: Community Support, 1 Facebook Way, Menlo Park, CA 94025
    		   
       
    To help keep your account secure, please don't forward this email. Learn More
    		   
     
    Người đăng: vào lúc Không có nhận xét nào:
    Đăng ký: Bài đăng (Atom)