Idea Transcript
Navigation
AdChoices
Hacker Software
Hacking
Cyber Security Software
DDoS
Hack Whatsapp
Whats App Web
Portspoof – Spoof All Ports Open & Emulate Valid Services 1
Last updated: April 7, 2018 | 2,022 views
The primary goal of the Portspoof program is to enhance your system security through a set of new camouflage techniques which spoof all ports open and also emulate valid services on every port. As a result, any attackers port scan results will become fairly meaningless and will require hours of effort to accurately identify which ports have real services on and which do not.
The tool is meant to be a lightweight, fast, portable and secure addition to any firewall system or security system. The general goal of the program is to make the reconnaissance phase as slow and bothersome for your attackers as possible. This is quite a change to the standard 5s Nmap scan, that will give a full view of your systems running services. AdChoices
Cyber Security Software
Whats App Web
Network and Security
Security Penetration Testing
Techniques Used by Portspoof All configured TCP ports are always open Instead of informing an attacker that a particular port is in a CLOSED or FILTERED state a system running Portspoof will return SYN+ACK for every connection attempt, spoof all ports open. Result: As a result it is impractical to use stealth (SYN, ACK, etc.) port scanning against your system, since all ports are always reported as OPEN. With this approach it is really difficult to determine if a valid software is listening on a particular port.
Every open TCP port emulates a valid services Portspoof has a huge dynamic service signature database, that will be used to generate responses to your offenders scanning software service probes. Scanning software usually tries to determine a service that is running on an open port. This step is mandatory if one would want to identify port numbers on which you are running your services on a system behind the spoofed ports. For this reason, Portspoof will respond to every service probe with a valid service signature, that is dynamically generated based on a service signature regular expression database. Result: As a result an attacker will not be able to determine which port numbers your system is truly using.
Portspoof Port Spoofing Tool Features The most important features that Portspoof has: Portspoof is a userland software and does not require root privilege Binds to just one TCP port per a running instance Easily customizable through your iptables rules Marginal CPU/memory usage (multithreaded) More than 9000 dynamic service signatures are supported If you choose to, Portspoof can be used as an ‘Exploitation Framework Frontend’, that turns your system into a responsive and aggressive machine. This means exploiting your attackers’ tools and exploits in response to a port scan. You can download Portspoof here: portspoof-v1.3.zip Or read more here.
Topic: Countermeasures
Cambridge Analytica Facebook Data Scandal 0
Last updated: March 25, 2018 | 853 views
One of the biggest stories of the year so far has been the scandal surrounding Cambridge Analytica that came out after a Channel 4 expose that demonstrated the depths they are willing to go to profile voters, manipulate elections and much more.
AdChoices
Cyber Security Software
Network and Security
Security Penetration Testing
Cybersecurity Companies
It’s kicking off in the UK and the US and Mark Zuckerberg has had to come out publically and apologise about the involvement of Facebook. This goes deep with ties to elections and political activities in Malaysia, Mexico, Brazil, Australia and Kenya. Controversial data analytics firm Cambridge Analytica has been hit with an emergency data seizure order in England following an extraordinary series of events Monday night that revolved around a TV undercover expose. Following a day in which the company became the focus of attention online, in print, and in the UK Parliament and US Congress for its unethical use of user data, senior executives from the firm were then shown on camera boasting about the use of dark methods, including honey traps, fake news and sub-contracting with ex-spies to entrap individuals. Those revelations – filmed during an undercover investigation by Channel 4 in the UK – came as the controversial company was already in the news after it was revealed it had secretly grabbed the personal details of over 50 million Facebook users and used the data to sell voter targeting services. Following the segment on those secret recordings, UK Information Commissioner Elizabeth Denham said she would seek a warrant on Tuesday forcing Cambridge Analytica to hand over relevant data, after she said the company had refused to respond sufficiently to earlier requests. Adding to a sense of drama, as Denham was on television saying she would apply for the warrant, a Channel 4 reporter posted outside the company’s headquarters reported that a team from Facebook was inside the building ensuring that their purloined data had been deleted.
There’s a whole #DeleteFacebook movement spawning from this like it’s somehow new that we are actually the product on Social Media networks and we live in a post-privacy era. It’s a pretty widespread story as it affects pretty much every continent and billions of individuals all around the World. Less than an hour after the program aired, the authorities announced they had received a warrant to search Cambridge Analytica’s offices that very night. As to the undercover investigation, Channel 4’s reporters posed as Sri Lankan clients interested in paying the company to help their candidates in upcoming elections. Over the course of a series of meetings in London a series of senior executives outlined an increasingly disturbing array of services they would be willing to provide. At an initial meeting with its managing director Mark Turnbull and chief data officer Dr Alex Tayler the pair talked about their infamous data analytics and profiling services as a way to identify potential swing voters. That ethical line appeared to disappear however when the undercover journalists met with Cambridge Analytica’s chief executive Alexander Nix. Nix was caught on film outlining a series of extremely dubious and many cases illegal scenarios for dealing with political opponents. They included bribing officials and candidates – “we can have a wealthy developer come in and offer a large amount of money to a candidate – for land, for example” – and film the transaction in order to expose them as corrupt. He also suggested that the company could arrange for a honey-trap – sending young women to operate a sex sting – while stressing that he was “just giving examples of what can be done, what has been done.” He also appeared to embrace the idea of creating and promoting fake news – an extremely sensitive topic given the evidence that fake news was used extensively in the US presidential elections in 2016 – noting that “it doesn’t have to be true, it just has to be believed.”
The latest is that Alexander Nix has been suspended pending an investigation. The whistleblower for the whole thing is a young researcher called Christopher Wylie from London. It even manages to be much bigger than the Equifax leak and scandal. Source: The Register
Start your free trial today. Everyone needs a website. Make yours with Squarespace and stand out. Try it for … Ad
Squarespace
Learn more
Topic: Hacking News
GetAltName – Discover Sub-Domains From SSL Certificates 0
Last updated: March 19, 2018 | 2,017 views
GetAltName it’s a little script to discover sub-domains that can extract Subject Alt Names for SSL Certificates directly from HTTPS websites which can provide you with DNS names or virtual servers.
It’s useful in a discovery phase of a pen-testing assessment, this tool can provide you with more information about your target and scope.
Features of GetAltName to Discover Sub-Domains Strips wildcards and www’s Returns a unique list (no duplicates) Works on verified and self-signed certs Domain matching system Filtering for main domains and TLDs Gets additional sub-domains from crt.sh Outputs to clipboard
GetAltName Subdomain Exctraction Tool Usage You can output to a text file and also copy the output to your clipboard as a List or a Single line string, which is useful if you’re trying to make a quick scan with Nmap or other tools.
GetAltName Required colorama ndg-httpsclient pyperclip requests tldextract There are other DNS discovery and extraction tools using different methods, including brute-forcing such as: – InstaRecon – Automated Subdomain Discovery Tool – hostmap 0.2 – Automatic Hostname & Virtual Hosts Discovery Tool – SubBrute – Subdomain Brute-forcing Tool – altdns – Subdomain Recon Tool With Permutation Generation You can download GetAltName here: getaltname-1.0.0.zip Or read more here.
Start your free trial today. Everyone needs a website. Make yours with Squarespace and stand out. Try it for … Ad
Squarespace
Learn more
Topic: Hacking Tools
Memcrashed – Memcached DDoS Exploit Tool 0
Last updated: March 13, 2018 | 2,453 views
Memcrashed is a Memcached DDoS exploit tool written in Python that allows you to send forged UDP packets to a list of Memcached servers obtained from Shodan.
This is related to the recent record-breaking Memcached DDoS attacks that are likely to plague 2018 with over 100,000 vulnerable Memcached servers showing up in Shodan.
What is Memcached? Memcached is an in-memory key-value store for small chunks of arbitrary data (strings, objects) from results of database calls, API calls, or page rendering. Free & open source, high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load.
Requirements for Memcrashed Memcached DDoS Exploit Tool You need to have Python 3.x installed:
And you also need Scapy and Shodan Python modules:
The tool also requires you own an upgraded Shodan API key. You can download Memcrashed here: Memcrashed-DDoS-Exploit-master.zip Or read more here.
Topic: Hacking Tools
QualysGuard – Vulnerability Management Tool Last updated: March 11, 2018 | 2,065 views
0
QualysGuard is a web-based vulnerability management tool provided by Qualys, Inc, which was the first company to deliver vulnerability management services as a SaaS-based web-service. From reviews, it seems like a competent tool with a low rate of false positives that is fairly easy to work with and keep the more ‘dangerous’ parts of vulnerability […] Topic: Security Software
Memcached DDoS Attacks Will Be BIG In 2018 Last updated: March 8, 2018 | 1,552 views
0
So after the massive DDoS attack trend in 2016 it seems like 2018 is going to the year of the Memcached DDoS amplification attack with so many insecure Memcached servers available on the public Internet. Unfortunately, it looks like a problem that won’t easily go away as there are so many publically exposed, poorly configured […] Topic: Hacking News
1 2 … 336 Next Õ
Search Darknet Search...
TRENDING
LATEST POSTS
GetAltName – Discover Sub-Domains From SSL Certificates MARCH 19, 2018 - 248 SHARES
Portspoof – Spoof All Ports Open & Emulate Valid Services APRIL 7, 2018 - 185 SHARES
Cambridge Analytica Facebook Data Scandal MARCH 25, 2018 - 104 SHARES
Advertisements
Advertise on Darknet
Topics Advertorial (33) Apple (46) Countermeasures (216) Cryptography (80) Database Hacking (89) Events/Cons (7) Exploits/Vulnerabilities (429) Forensics (65) Hacker Culture (8) Hacking News (231) Hacking Tools (783) Networking Hacking (352) Hardware Hacking (79) Legal Issues (179) Linux Hacking (72) Malware (238) Password Cracking (103) Phishing (41) Privacy (216) Retards (6) Secure Coding (119) Security Software (222) Site News (51) Authors (6) Social Engineering (36) Spammers & Scammers (76) Telecomms Hacking (6) UNIX Hacking (6) Virology (6) Web Hacking (395) Windows Hacking (168) Wireless Hacking (42)
Security Blogs Dancho Danchev F-Secure Weblog Google Online Security Graham Cluley Internet Storm Center Krebs on Security Schneier on Security SecuriTeam Blog TaoSecurity Troy Hunt
Security Links Exploits Database Linux Security NetworkWorld – Security Register – Security SANS Sec Lists Security Focus US CERT
© 2018 Darknet. All Rights Reserved. Privacy Policy