Essential Books for PenTest - Post Exploitation

Post-Exploitation

Hi soldier of offensive security

The purpose of the Post-Exploitation phase is to determine the value of the machine compromised and to maintain control of the machine for later use. The value of the machine is determined by the sensitivity of the data stored on it and the machines usefulness in further compromising the network.

The methods described in this phase are meant to help the tester identify and document sensitive data, identify configuration settings, communication channels, and relationships with other network devices that can be used to gain further access to the network, and setup one or more methods of accessing the machine at a later time. 

In cases where these methods differ from the agreed upon Rules of Engagement, the Rules of Engagement must be followed.

Book 1: Windows Post-Exploitation Command List



Book 2: Linux/Unix/BSD Post-Exploitation Command List



Book 3: OSX Post-Exploitation Command List

Broken links report for me

By OffensiveSec

Read More

USB Kill to Destroy any Computer within Seconds! - USB Kill 2.0

A proof-of-concept USB prototype that was designed by a Russian researcher, Dark Purple, last year, to effectively destroy sensitive components of a computer when plugged in.

Now, someone has actually created the Killer USB stick that destroys almost anything – such as Laptops, PCs, or televisions – it is plugged into.

A Hong Kong-based technology manufacturer is selling a USB thumb drive called USB Kill 2.0 that can fry any unauthorized computer it's plugged into by introducing a power surge via the USB port. It costs $49.95.

How does USB Kill 2.0 work?

As the company explains, when plugged in, the USB Kill 2.0 stick rapidly charges its capacitors via the USB power supply, and then discharges – all in a matter of seconds.

The USB stick discharges 200 volts DC power over the data lines of the host machine and this charge-and-discharge cycle is repeated several numbers of times in just one second, until the USB Kill stick is removed.

"When tested on computers, the device isn't designed or intended to erase data," the company says. "However, depending on the hardware configuration (SSD [solid-state drive] vs. platter HDD [hard disk drive]), the drive controllers may be damaged to the point that data retrieval is impractical."

"Any public facing USB port should be considered an attack vector," the company says in a news release. "In data security, these ports are often locked down to prevent exfiltration of data or infiltration of malware, but are very often unprotected against electrical attack."

When And For Whom USB KILL Would Be Useful?

USB Kill stick could be a boon for whistleblowers, journalists, activists, and, not to forget, cyber criminals, who want to keep their sensitive data away from law enforcement as well as cyber thieves.

It is like, if you're caught, kill yourself. In the same fashion as terrorists do. Here I mean to kill the data from your laptop if the law enforcement has caught your laptop. And USB Kill stick does the same for you.

However, the company claims to have developed USB Kill 2.0 stick for the sole purpose of allowing companies to test their devices against USB Power Surge attacks and to prevent data theft via "Juice Jacking" attacks.

Video Demonstration

You can watch the video demonstration below by the company that shows USB Kill 2.0 stick in action.

The company claims about 95% of all devices available on the market today are vulnerable to power surge attacks introduced via the USB port.

However, the only devices not vulnerable to USB kill attacks are recent models of Apple's MacBook, which optically isolate the data lines on USB ports.

Juice jacking is a type of cyber attack wherein malware installed on a computer can surreptitiously copy data from a smartphone, tablet or other computers using a USB charging port that doubles as a data connection, typically over USB.

While USB Kill 2.0 has been "designed and tested to be safe," the company warns that the USB stick "is a high-voltage device" and is only meant for "responsible adults." Also, the company's website "strongly condemns the malicious use of its products."

USB Kill 2.0 also comes with a USB Protection Shield, called Test Shield, sold for additional $15.70, which is designed to allow testing of the USB Killer stick without destroying the host machine.

Source: UsbKill

By OffSec

Read More

Best PDF eBooks For Learning - Hacking

Cyber security takes big part in Technology. There’s a lot of script kiddie hackers who might get lucky and do maythem without understanding what they did. Hopefully, there’s hackers with better skills called White Hat hackers. They are truly professionals in cyber security. They do almost the same thing as black hat hackers do, but once they find vulnerability, they report it instead of exploiting it. I made this list of hacking eBooks and you can check it out.

If you are cyber security enthusiast, you might wanna take a look at following PDF hacking eBooks. They contain a lot of useful information. So feel free to download and share this article with your friends.

1. Black Belt Hacking & Complete Hacking Book
2. Hackers High School 13 Complete Hacking E-books
3. A Beginners Guide To Hacking Computer Systems
4. Black Book of Viruses and Hacking
5. Secrets of Super and Professional Hackers
6. Dangerours Google Hacking Database and Attacks
7. Internet Advanced Denial of Service (DDOS) Attack
8. Computer Hacking & Malware Attacks for Dummies
9. G-mail Advance Hacking Guides and Tutorials
10. Vulnerability Exploit & website Hacking for Dummies
11. Web App Hacking (Hackers Handbook)
12. Security Crypting Networks and Hacking
13. Hacking attacks and Examples Test
14. Network Hacking and Shadows Hacking Attacks
15. Gray Hat Hacking and Complete Guide to Hacking
16. 501 Website Hacking Secrets
17. Internet Security Technology and Hacking
18. CEH Certified Ethical Hacker Study Guide
19. Advanced SQL Injection Hacking and Guide
20. Web Hacking & Penetration testing
21. OWASP Hacking Tutorials and Web App Protection
22. CEH – Hacking Database Secrets and Exploit
23. Ethical Hacking Value and Penetration testing
24. Hack any Website, Complete Web App Hacking
25. Beginners Hackers and tutorials
26. Ethical Hacking Complete E-book for Beginners
27. Backtrack : Advance Hacking tutorials
28. SQL Injection attacks and tutorials by Exploit DB
29. XSS + Vulnerability Exploitation & Website Hacking
30. Ultimate Guide to Social Enginnering attacks
31. White Hat Hacking complete guide to XSS Attacks
32. Cross Site Scripting and Hacking Websites
33. The Hackers Underground Handbook ( hack the system)
34. Blind SQL Injection tutorials and Hacking
35. Hacking Secrets Revealed
36. Hacking Website Database and owning systems
37. Reverse Engineering for Beginners
38. Reverse Enginnering (The Real Hacking)
39. Computer Hacking
40. Hack your Friend using Backtrack
41. Reverse Enginnering Hacking and Cracking
42. Hack the System for beginners
43. Hacking into Computer Systems
44. Blind SQL Injection Discovery & Exploitation

By OffSec

Read More

Computer forensics - #4 Mind Map

Computer forensics

Computer forensics (sometimes known as computer forensic science) is a branch of digital forensic science pertaining to evidence found in computers and digital storage media. The goal of computer forensics is to examine digital media in a forensically sound manner with the aim of identifying, preserving, recovering, analyzing and presenting facts and opinions about the digital information.

Although it is most often associated with the investigation of a wide variety of computer crime, computer forensics may also be used in civil proceedings. The discipline involves similar techniques and principles to data recovery, but with additional guidelines and practices designed to create a legal audit trail.

Evidence from computer forensics investigations is usually subjected to the same guidelines and practices of other digital evidence. It has been used in a number of high-profile cases and is becoming widely accepted as reliable within U.S. and European court systems.


Source: amanhardikar

By OffSec

Read More

Forensic Challenges - Labs

URLs

Host Forensics

Computer Forensic Investigation
http://www.shortinfosec.net/2008/07/competition-computer-forensic.html/
Digital Forensics Tool Testing Images
http://dftt.sourceforge.net/
DigitalCorpora
http://digitalcorpora.org/
DFRWS 2014 Forensics Rodeo
http://www.cs.uno.edu/~golden/dfrws-2014-rodeo.html
ForGe Forensic test image generator
https://github.com/hannuvisti/forge
ISFCE Sample Practical Exercise
http://www.isfce.com/sample-pe.htm
Linux LEO Supplemental Files
http://linuxleo.com/
NIST CFREDS
http://www.cfreds.nist.gov/dfr-test-images.html
http://www.cfreds.nist.gov/Hacking_Case.html
p0wnlabs Sample Challenges
http://www.p0wnlabs.com/free/forensics
Samples from Automating DFIR Series
http://www.hecfblog.com/2015/02/automating-dfir-how-to-series-on.html
volatility memory samples
https://code.google.com/p/volatility/wiki/FAQ

Network Forensics

Chris Sanders Packet Captures
http://chrissanders.org/packet-captures/
DigitalCorpora Packet Dumps
http://digitalcorpora.org/corpora/packet-dumps
Enron Email Dataset
http://www.cs.cmu.edu/~enron/
Ethereal Sample Captures
http://www.stearns.org/toolscd/current/pcapfile/README.ethereal-pcap.html
Evil Fingers PCAP Challenges
https://www.evilfingers.com/repository/pcaps_challenge.php
Kholia's Packet Captures
https://github.com/kholia/my-pcaps
LBNL-FTP-PKT
http://ee.lbl.gov/anonymized-traces.html/
MAWI Working Group Traffic Archive
http://mawi.wide.ad.jp/mawi/
PacketLife Capture Collection
http://packetlife.net/captures/
pcapr
http://www.pcapr.net
PCAPS Repository
https://github.com/markofu/pcaps
SANS DFIR Challenge
https://digital-forensics.sans.org/community/challenges
Spy Hunter Holiday Challenge
http://blog.mywarwithentropy.com/2015/11/spy-hunter-holiday-challenge-2015.html
http://blog.mywarwithentropy.com/2014/11/spy-hunter-holiday-challenge-2014.html
Tcpreplay Sample Captures
http://tcpreplay.appneta.com/wiki/captures.html
Wireshark Network Analysis Book Supplements
http://www.wiresharkbook.com/studyguide.html
Wireshark Sample Captures
http://wiki.wireshark.org/SampleCaptures
Xplico Sample captures
http://wiki.xplico.org/doku.php?id=pcap:pcap

Malware Analysis

Contagio
http://contagiodump.blogspot.com/
FakeAVs blog
http://www.fakeavs.com/
malc0de
http://malc0de.com/database/
MalShare
http://malshare.com/
Open Malware / Offensive Computing
http://openmalware.org/
theZoo / Malware DB
http://ytisf.github.io/theZoo/
VirusShare.com / VXShare
http://virusshare.com/
Virusign
http://www.virusign.com/
VX Heaven
http://vxheaven.org/
VXVault
http://vxvault.siri-urz.net
Georgia Tech malrec Page
http://panda.gtisc.gatech.edu/malrec/
Malware Traffic
http://malware-traffic-analysis.net/
Kernelmode Forum
http://www.kernelmode.info
Malware Hub Forum
http://malwaretips.com/categories/malware-hub.103/
Public Documents about APTs
https://github.com/kbandla/APTnotes
CLEAN MX realtime database
http://support.clean-mx.de/clean-mx/viruses.php
Joxean Koret's List
http://malwareurls.joxeankoret.com
MalwareBlacklist.com
http://www.malwareblacklist.com
Sucuri Research Labs
http://labs.sucuri.net/?malware
Android Sandbox
http://androidsandbox.net/samples/
Contagio Mobile Malware
http://contagiominidump.blogspot.com/
HoneyDrive
http://bruteforce.gr/honeydrive
maltrieve
http://maltrieve.org/

Online and CTFs

Black T-Shirt Cyber Forensics Challenge
https://cyberforensicschallenge.com/
DEFCON CTF Archive
https://www.defcon.org/html/links/dc-ctf.html
DFRWS
http://www.dfrws.org/2013/challenge/index.shtml
http://www.dfrws.org/2010/challenge/
http://www.dfrws.org/2011/challenge/index.shtml
http://www.dfrws.org/2007/challenge/index.shtml
http://www.dfrws.org/2006/challenge/
http://www.dfrws.org/2005/challenge/
Digital Forensics Security Treasure Hunt
http://digitalforensics.securitytreasurehunt.com/
ENISA CERT Training Material
https://www.enisa.europa.eu/activities/cert/support/exercise
ForensicKB Practicals
http://www.forensickb.com/2008/01/forensic-practical.html
http://www.forensickb.com/2008/01/forensic-practical-2.html
http://www.forensickb.com/2010/01/forensic-practical-exercise-3.html
http://www.forensickb.com/2010/06/forensic-practical-exercise-4.html
http://www.forensickb.com/2011/01/simple-forensic-puzzle-1.html
http://www.forensickb.com/2011/02/forensic-puzzle-6.html
HackEire CTF
https://github.com/markofu/hackeire
Honeynet Challenges
https://www.honeynet.org/challenges
http://old.honeynet.org/scans/index.html
Jack Crook's DFIR Challenges
https://docs.google.com/file/d/0B_xsNYzneAhEN2I5ZXpTdW9VMGM
I Smell Packets
http://ismellpackets.com/
Network Forensics Puzzle Contest
http://forensicscontest.com/puzzles
RingZer0 Team
http://ringzer0team.com/challenges
UMass Trace Repository
http://traces.cs.umass.edu/

Source: amanhardikar

By OffSec

Read More

Vulnerability Scanner - HellRaiser

HellRaiser Vulnerability Scanner

HellRaiser Vulnerability Scanner scans targets with nmap and then correlates cpe’s found with cve-search to enumerate vulnerabilities.
In order to test and run HellRaiser Vulnerability Scanner you need to install ruby, bundler and rails. https://gorails.com/setup/ubuntu/16.04

Install redis-server and nmap.

sudo apt-get update
sudo apt-get install redis-server nmap

Clone HellRaiser repository, change to hellraiser web app directory and run bundle install and bundle exec rake db:migrate.

git clone https://github.com/m0nad/HellRaiser/
cd HellRaiser/hellraiser/
bundle install
bundle exec rake db:migrate

Start

Start redis server.

redis-server

Go to the hellraiser web app directory and start sidekiq.

bundle exec sidekiq

Go to the hellraiser web app directory and start rails server.

rails s

Usage

Access http://127.0.0.1:3000

Download HellRaiser 

Read More

Build Your Own - PwnPhone

Build Your Own PwnPhone

We’ll attempt to show you how to build your own Pwn Phone running the Kali operating system and our AOPP (Android Open Pwn Project) image.

Let’s get cracking…

Flashing the Phone

1. Download the Recovery image for your device:
   https://twrp.me/Devices
2. Connect the device to the host machine via USB cable.
3. Power off the device and boot into the Bootloader:
   Press and hold the Power & Volume-Down buttons
4. Confirm the device is recognized by the host machine:
   (a device should be listed when the command returns)
   $ fastboot devices
5. Unlock the device:$ fastboot oem unlock
6. Once unlocked, flash the Recovery image:$ fastboot flash recovery <name-of-recovery-image>.img
7. Once the Recovery image has been flashed, boot into Recovery from the Bootloader:
   Use the Volume-Down/Up buttons to cycle through the Bootloader options and then the Power button to select
8. If prompted, swipe “Swipe to Allow Modifications”.
9. Once in Recovery, wipe the device:
   Tap Wipe > Advanced Wipe > tap: Dalvik/ART cache, System, Cache, Data > swipe “Swipe to Wipe”
10. Once wiped, do NOT boot into System (You don’t have one; you just wiped it). Tap the Home button to return to the Recovery home screen.
11. Confirm again the device is recognized by the host machine:
    (a device should be listed when the command returns)$ adb devices
12. From the host machine, push the downloaded AOPP ROM zip to the device sdcard:
    $ adb push <name-of-rom-zip>.zip /sdcard/
13. On device, tap Install and then select the AOPP ROM zip from /sdcard.
14. Swipe “Swipe to Confirm Flash”
15. Once installed, tap “Reboot System”

OK Now Let’s Build the Phone

Downloading the Source

1. Refer to “Downloading and Building Requirements” before proceeding:
   https://source.android.com/source/requirements.html
2. Refer to “Downloading the Source” before proceeding:
   https://source.android.com/source/downloading.html
3. Create a directory for the build system to live in and cd into that directory:$ mkdir <WORKING_DIR>$ cd <WORKING_DIR>
4. Initialize a local repository using this source tree, use the command:
   $ repo init -u git@github.com:aopp/android_platform.git -b px-0.1
5. Sync the repository, use:
   $ repo sync

Building

Devices are referred to by codename (e.g. hammerhead). Make sure to use this when substituting <device-codename> in the following instruction set.

1. Refer to “Building the System” before proceeding:
   https://source.android.com/source/building.html
   
2. To initialize the build environment, use the following command:$ . build/envsetup.sh
3. Prepare the build environment (download device-tree and dependencies) for your specific device:$ breakfast <device-codename>
4. Connect the device running a working AOPP/AOSP ROM to the host machine via USB.
5. Make sure it is booted into system and confirm the device is recognized by the host machine:
   (a device should be listed when the command returns)$ adb devices
6. Enter the device directory:$ cd <WORKING_DIR>/device/<vendor>/<device-codename>/
7. Extract the proprietary binaries from your device:$ ./extract-files.sh
8. Return to the root of the build system:$ croot
9. Start a build run for your device:
   $ brunch <device-name>
10. Once complete, the ROM zip can be found in the out/ directory:$ cd /out/target/product/<device-codename>
11. The flashable ROM zip (product of the build run) will be located in the out/ directory as:
    aopp-0.1-<build-date>-UNOFFICIAL-<device-codename>.zip

Flashing

1. Download and install the command line tools for your OS: https://developer.android.com/studio/index.html#downloads
   
2. Download the AOPP ROM for your device:
   https://wiki.pwnieexpress.com/index.php/Official_devices
   
3. Download the Recovery image for your device:
   https://twrp.me/Devices
   
4. Connect the device to the host machine via USB cable.
5. Power off the device and boot into the Bootloader:
   Press and hold the Power & Volume-Down buttons
6. Confirm the device is recognized by the host machine:
   (a device should be listed when the command returns)
$ fastboot devices
7. Unlock the device:
$ fastboot oem unlock
8. Once unlocked, flash the Recovery image:$ fastboot flash recovery <name-of-recovery-image>.img
9. Once the Recovery image has been flashed, boot into Recovery from the Bootloader:
   Use the Volume-Down/Up buttons to cycle through the Bootloader options and then the Power button to select
10. If prompted, swipe “Swipe to Allow Modifications”.
11. Once in Recovery, wipe the device:
    Tap Wipe > Advanced Wipe > tap: Dalvik/ART cache, System, Cache, Data > swipe “Swipe to Wipe”
12. Once wiped, do NOT boot into System (You don’t have one; you just wiped it). Tap the Home button to return to the Recovery home screen.
13. Confirm again the device is recognized by the host machine:
    (a device should be listed when the command returns)$ adb devices
14. From the host machine, push the downloaded AOPP ROM zip to the device sdcard:$ adb push <name-of-rom-zip>.zip /sdcard/
15. On device, tap Install and then select the AOPP ROM zip from /sdcard.
16. Swipe “Swipe to Confirm Flash”
17. Download SuperSU from Chainfire here:
    https://download.chainfire.eu/969/SuperSU/UPDATE-SuperSU-v2.76-20160630161323.zip
18. Push the SuperSU zip to /sdcard/:
    $ adb push <SuperSU-zip-name>.zip /sdcard/
19. Once installed, tap “Reboot System”
20. Hack the Gibson…and remember…hugs are worth more than handshakes

Source: pwnieexpress

Read More

Secure Anonymous File Sharing - OnionShare

OnionShare lets you securely and anonymously share files of any size. It works by starting a web server, making it accessible as a Tor onion service, and generating an unguessable URL to access and download the files. It doesn’t require setting up a server on the internet somewhere or using a third party filesharing service. You host the file on your own computer and use a Tor onion service to make it temporarily accessible over the internet. The other user just needs to use Tor Browser to download the file from you.

Features:

• A user-friendly drag-and-drop graphical user interface that works in Windows, Mac OS X, and Linux
• Ability to share multiple files and folders at once
• Support for multiple people downloading files at once
• Automatically copies the unguessable URL to your clipboard
• Shows you the progress of file transfers
• When file is done transferring, automatically closes OnionShare to reduce the attack surface
• Localized into several languages, and supports international unicode filenames

When users want to send files, the program creates a password-protected, temporary website hosted on the Tor network—what’s known as a Tor Hidden Service—that runs on their computer. They provide the recipient with the URL and password for that site, preferably via a message encrypted with a tool like PGP or Off-The-Record encrypted instant messaging. The recipient visits that URL in a Tor Browser and downloads the file from that temporary, untraceable website, without needing to have a copy of Onionshare.

As soon as the person has downloaded the file, you can just cancel the web server and the file is no longer accessible to anyone.

"It’s basically 100 percent darknet."

How to Use

Before you can share files, you need to open Tor Browser in the background. This will provide the Tor service that OnionShare uses to start the onion service.

Open OnionShare and drag and drop files and folders you wish to share, and click Start Sharing. It will show you a .onion URL such as http://asxmi4q6i7pajg2b.onion/egg-cain and copy it to your clipboard. This is the secret URL that can be used to download the file you’re sharing. If you’d like multiple people to be able to download this file, uncheck the “close automatically” checkbox.

Send this URL to the person you’re trying to send the files to. If the files you’re sending aren’t secret, you can use normal means of sending the URL: emailing it, posting it to Facebook or Twitter, etc. If you’re trying to send secret files then it’s important to send this URL securely.

The person who is receiving the files doesn’t need OnionShare. All they need is to open the URL you send them in Tor Browser to be able to download the file.

Using the command line version

In Linux: Just run  onionshare from the terminal.
In Windows: Add C:\Program Files (x86)\OnionShare to your PATH. Now you can run onionshare.exe in a command prompt.

In Mac OS X: Run ln -s /Applications/OnionShare.app/Contents/MacOS/onionshare /usr/local/bin. Now you can run onionshare from the terminal.

Onionshare can be particularly useful when someone sending a file wants to remain anonymous even to the recipient. If whistleblowers can securely send an Onionshare URL and password to a journalist, they potentially could use it to leak secrets anonymously without being exposed. That flips the model of how Tor enables leaks: Sites like WikiLeaks and news organizations using the anonymous leak software SecureDrop host their own Tor Hidden Services. Onionshare could put more power in whistleblowers’ hands, helping them send secrets to journalists who don’t have that sort of anonymous submission system in place.

What it protects against

• Third parties don’t have access to files being shared. The files are hosted directly on the sender’s computer and don’t get uploaded to any server. Instead, the sender’s computer becomes the server. Traditional ways of sending files, like in an email or using a cloud hosting service, require trusting the service with access to the files being shared.
• Network eavesdroppers can’t spy on files in transit. Because connections between Tor onion services and Tor Browser are end-to-end encrypted, no network attackers can eavesdrop on the shared files while the recipient is downloading them. If the eavesdropper is positioned on the sender’s end, the recipient’s end, or is a malicious Tor node, they will only see Tor traffic. If the eavesdropper is a malicious rendezvous node used to connect the recipient’s Tor client with the sender’s onion service, the traffic will be encrypted using the onion service key.
• Anonymity of sender and recipient are protected by Tor. OnionShare and Tor Browser protect the anonymity of the users. As long as the sender anonymously communicates the OnionShare URL with the recipient, the recipient and eavesdroppers can’t learn the identity of the sender.
• If an attacker enumerates the onion service, the shared files remain safe. There have been attacks against the Tor network that can enumerate onion services. If someone discovers the .onion address of an OnionShare onion service, they still cannot download the shared files without knowing the slug. The slug is generated by choosing two random words from a list of 6800 words, meaning there are 6800^2, or about 46 million possible slugs. But they can only make 20 wrong guesses before OnionShare stops the server, preventing brute force attacks against the slug. The OnionShare server also checks request URIs using a constant time string comparison function, so timing attacks can’t be used to help guess the slug.

What it doesn’t protect against

• Communicating the OnionShare URL might not be secure. The sender is responsible for securely communicating the OnionShare URL with the recipient. If they send it insecurely (such as through an email message, and their email is being monitored by an attacker), the eavesdropper will learn that they’re sending files with OnionShare. If the attacker loads the URL in Tor Browser before the legitimate recipient gets to it, they can download the files being shared. If this risk fits the sender’s threat model, they must find a more secure way to communicate the URL, such as in an encrypted email, chat, or voice call. This isn’t necessary in cases where the files being shared aren’t secret.
• Communicating the OnionShare URL might not be anonymous. While OnionShare and Tor Browser allow for anonymously sending files, if the sender wishes to remain anonymous they must take extra steps to ensure this while communicating the OnionShare URL. For example, they might need to use Tor to create a new anonymous email or chat account, and only access it over Tor, to use for sharing the URL. This isn’t necessary in cases where there’s no need to protect anonymity, such as coworkers who know each other sharing work documents.

Building OnionShare

Start by getting a copy of the source code:

git clone https://github.com/micahflee/onionshare.git
cd onionshare

For .deb-based distros (like Debian, Ubuntu, Linux Mint):
Then install the needed dependencies:

sudo apt-get install -y python3-flask python3-stem python3-pyqt5 python-nautilus

After that you can try both the CLI and the GUI version of OnionShare:

./install/scripts/onionshare
./install/scripts/onionshare-gui

A script to build a .deb package and install OnionShare easily is also provided for your convenience:

sudo apt-get install -y build-essential fakeroot python3-all python3-stdeb dh-python python-nautilus
./install/build_deb.sh
sudo dpkg -i deb_dist/onionshare_*.deb

Note that OnionShare uses stdeb to generate Debian packages, and python3-stdeb is not available in Ubuntu 14.04 (Trusty). Because of this, you can’t use the build_install.sh script to build the .deb file in versions of Ubuntu 14.04 and earlier. However, .deb files you build in later versions of Ubuntu will install and work fine in 14.04.

For .rpm-based distros (Red Hat, Fedora, CentOS):

sudo sudo dnf install -y rpm-build python3-flask python3-stem python3-qt5 nautilus-python
./install/build_rpm.sh
sudo yum install -y dist/onionshare-*.rpm

Depending on your distribution, you may need to use yum instead of dnf.
For ArchLinux:
There is a PKBUILD available here that can be used to install OnionShare.

Download OnionShare

Read More

SecurityTests - #3 Mind Map

Security testing is a process intended to reveal flaws in the security mechanisms of an information system that protect data and maintain functionality as intended. Due to the logical limitations of security testing, passing security testing is not an indication that no flaws exist or that the system adequately satisfies the security requirements.

Typical security requirements may include specific elements of confidentiality, integrity, authentication, availability, authorization and non-repudiation. Actual security requirements tested depend on the security requirements implemented by the system. Security testing as a term has a number of different meanings and can be completed in a number of different ways. As such a Security Taxonomy helps us to understand these different approaches and meanings by providing a base level to work from.


Source: Wikipedia
Source: amanhardikar

By OffSec

Read More

Cryptography - #2 Mind Map

Cryptography or cryptology (from Greek κρυπτός kryptós, "hidden, secret"; and γράφειν graphein, "writing", or -λογία -logia, "study", respectively) is the practice and study of techniques for secure communication in the presence of third parties called adversaries. More generally, cryptography is about constructing and analyzing protocols that prevent third parties or the public from reading private messages; various aspects in information security such as data confidentiality, data integrity, authentication, and non-repudiation are central to modern cryptography. Modern cryptography exists at the intersection of the disciplines of mathematics, computer science, and electrical engineering. Applications of cryptography include ATM cards, computer passwords, and electronic commerce.


Source: Wikipedia
Source: amanhardikar

By OffSec

Read More