Where is My mind?

February 5, 2024

image Photo by Shahadat Rahman on Unsplash > With your feet on the air and your head on the ground, Try this trick and spin it, yeah! your head will collapse if there’s nothing in it, and you’ll ask yourself “where is my mind?”

Hey folks, Welcome to the part-11 of our series, How’s the title? edgy? we can go a little edgy sometimes to break the repetition not a bad thing though, How was the Monday? I’ve heard that Mondays start from Friday evenings and doesn’t stop til next Friday. Crazy wagie theories, Anyway lets go ahead to our today’s topics.

  • Social Engineering Attacks focusing on security Researchers We are aware of common social engineering attacks, They focus on manipulating individuals to gain access to information which they give out unknowingly, they are easy to trick because we hold the word power and exploit their weakness(Let’s save the how-to part for later), we can know about their secrets and we can take a peek into their livelihood, It happens because they don’t know that they are being misled. What if our targets are dedicated security researchers and pentesters? how can we exploit them? It’s simple they may be some experienced researchers but they are still humans at the end of the day, they are true to their feelings as any conventional human being. image Photo by Prateek Katyal on Unsplash Start by masking your background and identity that’s the first step of any social engineering attack, make your background seem real and legit(don’t say that your name is john doe), what’s the information you’d like to phish out? If it’s a security guard we can just make it, It’s a piece of cake. We can get the building architecture with some blueprint. That doesn’t work out with someone that is very mindful, How does this sound : “Hey, I’m Rahul The one who called you yesterday from linkedin to discuss on a critical sys vulnerability that i found on your website.” In this context, we already did let them know about some made-up thing by a furnished fake linkedin, It’s super easy, I won’t be telling you that. Now, Why It’s an offline meeting? the usual disclosure should be via mail right? We’ve told him that, It’s better to do a demonstration for your security and transparency, he trusted us since we do volunteer help as on our linkedin. Our linkedin contains a huge set of connections (people are dumb enough to connect with people that they don’t really know), the limit for a week is about 100 requests. The probability of acceptance is highly depended on your profile picture. Just try not to upload a profile with that istock watermark, We got into the company, now running an automated network enumeration as soon as we connect to the company’s network is helpful. Some shell scripts can do the work, When you’re done scrapping the information from him by being very trustworthy and a legit security auditor, do some recently disclosed CVE, to our both surprise It doesn’t pwn the system. Then, we are done with the company, got what we wanted and off we go. Better remove the security CCTV footage If it’s possible. This is from an attacker perspective, hope it was different than the usual and a bit more interesting. I made it sounded very easy, It takes more than that, You can always go a bit to the insane side. 2. Malware in Many languages (Dissection) Malware is something that has always been intriguing yet fun to see, Malware can be annoying and destructive. There are many programming languages developed to cater different needs of today’s technological advancements. While It can be hard to excel in writing such codes, we can always pull them apart and see the fun side! Let’s see some malware, exclusively taken from the Malware enigma VX-Underground. image Photo by Growtika on Unsplash Take a look at here. I’ve planned to dissect each one and explain their working methodologies but the Wi-Fi has been slow ever since and taking forever to download the samples, maybe we can see it some other time, For now go through the URL and try to explore as many as possible. While it may sound daunting at first, it will be very fun later on once you get the gist of it. 3. A thing about 0-Day vulnerabilities I’m really sure we went on the basics of 0-day attacks, Let’s discuss a few more about them. 0-day vulns are security misconfiguration which are very critical that after their compromise, the immediate chain of victims can be seen, Because the same applications are being used by the customers/people. The developers don’t have required amount of time to successfully patch the issue(to protect the compromised application), Now, who look for 0-day vulnerabilities? They are very hard to find. Often requiring a substantial amount of research and rigorous testing. These are still do-able for state sponsored hacker groups, such as Admin@333 China-based cyber threat group, Ajax Security Team an iran based cyber group and many more. image Photo by Ehimetalor Akhere Unuabona on Unsplash Take a closer look from here, Powered by Mitre. As you can see, the groups are mostly out of china and the majority are Chinese, both china and russia had been dominating the security industry from past decade, It’s all thanks to their sheer availability of resources and ease of knowledge. While It’s nice to say, privacy in those countries is a joke. The more you can find on the internet about a person, the less likely he/she has any privacy. You can do all of this from your bed without moving your legs but only your fingers and brain. Unlimited technological possibilities. These groups usually aid their country in search for intel, lead information, threat analysis from neighbor countries etc. 4. Hunting Individuals with little to no Data We can perform OSINT investigations if we have the real name and other unique information about a person(such as username), OSINT is short for open source intelligence, it’s basically a way to gather the information that is openly and publicly available on a particular person. The information can be taken from social medias, web forums or any other places where the our target had been visiting, we can track them with their footprints, such as comments, usage of a normal gmail, a unique username, a personality trait etc. How can we hunt them if they don’t have give the information out? It’s hard to do so, We can still create some temp throwaway accounts on social medias to look for their presence from the little data we have, It can be a nickname, or a pretend name. If they even make a slightest mistake somewhere, It’s a jackpot for us. Because we can win their data. image Photo by Sebastian Pociecha on Unsplash To perform these you don’t need to know the rocket science, just some curiosity will do, Load up your kali or parrot and just explore OSINT tools which would be preloaded with your distribution. I recommend open-source free tools such as ghunt, maltego, sherlock, shodan, theharvester, instaloader etc. 5.Troll malware Troll malware is nothing but malware which is created to annoy and irritate the victim it had infected, it is super interesting because the malware stops the interaction between system and user, It only performs the set of displays it was precoded, which would be the funny texts, or even some movie dialogues etc. image Internet Troll Face They are not that special and doesn’t have much purpose than what i had said above, but these are fun to explore. They also act as a stepping stones for real malware developers, who i think take some inspiration from these set of ones and integrate them to their real malware. Looks like It feels little again isn’t it? I guess so, I hope i get a good amount of quality time to write. I’ll see you tomorrow then.