Martin's selection of few interesting IT Security, Privacy, and free tools from the Net: August 2017

Thursday, August 31, 2017

Free - Pen Test Cheat Sheet for Power Shell from SANS

Nothing great, just a few important commands in 2 pages

Get it here:
https://pen-testing.sans.org/blog/2016/05/25/sans-powershell-cheat-sheet?utm_medium=Social&utm_source=Twitter&utm_content=SANSPenTest+BLOG+PowerShell+Cheat+Sheet&utm_campaign=SANS+Pen+Test

Wednesday, August 30, 2017

Single SpamBot had 711 million records of which 80 million are credentials

“Just for a sense of scale, that’s almost one address for every single man, woman and child in all of Europe,” Hunt wrote

The spambot is called Onliner and it’s been around since 2016 and is best known for spreading the Ursnif banking Trojan.

For more info:
https://threatpost.com/spambot-contains-mind-boggling-amount-of-email-smtp-credentials/127722/

Friday, August 25, 2017

Can you change a benign email to a malicious one after it has been sent? - YES , we have ROPEMAKER

Ropemaker - stands for Remotely Originated Post-delivery Email Manipulation Attacks Keeping Email Risky

A successful exploitation of the Ropemaker attack could allow an attacker to remotely modify the content of an email sent by the attacker itself, for example swapping a URL with the malicious one.

This can be done even after the email has already been delivered to the recipient and made it through all the necessary spam and security filters, without requiring direct access to the recipient’s computer or email application, exposing hundreds of millions of desktop email client users to malicious attacks.

More Details Here:
https://thehackernews.com/2017/08/change-email-content.html

Thursday, August 24, 2017

Dark Side of Technology - Sound based hacks (CovertBand)

Detect people’s activities
Induce false readings in a phone’s accelerometer
balancing gyroscopes like drones and hoverboards could be similarly disrupted
remotely hacking into air-gapped computers
Covert Sonic Weapon

More details here:
https://www.fastcompany.com/40455626/hack-music-can-watch-you-through-your-devices

Tuesday, August 22, 2017

check your password if it is already in the compromised list

You think you have a strong password
Or
You create a new password and you believe it is good enough

Are you sure it is not part of the compromised password list?

Go the the site below and test your password.

https://haveibeenpwned.com/Passwords

Martin's selection of few interesting IT Security, Privacy, and free tools from the Net