Sunday, September 18, 2016

How Does a CPU Work?

WHAT IS A CPU?

The Central Processing Unit, or CPU, is the brain of a computer. Without this vital component, the computer wouldn’t be able perform any of the functions related to moving and processing data. With each new processor release from manufacturers (primarily AMD and Intel,) CPU become faster and more powerful. Speed and reliability is the name of the

Sunday, July 24, 2016

Introduction to Linux System Administration

This series of articles, which explains various concepts and commands in Linux, is aimed at those new to Linux. We take a look at the basics of Linux to gain a better understanding of the power it has.
Linux is a major force in computing technology, powering everything from mobile phones and personal computers to supercomputers and servers. The job of a systems administrator is to manage the operations of a computer system. As most computing devices are powered by Linux, it makes sense to learn it. By the end of this article, you should be able to know and understand:
  • Linux file systems
  • File system hierarchy
  • Linux online manual page
  • Root/super user
  • Handling files and directories

Top 50 Linux System Administrator Interview Questions

1. What does nslookup do?
2. How do you display the top most process utilizing CPU process?
3. How to check all open ports on a Linux machine and block the unused ports?
4. What is Linux? How is it different from UNIX?

Friday, July 22, 2016

Hiding Data from Forensic Imagers – Using the Service Area of a Hard Disk Drive

I. Summary

Kaspersky Labs® recently released their research regarding the compromise of hard disk drive firmware. This has confirmed our long standing suspicion that data hiding techniques using a hard disk drives Service Area could be used for malicious purposes.  Kaspersky Labs® identified a group of attackers, dubbed the Equation Group, reportedly having close ties to the groups responsible for

Tuesday, July 19, 2016

Look What We Found in Mr Robot S02E01

At the end of S02E01 of Mr Robot, there is a scene where Darlene generate a ransomware with a modified SET toolkit. My fingers were itching for the IP address 192.251.68.254 which seems to be the C2 address for this malware. Not surprisingly, WHOIS resolved to NBC-UNIVERSAL. Lets see how deep this rabbit hole is.

Look What We Found in Mr Robot S02E01

At the end of S02E01 of Mr Robot, there is a scene where Darlene generate a ransomware with a modified SET toolkit. My fingers were itching for the IP address 192.251.68.254 which seems to be the C2 address for this malware. Not surprisingly, WHOIS resolved to NBC-UNIVERSAL. Lets see how deep this rabbit hole is.

Linux commands “astu” and “astsu” in Mr. Robot

 

ASTU is a fictional command used in Mr.Robot TV series. He use this command to restore the hacked server. The command used in Mr.Robot TV series while fixing server are

At 30:20 minute in Mr.Robot TV series.

eterm##$ locate server WBKUW300PS345672
eterm##$ ps aux | grep root
eterm##$ ps aux | grep root | cpuset
eterm##$ astu trace -pid 344 -cmd
eterm##$ astu -ls ./root/fsociety/ -a
eterm##$ fsociety00.dat

Above commands were used by Elliot to restore the server. Among all the above commands, only ps and locate is a real Unix command. PS command is used to list the running process. According to the series, there was a rootkill running in the server. He use ps command to find out the list of running process under root user. He finds out fsociety00.dat is process that made the downtime of server.

Locate command is used to search file in your filesystem. It searches for files only in the path located in /var/lib/mlocate/mlocate.db database file.

Wednesday, January 20, 2016

Metasploitable 2 Exploitation Guide

Metasploitable 2

The Metasploitable virtual machine is an intentionally vulnerable version of Ubuntu Linux designed for testing security tools and demonstrating common vulnerabilities. Version 2 of this virtual machine is available for download and ships with even more vulnerabilities than the original image. This virtual machine is compatible with VMWare, VirtualBox, and other common virtualization platforms. By default, Metasploitable’s network interfaces are bound to the NAT and Host-only network adapters, and the image should never be exposed to a hostile network.