How to initialize your brand new SSD (Windows)

If you decide to buy a new Solid State Drive a.k.a. SSD, before you can use it, you have to initialize and partition it. 

Otherwise it will seem to you that you connect the drive and nothing is happening. You can do the initialization by connecting the SSD through a USB cable (SATA to USB).

1. Attach the SSD as a secondary drive and load Windows from your existing drive.
   
2. In Windows 7 and earlier, open 'Disk Management' by right clicking on 'Computer' and selecting 'Manage', then 'Disk Management'. In Windows 8 and later, move the mouse to the lower left corner of your desktop and right-click on the Start Icon, then select Disk Management.
   
3. When Disk Management opens, a pop-up should appear and prompt you to initialize the SSD.
   
4. Select MBR (Master Boot Record) and click OK
   
5. Right click in the area that says Unallocated and select New Simple Volume...
   
6. The New Simple Volume Wizard will open, click Next
   
7. Leave the Specify Volume Size as the maximum (default value) and click Next
   
8. Select a Drive Letter and click Next
   
9. In the Format Partition screen, decide on a Volume label (the name you want to give the drive) and click Next

The drive is now formatted and ready for use.

InfoSec 2015, BSides London 2015 and 2600

My first time at InfoSec was something like ten years ago, or more. It was interesting to see how the event has evolved over the years. Once again, it was really exciting to be among so many colleges in information security during InfoSec and Security BSides London. 

As always, I enjoyed my rounds at InfoSec and that I had the chance to chat and catch up with a number of people from the Information Security community and to a number of vendors about their products and their cybersecurity strategies for the next year. 

Understanding the significance of Operations Security (OPSEC) in a fast evolving threat landscape

It is not the first time a military term is being used by the Information Security community in order to describe an Information Assurance process. Operations Security (OPSEC) is a military term referring to the protection of different types of unclassified information which could end up exposing the security of an entity if put together and combined. In other words, in information security OPSEC describes the process by which publicly available information (unclassified) can be used against us if taken advantage by cyber criminals and/or adversaries with malicious intent.

BSides London 2015 - Virtual Terminals, POS Security and Becoming a Billionaire Overnight!

Yes, it is true. The talk was short-listed and it was voted for the BSides London 2015 conference! Thank you all for voting for my talk. 

I am looking forward to fantastic line-up of talks at the conference. As you probably noticed at the schedule page, the session is not to be recorded due to the sensitive content, so please, do respect this request. 

This means that if you want to find out more about the talk, you will have to be there and attend the session. 

Tripwire (@TripwireInc) posted a short article about my forthcoming Security BSides London 2015 talk, which you can find at this link.

 

As far as I know Track 2 is quite big and I really hope there are going to be enough spaces for everyone. For those attending the talk, mark it down on your schedule, tweet about it and follow me @drgfragkos to find out more! :) 

I have only one thing to say to you for now: Great things do come, to those who attend ;)

If you want to tweet about the talk dont forget to use the BSides London 2015 handler: #BSidesLDN2015

Copy-Past Tweet for sharing: 

Virtual Terminals, #POS Security and Becoming a Billionaire Overnight! via @drgfragkos at @BSidesLondon #BSidesLDN2015

I am looking forward to the event, hoping to have a chance to speak to all of you at the conference and potentially share a drink or two. I really appreciate your interest in this field and I can only hope my talk will keep you all excited once more. I really believe that anyone who has the opportunity to be at this conference should not miss the chance. We are all going to be there and if you have like five minutes to spare, come and say hi.

NitlovePOS - POS terminals being targeted through phishing emails

Cyber-criminals and fraudsters have started targeting employees working on Point-of-Sales terminals in order to get their hands on card details. 

There is now evidence that social engineering and spear phishing emails are actively being used and have become the next attack method against employees who have access to payment applications, virtual terminals and electronic cash registries. 

The new malware is named NitlovePOS [Virus Total Detection Rate] and it targets track one and track two data by scanning the processes running. In other words, it is yet another memory-scraping malware that sends the captured data to a remote server over SSL.

Personal Greeting for your mobile phone, using a bash script, Kali Linux and the Raspberry Pi

First of all, this is a quick way for making your Kali Linux speak. I am going to tell about a couple of ways to do text-to-speech on your Linux box. I used this for fun, for having audio alerts embedded to my applications and finally for recording a personal greeting for my phone. 

I started playing with espeak, and experimented with the different voices. The espeak application is fantastic but the different voices/languages it has, are too computerised. They do not sound as natural as you would have expected. However, for some quick tasks like listening to your LAN and/or WAN IP address, it can be useful, and cool.

Adult Friend Finder data breach, the aftermath...

Did you hear about the Adult Friend Finder data breach? Of course you did, it’s all over the news [1] [2] and it is getting major attention due to the spicy nature of the content. 
The online adult service was breached and 3.8 million accounts became public. 

The information including sexual preference, marital status and other personal data (such as, date of birth, email addresses and postal/home addresses) are now all publicly available. 

Well, we have seen data breaches before, but how is this data breach a little bit different??

Up to now, every article I read online about this incident treats it as yet another data breach, without paying any attention to the effects such a data breach will bring to people. Let us see the issues that come to mind, one by one in the following lines. 

Logjam attack - Diffie-Hellman key exchange weakness (a quick and brief explanation)

A study was published regarding the security of the Diffie-Hellman key exchange. This popular cryptographic algorithm can be found among many protocols such as HTTPS, SSH, IPsec, SMTPS and it is used for sharing a key and establishing a secure connection. 

The weaknesses uncovered affect websites, mail servers, and other TLS-dependent services that support DHE_EXPORT ciphers. The exploitation of this vulnerability  was given the name Logjam attack [1] and depends on how Diffie-Hellman key exchange has been deployed in each case. 

The Logjam attack against TLS can be performed by downgrading vulnerable TLS connections to 512-bit export-grade cryptography, allowing the man-in-the-middle (MiTM) attacker to read and modify any data passed over the connection. At the moment, this attack affects all modern web browsers. 

ozwpan driver - Remote packet-of-death vulnerabilities in Linux Kernel

"The ozwpan driver accepts network packets, parses them, and converts them into various USB functionality. There are numerous security vulnerabilities in the handling of these packets. Two of them result in a memcpy(kernel_buffer, network_packet, -length), one of them is a divide-by-zero, and one of them is a loop that decrements -1 until it's zero." [1]

1. A remote packet can be sent, resulting in funny subtractions of
signed integers, which causes a memcpy(kernel_heap, network_user_buffer, -network_user_provided_length).

There are two different conditions that can lead to this:
https://lkml.org/lkml/2015/5/13/740
https://lkml.org/lkml/2015/5/13/744

2. A remote packet can be sent, resulting in divide-by-zero in softirq, causing hard crash:
https://lkml.org/lkml/2015/5/13/741

3. A remote packet can be sent, resulting in a funny subtraction, causing an insanely big loop to lock up the kernel: https://lkml.org/lkml/2015/5/13/742

4. Multiple out-of-bounds reads, resulting in possible information leakage, explained in the last paragraph of the introductory email here: https://lkml.org/lkml/2015/5/13/739

The above is a repost of this: http://seclists.org/oss-sec/2015/q2/446

You may find more information about ozwpan here: https://lkml.org/lkml/2015/5/13/739

[1] https://lkml.org/lkml/2015/5/13/739

VENOM Vulnerability - Virtualized Environment Neglected Operations Manipulation

VENOM is short for Virtualized Environment Neglected Operations Manipulation and it is a vulnerability in the QEMU’s virtual Floppy Disk Controller (FDC). The vulnerable code is used in numerous virtualization platforms and appliances such as Xen, KVM, and the native QEMU client. 

The vulnerability has been assigned the following CVE (CVE-2015-3456). As far as we know, VMware, Microsoft Hyper-V, and the Bochs hypervisors are not impacted by this. 

The interesting fact about VENOM is that it applies to a wide range of virtualization platforms (using the default configurations) and it allows for arbitrary code execution. Due to the fact that the vulnerability exists in the hypervisor’s codebase, it affects all host and guest Operating Systems. 

However, the vulnerability can be exploited only with escalated privileges (root, administrator). 

{ } YARA - The pattern matching swiss knife for malware researchers

This is a blog post about YARA, the pattern matching tool which allows malware researchers to identify and classify malware samples. It is a very interesting tool and fairly easy to get the hand of it. In a few lines of code you can create descriptions of malware families (or anything else you would like to describe) based on textual or binary patters. 

You can create simple rules or more complex ones, depending on what you trying to do. It supports wild-cards, case-insensitive strings, regular expressions, special operators and has a number of additional features to play with. 

YARA is also multi-platform! It can be run on Windows, Linux and Mac OS X. It can be used through its command-line interface or from your own Python scripts with the yara-python extension.

Download recursively all files from a certain directory listing using wget

This is going to be a quick blog post about wget which I believe it is very interesting for you to know how to do this. From your Linux box you can use wget to recursively download all the files listed in a directory listing. 

If you have seen something similar to Figure 1, then this is what directory listing looks like. If someone wants you to have access to their files on the web server through HTTP then it is a quick and easy way of doing it, but most of the time is a misconfiguration allowing the hosted files to be publicly available to unauthorised users. 

Figure 1 - Directory Listing

Things you should know about the Opera browser (Presto) and its features

For me, the ultimate browser is the Opera Web Browser. I have been using Opera as my default browser under Windows since 2001 (Mozilla under Linux) where I had the luxury of having multiple tabs open while I was enjoying the amazing speed of the fastest browser at the time. Due to the fact most viruses were being written at the time to affect Internet Explorer, Opera was unaffected by malicious scripts and viruses hosted on web servers/portals. Also, one of the most life saving features of Opera was that whatever happened to the OS (the OS used to hang and crash a lot back then) you would never loose your work! All my tabs, with all the things I was reading/researching were kept as they were, no matter what e.g. power failure. 

Many "experts" at the time were claiming that a multi-tab browser is a pointless feature because you are always going to be using one tab in front of you at any time anyway. Today the answer to these people seems obvious, but back then it was a nightmare to convince these "opinionated experts"  that multi-tab browsing is the future. 

Cyber Essentials Scheme explained

Cyber Security is of increasing importance to private companies, SMEs and organisations. Becoming certified against a cyber security standard can be proven a trivial task. Getting familiar with the Cyber Essentials Scheme might proven invaluable when it comes to the cyber security of a business/organisation and to obtaining government contracts. Becoming certified to a cyber security standard significantly lowers the risk of becoming the victim of a data breach. 

According to the Verizon Data Breach Investigations Report (2013-2015) most of the attacks require very little skill or experience to be carried out. Consequently, the UK government in order to roll out a basic level of security for protecting businesses against these widely spread cyber attacks (usually low-tech attacks) introduced the Cyber Essentials Scheme on the 1st of October 2014.

Guest Speaker for University of South Wales (Information Security Research Group) - CyberSecurity and the Payment Card Industry

I had the pleasure to be invited as a guest speaker to the University of South Wales in order to give a talk about CyberSecurity and the Payment Card Industry more specifically for the Information Security Research Group (ISRG).

The talk included an introduction to the Payment Card Industry (PCI),  Payment Card Industry Data Security Standard (PCI DSS) and the Payment Card Industry Security Standards Council (PCI SSC). The participant had an opportunity to understand what is an Approved Scanning Vendor (ASV), a Qualified Security Assessor (QSA) and last but not least a PCI Forensics Investigator (PFI).

Download videos from online resources, such as YouTube, Dailymotion, etc..

Among the most popular video hosting resource on the web is YouTube, being the third most popular website in the world. Sometimes we find ourselves in need to download a video in order to be able to watch it offline. 

There are several online services which allow us to save a copy of our favourite videos but not all of them allows you the option of downloading in different qualities and formats.

BSides London 2015 - CFP

I hope you all look forward to BSides London 2015, https://www.securitybsides.org.uk. In case you want to tweet about it, this year we are using the #BSidesLDN2015 hash tag. The event will take place on Wednesday 3/Jun/2015 at the ILEC Conference Centre, 47 Lillie Road, SW6 1UD, London (see the MAP). 

As a side note, this year InfoSecurity Europe in London will take place between the dates 2nd and 4th/June/2015. Usually, Security BSides London is in line with InfoSec and the event takes place on the first day of InfoSec. However, this year, make sure you note down that the event will take place on the second day of InfoSec (see InfoSec). 

I am happy to see that my talk for this year is number 2 on the list of submissions (CFP Submissions). Voting for the talks opened today 20/Apr/2015 and it will be running until 1/May/2015. Please find some more information about my talk in the section below (click Read More). You can find/follow me at twitter @drgfragkos and I really hope you spread the word regarding this talk to your friends and followers. 

How to quick split an .mp3 file using Linux

Sometimes you just need to split an .mp3 file and it is convenient to know how to do this under Linux. When you simply need to split (cut) an .mp3 file there is no need for advance editing and/or transcoding tools. 

Using my Kali distribution, I installed the mp3splt application.

$ apt-get install mp3splt

After that, everything was easy enough. Just run the following command. As you can see I wanted to split the file and get the chunk from the beginning (00.00.00) until the 3 minutes and 43 seconds (03.43) into the song. The original file was the live.mp3 and the new file to output is the live_new.mp3 but all that is straight forward to the trained eye. 

$ mp3splt live.mp3 00.00.00 03.43 -o live_new.mp3

Beat in mind that mp3splt is powerful tool and can do many things for you if you want to play around with mp3 files. Find out more at its on-line man page here.

If you want to play your .mp3 file from the command line one of the tools you can is mplayer. You can find a list of short-cuts this tool supports here.

How to quick split an .mp4 file using Linux

I recently wanted to split an .mp4 file in order to use it in one of my presentations. I used to have all the necessary software installed for editing and transcoding video files, but not any more. I was looking for an off-line, quick and reliable solution using only what I had in my disposal. 

Using my Kali distribution, I installed the ffmpeg package. 

apt-get install ffmpeg

After that, everything was easy. Lets assume the name of the video is CyberSecurity.mp4 and its length is 04 minutes and 37 seconds. Also, lets assume that you want the chunk of the video needs to start from the beginning until the 03 minutes and 18 seconds mark.

In order to split this video from the beginning (00:00:00) until the 03 minutes and 18 seconds mark (00:03:18), you will need to run the following command. 

ffmpeg -acodec copy -vcodec copy -ss 0 -t 00:03:18 -i CyberSecurity.mp4 CyberSecurity_new.mp4

Or, you can use the exact "start time" by specifying it: 

ffmpeg -acodec copy -vcodec copy -ss 00:01:00 -t 00:03:18 -i CyberSecurity.mp4 CyberSecurity_new.mp4

In case you need a script to automate the splitting of a video file in equal chunks, you may find this link very useful.

I hope this post was helpful to you as it was for me.

Raspberry Pi 2 Model B and Kali Linux - quick setup

The new Raspberry Pi 2 Model B is approximately 6 times faster that its predecessor. It comes with:

• QUAD Core Broadcom BCM2836 CPU
• 1 GB RAM
•  40 pin extended GPIO
• Micro SD slot
• 4x USB ports
• HDMI
• 4 pole Stereo output and Composite video port
• CSI camera port & DSI display port
• Micro USB power source

In order to install Kali Linux on the new Raspberry Pi you will need to download the new image for Raspberry Pi 2 (0.48G) version 1.1.0  from https://www.offensive-security.com/kali-linux-vmware-arm-image-download/ (filename: kali-1.1.0-rpi2.img.xz). 

EU Data Protection Regulation

The globalisation of data and the enormous technological developments of the last decade raises a number of new challenges when it comes to data protection and privacy. Current privacy legislation has not yet caught up with the technology boom when it comes to personal data, and fails to consider aspects such as cloud storage and the wide spread use of social networks. This is set to change with the launch of the proposed EU Data Protection Regulation.

How to prevent a business from being the next exploited target

Over the past few years, Cybersecurity has become a high priority task on the agenda of every organisation that wants to: prevent unpleasant security incidents, avoid being breached by sophisticated attacks and Advance Persistent Threats, detect malicious activity which is specifically designed to evade detection and last but not least respond proactively to the emerging cyber threat landscape. During 2014 in particular, cyberattacks became the norm making headlines on a regular basis with a number of high profile breaches being in the spotlight which as a result affected the number of online transactions. More specifically, it was reported that the levels of fraud increased in 2013-2014 by 12% which accounts for 37% of the total £603m cost of retail crime as reported by the BRC Retail Crime Survey. 

Good luck Lenovo and thank you for the Superfish!

When you purchase a laptop it comes with some default, pre-installed applications. I personally hate this and it is quicker to format the laptop with a fresh install than go down the route of uninstalling all the <r@p-ware one by one. 
Have you ever bought a new Vaio? The amount of extras installed and running in the background take upon most of the resources. 
However, this post is about the Lenovo laptops which also contain a number of added "features". One of the added "features" is an adware which activates when taken out of the box for the first time. This adware ships with all consumer PCs from Lenovo and uses a certificate to perform a man-in-the-middle attack in order to inject ads into the user's browser. 

PCI SSC bulletin on impending revisions to PCI DSS, PA-DSS (updating to version 3.1)

The Payment Card Industry Security Standards Council (PCI SSC) in order to address few minor updates and clarifications and one impacting change, will publish a revision to the PCI DSS and PA-DSS v3.0 in the following weeks. The following bulletin will be issued on the PCI SSC website on 13 February in regards to this impending update to the standards.

Private IPv4 and IPv6 address spaces

In the Internet addressing architecture, a private network is a network that uses private IP address space, following the standards set by RFC 1918 for Internet Protocol Version 4 (IPv4), and RFC 4193 for Internet Protocol Version 6 (IPv6). These addresses are commonly used for home, office, and enterprise local area networks (LANs), when globally routable addresses are not mandatory, or are not available for the intended network applications. Under IPv4, the private IP address spaces were originally defined in an effort to delay IPv4 address exhaustion, but they are also a feature of IPv6, the next generation Internet Protocol.

These addresses are characterized as private because they are not globally delegated, meaning that they are not allocated to any specific organization, and IP packets addressed with them cannot be transmitted through the public Internet.

To Flash, or not to Flash?

Adobe suffers its third critical vulnerability (CVE-2015-0313) for this year. The vulnerabilities are exploited by the use malicious advertisements known as malvertising attacks. Due to the fact advertisements are designed to load once a user visits a site, the infection happens automatically. 

The affected version of this third vulnerability were:

• Adobe Flash Player 16.0.0.296 and earlier versions for Windows and Mac OS X
• Adobe Flash Player 13.0.0.264 and earlier 13 x versions

There are two Flash player updates already released by Adobe to mitigate the two previous vulnerabilities (CVE-2015-0310, CVE-2015-0311) and new updates are expected during this week for the latest vulnerability. 

In the meanwhile, make sure your flash does not load automatically by enabling the click-to-play feature of your web browser, make sure your AntiVirus solution is up-to-date, make sure you have the latest Flash player installed downloaded only by the legitimate Adobe website and last but not least, use an ad-blocker. 

Abertay Ethical Hacking Society run their fourth annual Security Conference: Securi-Tay IV

Securi-Tay [1] is an Information Security conferece held by the Abertay Ethical Hacking Society [2], and supported by the Abertay University in Dundee. The aim of the conference is to provide an opportunity to industry professionals, students and information security enthusiasts to attend and share knowledge and information. This year will be the fourth year the conference is taking place (hence the IV) and it will be held on February 27th, 2015. Personally, I believe this conference offers a fantastic opportunity to students to meet and network with experts in the area of security, share information and have a first glance on how their future in the security industry can be like. 

I was very pleased to get accepted to speak at the conference this year and I am already looking forward to it.

The Bug Bounty List - Bug Hunting

I started finding serious security issues and vulnerabilities back in 1998. Back then the community was so immature that I was getting so much grief every time I was trying to explain what I had found. The common response was "why did you check our system/application", "who told you to alter the input", "this was not suppose to happen, you broke it", "the others don't know to do this; why did you do it" and all sort of similar discussions. Unfortunately, back then they weren't any bug bounty or recognition programs for the poor security enthusiast like myself.

I am glad to see that the community starts becoming more mature and understands how valuable can be for a business the discovery of a security issue or a vulnerability by a "white hacker". I am also glad there are bug bounty programs out there which reward security researcher and security enthusiasts who discover security issues.