Friday, June 28, 2013

A few days ago, I talked about How to detect ZeroAccess in your Network   Now, I want to show you how this trojan works. The goal of this trojan is to earn money through Click Fraud... It is a type of crime that abuses pay-per-click advertising to make money through fraudulent or fake clicks on advertisements. ZeroAccess makes money when it generate...

Posted on Friday, June 28, 2013 by Javier Nieto

2 comments

Friday, June 21, 2013

Fierce is a great script written in Perl by RSnake . This tool will help you for the first steps of a pentesting: the reconnaissance. The idea is to gather as much interesting details as possible about your target before starting the attack. Fierce is used for DNS Enumeration and has been included in Backtrack and Kali Linux distributions. It...

Posted on Friday, June 21, 2013 by Javier Nieto

No comments

Wednesday, June 19, 2013

Nikto is one of the most popular web security application when you are beginning a web pentesting project. You can download Nikto from http://cirt.net/nikto2 This tool has been included in Backtrack and Kali Linux distributions. Nikto is an Open Source web server scanner. This tool performs test against web servers making requests for multiple items....

Posted on Wednesday, June 19, 2013 by Javier Nieto

2 comments

Friday, June 07, 2013

ZeroAcces is a Trojan horse who use an advanced rootkit to hide itself and create a back door on the compromised host. The computers are infected  by "drive-by download" attacks: People who download and execute suspicious programs (ActiveX, Java applet...) without understanding the consequences. Downloads that happening without user authorization...

Posted on Friday, June 07, 2013 by Javier Nieto

3 comments

Wednesday, June 05, 2013

Are you using some anomyzer? Anonymizing your connection is one the main requirements you need to do when you want to do bad things... For this purpose we are going to use TOR.  "Tor is free software and an open network that helps you defend against a form of network surveillance that threatens personal freedom and privacy,...

Posted on Wednesday, June 05, 2013 by Javier Nieto

2 comments

Tuesday, June 04, 2013

In this post we are going to search with Google, servers that have been compromised and they are hosting a webshell. The most common method to upload a webshell to a server is RFI (Remote File Inclusion). RFI is a vulnerability that allows an attacker to upload a remote file like a script or webshell. With a webshell, you can manage the server, read/create/remove...

Posted on Tuesday, June 04, 2013 by Javier Nieto

No comments

If you recently have upgraded your Fortigate Firewall to FortiOS 4.0 MR3 perhaps you have noticed an increase in the traffic log. FortiOS 4.0 MR3 has the value of extended-traffic-log enabled by default instead of previous versions where this value was disabled by default. If you want to disabled this new default option, here you have the commands: config...

Posted on Tuesday, June 04, 2013 by Javier Nieto

No comments

Monday, June 03, 2013

When you build a Firewall in High Availability you need to be sure if the cluster's members are totally synchronized. I am going to give you some commands in order to change the CLI session between the members for checking your HA. First of all you need to watch how many members there are. If you have an active-pasive cluster, you need to know who...

Posted on Monday, June 03, 2013 by Javier Nieto

No comments

Some times, firewall security administrators have told me... "I have a lot of policy rules on my firewall, how can I discover unused policy rules?" or "I just created a new policy rule, how can I know if this rule has been matching? With Fortinet Firewalls is really easy to do. First of all you need to add  a new column in Policy -> Policy...

Posted on Monday, June 03, 2013 by Javier Nieto

1 comment