Phishing Tips

If you are looking to phish your own company (with permission), or perform phishing as part of a security service there are a lot of resources to help you get started. I’ve spent some time on this lately learning from others like those at Black Hills Info. Sec. and Zeknox (Phishing Frenzy). Below are a couple tips I picked up along the way that I feel are important when phishing.

  • Register a convincing domain to use 
    • Use a consistent registrar so it is easy to manage the domains. (Godaddy DNS records update really fast, which is good for phishing.)
  • Actually have a real email address (Sometimes this will be checked before messages are received)
    • Setup an email server and email account for the sending email address
      • Godaddy often offers free Office 365 email for a month, so that is one easy way to setup a temporary email server and email account. That deal isn’t constant, so it isn’t always an option.
      • Rackspace offers cheap business email accounts and you can manage multiple domains from one interface, which is nice. Minimum number of accounts is 5 for $10/month, but you can add one at a time after that.
  • Setup DKIM and SPF records
  • Use Legit TLS Certs for Websites
    • Let’s Encrypt can be used to generate TLS certs and get your site looking more legit.

That’s it. Just a couple quick tips.

Ditching PTF for Kali Light

After using the Penetration Testing Framework for several months I have decided to part ways with the platform. The primary reason is that it requires enabling updates from the unstable repository. Something that has made me uneasy for quite awhile and to the point that I’ve decided it is no good for production. Instead, for systems where I don’t want the full suite of Kali tools I have decided to go with Kali Light, which has just the basics installed. From there you can add what you want and keep everything tight and easy to maintain.

 

 

 

Security Onion

Looking for a greater ability to detect evil on your network? Check out the open source platform called Security Onion. I’ve been hearing a lot about Security Onion lately and it incorporates a number of open source tools such as Snort, Bro, OSSEC and more. It is worth checking out.

https://securityonion.net/

Free Windows OS Evaluation Versions

If you are not aware, Microsoft does offer evaluation versions of it’s operating systems and software like Exchange. This is great for those that want to learn more about Windows operating systems and software, but don’t have the funds for a MSDN or other licensing. These are 90-180 day evaluation versions (90 for Desktop OS’ and 180 for Server OS’), but if you are just getting started rebuilding a domain every couple months is good practice. RAM is cheap, build some virtual machines (VMs).

Microsoft’s Technet Evaluation Center – https://www.microsoft.com/en-us/evalcenter/

Prebuilt Developer VMs (Windows XP-10) – https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/

Alternatively for around $1200 for the first year you can pay for Visual Studio, which includes MSDN access to most Windows software and operating systems for testing purposes.

Pricing | Visual Studio

OpenVAS Install Checker

OpenVAS is a great vulnerability scanner if you do not have the funds for Nessus/Nexpose/Qualys, but still want to do a little vulnerability scanning. It certainly isn’t the fastest scanner, but for free/open-source you can’t ask for more. Today I ran into an issue where OpenVAS stopped working on one of my test virtual machines (VM) and I found that OpenVAS has a config checker tool. Running that let me know something was wrong and give me the command to fix it, which to my surprise worked. Not sure why their link to the tool goes to another site with no good SSL cert, but here is the information page on the OpenVAS site that links to it.

http://www.openvas.org/setup-and-start.html

 

FaradaySEC Pentesting Collaboration

I’ve been working more on penetration testing methodology lately and the same thought comes up again and again. How do I handle all the output and tracking of tasks effectively? Particularly when dealing with multiple employees at different physical locations. Write custom scripts, or programs to pull in data to a database and then create others to write out reports? One thing I have come across to solve this problem is FaradaySEC, which is doing something very interesting in terms of managing and reporting on output from pentesting activities. Check it out.

https://www.faradaysec.com/

Android Open Pwn Project

Pwnie Express has apparently been working on their own Android variant that uses Cyanogenmod and the Android Open Source Project, which they are calling the Android Open Pwn Project. This was mentioned recently on the Security Weekly podcast and seems like it could be useful. I don’t think it is publicly being mentioned much yet, but I imagine we will hear more in the next couple of months.

https://github.com/aopp

Create Great Documents with LaTex in the Cloud

LaTex is a typesetting language that can be used to create unique and professional looking documents. Microsoft Word and etc. do all the typesetting for you, but with LaTex you use code to do all the formatting. If you are looking to put together a really awesome resume/CV then look no further than LaTex. Don’t worry, there are tons of free cv/resume templates if you don’t want to dive deep on LaTex.

Sometimes it is a pain to keep your LaTex software updated when you rarely use it. I stumbled across the Google Docs of LaTex today and so far really like it. The site is called www.sharelatex.com and it provides free templates and the ability to sign up for their free or paid cloud service. Sharelatex.com’s cloud service allows editing and publishing as a PDF in the browser. I don’t think I’d use it for sensitive data, but for a resume sure. If you don’t want to use the cloud service you can just download the templates and use them locally. Check it out.

www.sharelatex.com