WikiLeaks

Security

SpiderFoot 2.9.0

SpiderFoot 2.9.0 is now out, totaling almost 60 data collection/analysis modules for your reconnaissance, footprinting and OSINT needs. Here’s what’s new since 2.7.0 was announced here… *9* new modules: -Base64 string finder -Binary string searches (identifies file meta data) -Censys.io data collection (device info) -Cymon.io data collection (threat intel) -Hunter.io data collection (e-mail addresses) -psbdmp.com data collection (password dumps/breaches) -ThreatCrowd data collection (threat intel) -Squatted domain identification -Wikileaks.org data searches Search by e-mail addresses in addition to IPs, subnets, domains and hosts Massive reduction in false positives of junk files and social media accounts German, French and Spanish dictionaries added […]

PowerShell Security

PowerShell y RickyBobby en la filtración de WikiLeaks (Vault 7: CIA Hacking Tools Revealed)

About RickyBobby v4.x.x (S) RickyBobby 4.x is developed by IOC/EDG/AED/Operational Support Branch (OSB) as a lightweight implant for target computers running newer versions of Microsoft Windows and Windows Server. The RickyBobby implant enables COG operators to upload and download files and execute commands and executables on the target computer without detection as malicious software by personal security products (PSPs). RickyBobby 4.x improves upon previous versions of RickyBobby by being easier to install, task using the Listening Post (LP), and manage multiple implant installations. (S) RickyBobby 4.x is comprised of several .NET DLLs and a Windows PowerShell script. RickyBobby uses Windows […]

Network Security

Wireshark en la filtración de WikiLeaks (Vault 7: CIA Hacking Tools Revealed)

Configure Wireshark on Ubuntu By default, wireshark can not be run as a non-root user when attempting to capture traffic on an interface.  The following steps can rectify this issue: Install Wireshark

Create a wireshark group

Add your username to the wireshark group

Change the group ownership of the file dumpcap to wireshark

Chage the mode of the file dumpcap to allow execution by the group wireshark

Grant capabilities with setcap

Verify the change

config_wireshark-ubuntu_user.txt Attachments: config_wireshark-ubuntu_user.txt Previous versions: | 1 | 2 |

PowerShell Security

PowerShell en la filtración de WikiLeaks (Vault 7: CIA Hacking Tools Revealed)

PowerShell Notes Create and Modify Your Powershell Profile First check whether or not your profile exists. Test-Path $profile If the query returned “False”, then your profile does not exist. Create your profile New-Item -path $profile -type file -force The output of the previous command will tell you where your profile was created.  The path given as the “Directory” output is the directory containing your profile.  It will be something like C:\Users\user1\Documents\WindowsPowerShell. Open Windows Explorer and go to that directory.  Your profile will be “Microsoft.PowerShell_profile.ps1”. By default your profile will be empty.  You can edit your profile to customize your powershell […]

Security

Vault 7: CIA Hacking Tools Revealed

Today, Tuesday 7 March 2017, WikiLeaks begins its new series of leaks on the U.S. Central Intelligence Agency. Code-named “Vault 7” by WikiLeaks, it is the largest ever publication of confidential documents on the agency. The first full part of the series, “Year Zero”, comprises 8,761 documents and files from an isolated, high-security network situated inside the CIA’s Center for Cyber Intelligence in Langley, Virgina. It follows an introductory disclosure last month of CIA targeting French political parties and candidates in the lead up to the 2012 presidential election. Recently, the CIA lost control of the majority of its hacking […]