Ethical Hacking

I was listening to this guy’s podcast on YouTube who I follow (I recommend following him) talk about SIM Port attack and the what’s and how’s of the entire thing. The podcast is based upon this guy who lost over $100k from this crypto account over night because his SIM card got attacked and was taken over by the attacker. I have included the 30 min podcast link as well as the original piece which lists how it happened step by step with images (check it out check it out)

YouTube Podcast Link: https://www.youtube.com/watch?v=qCWmpHHHXis

Article Link: https://medium.com/coinmonks/the-most-expensive-lesson-of-my-life-details-of-sim-port-hack-35de11517124

Interesting read here. A recent study shows that nation retaliatory hacking may not escalate as we thought. The Obama administration had a stance to not retaliate against counties that launched cyberattacks against the US, and they would implement sanctions for fear it could lead to a military conflict. The study shows just the opposite, it is rare that a cyber conflict will go tit for tat, or escalate to a military conflict.

The article speculates that these findings may benefit the Trump administration as the US has recently launched cyberattacks against Russia, China, and Iran to retaliate or intimidate.

An additional finding of the study shows that retaliatory hacking does little to stop adversaries from launching additional attacks. I have this vision of rival nations launching cyberattacks against each other and being wary to not cross that threshold for Military escalation. I assume all nations involved know each other’s thresholds? A very dangerous game being played here.

https://www.washingtonpost.com/news/powerpost/paloma/the-cybersecurity-202/2019/10/02/the-cybersecurity-202-hacking-back-may-be-less-risky-than-we-thought/5d939824602ff14beb3daacc/

I wanted to experiment with running Kali using Windows Subsystem for Linux on Windows 10.  This will let you run native Linux command-line tools directly on Windows.  I created this guide to get you a Kali WSL install with Metasploit running on Windows 10.  If you want to install Metasploit directly in Windows without the Windows Subsystem for Linux, read after step #13.

1. Open and run Windows PowerShell as administrator
2. Enter the following command:
   Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Windows-Subsystem-Linux
3. Reboot Windows
4. Open the Microsoft Store on Windows 10 and install Kali Linux
5. Launch Kali Linux when it is done installing and type a username and password when prompted.
6. Type: sudo apt-get update (enter password if prompted)
7. Type: sudo apt-get dist-upgrade
8. Type: sudo apt-get clean
9. Now we have to add the Kali Linux folder as an exception to the built-in Virus and threat protection so it doesn’t keep blocking/removing Metasploit:

Go to Start > Settings > Update & Security > Windows Security > Virus & threat protection

Under Virus & threat protection settings, select Manage settings, and then under Exclusions, select Add or remove exclusions.

10. Add your Kali folder as an exclusion:
    Located under: %LocalAppData%\Packages\KaliLinux.<Package_ID>\LocalState
    Example: C:\Users\yourname\AppData\Local\Packages\KaliLinux.random##sandletters\LocalState
11. Now go back to your Kali Linux terminal and run this command to install Metasploit:
    sudo apt-get install metasploit-framework
12. Finally, run Metasploit by typing: msfconsole
13. Have fun experimenting and adding whatever else you want to Kali Linux

Also, if you just want to install Metasploit in Windows and are using the built-in virus and threat protection, you can download Metasploit Framework for Windows and add c:\metasploit-framework as an exclusion folder (like in step #9).  The msfconsole command and all related tools will be added to the system %PATH% environment variable so you can use Metasploit within Command Prompt.

These alternate methods may be helpful for someone who has limited resources on their computer (ex. RAM/CPU) and can benefit from running with the least amount of VMs as possible.  It’s also good to experiment with relatively new technology like Windows Subsystem for Linux.

I still highly recommend a full native Linux install or a Linux VM for familiarization and skill building.

A former Yahoo software engineer, Reyes Daniel Ruiz, turned hacker was charged with hacking 6,000 plus Yahoo accounts, which included his friends and colleagues. Ruiz abused his role as a reliability engineer to access internal Yahoo systems to steal passwords and hack accounts.

Ruiz admitted to making copies of images and videos of users that he compromised and stored them at his home on personal systems. He didn’t stop there, after gaining yahoo access, he compromised other accounts, like Facebook, Gmail, iCloud and DropBox for additional media. I assume that users Gmail and Facebook password reset emails were sent to their Yahoo accounts to conceal the hack. Here is a case where two factor authentication would have tipped users off to their accounts being compromised.

I question what controls Yahoo had in place to audit Ruiz’s system access and operations.

https://thehackernews.com/2019/10/yahoo-email-hacking.html

A bunch of ethical hackers from a program called Government Bug Bounty found more than 30 vulnerabilities in Singapore government’s network system. The article mentions “The bug bounty program was organized by the Government Technology Agency (GovTech) and Cyber Security Agency (CSA) in partnership with HackerOne, a popular bug bounty platform. HackerOne helps organizations find and fix the potential vulnerabilities before they can be exploited by cybercriminals. The new bug bounty program is part of the Singapore government’s ongoing commitment to protect its citizens and secure government network systems. The hacking challenge will offer a monetary reward to the hackers for discovering and reporting potential vulnerabilities.”

What I found really interesting was the following:

“The Government has paid out S$25,950 in bounties for discovering 31 vulnerabilities, in which four were considered as High Severity and the remaining 27 were considered as medium/low severity.”

Singapore government has this really cool program which collaborates with the cyber security community in order to build a secure nation. I think this is something every country should take into consideration

Source Link: https://www.cisomag.com/singapore-government-patches-31-vulnerabilities-found-by-ethical-hackers/