JKKK BATU UBAN (DTL) P.PINANG: 1/01/24

PENA HIJAU · at 1/29/2024 07:11:00 PG

Are you tired of reading endless news stories about ethical hacking and not really knowing what that means? Let's change that!

This Post is for the people that:

Have No Experience With Cybersecurity (Ethical Hacking)
Have Limited Experience.
Those That Just Can't Get A Break

OK, let's dive into the post and suggest some ways that you can get ahead in Cybersecurity.

I receive many messages on how to become a hacker. "I'm a beginner in hacking, how should I start?" or "I want to be able to hack my friend's Facebook account" are some of the more frequent queries. Hacking is a skill. And you must remember that if you want to learn hacking solely for the fun of hacking into your friend's Facebook account or email, things will not work out for you. You should decide to learn hacking because of your fascination for technology and your desire to be an expert in computer systems. Its time to change the color of your hat 😀

I've had my good share of Hats. Black, white or sometimes a blackish shade of grey. The darker it gets, the more fun you have.

If you have no experience don't worry. We ALL had to start somewhere, and we ALL needed help to get where we are today. No one is an island and no one is born with all the necessary skills. Period.OK, so you have zero experience and limited skills…my advice in this instance is that you teach yourself some absolute fundamentals.

Let's get this party started.

What is hacking?

Hacking is identifying weakness and vulnerabilities of some system and gaining access with it.

Hacker gets unauthorized access by targeting system while ethical hacker have an official permission in a lawful and legitimate manner to assess the security posture of a target system(s)

There's some types of hackers, a bit of "terminology".
White hat — ethical hacker.
Black hat — classical hacker, get unauthorized access.
Grey hat — person who gets unauthorized access but reveals the weaknesses to the company.
Script kiddie — person with no technical skills just used pre-made tools.
Hacktivist — person who hacks for some idea and leaves some messages. For example strike against copyright.

Skills required to become ethical hacker.

Curosity anf exploration
Operating System
Fundamentals of Networking

*Note this sites

Scale Buildup: Hard water can cause scale buildup in pipes, appliances, and fixtures, reducing their efficiency and lifespan.
Soap Scum: Hard water can make it difficult to create a lather with soap, resulting in soap scum buildup on surfaces.
Dry Skin and Hair: Hard water can strip away natural oils from skin and hair, leading to dryness and irritation.
Reduced Detergent Effectiveness: Hard water can reduce the effectiveness of detergents, making it harder to clean clothes and dishes.

How to Choose the Right Water Softener for Well Water:

Water Hardness Level: The first step in choosing a water softener is to determine the hardness level of your well water. There are several ways to do this, including purchasing a water test kit or sending a sample of your water to a laboratory for analysis.
Flow Rate: Consider the flow rate of your well water system when selecting a water softener. The flow rate is measured in gallons per minute (GPM) and determines the size of the water softener you need.
Grain Capacity: The grain capacity of a water softener refers to its ability to remove hardness from water. The grain capacity is measured in kilograins (KGR) and determines how much hardness the water softener can remove before it needs to be regenerated.
Type of Water Softener: There are two main types of water softeners: salt-based and salt-free. Salt-based water softeners use a process called ion exchange to remove hardness from water, while salt-free water softeners use a different process, such as template-assisted crystallization.
Brand and Reputation: Consider the brand and reputation of the water softener manufacturer when making a purchase. Look for brands that are known for their quality, reliability, and customer service.

How to Install and Maintain a Water Softener for Well Water:

Proper Installation: It is important to have a water softener installed by a qualified professional. Improper installation can lead to leaks, damage to the water softener, or ineffective water softening.
Regular Regeneration: Water softeners need to be regenerated regularly to maintain their effectiveness. The frequency of regeneration depends on the hardness of your water and the size of the water softener.
Salt Replenishment: Salt-based water softeners require regular replenishment of the salt supply. The frequency of replenishment depends on the hardness of your water and the size of the water softener.
Maintenance: Water softeners should be inspected and maintained regularly to ensure proper operation and longevity. This may include cleaning the resin bed, checking for leaks, and replacing any worn or damaged parts.

Benefits of Using a Water Softener for Well Water:

Improved Water Quality: Treated water has a reduced mineral content, improving the taste, smell, and appearance of the water.
Reduced Scale Buildup: This can save you money by extending the lifespan of your appliances.
Softer Skin and Hair: Softened water can help to improve the health of your skin and hair.
More Effective Laundry and Dishwashing: Softened water can improve the performance of detergents and soaps.
Increased Energy Efficiency: Softened water can help to improve the efficiency of water heaters and other appliances that use water.

Conclusion:

A water softener can be a valuable investment for well water users, providing numerous benefits and improving overall water quality. By choosing the right water softener and properly installing and maintaining it, you can enjoy the advantages of softened water throughout your home.

--
You received this message because you are subscribed to the Google Groups "Broadcaster" group.
To unsubscribe from this group and stop receiving emails from it, send an email to broadcaster-news+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/broadcaster-news/9aa09de1-81fa-4c7e-ad67-17431e4b7165n%40googlegroups.com.

PENA HIJAU · at 1/28/2024 10:38:00 PTG

There are many goodware and malware developed in pascal, and we will see that the binary generated by the pascal compilers is fascinating, not only because the small and clean generated binaries, or the clarity of the pascal code, but also the good performance. In Linux we have Lazarus which is a good free IDE like Delphi and Kylix the free pascal IDE for windows.

The program:

program strtest;

var
cstr: array[0..10] of char;
s, s2: ShortString;

begin
cstr := 'hello world';
s := cstr;
s2 := 'test';

WriteLn(cstr + ' ' + s + ' ' + s2);
end.

We are going to compile it with freepascal and lazarus, and just the binary size differs a lot:

lazarus 242,176 btytes 845 functions
freepascal 32,256 bytes 233 functions
turbopascal 2,928 bytes 80 functions (wow)

And surprisingly turbopascal binaries are extremely light.
Lets start with lazarus:

Logically it imports from user32.dll some display functions, it also import the kernel32.dll functions and suspiciously the string operations of oleaut32.dll

And our starting point is a function called entry that calls the console initialization and retrieve some console configurations, and then start a labyrinth of function calls.

On functions 10000e8e0 there is the function that calls the main function.

I named execute_param2 because the second param is a function pointer that is gonna be executed without parameters, it sounds like main calling typical strategy.
And here we are, it's clearly the user code pascal main function.

What it seems is that function 100001800 returns an string object, then is called its constructor to initialize the string, then the string is passed to other functions that prints it to the screen.

This function executes the method 0x1c0 of the object until the byte 0x89 is a null byte.
What the hell is doing here?
First of all let's create the function main:

Simply right button create function:

After a bit of work on Ghidra here we have the main:

Note that the struct member so high like 0x1b0 are not created by default, we should import a .h file with an struct or class definition, and locate the constructor just on that position.

The mysterious function was printing byte a byte until null byte, the algorithm the compiler implemented in asm is not as optimized as turbopascal's.

In Windbg we can see the string object in eax after being created but before being initialized:

Just before executing the print function, the RCX parameter is the string object and it still identical:

Let's see the constructor code.
The constructor address can be guessed on static walking the reverse-cross-references to main, but I located it in debugging it in dynamic analysis.

The constructor reads only a pointer stored on the string object on the position 0x98.

And we have that the pointer at 0x98 is compared with the address of the literal, so now we know that this pointer points to the string.
The sentence *string_x98 = literal confirms it, and there is not memory copy, it only points reusing the literal.

Freepascal

The starting labyrinth is bigger than Lazarus so I had to begin the maze from the end, searching the string "hello world" and then finding the string references:

There are two ways to follow the references in Ghidra, one is [ctrl] + [shift] + F but there is other trick which is simply clicking the green references texts on the disassembly.

At the beginning I doubted and put the name possible_main, but it's clearly the pascal user code main function.

The char array initialization Is converted by freepascal compiler to an runtime initialization using mov instructions.

Reducing the coverage on dynamic we arrive to the writeln function:

EAX helds a pointer to a struct, and the member 0x24 performs the printing. In this cases the function can be tracked easily in dynamic executing the sample.

And lands at 0x004059b0 where we see the WriteFile, the stdout descriptor, the text and the size supplied by parameter.

there is an interesting logic of what happens if WriteFile() couldn't write all the bytes, but this is other scope.
Lets see how this functions is called and how text and size are supplied to figure out the string object.

EBX helds the string object and there are two pointers, a pointer to the string on 0x18 and the length in 0x18, lets verify it on windbg.

And here we have the string object, 0x0000001e is the length, and 0x001de8a68 is the pointer.

Thanks @capi_x for the pascal samples.

More information

PENA HIJAU · at 1/28/2024 02:05:00 PTG

From time to time, I get disappointed how much effort and money is put into securing computers, networks, mobile phones, ... and yet in 2016 here we are, where not much has changed on the defensive side. There are many things I personally blame for this situation, and one of them is the security tips.

The goal of these security tips is that if the average user follows these easy to remember rules, their computer will be safe. Unfortunately, by the time people integrate these rules into their daily life, these rules either become outdated, or these rules were so oversimplified that it was never true in the first place. Some of these security tips might sound ridiculous to people in InfoSec nowadays, but this is exactly what people still remember because we told them so for years.

PDF is safe to open

This is an oldie. I think this started at the time of macro viruses. Still, people think opening a PDF from an untrusted source is safer than opening a Word file. For details why this is not true, check: https://www.cvedetails.com/vulnerability-list/vendor_id-53/product_id-497/Adobe-Acrobat-Reader.html

On an unrelated note, people still believe PDF is integrity protected because the content cannot be changed (compared to a Word document).

Image stolen from Kaspersky

Java is secure

One of the best ones. Oracle started marketing Java as a safe language, where buffer overflows, format strings and pointer-based vulnerabilities are gone. Unfortunately, they forgot to tell the world that instead of "unsafe programs developed by others" they installed their unsafe program on 3 billion devices.

Stay away from rogue websites and you will be safe

This is a very common belief I hear from average people. "I only visit some trusted news sites and social media, I never visit those shady sites." I have some bad news. At the time of malvertising and infected websites, you don't have to visit those shady sites anymore to get infected.

Don't use open WiFi

I have a very long explanation of why this makes no sense, see here. Actually, the whole recommendation makes no sense as people will connect to public WiFis, no matter what we (InfoSec) recommend.

The password policy nightmare

Actually, this topic has been covered by myself in two blog posts, see here and here. Long story short: use a password manager and 2-factor authentication wherever possible. Let the password manager choose the password for you. And last but not least, corporate password policy sux.

Sites with a padlock are safe

We tell people for years that the communication with HTTPS sites are safe, and you can be sure it is HTTPS by finding a randomly changing padlock icon somewhere next to the URL. What people hear is that sites with padlocks are safe. Whatever that means. The same goes for WiFi - a network with a padlock is safe.

Use Linux, it is free from malware

For years people told to Windows users that only if they would use Linux they won't have so much malware. Thanks to Android, now everyone in the world can enjoy malware on his/her Linux machine.

OSX is free from malware

It is true that there is significantly less malware on OSX than on Windows, but this is an "economical" question rather than a "security" one. The more people use OSX, the better target it will become. Some people even believe they are safe from phishing because they are using a Mac!

Updated AV + firewall makes me 100% safe

There is no such thing as 100% safe, and unfortunately, nowadays most malware is written for PROFIT, which means it can bypass these basic protections for days (or weeks, months, years). The more proactive protection is built into the product, the better!

How to backup data

Although this is one of the most important security tips which is not followed by people, my problem here is not the backup data advise, but how we as a community failed to provide easy to use ways to do that. Now that crypto-ransomware is a real threat to every Windows (and some OSX) users, even those people who have backups on their NAS can find their backups lost. The only hope is that at least OSX has Time Machine which is not targeted yet, and the only backup solution which really works.

The worst part is that we even created NAS devices which can be infected via worms ...

Disconnect your computer from the Internet when not used

There is no need to comment on this. Whoever recommends things like that, clearly has a problem.

Use (free) VPN to protect your anonimity

First of all. There is no such thing as free service. If it is free, you are the service. On another hand, a non-free VPN can introduce new vulnerablities, and they won't protect your anonymity. It replaces one ISP with another (your VPN provider). Even TOR cannot guarantee anonymity by itself, and VPNs are much worse.

The corporate "security tips" myth

"Luckily" these toxic security tips have infected the enterprise environment as well, not just the home users.

Use robots.txt to hide secret information on public websites

It is 2016 and somehow web developers still believe in this nonsense. And this is why this is usually the first to check on a website for penetration testers or attackers.

My password policy is safer than ever

As previously discussed, passwords are bad. Very bad. And they will stick with us for decades ...

Use WAF, IDS, IPS, Nextgen APT detection hibber-gibber and you will be safe

Companies should invest more in people and less into magic blinking devices.

Instead of shipping computers with bloatware, ship computers with exploit protection software

Teach people how to use a password safe

Teach people how to use 2FA

Teach people how to use common-sense

Conclusion

Computer security is complex, hard and the risks change every year. Is this our fault? Probably. But these kinds of security tips won't help us save the world.

Related news

PENA HIJAU · at 1/28/2024 05:33:00 PG

A WordPress plugin with over one million installs has been found to contain a critical vulnerability that could result in the execution of arbitrary code on compromised websites.

The plugin in question is Essential Addons for Elementor, which provides WordPress site owners with a library of over 80 elements and extensions to help design and customize pages and posts.

"This vulnerability allows any user, regardless of their authentication or authorization status, to perform a local file inclusion attack," Patchstack said in a report. "This attack can be used to include local files on the filesystem of the website, such as /etc/passwd. This can also be used to perform RCE by including a file with malicious PHP code that normally cannot be executed."

That said, the vulnerability only exists if widgets like dynamic gallery and product gallery are used, which utilize the vulnerable function, resulting in local file inclusion – an attack technique in which a web application is tricked into exposing or running arbitrary files on the webserver.

The flaw impacts all versions of the addon from 5.0.4 and below, and credited with discovering the vulnerability is researcher Wai Yan Myo Thet. Following responsible disclosure, the security hole was finally plugged in version 5.0.5 released on January 28 "after several insufficient patches."

The development comes weeks after it emerged that unidentified actors tampered with dozens of WordPress themes and plugins hosted on a developer's website to inject a backdoor with the goal of infecting further sites.

Isnin, Januari 29, 2024

How To Start | How To Become An Ethical Hacker

Read more

Water Softener for Well Water: A Comprehensive Guide

Ahad, Januari 28, 2024

Reversing Pascal String Object