[Hack]in(sight) Vol.2 No.10
Dear Security Professionals,
Many Cobalt Strike features could work as standalone tools. By making Cobalt Strike work with the Metasploit Framework, you get the benefit of seamlessly using all of these capabilities together. As a bonus, Cobalt Strike includes Armitage's GUI and features. If you know Armitage, you'll find Cobalt Strike very easy to learn.
In this release you will read 5 articles covering:
1. Cobalt Strike in practice: how to hack Windows 7 through Aarmitage using Kali Linux
Intro: Armitage is a scriptable red team collaboration tool built on top of the Metasploit Framework. Through Armitage, you may launch scans and exploits, get exploit recommendations, and use the advanced features of the Metasploit Framework's meterpreter. Armitage was originally made for Cyber Defense Exercises, but a lot of penetration testers use Armitage for its collaboration capabilities and its time-saving GUI.
2. Identifying and Disrupting Crypto- Ransomware
Intro: In recent years, malware has become very personal. Crypto-ransomware threats, including CryptoLocker,CryptoWall and TorrentLocker (pdf), have infected home users, businesses and even police departments, all of whom have had their personal data and hard work held hostage. When we think of precious family photos or an academic thesis being wiped by pure greed, it can become rather emotive. This is nasty stuff, and we need to do something about it! I have been.
3. Bypass UAC and AV on Windows 7
Intro: We will go throught pentesting techniques like msfconsole and I will introduce a couple of amazing tools for our purpose such as Shellter. Shellter is a dynamic shellcode injection tool, and probably the first dynamic PE infector ever created. It can be used in order to inject shellcode into native Windows applications (currently 32-bit apps only).
4. Hacking industrial control systems – Case study: Falcon
Intro: In the following article, we will be moving from gaining application level administrative control and how to use XSS, to target system administrators, and finally, how to gain a shell on the operating system level of the equipment using a combination of misconfigurations and security issues in combination.
5. Traffic Visualization with Lugburz - The Dark Tower
Intro: Many of you have seen and used various traffic visualization tools in order to get more comprehensive picture about your visitors and locations from which they are coming from. Some of those tools are free, some are proprietary and some are just cool – like Norse Attack Map ( see the list on the right ). Many of those proprietary solutions are not available as a free and open source drop-in package and the ones that are available, are not so easy to set up.
For more ethical hacking publications available on our website, subscribe to Hack Insight and receive:
--> 24 unique magazine editions per one year.
--> Access to all the previous releases from the archives.
--> Access to special publications, workshops and video tutorials.