catalog . What is Firewall . Detecting the WAF . Different Types of Encoding Bypass . Bypass本质 1. What is Firewall Firewall is a security system which controls the traffic between a Network, Server or an Application. There are both Software and Hardw…
- Official documentation for pytbull v2.1 - Table of content Description Architecture Remote mode Local mode Installation Standard installation (client) Server Backtrack 5 Mac OS X Configuration CLIENT section PATHS section ENV section FTP section TI…
CLIENT SIDE ATTACKS - Detecting Trojan manually or using a sandbox Analyzing trojans Check the properties of the file. The file type of a trojan is application(.exe) , even if it looks like jpg\PDF or other files. Is it what it seems to be? Check Net…
CLIENT SIDE ATTACKS - BeEf Framework Browser Exploitation Framework allowing us to launch a number of attacks on a hooked target. Targets are hooked once they load a hook URL. DNS spoof requests to a page containing the hook. Inject the hook in brows…
CLIENT SIDE ATTACKS - Trojan delivery method - using email spoofing Use gathered info to contract targets. (e.g. Maltego, Google ... etc.) Send an email pretending to be a friend. Online Tool: https://anonymousemail.me/ Ask them to open a link, downl…
CLIENT SIDE ATTACKS - Spoofing backdoor extension Change the extension of the trojan from exe to a suitable one. Make the trojan even more trustable. We will use an old trick using the "right to left overload" character. 1. Open up the character…
CLIENT SIDE ATTACKS Backdooring ANY file Combine backdoor with any file - Generic solution. Users are more likely to run a pdf, image or audio file than an executable. Works well with social engineering. To convert the original(pdf, jpg, mp3) file to…
CLIENT SIDE ATTACKS - Backdooring exe' s Download an executable file first. VEIL - FRAMEWORK A backdoor is a file that gives us full control over the machine that it gets executed on. Backdoors can be caught by Anti-Virus programs. Veil is a framewor…
CLIENT SIDE ATTACKS - Social Engineering Social Engineering Information gathering Tool: Maltego Gathering Information About Target's Facebook Account, Twitter Account(Friends, Followers...), Email, Phone Number, etc.…
