How to install Bitdender’s free Ransomware Protection Tool

•March 29, 2016 • Leave a Comment

Bitdefender has just released a free tool that can protect against ransomeware viruses. Here is how to install it.

Hackers have been hitting everything from hospitals to police stations with Ransomeware viruses. Bitdefender has released a tool that could help fight it:

“Bitdefender anti-malware researchers have released a new vaccine tool which can protect against known and possible future versions of the CTB-Locker, Locky and TeslaCrypt crypto ransomware families.

“The new tool is an outgrowth of the Cryptowall vaccine program, in a way.” Chief Security Strategist Catalin Cosoi explained. “We had been looking at ways to prevent this ransomware from encrypting files even on computers that were not protected by Bitdefender antivirus and we realized we could extend the idea.”

Installation could not be easier

  1. Download the file:

https://labs.bitdefender.com/2016/03/combination-crypto-ransomware-vaccine-released/

  1. Run it:

Ransomeware Protection 1

 

3. Click Next, and then install:

Ransomeware Protection 2

  1. And then Finish

Ransomeware Protection 3

And that is it!

Ransomeware Protection 4

How easy was that?

If you want you can change the settings for the program. You may want to set it to “minimize on startup” and “minimize to tray on close”:

Ransomeware Protection 5

But it is pretty much an install and forget about it type app, no fuss, no muss.

Bitdefender has always been one of my favorite anti-virus programs, and this is a handy tool to have.

Check it out!

Book Review: Basic Security Testing with Kali Linux 2

•March 26, 2016 • Leave a Comment

Basic Kali 2

A fully updated version of the very popular “Basic Security Testing with Kali Linux” is now available! Now totally re-written from the ground up to cover the new Kali Linux “2016-Rolling” with the latest pentesting tools and Ethical Hacking techniques.

I was honestly shocked how well received the first Basic Security Testing book was received by the security community. But all in all, it was my first book attempt and definitely had room for improvement. I was flooded with requests and advice from students, instructors and even military personnel on recommended changes and ways the book could be improved.

I took every comment to heart and with the help of an amazing editorial and reviewer team, that included a computer security professor and a CTF player, created Basic Security Testing 2!

What’s new:

  • Completely re-written to cover topics more logically
  • Better lab layout that is used consistently throughout the book
  • Written for the latest version of Kali (Kali 2.0 “Sana” & Kali “2016-Rolling”)
  • Includes an introduction chapter for the new Kali 2016-Rolling
  • All tools sections have been updated – old tools removed, new tools updated
  • Now uses PowerShell for most of the remote Windows Shells
  • XP removed, Windows 7 used as the main Windows target (though Windows 10 is mentioned a couple times  🙂  )
  • More tool explanations and techniques included
  • 70 pages longer than original book

What’s the same:

  • Learn by doing
  • Hands on, Step-by-Step tutorials
  • Plenty of pictures to make steps more understandable
  • Covers the same major topics as the original, but using the latest tools
  • The front cover, well, except for the “2”!

My goal was to provide a common sense Ethical Hacking how-to manual that would be useful to both new and veteran security professionals. And hopefully I have accomplished that task. Thank you to everyone for your continuous support and feedback, it is greatly appreciated!

So what are you waiting for, check it out!

Basic Security Testing with Kali Linux 2

 

 

 

 

Security Book Give Away: Intermediate Security Testing with Kali Linux 2

•March 18, 2016 • 20 Comments

UPDATE 4/3 – The Contest is now over, and winners have been notified. Thank you everyone for your interest and support!

Want a chance to win a signed copy of “Intermediate Security Testing with Kali Linux 2”?

This almost 500 page hands-on, step-by-step tutorial style book doesn’t dwell on the theory of security, but instead walks you through implementing and using the latest security tools and techniques using the most popular computer security testing platform, Kali Linux:

Book Cover proof

My third book, “Basic Security Testing with Kali Linux 2” a total update of my hugely popular “Basic Security Testing” book, has just been published! To celebrate I am giving away four signed copies of my second book, “Intermediate Security Testing with Kali Linux 2”.

Simply share a link to this article on your favorite social media site. Then place a copy of the link in the comments field below. Winners will be chosen at random in two weeks (April 1st) from links in the comments section.

Using Problem Steps Recorder (PSR) Remotely with Metasploit

•February 13, 2016 • 1 Comment

Windows includes a built in program that captures screenshots and text descriptions of what a user is doing on their system. This program could be accessed remotely by a hacker. In this article we will see how to run the program from a remote shell using Metasploit.

Introduction

Windows includes a great support program that you have probably never heard of called “Problem Steps Recorder” (psr.exe). Microsoft made this program to help troubleshooters see step-by-step what a user is doing. If a user is having a computer problem that they either can’t articulate well or tech support just can’t visualize the issue, all the support personnel needs to do is have the user run psr.exe.

When PSR runs it automatically begins capturing screen captures of everything that the user clicks on, it also keeps a running dialog of what the user is doing in a text log. When done, the data is saved into an HTML format and zipped so all the user needs to do is e-mail this to the tech support department.

I have honestly never heard of PSR before yesterday when Mark Burnett (@m8urnett) mentioned it on Twitter:

PSR Metasploit 1

Creepy indeed, but I thought that if you could run it remotely, it would be a great tool for a penetration tester. Well, you can! Though running PSR as an attack tool isn’t a new idea. I did some searching and it is mentioned multiple times over the last several years in this manner. Pipefish even mentions using it with Metasploit back in this 2012 article (http://pipefish.me/tag/psr-exe/).

To use Steps Recorder normally, all you need to do is click the start button in Windows and type “psr” into the search box. Then click on “Steps Recorder”.

A small user interface opens up:

PSR Metasploit 2

Just click “Start Record” to start. It then immediately begins grabbing screenshots. It displays a red globe around the pointer whenever a screenshot is taken. Then press “Stop Recording” when done. You will then be presented with a very impressive looking report of everything that you did. You then have the option of saving the report.

PSR can be run from the command prompt. Below is a listing of command switches from Microsoft :

psr.exe [/start |/stop][/output <fullfilepath>] [/sc (0|1)] [/maxsc <value>]
[/sketch (0|1)] [/slides (0|1)] [/gui (0|1)]
[/arcetl (0|1)] [/arcxml (0|1)] [/arcmht (0|1)]
[/stopevent <eventname>] [/maxlogsize <value>] [/recordpid <pid>]

/start Start Recording. (Outputpath flag SHOULD be specified)
/stop Stop Recording.
/sc Capture screenshots for recorded steps.
/maxsc Maximum number of recent screen captures.
/maxlogsize Maximum log file size (in MB) before wrapping occurs.
/gui Display control GUI.
/arcetl Include raw ETW file in archive output.
/arcxml Include MHT file in archive output.
/recordpid Record all actions associated with given PID.
/sketch Sketch UI if no screenshot was saved.
/slides Create slide show HTML pages.
/output Store output of record session in given path.
/stopevent Event to signal after output files are generated.

Using PSR remotely with Metasploit

Using the command line options, PSR works very nicely with Metasploit in a penetration testing scenario. I will start with an active remote Meterpreter session between a test Windows 7 system and Kali Linux. There are many ways that you could do this, but I simply made a short text file as seen below:

  • psr.exe /start /gui 0 /output C:\Users\Dan\Desktop\cool.zip;
  • Start-Sleep -s 20;
  • psr.exe /stop;

The commands above start PSR, turns off that pesky Gui window that pops up when running and turns off the red pointer glow when recording pages. It then saves the file to the desktop.

The script waits 20 seconds and then stops recording.

I then encoded the command and ran it in a command shell:

PSR Metasploit 3
After 20 seconds a new “cool.zip” file popped up on the Windows 7 desktop:

PSR Metasploit 4
This file contained a complete step by step list of everything the user did during the 20 second window. At the top of the file are the screenshots:

PSR Metasploit 5
And at the bottom was the step by step text log:

PSR Metasploit 6
I actually like using PSR now better than Metasploit’s built in screenshot capability, especially with the blow by blow text log that is included. The script also worked well against Windows 10 with some minor tweaks.

Defending against this attack

Problem Steps Recorder can be disabled in group policy. Though I did not see anywhere on how to completely uninstall PSR.

The best defense is to block the remote connection from being created, so standard security practices apply. Keep your operating systems and AV up to date. Don’t open unsolicited, unexpected or questionable e-mail attachments. Avoid questionable links, be leery of shortened URLs and always surf safely.

If you want to learn more about computer security testing using Metasploit and Kali Linux, check out my latest book, “Intermediate Computer Security Testing with Kali Linux 2”.