Search Here

Tuesday, 20 December 2016

Nathan: Android Emulator for Mobile Security Testing Tool

Nathan: Android Emulator for Mobile Security Testing Tool

Nathan is a 5.1.1 SDK 22 AOSP Android emulator customized to perform mobile security assessment.

Supported architectures:
x86
arm (soon)

The emulator is equipped with the Xposed Framework and the following pre-installed modules:

SSLUnpinning, to bypass SSL Certificate pinning.Inspeckage, to perform the dynamic analysis of an application.RootCloak, to bypass root detection.


The following tools are already installed:

#SuperSU: Superuser access management toolDrozer: Comprehensive security and attack framework for Android

Features

Only python 2.7.x requiredHooking ready with XposedPre-installed tools for application analysisFully customizableSnapshot and restore of user data

Installation

Download Nathan core scripts from git:
$ git clone https://github.com/mseclab/nathan/
$ cd nathan

Init Nathan for the first time (for downloading firmware files)
$ ./nathan.py init 

If a proxy is required to download files, the parameter -dp is available :
$ ./nathan.py init -dp 127.0.0.1:3128
The init command downloads all the files required to run use Nathan Emulator.

Usage

To start Nathan:
$ ./nathan.py start

To redirect the traffic through a proxy (es. http://127.0.0.1:3128), the parameter -p can be used:
$ ./nathan.py start -p http://127.0.0.1:3128

To create a snapshot of current user image data with a label (current in this case):
$ ./nathan.py snapshot -sl current 
To restore the emulator to the snapshot with label current:
$ ./nathan.py restore --rl current

To get a list of available snapshots to restore:
$ ./nathan.py restore --ll  
Every time the emulator is started, a temporary copy of system image is created and each changes made to system data is lost when the emulator is powered off.

To keep permanent the changes, the command freeze is available:
$ ./nathan.py freeze  

To push files from a folder to a running Nathan emulator, the command push is available:
$ ./nathan.py push -f folder  

The complete list of command is:

usage: nathan.py [-h] [-v] [-a ARCH]
{init,start,snapshot,restore,freeze,push} ...

Optional arguments:
  -h, --help            show this help message and exit
  -v, --verbose         Show emulator/kernel logs
  -a ARCH, --arch ARCH  Select architecture (arm/x86) - Default = x86

Command to run:
         {init,start,snapshot,restore,freeze,push}
    init                Download and init Nathan emulator
    start               Start Nathan emulator
    snapshot            Create userdata image snapshot
    restore             Restore userdata image snapshot
    freeze              Freeze temporary system image
    push                Push files to Nathan emulator 
The parameter -h for each command shows specific options.

Thursday, 10 November 2016

22 Year Old Student Arrested For Cyber Stalking



A 22 year old student named Kishan, studying second year in AJC Bose College has been arrested for being involved in cyber stalking. The hacker hacked a victims Facebook account of class 10 living in the Tiljala area.
According to joint CP (crime) Visahal Garg, the hacker first hacked the victims Facebook account in early July and changed the password. Being unaware of the hack, the girl dedicated to create a new account. As soon as the girl opened a new account, the hacker started to post obscene images on both the accounts tagging all their friends. The girl and her parents registered a case in Police station on July 18.
Vishal Garg also mentioned that, the hacker had even demanded for $120 ( Rs 10,000) from the minor to stop sending obscene images.
“We have added charges of extortion besides the IT Act against the accused,” he said.
“We took help of Facebook authorities through proper channels and based on their feedback, we arrested the accused. We have recovered two mobile phones used by the accused to carry out the hacking,” he added.

Create Your Own Ubuntu 16.04 or 16.10 Live ISO with MeX and Refracta


GNU/Linux developer Arne Exton is always ahead of time, and it looks like he has just released a new build of his MeX GNU/Linux distribution that ships with the Refracta tools pre-installed.
MeX Build 161030 arrived a couple of days ago, based on the Debian GNU/Linux 8.6 “Jessie” and Ubuntu 16.04.1 LTS (Xenial Xerus) operating systems. It includes a special 4.8.0-25-exton kernel injected with support for additional hardware components, and uses the latest Cinnamon 3.0.7 desktop environment that comes with Linux Mint 18.
However, the new feature of the MeX Build 161030 release is the integration of the Refracta tools, which let users create their own installable and bootable Ubuntu Live ISO images, which can be based on either the Ubuntu 16.04.1 LTS (Xenial Xerus) or Ubuntu 16.10 (Yakkety Yak) operating systems.
“You can use the Refracta tools (pre-installed in MeX Build 161030) to create your own installable Ubuntu Live DVD once you have installed MeX to hard drive,” said Arne Exton in the release announcement. “I mean change everything and then create a whole new Ubuntu 16.04 or 16.10 live system.”
When attempting to create your own Ubuntu-based Live ISO, you should know that you don’t even have to install the MeX operating system on your personal computer, as the Refracta tools work straight from the Live DVD, according to Arne Exton, but you’ll need to have plenty of system memory (RAM) for things to work as expected.
The entire Ubuntu ISO creation process won’t take more than 5 to 10 minutes using the Refracta tools. As one might have expected, all the packages included in MeX Build 161030 have been updated as of October 30, 2016, and you can study the full list of pre-installed packages. In the meantime, download MeX Build 161030 right now via our website.

Images of Upcoming Nokia D1C Leaked and They Look Gorgeous


Day after day we are getting more news about the Nokia’s upcoming smartphones. The information we get from most of the sources is not reliable as one contradicts the other.
A few days back we got news stating about HMD Global company building the Nokia phones in the coming years. They have already appointed a UK-based independent PR agency Mother to take care of the marketing campaign.
We can be sure that the Mother’s first project won’t come out until next year, which suggests that HMD Global might not introduce any Nokia handsets the current year.
Previous rumors claimed the first Nokia phones in a long time will be unveiled later this year, while two other high-end phones might be revealed in Q2 2017.
One of these unannounced smartphones appeared in many leaks as Nokia D1C. Some pictures of the alleged phone emerged several weeks ago, so pretty much every Nokia fans was willing to jump in the hype train.
Unfortunately, we might have to wait a while longer for the first Nokia phones to arrive, as HMD Global is more concerned about marketing and distribution of these devices.

Three Different Colors, Specs and Designs

Still, it doesn’t hurt to learn a bit more about Nokia’s upcoming smartphones, even if they haven’t been confirmed yet. A set of images showing the alleged Nokia D1C have just leaked directly from China.
These renders are based on the images of real Nokia prototypes, the source claims. Even if HMD Global could still make some changes the final design of the phone, at least we have an idea of what’s to come.
Three version of the Nokia D1C are rumored to arrive on the market: Gold, Black and White. However, only the Gold version will come with fingerprint sensor, whereas the Black and White colors will lack this feature.
Also, the Black and White versions of the D1C will have a metal frame and polycarbonate back cover, while the Gold model should feature an all-metal unibody design. We believe these rumors are a bit far-fetched, so take them with a tint of salt.

OpenDoor – OWASP Directory Access Scanner



OpenDoor is an open-source software that scans the site directories and find all possible ways to login, empty directories and entry points. Scans conducted in the dictionary that is included in this application.

System Requirements:

  • Python 2.7.x

Installation command:

sudo pip install -r requirements.txt

Features:

  • multithreading
  • filesystem log
  • detect redirects
  • random user agent
  • random proxy from proxy list
  • verbose mode
  • subdomains scanner

How to use:

python ./opendoor.py --url "http://joomla-ua.org"

Note: This tool is only for informational purposes and organizations is prohibited.