If you’re privacy-conscious (which is great!) and have set up Thunderbird to use PGP for signing and encrypting your emails, you’ve likely taken important steps to ensure that no third party, including your email provider, can access your private communications. You probably followed an online tutorial to get it set up—but have you enabled a primary password?
ReadFor years, hackers have been the main characters of movies, books and generally have captured the imagination of regular folks. When we see these hackers use the tools of their trade, we usually see a black screen with green text flashing as fast as possible on the screen, lost in commands and bright flashing lights. This can’t be any further from reality, as most hackers will spend hours and days on end to accomplish their tasks, usually staring at a screen, using their programs of choice.
ReadPentesting Offensive Security Linux Virtualization
Some time ago I wrote a blog about Installing Linux Bash Shell (and Metasploit) on Windows 10. This is great, when we want to enjoy the best of both worlds- keep using Windows, with its out-of-the-box configuration and set-up, and still be able to use the powerful tools available for the Linux distribution. In my previous blog I went through the steps necessary for setting up WSL and installing an Ubuntu and Kali Linux distribution. Since then, a lot of advancements have been made to facilitate the use of these distributions for Windows Users.
ReadA password is like a “key” used to open a specific door or vault. In this vault, there can be different personal documents, pictures, banking information… It is obvious that a user wants its personal documents secure. If the “key”, therefore the password, is easy to find, the vault can be as strong as you want, it will be easy to open it.
ReadA tedious step for all red-teamers is set up a system to upload payloads on the victim’s machine. Kuba Gretzky, the author of Evilginx, released a nice tool to simplify this task.
ReadIn recent years we have witnessed multiple organised attacks against countries and companies using malicious code that was distributed via a legitimate website. These types of attacks are called “watering hole attacks” as they target well known and used websites and compromising them. You could compare this to dumping poison or other dangerous chemicals in a pond or well, where your intentions are to target any and all that use that source. One of the more famous such attacks was the CCleaner Watering Hole attack, which used the well-known tool CCleaner to distribute its malicious code.
Read