[<MEGAPRIMER 1.0.5>Maltego<G>FORENSICS>DIGITAL ANTI-FORENSICS]

DIGITAL ANTI-FORENSICS:TRUECRYPT

Ensuring Secure state forensics requires digital anti-forensic tools that can secure or hide your data(steganography).The tool to do the Job in BT5R2 is Truecrypt.

Truecrypt is a FOSS(Free Open Source Software),an open-source disk encryption software that can be used to encrypt data and volumes securely with a password.
What are the main features of Truecrypt:

1. Creates a virtual encrypted disk within a file and mounts it as a real disk. 
2. Encrypts an entire partition or storage device such as USB flash drive or hard drive.
3. Encryption is automatic, real-time (on-the-fly) and transparent
4. Parallelization and pipelining allow data to be read and written as fast as if the drive was not encrypted.
5. Encryption can be hardware-accelerated on modern processors.
6. Provides plausible deniability, in case an adversary forces you to reveal the password:Hidden volume (steganography) and hidden operating system.

Supported Operating Systems:Downloading Truecrypt:Using Truecrypt Tutorials

• Windows 7  (32-bit and 64-bit)
• Windows Vista
• Windows Vista x64 (64-bit) Edition
• Windows XP
• Windows XP x64 (64-bit) Edition
• Windows Server 2008 R2 (64-bit)
• Windows Server 2008
• Windows Server 2008 x64 (64-bit)
• Windows Server 2003
• Windows Server 2003 x64 (64-bit)
• Windows 2000 SP4
• Mac OS X 10.7 Lion  (64-bit and 32-bit)
• Mac OS X 10.6 Snow Leopard  (32-bit)
• Mac OS X 10.5 Leopard
• Mac OS X 10.4 Tiger
• Linux (32-bit and 64-bit versions, kernel 2.6 or compatible)

Encryption Algorithms supported  Download Truecrypt  Beginners tutorials on using Truecrypt
Setting up Truecrypt on Back Track 5R2
Navigate:Backtrack > Forensics > Digital Anti Forensics > Truecrypt

To open the volume 

Viola!!!Adios

[<MEGAPRIMER 1.0.4.3>Maltego<G>ENUMERATION>INFORMATION GATHERING]  LOCK DOWN:DISSECTING WITH MALTEGO LIKE SCIENCE
Maltego tools can be used by Security Researchers and Law Enforcement for;

• Corporates        Business intelligence,risk management and assessment.
• Students            Research and development,class term papers,projects,assignments.
• Security Firms  Bg checks,social network analysis,threat agents connection analysis.

ssvforensic labs:

1% of information broadcasted on TV leaks 99% of  her online information

Case                                  Mali,a Drama Soap that airs on NTV

411 about the show         Sooo Kenyan as in "United by Blood : Divided by Greed"

Mission                             lock_down_msupa

Objective                          Info gathering,social network analysis and \etc's

RV choice                        BT5 R2 powered by Maltego 3.1.0

POC                                 Below

Used the Phrase transform

SSVFORENSICS:

1. The subject at hand has revealed more information about her and her social network.
2. Social engineering with other tools like sendemail to impersonate the subject can be used by a hacker to further pawn the subject by sending mail with fake headers.ie sendemail -t person@email.com -f anonymous@email.com -s mail.nx.net -u (Engineered subject of message)  -m (Social Engineered mail message).
3. Finding, profile and influencing individuals or groups is viable.
4. Data mining and intelligence is clearly free and open source for Law Enforcement
5. In conclusion of this megaprimer Maltego is undoutably a tool on its own league.

[<MEGAPRIMER 1.0.4.2>Maltego<G>ENUMERATION>INFORMATION GATHERING]                
ENUMERATING DIGITAL ASSETS

INFRASTRUCTURE                            PERSONA & SOCIAL NETWORK                   

Maltego makes it easy to enumerate almost any digital information about an asset.From personal and social network information to devices,digital metadata,penetration testing passively of installations and Gps zoning of infrustructure among others.The transforms are able to give away to both the pentester and the hacker valuable information.


Web enumeration
Resolve web address to IP or further resolve open ports or domains

Email Enumeration:Resolve email address to related email addresses and domains.

Phone Enumeration:Resolve telephone number to url's,email addresses and websites.

Enumerate Aliases:John Doe is no longer a mystery.Who is this Wanjohi guy?? I know,do you?

Ssvforensics:Pareto Rules

Information mined is 10% revealing and 90% freely available,if information is power then ?

1. Are organisations and individuals aware of the risk that any digital information poses to them?
2. How private and secure are you ? 90% of  businesses 10% information is online ! 
3. Digital privacy regulations seem to be null and void!! 10% might be private while 90% is ?!!!
4. 90% of firms are prone to hacking while 10% of online users are prone to social engineering.
5. 10% of Systems administrators are aware of the 90% risk that their infrustructure possess
6. Genius is 10% inspiration and 90% perspiration ....Albert Einstein.Read between my lines ..

[<MEGAPRIMER 1.0.4.1>Maltego<G>ENUMERATION>INFORMATION GATHERING]

Setup and Register Maltego 3.1 community on BT5R2
 Navigate:Applications–>Backtrack–>Information Gathering–>Network Analysis–>DNS Analysis–>Maltego

Proceed to register a Maltego community account then  log in to use Maltego
Maltego community client registration page

Use the login credentials to finish registration below

Click on the new page icon to start an investigation

With everything setup,we are ready to proceed in carrying out forensic investigations using Maltego.

Continuation of this Megaprimer's next post

• Investigating real life assets,Managing and Organizing them

Disclaimer
Obtain advance express permission from the owner or maintainer of the appliance
before searching it with any automated tool for various legal and moral reasons.
Maltego 3.1 for Backtrack is for Demo Purposes ONLY.
Ssvforensic is not liable for what you do with this tool or information.

[<MEGAPRIMER 1.0.4>Maltego<G>ENUMERATION>INFORMATION GATHERING]

"Information is POWER >> Information is MALTEGO"

What is Maltego?

Maltego is the sum aggregation audit of public information posted all over the internet.Maltego uses open source intelligence and a gui to build relationships making it possible to see hidden connections.

For digital forensics maltego offers unprecedented information.
What can Maltego do?
Maltego can be used for information gathering to determine relationships and real world links between:

• People & Groups of People(Social Networks)
• Companies & Organisations
• Websites & Internet Infrastructures
• Phrases,Affiliations,documents & Files

Digital Forensics Audits made available by the tool

Maltego is an information gathering tool that allows you to visually see relationships. Maltego allows you to enumerate network and domain information like:

• Domain Names
• Whois Information
• DNS Names
• Netblocks
• IP Addresses

Maltego also allows you to enumerate People information like:

• Email addresses associated with a person's name
• Web sites associated with a person's name
• Phone numbers associated with a person's name
• Social groups that are associated with a person's name
• Companies and organizations associated with a person's name

Maltego also allows you to:

• Do simple verification of email addresses
• Search blogs for tags and phrases
• Identify incoming links for websites
• Extract metadata from files from target domains

Who is it written for?

Security Professionals;

• Maltego can be used for the information gathering phase of all security related work. It will save you time and will allow you to work more accurately and smarter.
• Maltego aids you in your thinking process by visually demonstrating interconnected links between searched items.
• Maltego provide you with a much more powerful search, giving you smarter results.
• If access to "hidden" information determines your success, Maltego can help you discover it.

Black&Grey Hats

Maltego provide all of the above 

Passive reconneisance of assets ie Devices,infrustructure,Location,Social Engineering and system attacks.

Investigation,presentation and Management by Maltego reduces time to zoning down on a victim

Continuation on this megaprimer next post

1. Installing and Setting up Maltego 3.1 community on BT5R2
2. Enumerate real life assets,try to get as much forensic info as we can 
3. Lock down

[<MEGAPRIMER 1.0.3>0trace<G>ENUMERATION>INFORMATION GATHERING]
*Shell Script                                     *[Back Track 5R2 GNOME X64]
*Coded by Michal Zalewski            *[ 1 Secured -1 Stated - 3rd post]  
************************************************************************
0trace is a reconnaissance firewall bypassing tool that enables hop enumeration ("traceroute") within an established TCP connection, such as a HTTP or SMTP session. 

This is opposed to sending stray packets, as traceroute-type tools usually do.

Who is it written for ?
Security professionals:
provides useful additional servers for the penetration tester.
Black&Greyhat:
More punch into the firewall which popular tools like traceroute fail to do
Man 0trace

ssvdemolabs

Use nslookup to get the Public Adress

Use tracert to analyse hop enumeration and mine some info

The *** reveal a firewall in place that prevents further enumeration,lets put 0trace to the test

ssvforensics

Information dumped is both interesting to the pentester and the hacker;

1. Failed probes means using other means ie telnet xx.xxx.xxx.xx 80 in order to generated traffic from http headers.Chances are the firewall will be defeated.
2. Further attemps to Crack the Perimeter means using a leveraged arsernal like nmap to do more less the same for stealth and robust scans
3. Good configurations on a firewall cannot be over emphasized.
4. Investing in a good Intrusion Detection System is vital.

Reading List

More on Downloading,installing and using 0trace

Disclaimer

Obtain advance express permission from the owner or maintainer of the appliance 
before searching it with any automated tool for various legal and moral reasons.
Ssvforensic is not liable for what you do.

*****************************[<MEGAPRIMER 1.0.2>theHarvester<G>ENUMERATION>INFORMATION GATHERING]
*TheHarvester Ver. 2.1 (reborn) * Back Track 5R2 GNOME X64
*Coded by Christian Martorella   *+ -- --=[ Ssvforensic.blogspot.com- 2nd post]
*Edge-Security Research          *+ -- --=[ 1 Secured - 1 Stated - 2 Forensics]
*cmartorella@edge-security.com   * =[ Ss_Veritas updated 1 days ago (2012.04.11)]
*************************************************************************
The Harvester
TheHarvester is a tool for gathering e-mail accounts, user names and hostnames/subdomains from different public sources like search engines and PGP key servers.

Written For

Security professionals : This tools is intended to help Penetration testers in the early stages of the project It's a really simple tool, but very effective.
Black,White,Greyhats :Information gathering,social engineering and who knows what.

Man theHarvester

ssvlabsdemo

root@bt:/pentest/enumeration/theharvester# ./theHarvester.py -d abcd.xx.ke -l 50 -b google

[+] Emails found: 50
------------------

[+] Hosts found in search engines:
------------------------------------

AA.BCD.XXX.16:abcd.xx.ke
(( --- HRIS ))

(( --- LIC ))

(( --- NERO ))

Ssvforensics

Information dumped interesting for the pentester and the hacker;

• Email adresses of the client or victim
• Public Ip's have been given away,a DOS might be likely on the way
• Usernames nomenclature which is most likely the same from the AD and generating passwd lists.
• Hostnames and Subdomains,in the above demo,8 domains revealed,zeroing down is made easy.
• Sniffing to get plain text passwd,downloading pst's,blackmailing,impersonation,social engineering,mail routing channels for malware can be a reality.

Reading List Download page

*theHarvester download theHarvester now!

Disclaimer

Obtain advance express permission from the owner or maintainer of the appliance 
before searching it with any automated tool for various legal and moral reasons.
Ssvforensic is not liable for what you do.

<MEGAPRIMER 1.0.0><GOOSCAN>ENUMERATION>INFORMATION GATHERING

Tool Gooscan: 
Author j0hnny 
site http://johnny.ihackstuff.com
Source   root@bt:/pentest/enumeration/google/gooscan# cat README
What is Gooscan? 
Gooscan is a tool that automates queries against Google search appliances 
designed to find potential vulnerabilities on web pages.
Who is it written for? 
Security professionals: This tool serves as a front-end for an external web server assessment and aids in the "information gathering" phase of a vulnerability assessment.
Web server administrators: This tool helps to discover what the web community may already know about you thanks to Google.
{Gooscan options:}
[-t target]
Required argument: Google appliance to scan. An IP address or host name Caution: entering 'www.goole.com' here violates Google's terms of service.
[-o output_file]
Gooscan can create an html output file. The file includes links to the actual Google search results pages.
[-p proxy:port]
This is the address and port of an HTML proxy server.'10.1.1.150:80' or 'proxy.validcompany.com:8080'.
[-s site]
This filters only results from a certain site.
Example: site:microsoft.com linux,site:apple.com microsoft,site:linux.org microsoft
{search_type can be one of the following:}
intitle: find search_string in the title of the page.
Example:  intitle|error||
This will find the word "error" in the title of a page.
inurl: find search_string in the url of the page.
Example: inurl|admin|
This will find the word "admin" in the URL of a page.
filetype: find search_string as a filename
raw:This search_type allows the user to build custom queries.
Example: raw|filetype:xls email username password||
This example will find excel spreadsheets with email
username and password inside the document.
Output: Using the '-o' option, HTML output will be produced and a link to the Google results page.

ssvlabsdemo:
Example: raw|filetype:xls email username password||
This example will find excel spreadsheets with email
username and password inside the document.

ssvforensics:
Clientside:Before a pentestYou should, however, obtain advance express permission from the owner or maintainer of the Google appliance before searching it with gooscan for various legal and moral reasons.
Caution:From http://www.google.com/terms_of_service.html: "You may not send automated queries of any sort to Google's system without express permission in advance from Google."