Traccar is an open source GPS tracking system for various GPS tracking devices. This Maven Project is written in Java and works on most platforms with installed Java Runtime Environment. System supports more than 80 different communication protocols from popular vendors. It includes web interface to manage tracking devices online… Traccar is the best free and open source GPS tracking system software offers self hosting real time online vehicle fleet management and personal tracking… Traccar supports more than 80 GPS communication protocols and more than 600 models of GPS tracking devices.

 

 

To start using Traccar Server follow instructions below:

Download and install Traccar Reboot system, Traccar will start automatically Open web interface (http://localhost:8082) Log in as administrator (user – admin, password – admin) or register a new user Add new device with unique identifier (see section below) Configure your device to use appropriate address and port (see section below)

 

Device Unique Identifier

For most devices you should use IMEI (International Mobile Equipment Identity) number as unique identifier. However, some devices have vendor specific unique identifier, for example TK-103 devices use 12-digit identifier.

If you don’t know device identifier you can configure device first and look at server [...]

      Secure tunnels to localhost: ngrok is a reverse proxy that creates a secure tunnel from a public endpoint to a locally running web service. ngrok captures and analyzes all traffic over the tunnel for later inspection and replay. ngrok allows you to expose a web server running on your local machine to the internet. Just tell ngrok what port your web server is listening on. It also provides a real-time web UI where you can introspect all of the HTTP traffic running over your tunnels. The ngrok project is composed of two components, the ngrok client (ngrok) and the ngrok server (ngrokd)

 

I want to expose a local server behind a NAT or firewall to the internet.

 

What can I do with ngrok? Expose any http service behind a NAT or firewall to the internet on a subdomain of ngrok.com Expose any tcp service behind a NAT or firewall to the internet on a random port of ngrok.com Inspect all http requests/responses that are transmitted over the tunnel Replay any request that was transmitted over the tunnel

 

What is ngrok useful for? Temporarily sharing a website that is only running on your development machine Demoing an app at a hackathon without deploying Developing any services which consume webhooks (HTTP callbacks) by allowing you to replay those requests Debugging and understanding any web service by inspecting the HTTP traffic Running networked services on machines that are firewalled off from [...]

   After Evolve, web interface for the volatility forensics framework,  many developers started to work on web interface for one of the most popular forensic framework, The Volatility Framework. For those of you who are not familiar with Volatility you can check our previous post where you can briefly familiarize with basic features and from where you can follow links to all Volatility resources. The Volatility Framework. is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples.

Web Interface for Volatility Memory Analysis framework, VolUtility runs plugins and stores the output in a mongo database. This Volatility Framework Web Interface extracts files from plugins (that support dump-dir) and stores them in the database Search across all plugins and file content with string search and yara rules. Allows you to work on multiple images in one database.

 

 

Installation

Tested on Ubuntu 14.04 LTS

 

Volatility

You need to install volatility. Minimum version is 2.5. 2.5 is needed as this is when unified output was introduced.

git clone https://github.com/volatilityfoundation/volatility cd volatility sudo python setup.py install

VolUtility will list what version you have installed under the Help page (At least it will [...]

Technically, it is a third party nginx module, available as a package for many UNIX-like platforms. This module, by default, reads a small subset of simple rules (naxsi_core.rules) containing 99% of known patterns involved in websites vulnerabilities. For example, ‘<‘, ‘|’ or ‘drop’ are not supposed to be part of a URI.

Being very simple, those patterns may match legitimate queries, it is Naxsi’s administrator duty to add specific rules that will whitelist those legitimate behaviours. The administrator can either add whitelists manually by analyzing nginx’s error log, or (recommended) start the project by an intensive auto-learning phase that will automatically generate whitelisting rules regarding website’s behaviour.

In short, Naxsi behaves like a DROP-by-default firewall, the only job needed is to add required ACCEPT rules for the target website to work properly.

Purpose:

Naxsi (Nginx Anti Xss Sql Injection) is an open source, high performance, low rules maintenance, Web Application Firewall module for Nginx, the infamous web server and reverse-proxy. Its goal is to help people securing their web applications against attacks like SQL Injections, Cross Site Scripting, Cross Site Request Forgery, Local & Remote file inclusions. The difference with most WAF (Web Application Firewalls) out there is that it does not rely [...]

Network Security Monitoring (NSM) is, put simply, monitoring your network for security related events. It might be proactive, when used to identify vulnerabilities or expiring SSL certificates, or it might be reactive, such as in incident response and network forensics. Whether you’re tracking an adversary or trying to keep malware at bay, NSM provides context, intelligence and situational awareness of your network. There are some commercial solutions that get close to what Security Onion provides, but very few contain the vast capabilities of Security Onion in one package.

Many assume NSM is a solution they can buy to fill a gap; purchase and deploy solution XYZ and problem solved. The belief that you can buy an NSM denies the fact that the most important word in the NSM acronym is “M” for Monitoring. Data can be collected and analyzed, but not all malicious activity looks malicious at first glance. While automation and correlation can enhance intelligence and assist in the process of sorting through false positives and malicious indicators, there is no replacement for human intelligence and awareness. I don’t want to disillusion you. Security Onion isn’t a silver bullet that you can setup, walk away from and feel safe. Nothing is and if that’s what you’re looking for you’ll never find it. Security Onion will provide visibility into your network traffic and context around alerts and anomalous events, [...]

BinDiff is a comparison tool for binary files that helps to quickly find differences and similarities in disassembled code. It is used by security researchers and engineers across the globe to identify and isolate fixes for vulnerabilities in vendor-supplied patches and to analyze multiple versions of the same binary. Another common use case is to transfer analysis results from one binary to another, helping to prevent duplicate analyses of, for example, malware binaries. This also helps to retain knowledge across teams of binary analysts where the individual workflows might vary from analyst to analyst.

Binary Analysis IDE: BinDiff is a binary code reverse engineering tool that was built to assist vulnerability researchers who look for vulnerabilities in disassembled code.

With BinNavi you can analyze disassembled x86, ARM, PowerPC, and MIPS code using the powerful built-in static code analysis techniques. In cases where static code analysis is not enough, you can use the built-in debuggers to get a live view on the program you are analyzing. More specifically, BinDiff can be used to:

Compare binary files for x86, MIPS, ARM/AArch64, PowerPC, and other architectures. Identify identical and similar functions in different binaries. Port function names, comments and local variable names from one disassembly to another. Detect and highlight changes between two variants of the same [...]

Subgraph OS is an adversary resistant computing platform. The main purpose of Subgraph OS is to empower people to communicate, share, and collaborate without fear of surveillance and interference. What this means in practical terms is that users of Subgraph OS can safely perform their day-to-day tasks securely and privately.

In some ways, Subgraph OS is like other operating systems — it is derived from Debian GNU/Linux and uses the GNOME desktop environment as its graphical user interface. Many applications found in other Linux distributions are also available in Subgraph OS. Therefore, users who are already familiar to Linux and particularly the GNOME desktop environment will find Subgraph OS easy to use.

Subgraph OS also has key differences from conventional Linux operating systems. In particular:

Subgraph OS anonymizes Internet traffic by sending it through the Tor network Subgraph OS is hardened against common security vulnerabilities Subgraph runs many desktop applications in a security sandbox to limit their risk in case of compromise

 

 

   The Internet is a hostile environment, and recent revelations have made it more apparent than ever before that risk to every day users extends beyond the need to secure the network transport – the endpoint is also at risk. Subgraph OS was [...]

   SHIPS is a solution to provide unique and rotated local super user or administrator passwords for environments where it is not possible or not appropriate to disable these local accounts for both Windows and Linux. Clients may be configured to rotate passwords automatically. Stored passwords can be retrieved by desktop support personnel as required, or updated when a password has to be manually changed in the course of system maintenance. By having unique passwords on each machine and logging of password retrievals, security can be improved by making networks more resistant to lateral movement by attackers and enhancing the ability to attribute actions to individual persons.

When performing penetration tests, our common attack vector is through compromising one host and pivoting to other systems with the information obtained. It is common to see large-scale breaches utilizing this method and that is where SHIPS  comes into play.

SHIPS is designed to make post-exploitation more difficult and minimize what systems attackers gain access to. Once SHIPS is set up, there isn’t much else that is needed and it’s simple to integrate into existing business processes.

SHIPS version 2 Released!

Shared [...]

   Mobile Security Framework is an intelligent, all-in-one open source mobile application (Android/iOS) automated pen-testing framework capable of performing static and dynamic analysis. We’ve been depending on multiple tools to carry out reversing, decoding, debugging, code review, and pen-test and this process requires a lot of effort and time. Mobile Security Framework can be used for effective and fast security analysis of Android and iOS Applications. It supports binaries (APK & IPA) and zipped source code.

The static analyzer is able to perform automated code review, detect insecure permissions and configurations, and detect insecure code like ssl overriding, ssl bypass, weak crypto, obfuscated codes, improper permissions, hardcoded secrets, improper usage of dangerous APIs, leakage of sensitive/PII information, and insecure file storage. The dynamic analyzer runs the application in a VM or on a configured device and detects the issues at run time. Further analysis is done on the captured network packets, decrypted HTTPS traffic, application dumps, logs, error or crash reports, debug information, stack trace, and on the application assets like setting files, preferences, and databases. This framework is highly scalable that you can add your custom rules with ease. A quick and clean report can be generated at the end of the tests. This framework is expected to extend to support other [...]