A Web-hosting service recently agreed to pay $1 million to a ransomware operation that encrypted data stored on 153 Linux servers and 3,400 customer websites, the company said recently.

The South Korean Web host, Nayana, said in a blog post published last week that initial ransom demands were for five billion won worth of Bitcoin, which is roughly $4.4 million. Company negotiators later managed to get the fee lowered to 1.8 billion won and ultimately landed a further reduction to 1.2 billion won, or just over $1 million. An update posted Saturdaysaid Nayana engineers were in the process of recovering the data. The post cautioned that that the recovery was difficult and would take time.

“It is very frustrating and difficult, but I am really doing my best, and I will do my best to make sure all servers are normalized,” a representative wrote, according to a Google translation.

The ransomware behind what may be a record payout is known as Erebus. Once targeting only computers running Microsoft Windows operating systems, Erebus was recently modified so that a variant will work against Linux systems. How Erebus managed to get installed on the Nayana servers is not clear, but given the woefully unpatched software the Web hosting service appeared to run, it’s possible the attackers exploited a well-known vulnerability. In a blog post published Monday, researchers from security firm Trend Micro wrote:

As for how this Linux ransomware arrives, we can only infer that Erebus may have possibly leveraged vulnerabilities or a local Linux exploit. For instance, based on open-source intelligence, NAYANA’s websiteruns on Linux kernel 2.6.24.2, which was compiled back in 2008. Security flaws like DIRTY COW that can provide attackers root access to vulnerable Linux systems are just some of the threats it may have been exposed to.

Additionally, NAYANA’s website uses Apache version 1.3.36 and PHP version 5.1.4, both of which were released back in 2006. Apache vulnerabilities and PHP exploits are well-known; in fact, there was even a tool sold in the Chinese underground expressly for exploiting Apache Struts. The version of Apache NAYANA used is run as a user of nobody(uid=99), which indicates that a local exploit may have also been used in the attack.

The Erebus variant that hit Nayana appears to have been designed to target Web servers.

Kali Linux is a Debian-derived Linux distribution designed for digital forensics and penetration testing

Kali Linux has over 300 preinstalled penetration-testing programs, including Armitage (a graphical cyber attack management tool), Nmap (a port scanner), Wireshark (a packet analyzer), John the Ripper password cracker, Aircrack-ng (a software suite for penetration-testing wireless LANs), Burp suite and OWASP ZAP web application security scanners.[2][3] Kali Linux can run natively when installed on a computer's hard disk, can be booted from a live CD or live USB, or it can run within a virtual machine. It is a supported platform of the Metasploit Project's Metasploit Framework, a tool for developing and executing security exploits.[2]

It was developed by Mati Aharoni and Devon Kearns of Offensive Security through the rewrite of BackTrack, their previous information security testing Linux distribution based on Knoppix. The third core developer Raphaël Hertzog joined them as a Debian expert.[4][5]

Kali Linux is based on Debian Testing. Most packages Kali uses are imported from the Debian repositories.[6]

Kali Linux is developed using a secure environment with only a small number of trusted people that are allowed to commit packages, with each package being digitally signed by the developer. Kali also has a custom-built kernel that is patched for 802.11 wireless injection. This was primarily added because the development team found they needed to do a lot of wireless assessments.

Penetration Testing vs Ethical Hacking

Difference between Penetration Testing and Ethical Hacking. Penetration testing is very closely related to ethical hacking, so these terms often used interchangeably, but they do have distinctions that we should observed.

Penetration testing is a more narrowly focused phrase, it deals with the process of finding flaws in a target environment with the goal of penetration systems, taking control of them. Penetration testing, as the name implies, is focused on penetration the target organization’s defenses, compromising systems and getting access to information.

Ethical hacking is an expansive term encompassing all hacking techniques, and computer attack techniques to find security flaws with the permission of the target owner and the goal of improving the target’s security while penetration testing is more focused on the process of finding vulnerabilities in a target environment. In short, penetration testing is a subset of ethical hacking.

PC maintenance and performance go hand in hand; when you correctly maintain your computer, you usually see a corresponding boost in performance. Happily, the basic maintenance tasks are simple enough for anyone to accomplish. This course teaches the elemental skills related to PC maintenance. It's a good, thorough background for anyone who works with PCs. Dan Gookin helps you configure simple settings to make sure your system is running at its peak, including Windows security settings, backup and recovery options, and updates.

Topics include:

• Fighting malware
• Using a firewall
• Backing up your PC
• Recovering files
• Restoring your system
• Configuring Windows Update
• Improving PC performance

Kali Linux - Wireless Penetration Testing Beginner's Guide (2015).pdf Gooner

Publisher: Packt Publishing (30 Mar. 2015)
Language: English
ISBN-10: 1783280417
ISBN-13: 978-1783280414

Book Description

As wireless networks become ubiquitous in our lives, wireless penetration testing has become a key skill in the repertoire of the professional penetration tester. The Kali Linux security distribution comes with a myriad of tools used for networking attacks and detecting security loopholes.

Kali Linux Wireless Penetration Testing Beginner's Guide presents wireless pentesting from the ground up, introducing all elements of penetration testing with each new technology. Learn various wireless testing methodologies by example, from the basics of wireless routing and encryption through to detailed coverage of hacking methods and attacks such as the Hirte and Caffe Latte.

Key Features

* Learn wireless penetration testing with Kali Linux, the latest iteration of Backtrack

* Detect hidden wireless networks and discover their names

* Explore advanced Wi-Fi hacking techniques including rogue access point hosting and probe sniffing

* Develop your encryption cracking skills and gain an insight into the methods used by attackers and the underlying technologies that facilitate these attacks

What you will learn

Create a wireless lab for your experiments
Sniff out wireless packets and hidden networks
Capture and crack WPA-2 keys
Discover hidden SSIDs
Explore the ins and outs of wireless technologies
Sniff probe requests and track users through SSID history
Attack radius authentication systems
Sniff wireless traffic and collect interesting data
Decrypt encrypted traffic with stolen keys
About the Authors
Vivek Ramachandran has been working in Wireless Security since 2003. He discovered the Caffe Latte attack and also broke WEP Cloaking, a WEP protection schema, publicly in 2007 at DEF CON. In 2011, he was the first to demonstrate how malware could use Wi-Fi to create backdoors, worms, and even botnets. Earlier, he was one of the programmers of the 802.1x protocol and Port Security in Cisco's 6500 Catalyst series of switches and was also one of the winners of the Microsoft Security Shootout contest held in India among a reported 65,000 participants. He is best known in the hacker community as the founder of SecurityTube.net, where he routinely posts videos on Wi-Fi Security and exploitation techniques.

Cameron Buchanan is an experienced penetration tester, having worked in a huge range of industries. He is also the author of Packt's Kali Linux CTF Blueprints.

Table of Contents

1. Wireless Lab Setup
2. WLAN and its Inherent Insecurities
3. Bypassing WLAN Authentication
4. WLAN Encryption Flaws
5. Attacks on the WLAN Infrastructure
6. Attacking the Client
7. Advanced WLAN Attacks
8. Attacking WPA-Enterprise and Radius
9. WLAN Penetration Testing Methodology
10. WPS and Probes

DOWNLOAD LINK: http://bit.ly/2rnQnh6

Kali Linux Network Scanning Cookbook

will introduce you to critical scanning concepts. You will be shown techniques associated with a wide range of network scanning tasks that include discovery scanning, port scanning, service enumeration, operating system identification, vulnerability mapping, and validation of identified findings. You will learn how to utilize the arsenal of tools available in Kali Linux to conquer any network environment. You will also be shown how to identify remote services, how to assess security risks, and how various attacks are performed. This immersive guide will also encourage the creation of personally scripted tools and the development of skills required to create them.

DOWNLOAD LINK: http://bit.ly/2s8PT17