Author Topic: Tests and other Media topics  (Read 310604 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32808
  • malware fighter
Re: Tests and other Media topics
« Reply #825 on: August 27, 2020, 05:15:09 PM »
To avoid JavaScript hick-ups and weaknesses:
https://htmlcheatsheet.com/js/  (online interactive cheatsheet)

Next to url-stripper use https://www.convertcsv.com/url-extractor.htm
and Trace extension for Google Chrome & firefox.

polonus
« Last Edit: August 30, 2020, 02:13:40 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32808
  • malware fighter
Re: Tests and other Media topics
« Reply #826 on: August 28, 2020, 05:33:12 PM »
Millions and millions of vulnerable SSH servers: https://blog.rapid7.com/2020/08/28/nicer-protocol-deep-dive-secure-shell-ssh/

check with Rebex SSH Check: https://sshcheck.com

Random example: https://sshcheck.com/server/87.98.242.21/

And in another case we could stumble on e.g. -https://assets.plesk.com/static/default-website-content/public/default-server-index.js
via -http://178.33.71.11   all out there on the cold & insecure Interwebz. We should all care for better security. shouldn't we really?

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)

« Last Edit: August 28, 2020, 06:02:02 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32808
  • malware fighter
Re: Tests and other Media topics
« Reply #827 on: September 04, 2020, 11:06:08 PM »
Test also in case of cert issues: https://www.webpagetest.org/result/200901_52_c2a7f61a65a9e66a520524946e966718/
Random example. Retested here: https://www.webpagetest.org/result/200904_8D_1f85ed1eef2081770e447b04e48a3dd3/
json results: https://www.webpagetest.org/jsonResult.php?test=200904_8D_1f85ed1eef2081770e447b04e48a3dd3&pretty=1
HAR file blocked by MBAM extension as File blocked: blob:https://obfuscator.io/9d519935-84da-4447-87f7-67a5613d4525
not being downloaded...File blocked: -http://www.netresec.com/?page=PacketCache -> https://www.virustotal.com/gui/url/93300d5ad0804e4cd092be2962477da6138963d8c2bf3759daa918f941eaf29a/details
10 embedded IP detections: https://www.virustotal.com/gui/ip-address/81.95.105.80/detection

Can be combined with other scans and tests.

pol
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32808
  • malware fighter
Re: Tests and other Media topics
« Reply #828 on: September 06, 2020, 02:55:49 PM »
Abuse from IP, where to check: https://apility.io/search/52.217.81.116  (no abuse - random example)

Other resources:  https://ipremoval.sms.symantec.com/  and  https://www.cyren.com/security-center/cyren-ip-reputation-check
Re: https://ipinfo.io/AS42772  (random example) because of a check-up in https://www.stopforumspam.com/
Re: https://www.researchgate.net/publication/224240107_Abnormally_Malicious_Autonomous_Systems_and_Their_Internet_Connectivity
Re: https://www.statista.com/statistics/1028845/poland-autonomous-systems-where-candc-servers-were-hosted/
leading to publications like: https://www.cyber-threat-intelligence.com/publications/CNS2018-Cerber.pdf

Also: -https://www.threatstop.com/checkip but this website is being blocked due to possible suspicious activity by MBAM extension.

polonus (volonteer 3rd party cold recon website security analyst and website error-hunter)
« Last Edit: September 06, 2020, 03:46:16 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32808
  • malware fighter
« Last Edit: September 06, 2020, 09:43:31 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32808
  • malware fighter
Re: Tests and other Media topics
« Reply #830 on: September 10, 2020, 10:15:19 PM »
Additional deny list: https://rkn.darkbyte.ru/logs/19102018_1330.htm

Check IPs listed there against other resources, like: http://www.crimeflare.org:82/cgi-bin/cfdom2.cgi/nl37.1.201

Check against http://ipinfolookup.com/   &   https://db-ip.com/  &    https://www.virustotal.com/gui/ip-address/

Enjoy, my friends, enjoy,

polonus
« Last Edit: September 14, 2020, 11:05:05 AM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32808
  • malware fighter
Re: Tests and other Media topics
« Reply #831 on: September 13, 2020, 01:23:08 PM »
Interesting resources also for backlinks and what is on a host:
Random example: https://host.io/chevallier.biz

Compare and check results against https://www.virustotal.com/gui/ip-address/  see under: relations there.

And also here: https://www.shodan.io/host/

polonus
« Last Edit: September 13, 2020, 10:42:08 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32808
  • malware fighter
Re: Tests and other Media topics
« Reply #832 on: September 14, 2020, 06:30:53 PM »
Scan your Magento CMS (webshop content management software) against vulnerabilities etc.:
https://www.magereport.com/

Mind that Magento version 1 has reached end of life now, and 2000 websites have been compromised with malware lately.
Read: https://sansec.io/research/largest-magento-hack-to-date   (info source = Sansec's  Willem de Groot).

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32808
  • malware fighter
Re: Tests and other Media topics
« Reply #833 on: September 15, 2020, 02:08:38 PM »
Collection of IP tools: http://afspraakloket.nl/
And http://ipindetail.com/ip-blacklist-checker/  But HTTPS Everywhere warns here for downgrading!
Also: https://www.brightcloud.com/tools/url-ip-lookup.php

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32808
  • malware fighter
Re: Tests and other Media topics
« Reply #834 on: September 15, 2020, 11:10:20 PM »
The use of the shodan searchengine
It can be used for protection as you will read below, but also abused by stately actors in order to compromise.

We may read: https://us-cert.cisa.gov/ncas/alerts/aa20-258a (report of the 14th of September 2020 late)

From that CISA report I quote:

Pre-attack analysis:
Quote
Shodan is an internet search engine that can be used to identify vulnerable devices connected to the internet. Shodan queries can also be customized to discover specific vulnerabilities on devices, which enables sophisticated cyber threat actors to use relatively unsophisticated techniques to execute opportunistic attacks on susceptible targets.
The CVE database and the NVD contain detailed information about vulnerabilities in applications, appliances, and operating systems that can be exploited by cyber threat actors if they remain unpatched. These sources also provide risk assessments if any of the recorded vulnerabilities are successfully exploited.

 

Random example: https://www.shodan.io/host/173.249.31.85  - We will be able to get a server nginx https page: via -http://173.249.31.85/ that means via an unencrypted connection - nginx version = 1.10.3 -  (attackers have other ways of establishing that this is indeed the version number in use there).

NGINX has a weird versioning system where even numbered releases (.i.e. 1.10, 1.8, 1.6) are stable, and odd numbered releases (i.e. 1.11, 1.9, 1.7) are the mainline. Security fixes normally get patched into the stable branches pretty quickly.

We will not go into all such particulars as this is not the scope of this thread.

The security researcher is known to work in a reversed way as how the attacker and stately actor use to operate.

Same non-configured server page results are received from -http%3A%2F%2Fvmi213334.contaboserver.net

All we will get here is a status alert (as the site is non-configured):
Quote
Success. Failed to load resource: the server responded with a status of 404 (Not Found)
From the https page we will get
Quote
Script
isChrome: true
throttled: (fn, timeout) => {…}
v_browser: {loadTimes: ƒ, csi: ƒ, …}
Window
Global
and
Quote

console.log('[VULNERS] Init');

v_browser.runtime.sendMessage({ action: 'get_regexp'}, (rules) => {
    console.log('[VULNERS] Rules', rules);

    let html = document.documentElement.innerHTML;
    let matches = [];

    for (let rule of rules) {
        try {
            let match = html.match(new RegExp(rule.regex));

            if (match) {
                console.warn('[VULNERS] Match', rule.alias, match[0], match[1]);
                matches.push({url: document.location.host, rule, version: match[1]});
            }
        } catch(e) {
            console.warn('[VULNERS]', e)
        }
    }

    matches.length && v_browser.runtime.sendMessage({ action: 'match', matches: matches});
});

var origOpen = XMLHttpRequest.prototype.open;
XMLHttpRequest.prototype.open = function() {
    console.log('request started!');
    this.addEventListener('load', function() {
        console.log('request completed!');
        console.log(this.readyState); //will always be 4 (ajax is completed successfully)
        console.log(this.responseText); //whatever the response was
    });
    origOpen.apply(this, arguments);
};
 

And then we stumble upon the fact that nginx.org but also that nginx dot com is available as a link on that page ->
A DOM-XSS downgraded http scan, results in one http result and several wp-include https files...

Results from scanning URL: -http://nginx.com
Number of sources found: 10
Number of sinks found: 236

Results from scanning URL: -https://www.nginx.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
Number of sources found: 0
Number of sinks found: 3

Results from scanning URL: -https://www.nginx.com/wp-includes/js/underscore.min.js?ver=1.8.3
Number of sources found: 3
Number of sinks found: 1

Results from scanning URL: -https://www.nginx.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
Number of sources found: 35
Number of sinks found: 29

Results from scanning URL: -https://www.nginx.com/wp-content/themes/nginx-new/js/popper.min.js?ver=1.0
Number of sources found: 41
Number of sinks found: 17

Results from scanning URL: -https://www.nginx.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
Number of sources found: 162
Number of sinks found: 34   (with all sort of mail domains)

Retirable and vulnerable code: https://retire.insecurity.today/#!/scan/fb3f45383d54a145eb02ed341cb0cf282502c84c6679c277c4c7a372181e180b

Going round the full circle, as we started with a shodan IP scan, we now perform a Rebex SSH scan for that same Ip,
delivering also interesting information about the host: https://sshcheck.com/server/173.249.31.85  together with some weak algorithms.

One should give security intelligence attention to keep the website and (web)server-infrastructure (behind it) as secure as possible. Let us all live up to what the avast mission is all about: keeping us all as secure as can be.

polonus (volunteer 3rd party cold reconnaissance website security analyst & website error-hunter)


« Last Edit: September 15, 2020, 11:33:14 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32808
  • malware fighter
Re: Tests and other Media topics
« Reply #835 on: September 29, 2020, 10:49:23 AM »
L.S.

DuckDuckGo removed from choice menu on Android.
Google get's rid of a privacy friendly competitor by complying to EU rules in a sneaky way outbidding it.

This is how "your fact-checking search engine monopolist" did this as predicted:

https://spreadprivacy.com/search-preference-menu-duckduckgo-elimination/

There is a way around this by installing Tor Browser on android, that has DuckDuckGo by default.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 67923
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Tests and other Media topics
« Reply #836 on: September 29, 2020, 10:58:33 AM »
DuckDuckGo removed from choice menu on Android.
Google get's rid of a privacy friendly competitor by complying to EU rules in a sneaky way outbidding it.

This is how "your fact-checking search engine monopolist" did this as predicted:

https://spreadprivacy.com/search-preference-menu-duckduckgo-elimination/
:o >:(
Win 8.1 [x64] - Avast PremSec 20.10.2440.Beta#3 [UI.580] - CC 5.74 - EEK - FF ESR 78.5 [NS/AOS/uBO/PB] - TB 78.5 - SB/CP/SL/DU.B
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32808
  • malware fighter
Re: Tests and other Media topics
« Reply #837 on: September 29, 2020, 02:06:41 PM »
Of course you can make your own choice not a pre-menu one of these twenty two alternative search engines:
https://kinsta.com/blog/alternative-search-engines/

Some are very specific like  Wolfram Alpha -> https://kinsta.com/blog/alternative-search-engines/#6-wolframalpha

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 44514
  • 60 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Tests and other Media topics
« Reply #838 on: September 29, 2020, 02:08:07 PM »
L.S.

DuckDuckGo removed from choice menu on Android.
Google get's rid of a privacy friendly competitor by complying to EU rules in a sneaky way outbidding it.

This is how "your fact-checking search engine monopolist" did this as predicted:

https://spreadprivacy.com/search-preference-menu-duckduckgo-elimination/

There is a way around this by installing Tor Browser on android, that has DuckDuckGo by default.

polonus
I think it's a bit unfair to blame the giant Google for following the regulations.
The blame should be put squarely on the ones that made the regulations.
If a tax break is unfair, does that mean I shouldn't take it? Wrong. Change the law don't blame someone when they
take advantage of the law.
Free avast! Security Seminar: http://bit.ly/2N1eaR2  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 10 Pro v20H2 64bit, 24 Gig Ram, 1TB SSD, AvastOmni 20.7.xxx, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32808
  • malware fighter
Re: Tests and other Media topics
« Reply #839 on: September 29, 2020, 06:15:07 PM »
Hi bob3160,

You may be right there, authorities nowadays also have a commercial incline
and wanna earn some cents on the dollar from the market.

They also make use of Google's dominant position, they also do so playing out providers against each other.

One should normally have a choice from the top ten search-engines down.
Privacy friendly searching apparently has no priority for a lot of folks (end-users).

They don't feel the need, but if the service is free you'd always will pay with your data.

Or you could use Ecosia and the green Ecosia search engine alternative will plant trees from the extra ad-fees you generate.

Best privacy-friendly search-engines: https://restoreprivacy.com/private-search-engine/

Damian
« Last Edit: September 30, 2020, 07:41:01 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!