Author Topic: Tests and other Media topics  (Read 306665 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32771
  • malware fighter
Re: Tests and other Media topics
« Reply #840 on: October 03, 2020, 06:47:57 PM »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32771
  • malware fighter
Re: Tests and other Media topics
« Reply #841 on: October 04, 2020, 04:17:23 PM »
L.S.

In this way we can also establish the % of found abuse on Tor-exit-nodes:
Check scamalytics.com/ip & apility.io/search/  & https://www.cyren.com/security-center/cyren-ip-reputation-check
& https://cleantalk.org/blacklists/78.46.73.176 (random example - blacklisted there)
against https://www.dan.me.uk/tornodes  &  https://www.bigdatacloud.com/insights/tor-exit-nodes
hourly updates: https://github.com/SecOps-Institute/Tor-IP-Addresses

% vary from 1 % (Hong-Kong, Singapore) to medium risk of under 45% of existing abuse.
also the web reputation of hosters/AS of such IPs should be taken into account here.



polonus
« Last Edit: October 04, 2020, 05:53:46 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32771
  • malware fighter
Re: Tests and other Media topics
« Reply #842 on: October 05, 2020, 06:54:28 PM »
Blocked by Trace - tracking blocking extension = -https://static.addtoany.com/*
blocked url-path = -*hxtps://static.addtoany.com/menu/page.js*
blocked host URL = -*static.addtoany dot com*
blocked root domain = *addtoany dot com*

-> https://cookiepedia.co.uk/host/.addtoany.com

Another resource has server problems at the moment and kicks up an 500 application error: https://webcookies.org/cookies/

polonus
« Last Edit: October 05, 2020, 07:16:11 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32771
  • malware fighter
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32771
  • malware fighter
Re: Tests and other Media topics
« Reply #844 on: October 16, 2020, 02:00:24 PM »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32771
  • malware fighter
Re: Tests and other Media topics
« Reply #845 on: October 18, 2020, 01:55:48 PM »
We should scan for retirable (vulnerable or left) jQuery libraries using the Retire.JS extension or online here:
https://retire.insecurity.today/#  (both from Erlend Oftedal)

A similar procedure should now also be undertaken for node.js also by Retire.JS because of malicious npm-packages that could open up a reverse shell like: plutov-slack-client, nodetest1010 en nodetest199 &  npmpubman.

See: https://www.npmjs.com/snyk & http://snyk.github.io/docs/nodejs/
and https://developers.redhat.com/blog/2017/04/12/using-snyk-nsp-and-retire-js-to-identify-and-fix-vulnerable-dependencies-in-your-node-js-applications/

Gain insight into your website code with: Web Insight here: -> webint.io
Not suspicious this example, but given just to show how it functions:
https://webint.io/result/73907b10-113b-11eb-9432-8f38c91f3c54
But it could also be used to scan suspicious websites.  ;)

polonus


« Last Edit: October 18, 2020, 02:18:04 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32771
  • malware fighter
Re: Tests and other Media topics
« Reply #846 on: October 18, 2020, 06:07:56 PM »
Compare a number of different scan results:

1. https://urlscan.io/result/8958dea1-7023-4e0d-8420-373a46498113/

2. One could also scan through on the various code scan with this scan:
https://webint.io/result/4f38f860-1156-11eb-a034-11f74c826a95

3. Results of a DOM-XSS scan, just results: URL: -https://quiz.edusantosoficial.com.br/
Number of sources found: 133
Number of sinks found: 33

Results from scanning URL: -https://office.builderall.com/scripts/pixel/pixel-bundle.js
Number of sources found: 1
Number of sinks found: 1

Results from scanning URL: -https://office.builderall.com/scripts/pixel/pixel-bundle.js
Number of sources found: 8
Number of sinks found: 2

4. Vulnerable JQuery libraries scanned: https://retire.insecurity.today/#!/scan/1dea67faabb7371d011f80e7f204bfd692e686194ddc6a2fbdc5bc3de142bddc

Vulners does not detect here. Host details: https://www.shodan.io/host/45.162.228.138
Quote
Tracker SSL - Website is insecure by default
100% of the trackers on this site could be protecting you from NSA snooping. Tell -edusantosoficial.com.br to fix it.

Identifiers | All Trackers
 Insecure Identifiers
Unique IDs about your web browsing habits have been insecurely sent to third parties.

-skhXXXXXXXXXXXqjfuors7ai8tf -quiz.edusantosoficial.com.brphpsessid
 Tracking IDs could be sent safely if this site was secure.
 Tracking IDs do not support secure transmission.  Three Content Tracking Requests from facebook

5. Second op check at: https://webcookies.org/url/omni - this for privacy and tracking implications.

Quote
Domain Control Validation: Issuer:
Let's Encrypt
Let's Encrypt Authority X3

6. Compare with F-grade results here: https://observatory.mozilla.org/analyze/quiz.edusantosoficial.com.br

7. See 251 improvement hints given here: https://webhint.io/scanner/496ed38c-3df4-4792-921b-0564d55746fe

8. Given clear at this scan: http://isithacked.com/check/https%3A%2F%2Fquiz.edusantosoficial.com.br%2F

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32771
  • malware fighter
Re: Tests and other Media topics
« Reply #847 on: October 18, 2020, 11:05:47 PM »
L.S.

See erlend oftedal's resources: https://github.com/RetireJS/retire.js

What can the above information deliver? Well insight in potentially vulnerable and sometimes exploitable code.
All depends of what security layers are available there on client and server (best policies applied)

A short partial example:

So we can scan for a vulnerability in retirable script like:
Quote
{Object.defineProperty(w.Event.prototype,e,{enumerable:!0,configurable:!0,get:g(t)?function(){if(this.originalEvent)return t(this.originalEvent)}:function(){if(this.originalEvent)return
like mentioned in https://nvd.nist.gov/vuln/detail/CVE-2019-11358
for hxtps://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.slim.min.js
Re: https://retire.insecurity.today/#!/scan/a9194e28e3a8b9a10562a80c8c47ea88967f4a09c469e3bb769cfdad7ead9c68
Considering: Results from scanning URL: -https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.slim.min.js
Number of sources found: 33
Number of sinks found: 10

But skimming code for this manually is a difficult task, that is why we have our DOM XSS scanners, error scanners, our sources and sinks.

polonus
« Last Edit: October 19, 2020, 04:52:07 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32771
  • malware fighter
Re: Tests and other Media topics
« Reply #848 on: October 19, 2020, 03:16:05 PM »
For websites that have a Content Security Policy, this is often not been configured to follow so-called best policies.

There is an extension for the browser, CSP Evaluator to check on this.
One could also do this online.

Example:  https://cspvalidator.org/#url=https://www.ad.nl/
CSP Evaluator gives:
Quote
Evaluated CSP as seen by a browser supporting CSP Version 3
expand/collapse all
error default-src

error https:
https: URI in default-src allows the execution of unsafe scripts.
checkblob:

errorscript-src

error'unsafe-inline'
'unsafe-inline' allows the execution of unsafe in-page scripts and event handlers.
help_outline'unsafe-eval'
'unsafe-eval' allows the execution of code injected into DOM APIs such as eval().
error https:
https: URI in script-src allows the execution of unsafe scripts.

Error on opening screen where there is no CSP installed for
-Error fetching CSP policies from https://myprivacy.dpgmedia.nl/consent/?siteKey=V9f6VUvlHxq9wKIN&callbackUrl=https%3a%2f%2fwww.ad.nl%2fprivacy-gate%2faccept-tcf2%3fredirectUri%3d%252f   received from https://myprivacy.dpgmedia.nl/: 400 Bad Request

And also check online here: https://csp-evaluator.withgoogle.com/

pol
« Last Edit: October 19, 2020, 03:35:41 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32771
  • malware fighter
Re: Tests and other Media topics
« Reply #849 on: October 19, 2020, 05:23:08 PM »
On the look-out for DNS sub-domains for a known malware domain?

Combine: (random example): https://urlhaus.abuse.ch/url/718410/
with https://securitytrails.com/domain/mituskicrafts.com/dns
and check here: https://www.dnssy.com/report.php

The web server appears to reveal version information. This can pose a security risk if vulnerabilities are identified in this version. You should consider disabling version information in your server configuration.

Compare to info here: https://host.io/mituskicrafts.com   
Check at: https://dnsdumpster.com/  &  https://subdomainfinder.c99.nl/ (finds Cloudflare abuse).
Whois info is redacted for privacy (or to hide abuse?).

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
« Last Edit: October 19, 2020, 05:43:28 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32771
  • malware fighter
Re: Tests and other Media topics
« Reply #850 on: Yesterday at 12:01:18 AM »
SHA1 insecurity

Here one can check all sort of files against a so-called colission attack: https://shattered.io/
The test has been developed in cooperation with the Dutch CWI (Centrum voor Wiskunde & Informatica).
Also Google developers were involved.

Within most modern browsers like Google Chrome and also inside the Firefox browser,
we have been protected against insecure TLS/SSL certificates over the last three years.

Only it is a pity that whenever you will download Firefox browser,
the signature over that particular binary still exclusively will make use of insecure SHA1.

Get the checksum from the master repro and the actual download from a fast mirror.
Normally files now come digitally signed.

Now consider the above check as a checking method against silent file corruption,
so also with a digital file signature you could check at shattered.io,

Enjoy, my good friends, enjoy,

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32771
  • malware fighter
Re: Tests and other Media topics
« Reply #851 on: Yesterday at 02:38:44 PM »
SSL-check crawl https websites for insecure content:
http://ssl-checker.online-domain-tools.com/
No longer secure and available: -http://ssl-checker.online-domain-tools.com/

Another one: https://www.cdn77.com/tls-test

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!