PIRATESSHIELD

Hi all, more than a year I am using this cloud based malware Hunting/testing platform to test latest malware's and the thread which is reported by my clients. The name of the cloud service is Any.Run   were we can test the malware and analysis the behavior with automated environment . What you will get ? NEXT-Gen Sandbox with full interactive access Real-time data-flow Threat intelligence Easy to share What you can do ? Real-time interaction Network tracking Process monitoring MITRE ATT&CK™ mapping Behavior graph Anyone can access the this tool by free subscription program with some predefined limitations. Register at https://app.any.run/#register  How to Use ? 1.Once you did login, will see the dashboard like below. Click the " New task " button. 2.Now the below window will appear in your screen. There which contain multiple option to customize our testing environment .    Upload the malicious file or  type the URL which you want to test.    If the malware uses dark

The Harvester      theHarvester is a very simple, yet effective tool designed to be used in the early stages of a penetration test. Use it for open source intelligence gathering and helping to determine a company's external threat landscape on the internet. The tool gathers emails, names, subdomains, IPs, and URLs using multiple public data sources that include: Passive baidu: Baidu search engine  bing: Microsoft search engine - www.bing.com  bingapi: Microsoft search engine, through the API (Requires API key, see below.)  censys: Censys.io search engine  crtsh: Comodo Certificate search - www.crt.sh  cymon: Cymon.io search engine  dogpile: Dogpile search engine - www.dogpile.com  duckduckgo: DuckDuckGo search engine - www.duckduckgo.com  google: Google search engine (Optional Google dorking.) - www.google.com  googleCSE: Google custom search engine google-certificates: Google Certificate Transparency report hunter: Hunter search engine (Requires API key, see below.) - www.hunter.i

Hi , Hope everyone doing good. In this article we going to explain about top trending Cyber/Information Security technologies  in  year of 2018 to 2019. 1.SIEM  Security information and event management (SIEM) is an approach to security management that combines SIM (security information management) and SEM (security event management) functions into one security management system . SIEM is a tool used to monitor real time logs of Firewall,Server, Users to identify the security incident in a enterprises network. But its an passive device,only can detect only  the Cyber incidents . The place where they processing the logs with SIEM tool called SoC (Security Operations Center) 2.EDR  Endpoint Detection and Response (EDR) is a new trending technology from past two years to detect and prevent the Cyber attacks in end-User machines before the Exploitation or Foot-Printing. Its not like classical Anti-Virus software ,which is not contains any kind of virus Signatures database to find the malic

Hi folks, here I am going to share the tools list what I am using in my daily life cycle. NMAP Nmap ("Network Mapper") is a free and open source (license) utility for network discovery and security auditin g. Basically, I will use to discover the open ports and closed ports in were I done Port Mapping in firewalls. We can use this in the local network as well as in the WAN network. Also with help of NSE script, we do multiple things like vulnerability check, exploitation, etc., Ref: http://www.piratesshield.com/2017/11/nmap-network-mapper-securtiy-scanner.html CURL and WGET curl is a tool to transfer data from or to a server, using one of the supported protocols (HTTP, HTTPS, FTP, FTPS, SCP, SFTP, TFTP, DICT, TELNET, LDAP or FILE). Normally using this tool to analyze the website headers when my web security device blocking some dynamic content websites and to create the Application signature in IPS. Wget using to download files directly instead of opening and surfing the

Dear all, In this article going to explain about how I collected Internet facing FortiGate firewalls and gathered the information of those device s. HTTP HEADER ANALYSIS As per the HTTP header analysis with multiple FortiGate firewalls , I understood that they are using the default header in all the model devices.Below I am providing the HTTP header of my testing Firewall. We going to use Server parameter as our key to track and find FortiGate devices. SHODAN SEARCH ENGINE To continue this process we required Shodan vulnerability Search engine login. goto https://www.shodan.io/ and login STEP 1    In search bar enter the key words      server: "xxxxxxxx-xxxxx"    and enter The search result will provide the globally Internet facing FortiGate devices list. Here we got 354,525 FortiGate firewalls details from Shodan search engine. Along with this result Shodan provides multiple options to filter the results. STEP 2 With help of Shodan filter in this step we going to identify th