This is one of those quick posts designed more as a note, I had fun trying to find the way to update the network location on my 2012 Server sandbox so I figured I would create a short post on the matter…
It can be found by following:
Server Manager>Tools>Local Security Policy>Network List Manager Policies>Network
This is of course assuming that you have a fresh install with GUI.
If you’re using PowerShell you will want to run the following command (this requires PowerShell 4)
So I ran into this problem, I installed a fresh copy of Kali Linux onto a VM (VMware) so I could do some pen-testing on my local network without booting into Linux but couldn’t get Kali to use my external wireless card (I needed packet injection capabilities ;))
To make this short and sweet all you have to do to use your external USB wireless card (In My Case an Alfa Card) is just install updated vmware tools (I am assuming you have already added USB Controller in your VM settings…) you can do this by using the following commands on your shell/terminal:
apt-get install open-vm-tools
Once installed you should see your wireless card detecting new networks. This worked on Kali Linux x64 and because its based on Ubuntu Its safe to assume it will work with Ubuntu. Good luck and good hunting ;)
You might be asking yourself why would I care to list the last modified file/s right? Well if your in the security world then you know sometimes it’s important especially in a compromised server/workstation. It’s important to check what files may have been modified to help the attacker, for example, the editing of native configurations or scripts can facilitate permanent access to a system. It’s also important when trying to identify the potential root of the problem.
This command will list all files that were recently modified by without any real order.
This command will list all files that were recently modified separating all file names by line by line.
This command will list all files that were recently modified separating all file names by line by line and limiting the amount displayed by 10
ls -1t | tail -10
I am sure there are more aggressive methods but this is a simple one that works pretty solid on any Linux distribution with bash.
Today I get an email that looks like it came from GoDaddy except for a few things that don’t look right… Email Headers are not correct, this was obviously a shitty job as the malicious user tried to make the email look like it was coming from godaddy but was actually coming from a compromised wordpress install on Hostgator.
Dear Customer MIGUEL VALLEJO. Confirm Your Identify.
An unknown user was trying to login your GoDaddy account with an incorrect password on Sunday 15 March , 2015 1:05 GMT, and with an unknown DNS IP Location: (China) ip=22.214.171.124, as a result of that we partially blocked your GoDaddy accounts due to major security protocols.
We are sincerely sorry for any inconvenience. GoDaddy Customer Support. – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – Copyright (c) 1999-2015 GoDaddy.com, LLC. All rights reserved.
Except for the fact that there is no administrative contact info, phone, business address in the signature it looks somewhat legit. Now Lets look at body of the email specifically at the url and where the link points to… http://someweirddomain.com/wp-includes/css/nvldigkoua.htm?nvldigkoua=e3251075554389fe91d17a794861d47b
So this is obviously a malicious email, a targeted one because the user had to go through some effort to put this type of attack together. Sadly this is someone trying to dupe you into coughing up your password or in my case a sad attempt at doing so. It’s a good idea to go over some security logs after events like this as it could be a sign of someone already in your network and trying to escalate their access. In my case it was just some noob who though he was dealing with a end user, my response… <^>-_-.
So I totally ripped myself off, it wasn’t suppose to be that way lol… I traded my ps4 with 2 controllers and two games for what was suppose to be a #nvidia shield tablet from some guy on craigslist with all accessories. I chatted with the guy for about half an hour and sounded totally legit. When I got home I had more time and light to inspect the tablet which ended up being a 16GB tablet instead of the 32GB version so I was like fml… as I continued I came to two corners which were also cracked, it looked like it had been dropped… FML~… Once I had it reset I tried to play a song and the damn speaker is blown, which sounded fine at low volume… Of course this sucked, I tried calling him back and texting and would get no answer. After about 30 minutes I found out who his name was and where he lived. I decided to say fuck it it’s not worth the drama and the cops would be like “dude! seriously for a ps4?”. So far the tablet is one of my favorite of all tablets I’ve ever owned it’s super fast and running the lollipop OS which is super smooth and responsive. I really want to upgrade to the 32GB so I can have some more room to do some native application development. It sucks that I got jacked but I am happy that I ended up with this tablet it’s perfect :*)
P.S. Hook me up with a 32GB version NVIDIA, I heard it rains tablets at HQ ;) @nvidia #nvidia
I started to track my security logs a lot more since I began to notice the amount of alerts I was getting via email on holidays. There is definitely a connection, American networks are under attack during American holidays specifically from 00:00 to 14:00, this time the attacks weren’t just coming from Chinese networks but Mexico & France.
Ok so I am not here to point fingers because both governments pretty much do the same thing duh… I will also add that Chinese attacks on US networks have increased in the past few months since the conflicts in Ukraine. Over this memorial weekend I have been monitoring many server nodes across different data centers and have definitely had in increase in brute force and scan attacks.
Today I have noticed a 400% increase in additional log records related to these attacks. Coincidence I think not, how else do you explain an increase in attacks a day before a major US holiday? Chinese PLA will obviously deny anything but if you analyze the data it definitely looks like a coordinated attack on US networks .Chinese Intelligence Assumes that no IT personal will be working over the weekend so they amp their attacks. Let let me say something to Chinese Intel… YES WE WORK ON HOLIDAYS TOO!… lol
P.S. I have logs to prove that too… xD
Here is a list of their most popular attack networks…