Cyber Creatures

Introduction MITRE ATT&CK® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community. With the creation of ATT&CK, MITRE is fulfilling its mission to solve problems for a safer world — by bringing communities together to develop more effective cybersecurity. ATT&CK is open and available to any person or organization for use at no charge. The MITRE ATT&CK Design and Philosophy document from March 2020 says the following: At a high-level, ATT&CK is a behavioral model that consists of the following core components: • Tactics, denoting short-term, tactical adversary goals during an attack; • Techniques, describing the means by which adversaries achieve tactical goals; • Sub-techniques, describing more specific m...

Requirements: Windows Device Mo bSF Step 1: open power shell and write command ./run.bat 127.0.0.1:8000.   Step 2: Now in your browser got to " http://localhost:8000 "and upload the APK into it:  Step 3: Now that you have '" uploaded the APK ", MobSF will start analyzing it. Step 4: When the " analysis completes " we will be presented with a nice " dashboard summarizing the result " Step 5: The source Android Manifest xml file. Now we have lots of information to look through, but since we are only interested in the API key we may want to start searching for it in the ''Android Manifest xml file'' . We can view it by ''clicking in the dark blue button'' in the section “ View Code ” at the bottom right of the above screenshot, and we will land on this page: Step 6: String Section. As we can see from the Android manifest file the values for "MANIFEST_API_KEY and GRADLE_API_KEY_PLACEHOLDER" are readily ...

As you know, the key to hacking the WPA2-PSK is to capture the PSK (pre-shared key or password) as it passes through the air in the 4-way handshake between the client and the AP (you must be in monitor mode to do so). This requires that we either  wait for a client to connect to the AP or if a client has already connected, then we bump the client off (de-authenticate) the AP and wait for them to re-connect. What if we could skip that step to get the password hash directly from the AP. That is exactly what the PMKID attack is! This new technique (August 2018) was developed by the security researchers at hashcat, the fast Linux-based password cracking tool. They were conducting research on Wi-Fi hacking with the tools included in hcxtools repository and  when they found something interesting. They found that they could pull information directly from the AP that included the PSK without a client connecting to the AP! Let's see how this tool works and use it on some AP's. Step 1: ...

Many beginners come here looking to hack Wi-Fi, but have no idea where or how to start. Not every hack will work under every circumstance, so choosing the right strategy is more likely to lead to success and less wasted hours and frustration. Here, I will lay out the strategies based upon the simplest and most effective first, through the most complex and difficult last. In general, this same continuum will apply to the probability of success. Before You Begin Wi-Fi Password Cracking ​I strongly suggest that you read my article to become familiar with the terminology and basic technology of wireless hacking. In addition, to really be effective at Wi-Fi password cracking while using Aircrack-ng, the premier Wi-Fi cracking tool, you will need to have an Aircrack-ng compatible wireless adapter. Although it is not the perfect wireless cracking adapter, the Alfa AWUS036H is inexpensive, effective, and plug and play on Kali Linux. ​1. Crack WEP ​WEP, or the Wireless Equivalent Privacy, was t...