Le Merveilleux Blog
Mini MySqlat0r, XSSploit, FireForce, Webshag … …..

Mini MySqlat0r est un outil multiplateforme développé en Java destiné à auditer des sites Web pour tester et exploiter d’éventuelles failles SQL.
source : http://www.scrt.ch/attaque/telechargements/mini-mysqlat0r
XSSploit est un outil destiné à la détection automatisée et à l’exploitation des failles de type Cross-Site Scripting lors de missions de type test d’intrusion.
source: http://www.scrt.ch/attaque/telechargements/xssploit
Fireforce est une extension Firefox destinée à faire des attaques de type brute-force sur des formulaires envoyés en GET ou en POST.
Webshag est un outil, multiplateforme, destiné à l’audit de serveurs web. Intégralement écrit en Python, il regroupe une série de fonctionnalités utiles lors de tests d’intrusion de serveurs web, tels qu’un scanner d’URL et un « fuzzer » de fichiers.
source : http://www.scrt.ch/attaque/telechargements/webshag

AV-Comparatives.org / Microsoft Security Essentials / Virustotal.com

On this site you will find independent comparatives of Anti-Virus software. All products listed in our comparatives are already a selection of some very good anti-virus products. In order to get included in our main tests, vendors must fulfill various conditions and minimum requirements.
source : http://www.av-comparatives.org/

Microsoft Security Essentials protège votre ordinateur en temps réel contre les virus, logiciels espions et autres logiciels malveillants.
source : Microsoft Security Essentials : téléchargement

Virustotal is a service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines.
source : http://www.virustotal.com/

Big blue button . org ……

BigBlueButton is an open source web conferencing system. BigBlueButton is mainly used for distance education.BBB supports sharing of slides (PDF and PPT), video, whiteboard, chat, voice (need speakers and a microphone to participate), and desktops. It’s built using over fifteen open source components. BigBlueButton runs on Mac, Unix, and PC computers. BigBlueButton uses red5 the open source implementation of Adobe’s Flash Media Server. One of the god feature of BigBlueButton is that multiple users can share their web-cam at the same time. There is no limit for this. On Linux machines BigBlueButton can be installed either from source code or from Ubuntu packages.
source : http://www.bigbluebutton.org

BitLocker, windows 7 ……

Vous pouvez utiliser le chiffrement de lecteur BitLocker pour mieux protéger tous les fichiers stockés sur le lecteur où Windows est installé (lecteur du système d’exploitation) et sur des lecteurs de données fixes (tels que les disques durs internes). BitLocker To Go vous permet de protéger tous les fichiers stockés sur des lecteurs de données amovibles (tels que les disques durs externes ou les disques mémoire flash USB).

windows 7
Pour que le chiffrement du lecteur d’installation de Windows soit possible, votre ordinateur doit comporter deux partitions : une partition système (contenant les fichiers requis pour démarrer l’ordinateur) et une partition du système d’exploitation (contenant Windows). La partition du système d’exploitation sera chiffrée et la partition système restera non chiffrée de façon à ce que votre ordinateur puisse démarrer.
source : Set-up-your-hard-disk-for-BitLocker-Drive-Encryption

Finding which programme started an outgoing connection under Windows …..

Open task manager on your pc, click View, select columns, and check the column next to PID, then click ok.

In the bottom of the task manager window, make sure ‘show processes from all users’ is checked.

Open a command prompt and type netstat -aon.

This command gives you a list of all network connections to and from your pc at the current time.

Find the IP Address/connection you are tracking down in this output, then look in the PID column.

Take that number back to the task manager window and sort this by the PID column at the top, and you’ll see the process which initiated this connection.


For boot process, I suggest the command line

Wmic startup list full

It will show you programs and services during startup, the process that is creating the UDP frames will likely show up there.

Fport does a better job of showing the processes and their ports in use. However most antivirus products bark at it. If it’s a machine you administratively control, try it. If not, the previous reply to use netstat -ano and then use taskmgr or tasklist to identify the process is good.

I would recommend using process explorer by sysinternals to find the actual location of the exe on the hard disk. I use this instead of task manager. Use the add columns option to pick « image path » and you’ll see the actual location of every exe or service running.

Alternatively you can check in the registry whether any program is
configured to load at startup and connect to that particular IP.

In Windows XP, it was
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run. On
the right you will see programs which will be loaded at startup. You
would probably need to check the same in Win 7.

Alternatively check in services.msc whether there are any programs
which are running which are not required. Maybe stopping some or one
of them might solve the issue.


TCPView is a Windows program that will show you detailed listings of all TCP and UDP endpoints on your system, including the local and remote addresses and state of TCP connections.


How to prevent fishing attacks ….

One of the more proactive things is to have a watermark in the banks HTML source code which contains a list of IP’s on which the bank’s website domain is registered.
If a phisher copies the HTML source code and hosts it on the phished site, the watermark will check that this rogue IP is not part of the whitleisted bank domain IP’s it can send an alert to the security team.
That way the phished site can be brought down before the customer gets redirected to it.