|Preview Create Ransomware with Python.pdf|
In this month edition we don’t have a main theme, but we gathered some amazing tutorials on various topics, that will surely be of interest to you! Inside you will find articles about mobile and phishing techniques, cloud computing, and how to fight against XSS attacks. For a more offensive approach, we highly recommend reading Creating a Ransomware with Python and Undetectable Malware for Windows 10. We also have something for MacOS specialists, and those that need more expertise in PowerShell topics. This and much more can be found in our latest edition!
Enjoy the issue,
TABLE OF CONTENTS
Wi-Fi Direct Based Mobile Ad hoc Network
Sayed Chhattan Shah, Jae Hyeck Lee, Myong-Soon Park
This article describes a Wi-Fi Direct based multi-hop mobile ad hoc network. More specifically, a routing layer has been developed to support communication between Wi-Fi Direct devices in a group and multi-hop communication between devices across a group. The proposed system has been implemented on a group of four Wi-Fi Direct enabled Samsung mobile devices.
Undetectable Malware for Windows 10
Latoui Seif-Eddine, Berhili Mohammed
According to the figures we found, the percentage of computers under Windows operating systems would be 87.49%. In March 2019, still according to the figures we have, there would be more than a billion computers in the world in service, all operating systems combined, which would represent something like 870 million potential victims. These figures are obviously only a rough estimation because it would be difficult to have a precise idea of the number of computers in use worldwide. However, they allow us to have an idea of the scope that can have the least security vulnerability in the Windows systems. During our work we focused our research on the detection methods used by the most popular antivirus and how to get around them, in particular Windows Defender, which is the antivirus installed by default on the latest versions of Windows and which is therefore one of the most used antivirus in the world.
Creating a Ransomware With Python
Hocine Tabti, Oussama Azrara
There are many different ways that a ransomware can infect a device. The most common method is through email spam. The email might include attachments such as trapped PDFs or links to malicious websites. In this article, we will show you how to create your own ransomware with Python. You should know that attackers create ransomware by using techniques dedicated to data security such as AES and RSA algorithms, which we will be using in order to conceive our own ransomware.
A Mobile Ad hoc Cloud Computing and Networking Infrastructure for Automated Video Surveillance System
Sayed Chhattan Shah
Mobile automated video surveillance systems involve application of real-time image and video processing algorithms, which require a vast quantity of computing and storage resources. To support the execution of mobile automated video surveillance systems, a mobile ad hoc cloud computing and networking infrastructure is proposed in which multiple mobile devices interconnected through a mobile ad hoc network are combined to create a virtual supercomputing node. An energy efficient resource allocation scheme has also been proposed for allocation of real-time automated video surveillance tasks. To enable communication between mobile devices, a Wi-Fi Direct based mobile ad hoc cloud networking infrastructure has been developed. More specifically, a routing layer has been developed to support communication between Wi-Fi Direct devices in a group and multi-hop communication between devices across the group. The proposed system has been implemented on a group of Wi-Fi Direct enabled Samsung mobile devices.
Phishing Techniques in Mobile Devices
In this article, an analysis of different types of phishing attacks on mobile devices is provided. Mitigation techniques—anti-phishing techniques—are also analyzed. Assessment of each technique and a summary of its advantages and disadvantages is provided. At the end, important steps to guard against phishing attacks are provided. The aim of the work is to put phishing attacks on mobile systems in light, and to make people aware of these attacks and how to avoid them.
Fighting Against XSS Attacks: A Usability Evaluation of OWASP ESAPI Output Encoding
Chamila Wijayarathna , Nalin A. G. Arachchilage
Cross Site Scripting (XSS) is one of the most critical vulnerabilities that exist in web applications. XSS can be prevented by encoding untrusted data that are loaded into browser content of web applications. Security Application Programming Interfaces (APIs) such as OWASP ESAPI provide output encoding functionalities for programmers to use to protect their applications from XSS attacks. However, XSS still being ranked as one of the most critical vulnerabilities in web applications suggests that programmers are not effectively using those APIs to encode untrusted data. Therefore, we conducted an experimental study with 10 programmers where they attempted to fix XSS vulnerabilities of a web application using the output encoding functionality of OWASP ESAPI. Results revealed three types of mistakes programmers made that resulted in them failing to fix the application by removing XSS vulnerabilities. We also identified 16 usability issues of OWASP ESAPI. We identified some of these usability issues as the reason for mistakes that programmers made. Based on these results, we provided suggestions on how the usability of output encoding APIs should be improved to give a better experience to programmers.
Automating the actions of an attacker with Python
Hocine Tabti, Oussama Azrara
Cyber attackers are constantly evolving with their techniques to gain access, exploit and scan a computer system. This ‘system’ can be a simple home computer, which is connected to the internet, or a company network. Hence, the attackers employ exactly the same techniques with both of them to achieve their goals. In this paper, we are going to show you that we can do all this work automatically by creating and launching scripts written in Python.
A methodology to Evaluate the Usability of Security APIs
Chamila Wijayarathna , Nalin A. G. Arachchilage
Increasing numbers of cyber-attacks demotivate people to use Information and Communication Technology (ICT) for industrial as well as day to day work. A main reason for the increasing number of cyber-attacks is mistakes that programmers make while developing software applications that are caused by usability issues that exist in security Application Programming Interfaces (APIs). These mistakes make software vulnerable to cyber- attacks. In this article, we attempt to take a step closer to solving this problem by proposing a methodology to evaluate the usability and identify usability issues that exist in security APIs. By conducting a review of previous research, we identified five usability evaluation methodologies that have been proposed to evaluate the usability of general APIs and characteristics of those methodologies that would be affected when using these methodologies to evaluate security APIs. Based on the findings, we propose a methodology to evaluate the usability of security APIs.
ASB-RAT+ Remote Access Tool MacOS/OSX Vulnerability
Ahmed Ounouh, Benjamin Cohen
The operating system targets many potential users, individuals as well as businesses. Mac OS is perfectly suited to all needs of comfort. The combination of internal application file catalogs with those offered freely on the Internet perfectly meets the needs of the system users. In 2017, 19 million Macs were sold by Apple with a platform that has more than 100 million users, and this has not yet rivaled the operating system of Microsoft Windows 10 and its 800 million active devices.
De-obfuscating PowerShell: Analysis of Malicious Office Documents
In this article, we are going to focus on malicious documents, like Microsoft Office documents known as Compound File Binary Format and referred to as OLE (Object Linking and Embedding) Files, which can store multiple files and streams within a single file. First, I’m going to list some examples of obfuscation used in PowerShell attacks in general and then I will give an example of a malicious document and how to analyze it.