Qubes OS Installation in VMWARE Workstation player

1.   Qubes OS is a security-focused desktop operating system that aims to provide security through isolation.Virtualization is performed by Xen, and user environments can be based on Fedora, Debian, Whonix, and Microsoft Windows, among other operating systems.In my earlier post here at http://anupriti.blogspot.in/2016/05/qubes-os-installation-issue-with.html,wherein I had shown the installation issue I faced in Virtual Box,here I put forth (a pretty longish installation though about 2 hours plus) a series of steps along with screenshots as I was able to install the Qubes OS in VMWARE Workstation player.

The only irritant thing is the installation time...it takes about 150 minutes to complete the entire installation.Rest any queries are welcome....

Computer Hacking is LEGAL @ GCHQ

1.  Privacy International , a UK-based registered charity that defends and promotes the right to privacy across the world, lost a case challenging RIGHT TO PRIVACY.

 

So as it stands the GCHQ now has a official tick to itself forcing into hacking devices to obtain intelligence thereby ensuring National Security interests.The court ruled in favor of GCHQ and thus for the first time the GCHQ has confirmed that it has been associated with hacking into IT and computer devices which till date were only thought in anticipation or were believed right based on the NSA whistle blower Edward Snowden.

 Source : http://www.wired.co.uk/news/archive/2015-03/20/gchq-hacking-faq

Source : http://www.wired.co.uk/news/archive/2015-03/20/gchq-hacking-faq

2.   An extract produced as follows from http://www.bbc.com/news/uk-politics-35558349

"Hackers can remotely activate cameras and microphones on devices, without the owner's knowledge, log keystrokes, install malware, copy documents and track locations among other things"

3.   Another extract produced below from the Investigatory  Powers Tribunal (IPT) complete copy of which is available for reading at http://www.ipt-uk.com/docs/Privacy_Greennet_and_Sec_of_State%20.pdf reads as follows :

 

"The use of computer network exploitation by GCHQ, now avowed, has obviously raised a number of serious questions, which we have done our best to resolve in this Judgment. Plainly it again emphasises the requirement for a balance to be drawn between the urgent need of the Intelligence Agencies to safeguard the public and the protection of an individual's privacy and/or freedom of expression."

3.   How much of this stands right or wrong irrespective,but one thing has come out large and clear....there stands no privacy while anyone is on the net...whatever you may do or attempt from your mobile device or the computer,nothing is yours.....

MY Blog hits : 3,00,000 plus :-)

Exactly about a year back my blog got the 2,00,000th hit and today it is 3,00,000 plus. So I assume an ok traffic since technical blogs do not have the glamorous and mass factor associated....I got into blogging without knowing any thing about traffic and readers and then maintaining a blog when you are working also is at times difficult.This actually means the time you could have spent with your family is being spent on blogging.But then as we say "Purpose is the reason you journey and Passion is the fire that lights your way."...and so has been applicable to me.Simply the passion to study and share IT and experiment with tools and researches has been the force for my energies being put in here.Putting here some past shots and analytics ex Google :

20 Oct 2015

 05 Oct 2013

 02 Nov 2014

FEW STATS STRAIGHT FROM GOOGLE ANALYTICS

Increase over years

 Page  views by countries

 

Page-views by Browsers

 Page  views by Operating Systems

Volatility Framework Command : Using pslist - pstree - psscan to identify process details from mem dump

This post will share an example to run the three volatility terminal commands including pslist, pstree and psscan

Before I proceed ahead,I would assume that you have installed volatility in your Linux system(in my case I am using UBUNTU,Installation explained at my earlier post at http://anupriti.blogspot.in/2015/09/volatility-advanced-memory-forensics.html) and you have a RAM dump of the OS u desire to analyse.In my case here I have taken the RAM dump of a Windows 7 OS as explained here at http://anupriti.blogspot.in/2015/09/volatility-command-using-imageinfo-to.html

Usage as follows :

pslist

The command pslist will be useful for any forensic prelim inquiry to find out the processes being run on the pc at the likely time of incident.The pslist command is used to list the processes of a system and it does not detect hidden or unlinked processes."pslist" module utilizes the same algorithm as the tasklist command that would be executed on the live computer. And also, Windows Task Manager uses the same approach as well.The command "pslist" traverses the list of active process structures that the Windows kernel maintains.The screen shot below shows a task manager activity of a windows PC i am using for test.Subsequently I have taken a fresh dump at this time and then analysed this dump with volatility on UBUNTU to find the process details which actually come out as the same as seen in the screenshots below :

Windows TASK MANAGER as seen in Windows OS
(CLICK TO ENLARGE)

The command usage at terminal syntax goes like this :

vol.py --profile=Win7SP0x86 -f windows_memory.raw pslist

Click on image to ENLARGE

Click on image to ENLARGE

 [TRIM]

Click on image to ENLARGE

 [TRIM]

The columns display the offset, process name, process ID, the parent process ID, number of threads, number of handles, and date/time when the process started. The offset is a virtual address by default, but the physical offset can be obtained with the -P switch as seen in the command below with screenshot.

vol.py --profile=Win7SP0x86 -f windows_memory.raw pslist -P

(Output with -P Switch)
Click on image to ENLARGE

pstree

pstree command is used to view the process listing in tree form and enumerates processes using the same technique as pslist, so it will also not show hidden or unlinked processes. Child process are indicated using indention and periods.SCreen shot of output and syntax as below :

vol.py --profile=Win7SP0x86 -f windows_memory.raw pstree

Click on image to ENLARGE

 psscan

psscan is used to enumerate processes by pool tag scanning and can find processes that previously terminated (inactive) and processes that have been hidden or unlinked by a rootkit. Syntax and screenshot of output as follows:

vol.py --profile=Win7SP0x86 -f win7.dmp psscan

Click on image to ENLARGE

1 millions plus Profile Views

1. When you look at your profile on Google, you can see your total number of views that means you can tell how many times your content has been seen by other people, including your blog posts and profile page.When you look at someone else’s profile or page, you can also see their total number of views. 

2. Just crossed a Million plus views on my page.....incl blog...thought to share.Not a big deal though viz a viz established techno blogs who have hits in billions....

My profile at https://plus.google.com/+AnupamT/posts

 

Career in CYBER SECURITY : Where to start ?

1.  I get a lot of queries on my blog posts related to cyber security courses and any time I am in some forum or discussion from all range age  groups regarding serious career scope in India in the field of Cyber Security.Is it worth taking a plunge in a field which currently only has more of a keen interest value rather then offering  lucrative pay packet job?The younger age group which generally has young engineering graduates look little restless of taking the risk but the field is pretty exciting for those who are passionately interested in it.

2.  The field is immense and huge to start with.For a fresher it would be pretty cumbersome to find where to start from.The moment any typical search is made for a cyber security course on google,the results are too huge and confusing to get started on.For a novice guy who doesn’t  have any background in this field but keen to start a career in this field, I would submit few first steps to start before ways and career road automatically starts guiding ahead.

3.   Firstly,make it very clear in your mind that this field is very dynamic...you have to be continuously on your toes to be updated around what’s happening in this field.Millions of cyber incidents are happening,thousands of zero days are being discovered,thousands of case studies are being released about various cyber incidents and as you start understanding you need to prioritize of what all to grasp in detail .....follow up good tweets of cyber security experts.The courses you do in this field will not be like the typical graduation certification that you do once and will make you a B.Tech for the rest of your life without ever some one asking about the syllaabi.Most of the course and certification have a shelf life of 2-3 years after which you need to renew them to continue your professional standing in the market.

4.   The best thing about this field is that you can build your career and get your basics clear by putting in you hard-work along with the world of open-source that’s your window to knowledge bank.Be it the white papers or applications or Operating systems etc most of the entire gambit of tools is free....yes...for last about 8-9 years of my association with the field I have not bought or purchased any software or OS or toolkit to practice basic hacks and penetration tests.

5.   For a start in respect of courses....I would submit that most of the courses valued globally like CEH,CISSP etc by EC-COUNCIL are pretty costly and just doing them does not guarantee anything with respect to job.You have to be aware of lots besides these courses.For a start for a typical Indian novice fresher I would recommend to start with CCCSP,CCCS etc...links given below :

http://cdac.in/index.aspx?id=cyber_security for courses offered by CDAC on cyber security and forensics.

http://esikshak.in/eSikshak/help/English/eSikshak/cccs.htm for CCCS by CDAC

http://esikshak.in/eSikshak/help/English/eSikshak/CCCSP.html for CCCSP by CDAC

more listed at http://anupriti.blogspot.in/2012/12/cyber-security-courses-in-india.html ....though slightly old post...but everything holds good today...

6. Besides these courses which only give a very basic over view of the field,you should start getting conversant with LINUX flavors available viz UBUNTU, Fedora, OpenSuse, Linux MInt etc to mention a few....besides a horde of excellent security distros are available with all possible youtube videos and manuals on the net for helping from scratch.Get conversant and start playing with maximum tools available in these.Few of the distros that I would recommend are listed  below :

- ARCHASSAULT at https://archassault.org/

- Kali Linux at

- BackBox at

- BackTrack R3 at

- Knoppix STD

- Pentoo

- DEFT

- Parrot

- Caine

- Samurai Web Testing framework

- Matriux Krypton

- Bugtraq

- Node zero

- Cyb org

- Helix

- Network SEcurity Toolkit

- Wireshark(not an OS)

- GRML

- Chaos

- Katana

-  Damn Vulnerable Linux

- Auditor

and I must tell you these are only few to test before you start getting basic idea of what’s happening around.

7.   You have to be passionate enough to carry yourself successfully in this field.The moment you are out of touch for whatever reasons you have a lot to catch.Every thing is available on the net..be it the study material...be it any software to start.....you actually do not straight away enrol for a course..prepare yourself with the basics as available vide these distros...basic linux and then do some course to start building your documented profile.If you have reached reading here and you have queries you can get back to me here ....post a comment.

Quantifying your WEB SECURITY

This small presentation will sail through a set of questions for any web/Internet user and will mark for every question as the user decides to answer.The safety score as it ends up lets the user know of where he stands in terms of IT SECURITY on the web!!!!

How to Set Up Google Chromecast : Windows 8

1.   Chromecast is a 2.83-inch (72 mm) HDMI dongle ,a digital media player developed by Google that plays audio/video content on a high-definition display by directly streaming it via Wi-Fi from the Internet or a local network. Users select the media to play using mobile apps and web apps that support the Google Cast technology. Alternatively, content can be mirrored from the Google Chrome web browser running on a personal computer, as well as from the screen of some Android devices.This post further brings you screen shots of the Chromecast setup as I set it up on one windows 8 Laptop...sadly it doesn't have a straight setup for UBUNTU OS...though I have seen few forums wherein a plugin mention in regular chrome browser would set the cast working...but alas not tried that...here it is a simply setting it up on Windows 8.

Step 1 : As you plugin the chromecast powered by USB Power in the HDMI slot ,you get a similar looking screen.

  

On your Chrome browser log onto google.com/chromecast/setup

As you click the above link you get a download setup file...around 800 kb...download that and your installation begins....

Typical Next Next.....

You get the device number as detected by the Laptop machine

Once connected a unique code is seen as below on the TV...just confirm that you see the same on your PC too as shown further below :

Unique code replicated on Laptop screen as below :

Click on That's My Code and continue as seen below :

Seen connecting to the network SSID

Setting up the Device on joining the network

and you are ready to cast :

The first time the device is ready to cast,expect recent update on the Chromecast dongle like seen below...likely to take few minutes...mine took 7-8 minutes

Updating still....12%

Updating still....61%

Updated and now applying updates

and the first look of the device on way to cast a Youtube stream as below :

What do I cast first ?...off course Rajinikanth....:-)

Few things to ponder and for info first time users :

- Why is not ready for Opensource OS?
- Works equally ready with Android devices with ease
- Does not work on a Windows OS running in Virtual Box/Machine.