Evilblog

Cybercriminals have done a lot of damage to organization through Social Engineer Attack from FireEye to Cisco & recently Uber they all were hacked because of social engineering. This reminds me of my own internal pentesting in one of my organization which I did in 2021, I used social engineering technique to deliver and execute my payload. I was asked to check if I can gain access to any of our employee's computer using any method I can think of.  In this blog, I will simulate the same attack and will try to show how I gained initial access by using a social engineering technique.   Attack Phase 1: Information gathering As it was from internal network i decided to compromise one employee. Here the person is a network engineer. Before attacking the target i started the attack with information gathering. The first thing I started with checking all open port in my network range. To do this I used masscan, so i used command masscan -p445  192.168.7.1/24 --rate=1000  ...

I am going to do a short write up on page file forensic. As I post blog by keeping newbies in mind I will try to explain some important points in layman form which is important to understand this post for newbies. What is a Page file? In Windows, NT when RAM becomes full, the operating system uses your hard drive as virtual RAM and starts placing your data in page file which is called pagefile.sys in Windows NT. Even though reading and writing data from the page file is slower than actual RAM it is still better than crashing your program. This principle works on Paging which is a memory management technique if you want to learn more on paging than you can read it here . Investigating Page file to retrieve artifacts As we know page file has data to be used by the operating system we can make a copy of it ( or there are others way to do this also) and can fetch some juicy info to retrieve any useful information which can lead an investigator to take his next deci...

Its been a while since I posted my last post. So I decided to do a quick writeup on social engineering attack. I will show how easy it is to phish someone using a Good social engineering attack. I will try to make this post noob-friendly to proof that how easy it is for anyone with good social engineering skills but with little to zero technical knowledge can phish a user. Even though I am not an expert at soc engineering I was able to take down some accounts.  Attack scenario This time I decide to attack random people, this was to see how difficult or easy to phish some random people. Preparing the Attack First I need to make a fake Facebook profile and it’s better to not use those type of profile which could be easily reverse search like some celebrity photo etc, so I used “ thispersondoesnotexist.com ” which generate fake person pic using AI techniques every time you refresh the page, so it would be good the choice for making this type of f...

What is cuckoo Sandbox Cuckoo is a dynamic malware analysis sandbox which is open source and completely free. We can submit any malicious binary file and cuckoo will provide a detailed report of the malicious file, including the behaviour of that file during execution.   What is Fileless Malware A fileless malware is a favorite technique for malware authors, what this type of malware does, it doesn’t write anything on the disk to bypass mostly string base detection. The malware executes an obfuscated command usually PowerShell and during run time antivirus could not detect the strings which are being executed and after injecting it in memory the command get deobfuscated. Cuckoo Interface and sample analysis To run cuckoo just type cuckoo from your terminal, this will start cuckoo service. Now to get the web interface type cuckoo run webserver this will start the cuckoo web interface on its defined URL and port address as shown belo...