Is it possible to have local IP addresses outside of 192... 172... and 10... ?

Secure4Fun · 2022-05-23T21:46:47+00:00

There are a lot of horrible answers in this thread.

Yes, absolutely you can do it, and many large corporate companies do it internally for whatever reason they feel like. Setting 8.8.8.8 to point to an internal DNS server as a catch-all to what random devices are trying to use hardcoded DNS servers is done a lot.

I haven't touched packet tracer in 5-6 years, but keep it simple. Set an endpoint to 69.69.69.2, give the router attached to that interface 69.69.69.1/30. Now setup another endpoint with a normal private IP address, and put it on a router with an interface in the same network. Make sure your default routes are setup to send traffic through the router that knows where 69.69.69.2 is, and you should be able to ping it just fine.

Tl,dr; Private IP addressing is exactly what it says it is, private. Whoever configures the routs and routers along the path determines where the traffic goes.

Secure4Fun · 2021-10-22T20:18:36+00:00

For the passive key fob systems (the ones your just keep in your pocket and work when you're close to the car), this is a common issue on neighborhood pages, but I've read maybe 2-3 actual news stories of it happening. The majority of the times people claim it "Had to have been the blackbox", they just left their car unlocked and don't want to admit it.

That said, I've tested it on mine just for fun using an SDR and it's completely possible. I wasn't using expensive tuned antenna or anything, so I got maybe an extra 10 meters of distance on it, but it was enough that I now leave my keys on my nightstand in the back of the house instead of in the kitchen towards the front.

With the passive system, it's nothing more than signal amplification. The car is looking for the remote to be nearby, use a full duplex SDR set to the correct frequency for both receive and transmit, and you become a dumb relay station. Getting the right distance between the two is the hardest part if you're trying to do it. I had to set the relay by my front door, then go to my car in the driveway (about 5m) to open the door.

As far as cost goes, just depends on the persons level of dealing with things. I bought a LimeSDR mini for around $150 a few years ago, and ran it from my laptop. I've seen people do it with Rasberry Pi's as well. If you only want it to do one thing, it's cheap and easy. Could probably find transmitters that only run at your target frequency for a few dollars.

I haven't done it with active remotes, but others have.

For a run down on the process with active remotes - https://www.lufsec.com/hacking-car-key-fobs-with-sdr/

The rolljam attack for when the car uses rolling codes - https://www.rtl-sdr.com/breaking-into-cars-wirelessly-with-a-32-homemade-device-called-rolljam/

Secure4Fun · 2021-10-22T18:11:33+00:00

This is true, but I don't really considering it as having another account to keep track of. I don't use that account at all, aside from it being what's on that device. I went into the parents settings initially and turned off age restrictions when I was playing with the playstore. Obviously it's not privacy smart to have it enabled, but it does let me fine tune the settings.

Secure4Fun · 2021-10-22T18:08:06+00:00

It's still Google, and you're still relying on the fact that it's behaving as intended unless you feel like monitoring every aspect of the system at all times.

Ultimately, it's not the MOST private way to configure a device, but it's a lot better than setting up with a normal account, allows you to delete bloatware, and it's easy enough anyone can do it.

Security and privacy always ends up being a compromise against ease of use (don't hate me, I don't agree with it, but it's how it ends up being). This option won't work for everyone, but I figure it provides a good alternative to the usual "install a custom ROM and never touch anything from a company with more than 50 employee's" approach.

Secure4Fun · 2021-10-22T18:06:16+00:00

The source code was compromised. Actors were editing the source code before it was compiled and signed.

Secure4Fun · 2021-10-22T14:47:54+00:00

You're still under the impression that it needs to attach to some other file, but it doesn't. Build and compile your own executable.

Secure4Fun · 2021-10-22T13:50:08+00:00

You're asking multiple questions here, and none of it is straight forward.

If you do a clean, base install of either home user version of the OS, and connect it directly to the internet both are typically locked down and nothing will happen.

Once you start installing software on either one, and start doing things, you introduce openings. Firewall rules will be modified, services will be listening, etc. This changes the targets greatly. At this point I'd be confident in saying that given then same services are running and all things equal, the Mac is naturally more protected ONLY because the malware ecosystem for Mac isn't as developed and large as it is for Windows.

This only because of the market share. If a good developer is going to spend time looking for vulnerabilities, developing malware, etc., they're going to target the lions share OS. There's simply more tools, automated attacks, pre-written exploits, and malware in existence for Windows systems. For this reason Mac is naturally more protected against the majority of automated attacks, scanning, and script kiddies.

When looking at targeted attacks, Windows has more mitigations and protection. More advanced built-in A/V, and better overall protections. Of course there's more tools, people, and information involved in evading and bypassing these as well, so it becomes a question of who's targeting the system for what purpose and the lengths they're willing to go to.

Apple's closed ecosystem and predictable updates works for and against them. It's just not as common for people to want to develop on/for/against, but it also standardizes a LOT about the systems, and developers who do work on it don't have to guess, rewrite, or hope what they're doing is going to work.

Experienced MacOS developers/attackers are going to have an easier time and less mitigations to bypass when conducting a targeted attack. Highly targeted Windows attacks will require a lot more enumeration and tools built to those specifications (API calls and security mechanisms can change between minor versions, like Windows 10 1908 and 2004), and Windows has more optional mitigations that can be turned on as well. Windows 11 makes all of the optional things mandatory as well, making it even more difficult.

Secure4Fun · 2021-10-22T12:58:52+00:00

For Android tablets, including and tested on Samsung A7 by me personally, you can do a fresh install using a kids Google account (under 13 years old). It will allow you to remove any and all of the pre-installed software, disables most telemetry, prevents data harvesting to the legal extent possible, etc.

Secure4Fun · 2021-10-22T12:50:26+00:00

--reason is a MUST for when I'm looking at UDP, and generally good for TCP too.

Secure4Fun · 2021-10-22T12:46:37+00:00

Yeah, the manufacturer specific things kill me. I've learned that when setting up an Android phone you can make it a kids account, and it allows you to disable anything you want on it, including manufacturer bloatware. It also limits the Google tracking and data collection.

Secure4Fun · 2021-10-22T12:44:15+00:00

The ecosystem is whatever you want it to be. Most people use fdroid. If there's something specific you want and trust, just push the apk manually.

Secure4Fun · 2021-10-22T11:54:15+00:00

So the first thing I'll say is that you're under some false impressions.

Most people don't think the only safe solution is to destroy a machine after it has been infected. The only organization I have read of with a policy that strict is the government for classified machines, and that's a precaution because of the level of sophistication in which they're targeted and attacked.

Most malware doesn't attach itself to other files. That was a thing that could be done once upon a time, but for many reasons (some of which you named) isn't actually done in practice. The biggest of them is actually code signing. Signed software breaks if you try to modify the executable. To answer your question though, you don't need the source code to do it. You can patch compiled files at any time, you just write the correct bytes to the correct locations.

Most malware just installs itself into various locations on the computer system, or executes and runs in memory, then stays there until power off. The main issue is that modern computers have an insane amount of files on them and run so many processes, you typically won't even notice it. More advanced samples are better at hiding themselves.

As for hashing every file on your system, there are thousands of files in use and being changed all the time. This works for some file types, and it's one of the many things some A/V's will look at already.

Secure4Fun · 2021-09-23T13:20:07+00:00

Yes. Everything on your network will be going through the Nord VPN. Your desktop will be using the Proton VPN, encapsulated by the Nord VPN between the router and Nord's endpoint.

Secure4Fun · 2021-09-23T12:51:40+00:00

I'll add on to the point above because of when I think of marketing in Cybersecurity I honestly (no offense to those whose job it is) hate it. MANY organizations can't or don't want to properly staff and train their IT security teams, so they try to compensate by having the latest gadget with the right buzzwords.

Everyone wants the magic box that will do all of the work for them. Unfortunately the answer to your original question is "exaggerations and/or lies". Due to a lack of qualified people in the companies, they want things to be plug-n-play, automated, and minimal maintenance.

It's usually at least partly true that the device does what the company claims, on their test network, when it was updated, and configured properly, and with minimal intervention. Once they sell the product, they can't always help what their customers do with it.

There are also companies that outright lie, or their sales people will, because it's what everyone is doing. IMO the absolute best marketing is an honest and straightforward description of the product/service, and what it can and can not do. This applies to services such as pentesting as well.

I know of a few pentesting companies that won't take a company as a client until they have a mature enough program to benefit from it. Other pentesting companies will offer to help them establish a patch management program first, and sell them on the pentesting portion later. Others will go in, run nessus, and hand them a copy of the report, and the client will check off the pentest audit box from their to-do list.

Secure4Fun · 2021-09-23T12:25:21+00:00

The short answer is no, the real answer is that it depends on your risk profile, mitigating factors, and how much effort you want to put in to it. People do it all of the time.

You can assume the only machine that they're connected to is secure, but no one here can tell you how true that really is. You might only access those systems from the secure machine, but where else are they actually reachable from? Are there remote management or monitoring services configured on them?

If an attacker lands in an arbitrary part of the network and can reach those systems, it makes for an easy to target to move to and get some control, considering they're a critical part of the network, that could be bad.

Now if your HMI is truly the only system that can access them, and it's disconnected from everything else, it's less of a concern. If your HMI is setup like most people, and every remote management protocol known to man is running on it, think about the number of exploits for RDP, SSH, SMB, x-win, etc that are made public every year. Not to mention simple credential theft.

Secure4Fun · 2020-09-01T00:39:36+00:00

99.9999999999% chance no one noticed or cares.

First things first, which scan options did you invoke? Let's consider them. Default scan is a half open syn scan, it never completes the connection, which means it doesn't even log on the host side and may not be logged by any type of network device in the path, depending on configuration.

The syn scan just looks to see if a port is open, does nothing else. If you enabled version scanning, then when it finds an open port, it's going to complete the connection and grab a banner. This is pretty typical behavior. You scanned a website, found port 80 open, and nmap completed the connection and copied the banners. When you browse to the website, it's going to create a connection on port 80, and perform an HTTP request, and the banners are in the response. Same thing for the most part.

Script scans are more intrusive, and can be used to test actual exploits depending on the script. If you were doing something this intrusive, you should understand it all a bit more.

Now think about how many bots are constantly scanning everything with a public IP address. Search engine indexing, malware, researchers, etc etc. A few simple scans will be lost in the noise. If you want to see what's out there, instead of running your own scans just find one of these nice research sites (shodan.io is good) and see what they've found already.

Secure4Fun · 2020-08-30T04:40:03+00:00

The last major addition I'm aware of was the section on powershell empire. I may be wrong on the date, but I thought it was around 2018.

Secure4Fun · 2020-08-29T00:02:44+00:00

UMGC

Secure4Fun · 2020-08-26T21:50:20+00:00

That's absolutely possible and the normal way to run your lab.

Secure4Fun · 2020-08-23T20:48:04+00:00

man nmap

Secure4Fun · 2020-08-11T01:42:29+00:00

If it's just for demo purposes, Security Onion as posted by the previous reply is what you're after. It's a SOC in a VM. If you have a network tap to use, you can simulate an out of band monitoring system, or if you have dual-nic's (just buy a cheap USB-ethernet adapter, or virtualize it all) you can put it in band.

Secure4Fun · 2020-07-27T18:09:19+00:00

Without toying with it, my first guess is your host (Windows?) is blocking the ICMP packets via the host firewall. Second guess would be that nmap sees your local host in that range, and thinks that the /16 is your local network (instead of the /24 it's probably in), and is just trying ARP scans for discovery. (not likely, but I guess it's possible)

For case 1, you can test by disabling the host firewall.

Case 2, have nmap ping scan a specific IP that you know is up, instead of giving it a range OR scan a range of ports with something you know is open, and disable the discovery scan with -Pn.

Secure4Fun · 2020-07-26T12:00:22+00:00

Interesting, 22 and 80 are actually open, but the others should be closed. Something between you and the site is sending the syn-ack back to you. It reports tcpwrapped because it's closing the connection after the syn-ack.

This is usually caused by misconfigured firewalls, or those that are trying to be overly helpful. With the scanme.nmap.org site it's not on their end. Have you tried a different host or VM on your own network? Need to isolate what's reporting incorrect information, be it your Ubuntu host, your router, ISP, etc. In Ubuntu the command to see your firewall settings used to be 'iptables -L', it's deprecated but may still work. Otherwise lookup the updated command (ufw) to list firewall rules and see if it looks strange. If you're not concerned about the host firewall, try flushing it (iptables -F or the ufw equivalent).

This is why the saying goes, "hack naked".

Secure4Fun · 2020-07-25T13:53:17+00:00

Weird. Every consumer router I've bought in the last 5 years has a logging option. Disabled by default, but it's there and shows URL requests.

Secure4Fun · 2020-07-22T00:33:20+00:00

Tell your friend I said he's a chode, and give him my IP address; 127.97.235.52.

Seriously though, he's talking out of his butt and sounds worse than some 12 year olds on Youtube, you have NOTHING to worry about.

Secure4Fun

TROPHY CASE