Senin, 29 April 2013

Practice of Network Security Monitoring Table of Contents

Since many of you have asked, I wanted to provide an updated Table of Contents for my upcoming book, The Practice of Network Security Monitoring. The TOC has only solidified in the last day or so. I delayed responding until I completed all of the text, which I did this weekend.

You can preorder the book through No Starch. Please consider using the discount code NSM101 to save 30%.

I'm still on track to publish by July 22, 2013, in time to teach two sessions of my new course, Network Security Monitoring 101, in Las Vegas. I'll be using the new book's themes for inspiration but will likely have to rebuild all the labs.

I expect the book to approach the 350 page mark, exceeding my initial estimates for 256 pages and 7 chapters. Here's the latest Table of Contents.

  • Part I, “Getting Started,” introduces NSM and how to think about sensor placement.
    • Chapter 1, “NSM Rationale,” explains why NSM matters, to help you gain the support needed to deploy NSM in your environment.
    • Chapter 2, “Collecting Network Traffic: Access, Storage, and Management,” addresses the challenges and solutions surrounding physical access to network traffic.

  • Part II, “Security Onion Deployment,” focuses on installing SO on hardware, and configuring SO effectively.
    • Chapter 3, “Stand-alone Deployment,” introduces SO, and explains how to install the software on spare hardware to gain initial NSM capability at low or no cost.
    • Chapter 4, “Distributed Deployment,” extends Chapter 3 to describe how to install a dispersed SO system.
    • Chapter 5, “SO Housekeeping,” discusses maintenance activities for keeping your SO installation running smoothly.

  • Part III, “Tools,” describes key software shipped with SO, and how to use these applications.
    • Chapter 6, “Command Line Packet Analysis Tools,” explains the key features of Tcpdump, Tshark, Dumpcap, and Argus in SO.
    • Chapter 7, “Graphical Packet Analysis Tools,” adds GUI-based software to the mix, describing Wireshark, Xplico, and NetworkMiner.
    • Chapter 8, “Consoles,” shows how NSM suites like Sguil, Squert, Snorby, and ELSA enable detection and response workflows.

  • Part IV, “NSM in Action,” discusses how to use NSM processes and data to detect and respond to intrusions.
    • Chapter 9, “Collection, Analysis, Escalation, and Resolution,” shares my experience building and leading a global Computer Incident Response Team (CIRT).
    • Chapter 10, “Server-Side Compromise,” is the first NSM case study, wherein you’ll learn how to apply NSM principles to identify and validate the compromise of an Internet-facing application.
    • Chapter 11, “Client-Side Compromise,” is the second NSM case study, offering an example of a user being victimized by a client-side attack.
    • Chapter 12, “Extending SO,” covers tools and techniques to expand SO’s capabilities.
    • Chapter 13, “Proxies and Checksums,” concludes the main text by addressing two challenges to conducting NSM.

  • The Conclusion offers a few thoughts on the future of NSM, especially with respect to cloud environments and workflows.
  • Appendix A, “Security Onion Scripts and Configuration,” includes information from SO developer Doug Burks on core SO configuration files and control scripts.

I hope you enjoy the book and consider the new class! If you have comments or questions, please post them here on via @taosecurity.

List of Torrent Leeching Sites - 2013

We all know that zbigz is the best torrent caching client. But on the free version you get  very slow Speed and there are many limits and for getting full advantages of it user’s Need to buy premium Account. Earlier we used premium cookies to hack zbigz but it is now blocked by zbigz. So we are sharing some alternatives of zbigz by which you can download torrents at high speed.


Collection of Torrent Leeching sites

  • PutDrive.com
  • Furk.net
  • Boxopus.com
  • Quick-torrent.com
  • Torrenthandler.com
  • Put.io
  • Filestream.me
  • TorrentLeech.Org
  • BitLet.Org 
  • MondialUpload.net
  • PutShare.com 
  • ZZLBox.com 
  • Torrent2exe.com
Well these are some websites alternative to zbigz or each other. I cannot say which is best, but currently I'm satisfied with putdrive. It works fine for me. You can check all sites and decide which is better according to your need.

Be social and share this post with your friends also like us on facebook and stay updated with latest posts.

Minggu, 28 April 2013

How to use Heal Selection and heal transparency tools in Gimp (formerly Resynthesizer)

Before image: With heal selection, we can remove elements such as the tree branches.


After image: I used the heal selection tool to remove some elements of this photo. The heal transparency tool allowed me to elongate the image.


The heal transparency and heal selection tool allows you to easily remove elements from your image or fill in missing areas from your image. They are Gimp tool found in Filters>Enhance. These tools were formerly done using the plugin "Resynthesizer" (Resynthesizer now no longer works the way it should in some versions of Gimp).

These tools are similar to Photoshop's "Content aware."






Selasa, 23 April 2013

How To Recover Deleted Data From Pen Drive - Without Software

Hello readers! We often store important data in our Pen Drive. Not important data! but still we store some videos, games or any other file which we cant afford to loose. Sometimes by mistake or intentionally we deleted some important file and after deleting we realize that it was important and wonder how to recover it. You can find many software s(paid or free) that can recover deleted data from your Pen Drive. But from below mentioned method you can easily recover data from your Pen Drive without any software. And very fast as compared to many softwares
get pen drive data back

Recovering deleted data from Pen Drive is very easy just follow below steps carefully and recover deleted data from your Pen Drive easily

Steps To Recover Deleted Data From Pen Drive

  • First open notepad.
  • Now copy below code paste it in notepad
attrib -r -s -h /D /S
del *.scr
del *.lnk
del *.zAJ
  • Now save the notepad file in your Pen Drive with name as 'recover.bat' file...
  • Now double click it.
  • Your deleted data will be recovered instantly.

Screenshot Of Data Recovery

Screenshot Of Data Recovery

Above steps were very easy. Now next time don't worry about recovering your deleted data from Pen Drive. Just check back this post and follow the steps.

If you like this post kindly share it with your friends. Also like us on facebook and stay updated with latest posts.

Minggu, 21 April 2013

How To Remove Country Restriction on Youtube Videos

Hello readers today we are back with new post on how to remove country restriction from YouTube videos. If you are daily visitor of our site then definitely you might be using VPN to access the internet. So when you try to access the video on YouTube you might have got some Country Restriction error on some video.

How To Remove Country Restriction on Youtube Videos

If you don't use VPN then also you can face this error, because all videos are not available in all country. But if you want to get rid out of this restriction then just follow below link and start watching videos on YouTube without any restriction

Steps To Get Rid Of Restriction on YouTube Videos

  1. First Go to http://www.proxfree.com/youtube-proxy.php
  2. Paste your Youtube url.
  3. Select Some IP Location and Server Location
  4. Finally, Hit "PROXFREE"
  5. After that you will be redirected to YouTube/video page with unblocked link.
  6. Enjoy!!!
This was very easy now you can enjoy watching videos on YouTube without any restriction.
Visit us daily for more such tricks also like us on facebook and stay updated. Share this post with your friends so they can also get rid of this restriction from youtube.

Bejtlich Teaching New Class at Black Hat in July

I'm pleased to announce I will teach two sessions of a brand-new two day class at Black Hat USA 2013 this summer. The new class is Network Security Monitoring 101. From the overview:

Is your network safe from intruders? Do you know how to find out? Do you know what to do when you learn the truth? If you are a beginner, and need answers to these questions, Network Security Monitoring 101 (NSM101) is the newest Black Hat course for you.

This vendor-neutral, open source software-friendly, reality-driven two-day event will teach students the investigative mindset not found in classes that focus solely on tools. NSM101 is hands-on, lab-centric, and grounded in the latest strategies and tactics that work against adversaries like organized criminals, opportunistic intruders, and advanced persistent threats.

Best of all, this class is designed *for beginners*: all you need is a desire to learn and a laptop ready to run a few virtual machines.

Instructor Richard Bejtlich has taught over 1,000 Black Hat students since 2002, and this brand new, 101-level course will guide you into the world of Network Security Monitoring.

Black Hat has three remaining price points and deadlines for registration.

  • "Regular" ends 31 May

  • "Late" ends 24 July

  • "Onsite" starts at the conference

Seats are filling -- it pays to register early!

If you have any questions about the class, please leave a comment here or contact me via Twitter at @taosecurity. Thank you.

I'm also talking with Black Hat about teaching at their Istanbul and Seattle events later this year.

Sabtu, 20 April 2013

protect your eyes from computer rays

protect eyes from computer rays







Have you seen A lamp in your home for 4 hours straight? It is the same thing when you see a computer screen with a high rays, you pass a long time and your eyes absorb the X-Ray screen strong, which over time may cause you damage, especially the eye because it's one of the most sensitive members  in the human body, I do not think there is a ready to complete his life without the gift of sight, so if you are addicted to the computer it is better for taking precautions, if in order to keep your eyes and thus continuity in the use of the computer for other years. For this purpose in today's episode I will address it with you to explain F.lux program, which Samay adjust Radiology Computer on an ongoing basis throughout the day and is automatic in order to comply with eyes so you will not exhausted the whole day

So,the links that you need are




Kamis, 18 April 2013

Convert Your Facebook Account into Facebook Page

Facebook's important in today's world is just speechless. We make new friends on Facebook and build our friend list. But Facebook also has a limit that you cannot add more than 5000 friends in your friends list. If you are very popular and other people wants to join you on Facebook but they can't because of Facebook restriction of 5000 friends. So we are sharing a 'trick' by which you can convert you Facebook profile to Facebook page. And allow your friends/fans to join you on Facebook by means of your page.

Convert Your Facebook Account into Facebook Page

Important points to remember before converting Facebook Profile Into Page

  • All your confirmed friends and subscribers will be converted to people who like your new Page 
  • Your current profile picture will become your Page's picture.
  • Your Username Will Become Your Page's Username.
Now just follow below steps to change you Facebook profile into Facebook page

Steps To Migrate From Facebook Profile To Facebook Page

  1. First go to the link https://www.facebook.com/pages/create.php?migrate .
  2. Mark On I agree to Facebook Pages Terms
  3. Then Click On "Get Started"
  4. Now Your Facebook Profile Becomes Your Facebook Page.
  5. Smile :)
Note: Before converting your profile to page think twice because again getting back your profile is not easy.
If you want your personal account/profile back or you have mistakenly converted your profile to page than just visit this link

Well, migration from Facebook profile to Facebook page is quite easy and anyone can use this service.

Visit us daily for more such interesting tips & tricks. Also like us on Facebook and stay updated. Share this post with your friends if you like it.

Check Whether Your Antivirus Is Reliable or Not

We always want our PC to be protected from virus/threats . So everyone use different Antivirus (paid or free) to protect their PC. Some antivirus are really good and protects your PC from threats. But there some (mostly free) Antivirus which does not protect your system fully. So below is the method by which you can easily check that your Antivirus in working properly or not.

Check Whether Your Antivirus Is Reliable or Not

Steps To Check Your Antivirus Is Reliable or Not

  1. First open notepad
  2. Now copy and paste below mentioned code
  3. Copy this code:X5O!P%@AP [4\PZX54(P^)7CC)7}$EICAR- STANDARD-ANTIVIRUS-TEST-FILE!$H +H*
  4. Now save it with .exe extension like antivirustest.exe.
  5. Your antivirus will detect this file as virus and will attempt to delete it as soon as you save this file. [don't worry this will not affect your PC]
  6. If your antivirus detect that file as virus that proves your antivirus is working properly, if not better to get a reliable Antivirus
Check this post it may help you to choose better Antivirus>>>Top 5 Antivirus Softwares To Protect Your PC

Visit daily for more security Tips, also like us on facebook and stay updated. 
Share this post with your friends so that their PC can also check that whether their Antivirus is reliable or not.

Senin, 15 April 2013

Graphing Event Logs: Muxing Powershell and R Programming


# Powershell 3.0 using .NET access to event logs
function WinEvent($EventLogName,$EL_Limit){
mkdir -ea 0 C:\RProgramming
sl -ea 0 C:\RProgramming
$a=[System.Diagnostics.EventLog]
$b=$a::GetEventLogs("computername")
$b
$b | export-csv -NoTypeInformation C:\RProgramming\EventLogs.csv
$N=((($b.Log) | sls $EventLogName).LineNumber)[0] - 1
$EventLog=$b[$N].get_Entries()[0..($b[$N].entries.count -1)]
if ($EL_Limit -eq "max") {$EL_Limit = $b[$N].entries.count -1}
$EL_fields=$Eventlog[0..$EL_Limit] | Select EventID,Index,CategoryNumber,EntryType,Source,InstanceID,TimeGenerated,TimeWritten,UserName
$EL_fields | export-csv -NoTypeInformation EventLogFile.csv
$EL_fields | group -noelement -property EventID | 
Select @{Name="EventID"; Expression ={[INT]$_.Name}}, Count | sort EventID | ft -auto
}





#WinEvent.R
EventLog <- read.csv("EventLogFile.csv")
EventIDs <- sort(unique(EventLog$EventID))
EventID <- (subset(EventLog,EventID !="",select=EventID))
EVT_DF <- data.frame(table(EventID))
# EVT_DF$EventID <- as.numeric(EVT_DF$EventID)
EVT_DF



#base graphics package
plot(EVT_DF,xlab="EventIDs",ylab="Number of Events",type="p")
barplot(EVT_DF$Freq,names=EventIDs,main="EventLog Counts",xlab="EventIDs",ylab="Number of Events")

# uses lattice graphics package
library(lattice)
xyplot(Freq ~ EventID, data=EVT_DF,xlab="EventIDs",ylab="Number of Events",type="p")
barchart(EventID ~ Freq,data=EVT_DF,xlab="Number of Events",ylab="EventIDs",type="s")


Some R output:


   EventID Freq
1        1  189
2        2    4
3        6   12
4       12    4
5       13    3
6       17    2
7       18   12
8       19   42
9       22    3
10      26   19
11      27    3
12      33    5
13      35    4
14      37    4
15      42   88
16      89    4
17     105    1
18     109    3
19     133    1
20     201    4
21     206    4
22     245    1
23    1000   11
24    1001   11
25    1013   10
26    1014   64
27    1074    3
28    1116    1
29    1117    1
30    2000   63
31    2001    2
32    2002    2
33    4000    5
34    4001    2
35    5007    2
36    6005    4
37    6006    3
38    6008    1
39    6009    4
40    6013   35
41    7001    4
42    7002    3
43    7011   26
44    7023    3
45    7030    1
46    7031    2
47    7034    4
48    7036 2948
49    7040  140
50    7042   96
51    7043    1
52    7045    6
53    8033   61
54   10001    4
55   10002    2
56   10010    2
57   20001    9
58   20003   16
59   20010   10
60   50036    4
61   50037    3
62   51046    4
63   51047    3




Sabtu, 13 April 2013

New TCP VPN Trick For Airtel - 14 April 2013

We are back with new Airtel VPN which is working in many states. This VPN trick has no disconnection problem.  Also you will get full 3G speed that means your speed will not pe capped. If your speed is capped than you can use our airtel speed capping solution. This trick is working almost all over Indian except some state. So everyone must try this trick.


As this trick is working very fine just download the config and take benefit of this trick before it gets blocked by Airtel.  Lets see some features of this trick

Features Of TCP VPN Trick For Airtel

  • No Speed Capping Problem
  • HTTP and HTTPS Protocol Supported
  • Zero Balance Condition
  • Torrents Supported
  • No Disconnection Issue
  • Based on TCP Protocol

Steps To Configure TCP VPN Trick For Airtel

  1. First Download Config file from below link
  2. Download Airtel TCP VPN Trick config
  3. Extract it, and Paste it into NMD VPN Config folder
  4. Location of NMD VPN Config files is C:/program files/nmd/config
  5. If you do not have NMD VPN, Then Download NMD VPN
  6. Use Acces Point as: airtelgprs.com
  7. Run NMD VPN as Administrator and connect with given Config
  8. Connection will be established instantly

Screenshot Of NMDVPN Connection With TCP VPN Trick For Airtel

Screenshot Of NMDVPN Connection With TCP VPN Trick For Airtel

Share this post with your friends if it helped you. Visit daily for more tricks and hacks. Also like us on facebook and stay updated.

Senin, 08 April 2013

Airtel Front Query Trick for April 2013

Hey guys! today we are back with new airtel front query trick which is working almost all over India. This trick is tested in Harayna, Delhi, Raj, and some other states and it is working without speed capping. If some how you your speed is capped user our speed uncapping solution. Using this trick there is no issue of SIM blocking up to now, but to be on safer side disconnect after every use of 500 MB.


Using this trick you can get around 300-400 Kb download speed. It is very easy to setup this trick just follow below mentioned steps carefully, first lets have a look on some of its feature.

Features Of Airtel Front Query Trick for April

  • No Speed Capping Problem
  • No SIM blocking
  • No need to setup any VPN
  • Based on high speed proxy
  • HTTP protocols are supported
  • No need register for any external Account

Steps To Use Airtel Front Query Trick In Mobile

Create a new Configuration Settings on your Mobile
  • Account name: TFH
  • Access Point: airtelgprs.com
  • Proxy:  50.97.99.150
  • Port: 80
  • Home Page: Leave it blank or type google.com
  • Now  open Opera Mini Handler and enter below front query
  • free ip/cgi-bin/nph-proxy.cgi/000001A/http/
  • Replace free ip with any working homepage in your State.
This Airtel Front Query trick can also be used in PC using VNAP

Screenshot of Downloading Using this Trick in PC

Screenshot of Airtel Front Query Trick

Visit daily for more tricks. Kindly share this post with your friends if it helped you. Also like us on facebook and subscribe for email updates. If you face any problem regarding this trick do comment below.

encrypt any server in 2 minutes and make it undetected by 95% of antivirus 2013

Hello and welcome in an other exclusive tutorial tutorial
encrypt server 2013

today we ll encrypt our server that we created in the last tutorial
(view part1 here)
and this method is useful to encrypt any server
watch the tutorial for more details


to download all the programs

hacking with the best keylogger ever istealer 6.3 video tut

Today we ll talk about the best way ever to get not only accounts passwords, but also to hack websites.
keylogger hack

So our tutorial is about getting passwords using keylogger
more details in the video below


.
to download the program + PHP logger + Icon Pack

just last thing u have to disable your antivirus because the program will be detected as a virus and that's normal because we are creating a virus using that program

in the next tutorial we ll make the server undetectable by 95% of antiviruses
click here to discover it
if you want to hide your server in a fake program don't search away i already made a tutorial about that from here
here
and if you want to chage your server icon i also made a tutorials about that
here

have fun.

Rabu, 03 April 2013

Get Free Live IPL Commentary on All Network

Hello Guys! IPL has started and everyone wants to be updated with live scores. Everyone try to get updated with live scores and commentary. But due your busy schedule or any other problem you might not be updated. So here we have come with an exclusive trick by which you can listen live IPL commentary on your mobile for absolutely free.
Get Free Live IPL Commentary on All Network

How Listen Live Commentary of Pepsi IPL

  • This trick works with every operator Just you need to maintain very low balance on your phoe. If you have more than RS 5. Balance then this trick won’t work.
  • You need to maintain balance less Than RS 1
  • Just dial 58888064 form your mobile and Activate the IPL plan
  • The plan deducts Rs.5 per day from your main balance, but due to some bug this service also gets activated in less balance and 0 balance deduction occurs.
  • You get Free IPL Commentary absolutely free. To listen the commentary dial the same Number.

Well this trick was quite simple. This trick is confirmed working all over India on ALL networks. You can also watch Live IPL Streaming by visiting official IPL YouTube page powered by India times.

Stay tuned for latest Pepsi IPL updates and for other tricks. Also like us on Facebook and stay updated.

Selasa, 02 April 2013

New Airtel 3G VPN Trick For UP Users - Confirmed Working

We are back with new Airtel 3G VPN trick which is based on TCP Port 443. This trick is confirmed working in many Uttar Pradesh and some other Northern States. Airtel tricks are constantly getting blocked so take the benefit of this trick before it gets blocked. This TCP VPN trick has no disconnection Problem. Also there is no speed capping problem, if you face speed capping issue than you can use our speed uncapping trick.


Using this VPN trick you can get speed around 200-300 kbps. So what are you waiting for just see the below steps on how to configure this trick and start using free Airtel 3G before this tricks get blocked. But first lets have look on some features of this trick

Features Of Airtel 3G Trick

Steps To Configure Airtel 3G TCP VPN Trick

  1. First Download Airtel Config from below link
  2. Download Airtel 3G VPN Trick config
  3. Extract it, and Paste it into NMD VPN Config folder
  4. Location of NMD VPN Config files is C:/program files/nmd/config
  5. If you do not have NMD VPN, Then download NMD VPN
  6. Use Acces Point as: airtelgprs.com
  7. Run NMD VPN as Administrator and connect with any given Configs
  8. Connection will be established instantly.

Screenshot Of NMDVPN Connection Using This Trick

Screenshot Of NMDVPN Connection Using This Trick

Visit daily for more tricks, also like us on facebook and stay updated. Share this post with your friends if it helped you, so that your friends can also be benefited with this trick(s).