Detect malicious traffic with MalTrail in Linux

Maltrail is a malicious traffic detection system, utilizing publicly available (black)lists containing malicious and/or generally suspicious trails, along with static trails compiled from various AV reports and custom user defined lists, where trail can be anything from domain name, URL, IP address or HTTP User-Agent header value (e.g. sqlmap for automatic SQL injection and database takeover tool). Also, it uses (optional) advanced heuristic mechanisms that can help in discovery of unknown threats (e.g. new malware).

Features

  • Uses multiple public blacklists (alientvault, autoshun, badips, sblam etc)
  • Has extensive static trails for identification (domain names, URLs, IPaddresses or User-Agent values)
  • Optional heuristic mechanisms for detection of unknown threats
  • Based on Traffic -> Sensor <-> Server <-> Client Architecture
  • Web reporting interface

Continue reading “Detect malicious traffic with MalTrail in Linux”

Build a virtual machine with VirtualBox in Linux

Virtualization is almost as old as our beloved integrated silicon chips.
At the beginning of the 1960s, there had been two major computing issues.
First, many individual mainframe models were bespoke, so incompatible.
The other stumbling block was that as integrated processors became more powerful, institutions wanted to implement flexible “timesharing” between multiple users.

VirtualBox 5.2 on Fedora

IBM dismissed this multi-user batch processing was definitely the future! But in 1963, it lost a large MIT contract to General Electric. Realising its huge mistake, IBM developed the general purpose S/360 architecture, which could be implemented on a wide range of compatible systems. In 1965, IBM released the S/360-76, the world’s first mainframe to support virtualisation. And the rest is very much history.

Continue reading “Build a virtual machine with VirtualBox in Linux”

Smart TV remote take-over

1 Install TakeTV

DLNA/UPnP devices such as smart TVs are known to have no security at all.
Now you can discover these devices and take control of them using your terminal thanks to TakeTV! Install it; clone its
repository first: git clone https://github.com/SvelizDonoso/taketv.git.

Then install its dependencies: sudo apt-get/dnf install youtube-dl.

2 Discover exposed devices

After installing the tool, use it to auto-discover any DLNA/UPnP-enabled devices on the network: python taketv.py –all –timeout 30.
Once the time’s up, a list of discovered devices will be shown.

3 Prepare some media

You can download media and store it on your local Apache HTTP server, or you can use the ‘assistent’ tool (yes, the spelling is wrong) included with TakeTV.
Download the classic ECB-Tux image:

python assistent.py –url https://blog.ilippo.io/content/images/2015/11/Tux-ECB.png –dimage.

You can download video and audio from
YouTube as well.

4 Start your local HTTP server

Start your HTTP server now: python assistent.py –httpserver –port 8000. Feel free to change the TCP port and make sure you allow the remote TV/device to connect to it: sudo iptables -I INPUT 1 -p tcp -s –dport 8000 -j ACCEPT.

5 Take over!

It’s time to take over the TV! You can cast the downloaded image/video/audio to it,
control its volume, mute/unmute it, and more:
python taketv.py –ip YOUR_TV_IP –play http://HTTPSERVERIP/imagen/Tux-ECB.png

See python taketv.py -h for help.

Facebook gathers data for data mining operations used by data brokers

When it comes to mass spying, the best game in town is not CIA or any of the alphabet soup agencies. Private companies and data brokers have been doing data collection on a massive scale, and given their advanced statistical methods, this information can say a lot about a person. In fact, I’d say that what they have is better than what the alphabet soup has, and their data has a lot of implications.

facebook-privacy

This started when companies like Amazon realized that they can make a profit every step of the way: sell items to customers, sell customers’ data to data brokers. Data brokering has since become much bigger, and so the data collection methods have also become much more extensive. There are many ways to gather mass data, and these are just the ones I can think of off the top of my head: first, many websites straight up sell their data to brokers. This includes many online vendors, all kinds of popular sites (not all of them, but some of them), adult entertainment sites, you name it. If those sites do not sell data, dishonest brokers can and do embed tracking ads on sites that accept them, revealing a user’s entire browsing history. Then of course there are companies like Google, that sell user search histories.

Continue reading “Facebook gathers data for data mining operations used by data brokers”

How to Block those nasty Ads on Spotify app in Windows, Linux and OSX.

Today I will show you how to easily block the servers hosting Spotify ads on your Linux/Mac or Windows machine. This will allow you to listen all day long on a free account without hearing a single ad.  This trick is very simple, legal and works great.  Spotify may catch on and find some way to stop this from working but, as of today (10/07/2018) it works swimmingly.

spotify-ad-block

Blocking Ad Server

In order to remove those pesky ads, all we need to do is setup out hosts file to override the DNS for Spotify’s ad servers and redirect that traffic to our local machine.  When the traffic hits out local machine the call will fail and the ad will be skipped.  Follow the steps below to add the entries needed.

Continue reading “How to Block those nasty Ads on Spotify app in Windows, Linux and OSX.”

Make your AdBlock invisible to most sites that require you to disable AdBlock.

The Anti-Adblock Killer Script has not been updated for quite a while now. Most sites can sniff it.

adblock

Fortunately, there are a few alternatives. I have been using the uBlock Protector Extension (Chrome only) for the past month and it works flawlessly. It is also updated frequently.

Continue reading “Make your AdBlock invisible to most sites that require you to disable AdBlock.”

AMD USB 3.X with kernel/IOMMU issue fix

The MSI/Gigabyte AMD motherboards are well known having several issue with USB 3.X front port in combination with Linux for long time now. and here’s how to fix that.

The workaround that works is to enable IOMMU in the BIOS and then change the following line in bootmanager GRUB: (/etc/default/grub)
Change GRUB_CMDLINE_LINUX=”” to GRUB_CMDLINE_LINUX=”iommu=soft” ( As seen in screenshot below)

Now before you re-log or reboot first update your bootmanager GRUB, in Fedora related distro’s :

sudo grub2-mkconfig -o /boot/efi/EFI/fedora/grub.cfg

For Debian distro’s that’s:

sudo update-grub

Also in BIOS make sure these options are enabled: xHCI handoff, EHCI handoff, IOMMU controller.

This should fix issues not able to use USB 3.x on mobo to front case in Linux.

Linux Speed Up! Get a faster boot-up, a swifter desktop and more responsive apps.

Everyone loves a speedy computer. In this section we’ll look at some essential tricks to speed up your computer. You don’t have to be an experienced campaigner to get more mileage out of your Linux box. There are some techniques that even new users can employ to trick their Linux distro to boot faster.

Continue reading “Linux Speed Up! Get a faster boot-up, a swifter desktop and more responsive apps.”

Today’s the 24th first anniversary of 1st Linux kernel release.

Today’s the 24th first anniversary of 1st Linux kernel release. October 5th is the day when Linus Torvalds released the 1st Linux kernel.
red-hat-posters-3
If you remember, back in August, we celebrated the birthday of Linux. August 25th is the day when Linus Torvalds first told the world that he was working on a project named Linux. However, the Linux community celebrates October 5th as another anniversary of Linux.
So, is Linux confused about its birthday just like Google? Well, October 5th is the day when Linus released the first kernel.
pppt-5-638
Today, Linux is running the world and more companies are adopting it to run their systems.
On the occasion of Linux kernel birthday, The Linux Foundation shared some interesting facts about the same. Let’s take a look at them:
  • Version 0.01 of the Linux kernel had 10,239 lines of code.
  • Version 4.1, released in July 2015, has more than 19 million lines of code.
  • The current Linux kernel is the result of one of the largest collaborative projects ever attempted.
  • Nearly 12,000 developers from more than 1,200 companies have contributed to the Linux kernel since tracking began 10 years ago.
  • The rate of Linux development is unmatched. The average number of changes accepted into the kernel per hour is 7.71, which translates to 185 changes every day and nearly 1,300 per week.
  • As of last month, 115,013,302 total lines of source code were present in The Linux Foundation’s Collaborative Projects.
  • It would take a team of 1,356 developers over 30 years to recreate the code base in these projects.
  • The total economic value of this work is estimated at more than $5 billion.
These facts are taken from The Linux Foundation‘s anniversary post.