Malheur Is a Tool For The Automatic Analysis Of Malware Behaviour

Malheur - Is a Tool For The Automatic Analysis Of Malware Behaviour (program behavior recorded from malicious software in a sandbox environment). It has been designed to support the regular analysis of malicious software and the development of detection and defense measures. Malheur allows for identifying novel classes of malware with similar behavior and assigning unknown malware to discovered classes. quoted mlsec

I think this is helpful, but if you installing a offline software either Linux, BSD, Mac or Windows. You will know if the software is malware or not.

For this installation, first follow this step:

Before installing, this Malheur needed dependencies package
>= uthash-1.7
>= libconfig-1.4
>= libarchive-2.70 (on Slackware default installed)

After added, next:

compilation
# ./configure [options]
# make
# make check
# make install

Compilation
Configuration options

--prefix=PATH [Set directory prefix for installation]

By default Malheur is installed into /usr/local. If you prefer a different location, use this option to select an installation directory.

--enable-openmp [Enable support for OpenMP]

This option enables support for OpenMP in Malheur. Several functions of the malware analysis have been enhanced using OpenMP directives, such that they execute in parallel and benefit from multi-core architectures.

--enable-matlab [Enable optional Matlab tools]
--with-matlab-dir=PATH [Set directory prefix of matlab installation]

Some functions of Malheur are also available in form of Matlab .mex files which allows for using implemented analysis methods directly from within a Matlab environment.

If you using Slackware on your notebook or computer, i have SlackBuild script for this installation.
please those who are interested in using my SlackBuild for Malheur
https://github.com/4IP/SlackBuild

Many thanks and may be useful ;)

Configuration Inter Virtual Local Area Network (V-LAN) - Routing

How configuration inter v-lan routing with packet tracer?
Okay now i will give some a tutorial for practice, the following commands below:

Setting Switch
Switch>ena
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#int f0/24
Switch(config-if)#int f0/5
Switch(config-if)#sw
Switch(config-if)#switchport mo
Switch(config-if)#switchport mode trunk
Switch(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/5, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/5, changed state to up

Setting Router
Router>ena
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#int f0/0
Router(config-if)#no shut

Router(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up

Router(config-if)#exit
Router(config)#int f0/0.10
Router(config-subif)#
%LINK-5-CHANGED: Interface FastEthernet0/0.10, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0.10, changed state to up

Router(config-subif)#enc
Router(config-subif)#encapsulation dot
Router(config-subif)#encapsulation dot1Q 10
Router(config-subif)#ip
Router(config-subif)#ip ad
Router(config-subif)#ip address 10.10.10.1 255.255.255.0
Router(config-subif)#int f0/0.20
Router(config-subif)#
%LINK-5-CHANGED: Interface FastEthernet0/0.20, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0.20, changed state to up

Router(config-subif)#enc
Router(config-subif)#encapsulation do
Router(config-subif)#encapsulation dot1Q 20
Router(config-subif)#ip add
Router(config-subif)#ip address 20.20.20.1 255.255.255.0
Router(config-subif)#do wr
Building configuration...
[OK]
Router(config-subif)#^Z
Router#
%SYS-5-CONFIG_I: Configured from console by console

Router#

TOP 10 Pentest OS (penetration Testing OS) 2015

Top 10 pentest OS - 2015 the results of reviews from a user few qouted from Distrowatch.
Some use a variant Linux distributions of DEBIAN,UBUNTU,GENTOO,ARCH,SLACKWARE etc. The following below is my experience and according to users who have ever used of the pentest OS:

• Kali Linux

Kali Linux is penetration OS based from DEBIAN Linux, which addressed for Penetration Testing by IT security. Kali Linux not only use for penetration testing but kali linux can for auditing and i think can forensic too. Many tools included of Kali Linux, therefore many users who wear it. If you want use and wear you can download this OS.
My experience using this OS very stable, faster and can running on 2 Gb of RAM.

• Backbox

BackBox is a Linux distribution based on Ubuntu. It has been developed to perform penetration tests and security assessments. Designed to be fast, easy to use and provide a minimal yet complete desktop environment, thanks to its own software repositories, always being updated to the latest stable version of the most used and best known ethical hacking tools.

Download this OS 

• Bugtraq

Bugtraq-Team was founded in 2011 by christian and ruben and was consolidated in 2012, has since evolved exponentially and today we still hunger for exploring new frontiers. We are an innovative group with different qualifications and knowledge of computer security... Since our inception our group lived and learned with other known hacking groups at international level. We also have years of experience working in security consulting, Unix systems administration, gesture of incidents, technical service, and social networking sites. If something we can point our group is that to date each specializes in their field and work to try to find new bugs, and current ways that are used by cyber-terrorists to undermine the systems of your company. quoted from bugtraq-team

Download

• Tails

Tails is live operating system, you can start on almost any computer from a DVD, USB, SD Card or Virtual Machine.
Tails OS is a Linux distribution based on Debian, optimized to disguise his identity in the online world.

Tails OS also used by namely former NSA contractor Edward Snowden that makes a scene in the whole word with divulge confidental documents National Security Agensy(NSA).

That were in tails os there are number of related tools privacy and encryption, including Tor. Tor is a application browser for scrambles traffic internet user with routing through the computer network volunteers around the world.

Tails can't store data locally, and immune to the spy program. Using computer do not leave a trail when searched or examined.

If you want to trying, you can download this os.

• Pentoo

Pentoo is a security - focused livecd based on gentoo.

It's basically a gentoo install with lots of customized tools, customized kernel, and much more.

Put simply, Pentoo is Gentoo with the pentoo overlay. This overlay is available in layman so all you have to do is layman -L and layman -a pentoo.

So if you once install gentoo, will be easy to understand and installing.

• NodeZero

Like Pentoo, Tails. NodeZero is an Ubuntu based. NodeZero intended for penetration testing and security auditing.

NodeZero also live-system only, and can run from Usb, Dvd or virtual machine.

• Samurai Web Testing Framework

The Samurai Web Testing Framework is a live linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites. In developing this environment, we have based our tool selection on the tools we use in our security practice. We have included the tools used in all four steps of a web pen-test.

Starting with reconnaissance, we have included tools such as the Fierce domain scanner and Maltego. For mapping, we have included tools such WebScarab and ratproxy. We then chose tools for discovery. These would include w3af and burp. For exploitation, the final stage, we included BeEF, AJAXShell and much more. This CD also includes a pre-configured wiki, set up to be the central information store during your pen-test.

• Weakerth4n

This penetration distribution is built from Debian Squeeze and uses Fluxbox for its’ desktop environment. This pentesting distro is particularly well adjusted for WiFi hacking since it contains many Wireless tools. Here is a quick summary of WEAKERTH4N’s tool categories: Wifi attacks, SQL Hacking, Cisco Exploitation, Password Cracking, Web Hacking, Bluetooth, VoIP Hacking, Social Engineering, Information Gathering, Fuzzing, Android Hacking, Networking and Shells.

• DEFT(Digital Evidence & Forensic Toolkit)

The latest version is DEFT 7 which is based on the new Linux Kernel 3 and the DART (Digital Advanced Response Toolkit). This distro is more orientated towards Computer Forensics and uses LXDE as desktop environment and WINE for executing Windows tools under Linux. The developers, (based in Italy) hope that their distro will be used by the Military, Police, Investigators, IT Auditors and professional penetration testers. DEFT is an abbreviation for “Digital Evidence & Forensic Toolkit”

• BlackArch Linux

BlackArch is an Arch Linux - based distribution for penetration tester and security researchers. On repository BlackArch contains 1285 tools, you can install invidually or in groups, BlackArch Linux is compatible with existing Arch install.

That 10 Pentest OS, maybe you can download and installing. This article only collect from source various, please use adapted to the problem is needed by you.

Thanks

How Configuration Virtual Local Area Network(V-LAN) - Trunking

V-LAN Trunking

Trunk or Trunking is a concept whereby the communication system can provide network access for clients that much to share one frequency, not of giving invidually.
from the definition above, if connected with computer network concept that can said as the concept of shared access across a network by using a network device. Its more simple, trunk concept restrict access among one network to other network.

On Cisco Devices, VTP (VLAN Trunking Protocol) maintains VLAN configuration consistency across the entire network. VTP uses Layer 2 trunk frames to manage the addition, deletion, and renaming of VLANs on a network-wide basis from a centralized switch in the VTP server mode. VTP is responsible for synchronizing VLAN information within a VTP domain and reduces the need to configure the same VLAN information on each switch.

However, in order that the concept of trunk to easier understand. Then I will provide a example for VTP(V-LAN Trunking Protocol) configuration with packet tracer below:

Above The Switch Configuration
switch-above#configure terminal
switch-above#vlan10
switch-above(config-vlan)#
switch-above(config-vlan)#vlan20
switch-above(config-vlan)#name costumer

switch-above(config)#int fa0/1
switch-above(config-if)#switchport access vlan10
switch-above(config)#int fa0/2
switch-above(config-if)#switchport access vlan10

switch-above(config)#int fa0/3
switch-above(config-if)#switchport access vlan20
switch-above(config)#int fa0/4
switch-above(config-if)#switchport access vlan20

switch-above(config)#int fa0/24
switch-above(config-if)#switchport mode trunk
switch-above(config)#vtp mode server
switch-above(config)#vtp domain tes456
switch-above(config)#vtp password secure

Under The Switch Configuration
switch-above(config)#vtp mode client
switch-above(config)#vtp domain tes456
switch-above(config)#vtp password secure

switch-above(config)#int fa0/24
switch-above(config-if)#switchport mode trunk

switch-above(config)#int fa0/1
switch-above(config-if)#switchport access vlan10
switch-above(config)#int fa0/2
switch-above(config-if)#switchport access vlan10

switch-above(config)#int fa0/3
switch-above(config-if)#switchport access vlan20
switch-above(config)#int fa0/4
switch-above(config-if)#switchport access vlan20

For Verification
#show vlan
#Show int trunk
#show int status

Finally, Microsoft make prime laptops

Panos Panay, Head of Microsoft Surface Devision

Jakarta - Microsoft presented a surprise. After all this time, the company always produces software software and set up Bill Gates has finally released its first laptop also, Surface Book.

Even though it is the first laptop, Surface Book is designed quite capable. Both in terms of design and performanya.Layarnya measuring 13.5 inches, has a trackpad made of glass and has a backlit keyboard.

The body itself is made of magnesium. Microsoft makes hinge different from the notebook on the market. They call it Dynamic Fulcrum Hinge.

But what makes this interesting Surface Book is that it allows us remove part of the screen. So we can use it as a tablet. Or it could be put back to the keyboard, but upside down. Reminiscent of the Lenovo Yoga, Panasonic etc.

Microsoft promises this laptop has a powerful performance. For that they embed the latest generation Intel Core processor, Nvidia GeForce GPU and GDDR 5 memory.

"Speed is twice compared to the MacBook Pro," claims Panos Panay, Head of Microsoft Surface devision in the event at Skylight at Moynihan Station, New York, United States.

Company based in Redmond, the United States helped complete the first laptop with a battery that can live up to 12 hours, USB 3.0, SD Card slot and Storage SSD 128Gb until 1 Tb.

Surface Book premiere will debut on the market on October 16, 2015 this. If interested in signing him, Microsoft membanderolnya a price of USD 1,499 or approximately USD 21 million.

MIFI: Sucessor Dongle, Rescuer Bag Tight

MiFi

Seoul - a few years ago, perhaps we still often see  how dependence on people on people with dongle. So when will put on the internet, just plug dongle to laptop and a few moments later you was able to online and happy browsing......!!!.

But it first. Dongle now seemed to disappeared  swallowed by age. Internet user become more and more of a grip (smartphone), and if must open the laptop tethering via mobile phones an option to many do. Plus now has many public areas are covered free Wi-Fi. Quoted from Detik romance operator with dongle was so anxious to bb felt again by Smartfren. It is just, This time the 'partner' is a Wi-Fi modem, not longer dongle.

"We hope history can repeat business MIFI dongle in 2011 - 2012 that could sell 2 milion units, "said arya mada prasaja, DATA & IOT devices section head smarfren when talking with a number of media in seoul, South Korea.

Rescuer tight bag

Roberto explained, barriers to widespread adoption of 4G in Indonesia one of which is the necessity to replace the device. Where this can not be done in a short time by everyone.

"We've done surveys, where people who want to move to 4G average are those who feel it is time to replace the phone. So we see of course trade in what we do, after more than 20 months in new they want to change (mobile ). Because of its life cycle as it is. Under the (less than 20 months) has not been willing to change, "he said.

Because the price considerations then Smartfren rack my brain how to bring 4G devices are cheap so it can be ramped up customers to sample 4G. Then from there came the idea to lift the MiFi 4G. The price of 4G phones now on the market the cheapest is in the lift Rp 899 thousand, of which it is felt still burdensome for medium users down.

"Therefore, for people who want to connect to the 4G but limited funds we use strategies MiFi. Indeed, judging market MiFi in Indonesia was not great, but we think this will help the adoption of 4G. As far as I know that the focus of work MiFi on the market only one ISP. These do not rely on MiFi, so this is an opportunity when we entered the MiFi, "said Roberto.

"The goal is to provide 4G devices at affordable prices, so MiFi which we launched it was affordable (most inexpensive Rp 399 thousand-ed). So we will go to get 4G devices under $ 500 thousand that may be difficult for a mobile phone, so we provide MiFi, "he continued.

Of data held Smartfren, picture early users 4G dominated by young people, with a lifespan of 15-35 years. They come from a class A, B, and C. so precisely that the upper classes that go in first.

"So if we see from the product portofoliio, our sales (smartfren-red.) The most high MiFi and Andromax R most expensive. And if we look at the CDMA market that the class is cheap. It is precisely this new phenomenon, as we see consumers expect performance and device capable. So there is a difference of people who entered 4G and CDMA customers, "added Roberto.

Configuration Virtual Local Area Network (V - LAN)

Following below This Configuration:

Configuration Switch

Configuration Switch
switch#configure terminal
switch#vlan10
switch(config-vlan)#
switch(config-vlan)#vlan20
switch(config-vlan)#name costumer
switch(config-vlan)#vlan 400
switch(config-vlan)#name engineer
switch(config-vlan)#vlan 402
switch(config-vlan)#name manager

switch(config)#int fa0/1
switch(config-if)#switchport access vlan10
switch(config)#int fa0/2
switch(config-if)#switchport access vlan10

switch(config)#int fa0/3
switch(config-if)#switchport access vlan20
switch(config)#int fa0/4
switch(config-if)#switchport access vlan20

Verification
#show vlan

description
Configuration v-lan over, form basically config v-lan. e.g name: vlan10,vlan20,vlan400,vlan402 can be replaced with own your taste.

you can see this video:


Next: Configuration V-LAN - Trunking

SWITCH AND ROUTER BASIC CONFIGURATION ON CISCO PART 2

continuation of SWITCH AND ROUTER BASIC CONFIGURATION ON CISCO PART 1

okay for configuration interface at ports on cisco router, follows below:

Configuration Interface
Router(config)#int e0
Router(config-if)#description #### Link to local network ####
Router(config-if)#ip address 10.10.10.1 255.255.255.0
Router(config-if)#no shutdown

Router(config)#int s0
Router(config-if)#description #### Link to Head Office ####
Router(config-if)#ip address 10.10.10.1 255.255.255.0
Router(config-if)#clock rate 56000
Router(config-if)#no shutdown

commands for copy tftp on IOS router(cisco):

Copy tftp
Router#copy run tftp
Router#copy flash tftp
save configuration

Router#copy run start ........................... copy running-config startup-config
Router#wr ........................ write

commands for remove configuration:

Remove configuration
Router(config)#enable password private
Router(config)#no enable password private
Router#write erase
Switch#delete flash:vlan.dat
Router#reload

info
Input command ip address just example
Clock rate can be changed e.g: 7200 etc
on password (private) can be changed

may be useful and congratulations to try ;)

Switch and Router Basic Configuration on Cisco Part 1

I think basically people just do cisco router configuration without understanding the basic configuration, and cause network connection error or destination host unreachable too much.
for this, i will give tutorial basic configuration cisco router and switch.
follows below configuration cisco router and swicth:

Exec Mode
Router >
Router >?
Router >enable
Router#?
Router#disable
Router > ena
Router(config)#?

This above command stand for executive command(EXEC). the command is for access user after each command input, EXEC will validate and run the command.

Next

Show Command
Router#show
Router#show version
Router#sh flash
Router#sh start ....................... show startup-config
Router#sh run ......................... show running-config
Router#sh int ......................... show interface
Router#sh controllers serial 0
Router#sh clock
Router#sh cdp neighbors
Router#sh cdp neighbors detail
Router#sh vlan
Router#sh int trunk

above command a few command for show on cisco router.

Change Hostname
Router#conf t
Router(config)#hostname CHICAGO
CHICAGO(config)#

Setting Password
Router#conf t
Router(config)#enable password gotcha
Router(config)#enable secret diy
Router(config)#service password-encryption

Remote Telnet Access
Router#conf t
Router(config)#line vty 0 4
Router(config-line)#password cisco
Router(config-line)#login
Banner MOTD (Message Of The Day)
Router(config)#banner motd z
Enter the text followed by the 'z' to finish

the above configuration is still much unfinished, because i have been sleepy tomorrow i will continue to part 2.