Penetration testing Linux distribution ArchAssault

ArchAssault is an Arch Linux based penetration testing distribution for security professionals and hackers. The distribution is a DVD size .iso available for 32 and 62 bit as well as the ARM architecture, a set of instructions for mobile devices.

This distribution comes with many development tools like Emacs, Cmake and Netbeans, basic graphic and text editing software, like Abiword and Videolan, with a strong diversity of hacking tools like WireShark, OphCrack, port scanner Zenmap and the usual hacking software used to fingerprint and attack a server or computer. If you want to secure hijacked data packets during your penetration testing Truecrypt is included to create encrypted conatiners, and for anonymous Internet browsing you can find Tor and Vidalia, a graphical user interface to manage Tor.

Penetration testing distribution ArchAssault

Penetration testing distribution ArchAssault

ArchAssault is using the lightweight OpenBox window manager, a minimalist front end with no Start button, tools can only be accessed right clicking on the desktop, this will not alter usability but it could be awkward at the beggining if you are not habituated to run your operating system this way. You can install any Arch Linux package in ArchAssault, if you don´t like OpenBox, it can be replaced with KDE.

One of ArchAssault’s developers hails from a similar distribution called BlackArch and you will find many concurrences in between them, the only differences appear to be minor tool variations.

ArchAssault can also be used for computer forensics acquisition, incorporating fatback to recover data from FAT file systems and stegdetect to uncover hidden steganographic messages inside images. ArchAssault developers keep adding bleeding edge hacking tools and they have recently introduced a heartbleed honeypot script to log attempts to exploit the recently found Heartbleed bug in OpenSSL.

Visit ArchAssault homepage

Send large files securely with Binfer

Binfer is a program to share large files without having to upload and download them like in FTP or a cloud online storage space. Binfer uses P2P technology, it only requires you to drag and drop the desired file on Binfer’s window and you will not have to encrypt or password protect the data, everything is automatically encrypted with AES128-bit, encryption keys are changed for each file transfer and there is no central server that could be compromised.

The software is written in Java, it works in any operating system, Windows, Mac or Linux, with an Android and Internet browser app to share files with others on your mobile device without having to install anything. But you will speed up the process if you have Binfer in your computer.

Sharing big files with Binfer

Sharing big files with Binfer

When you first install Binfer you will be prompted to create an account using a valid email address, if the welcome email they send you bounces, your account will be automatically deleted.

The interface various tabs look like the P2P program utorrent. In them you can monitor in and out file transfers, reports, see contacts and access a built in email client attaching files of any size to send to your friends for them to download clicking on the received link, but they will need to be using the same program to download it.

Binfer is a good solution for those who often share big files, very similar to WireOver but with more functions.The only thing is that the free mode has a file size limit, you should look into Bittorrent Sync before parting with your money for Binfer.

Visit Binfer homepage

Freeware text encryption program BCTextEncoder

BCTextEncoder from Jetico is a free small portable application to encode and decode text, password protecting it with AES256-bit symmetric encryption or public encryption keys that can be either imported from a file or generated for you with the included BestCrypt Key Manager from where you can manage key pairs with the standard PKCS-12/X.509 format.

Encrypted text can be easily copied to the clipboard or saved as .txt file, the toolbar also has an envelope logo to directly send encrypted text by email opening your email client, but during my test this function did not work for me and clicking on “Send encoded text by email now” would pop up an error window. I could not fix this problem but you can still copy and paste the text anywhere you like, from Usenet clients to webmail. The only detail is that encrypted text will be appended with the line “Version: BCTextEncoder Utility“, giving away the software and version that you have used to scramble the text but it is not a security risk if the encryption is sound.

Text encryption program BCTextEncoder

Text encryption program BCTextEncoder

The program comes with a help file and it is very well documented at user and technical level, with a diagram explaining the encryption process. First the text is compressed with zlib, a software library for data compression, then you decide whether to use symmetric AES256 or asymmetric RSA for encryption, a third step converts the text to readable Base64, an encoding scheme to represent binary data as text, and after that you are ready to securely send the ciphered message wherever you like. Just note that BCTextEncoder only works for text, if you would like to cipher files, like images or videos, you will need a different program.

It is impressive that such a tiny program packs so many powerful features and although it is closed source, Jetico is a Finnish company that has been around for many years developing security products, which gives more peace of mind than a one man hobby program.

As usual the only challenge will be to convince the receiver to download BCTextEncoder to be able to decrypt the messages you send, this can be done with your best friend but when you have a group of people with a different operating system you are not very close to, it gets harder to agree on an encryption standard. BCTextEncoder only works in Windows.

Visit BCTextEncoder homepage

ETHICmail, the legal resistant email service

ETHICmail is a secure email service that aims at stopping massive and illegal surveillance orders. ETHICmail secures your connection to their servers with SSL Perfect Forward Secrecy, 4096-bit digital certificates and their proprietary SecureStorage AES 192-bit encryption engine for data storage.

One unique ETHICmail feature not found elsewhere is emergency remote full data wipe of your email messages by sending a mobile phone SMS code to your account. ETHICmail also has a specialist legal team that reviews and challenges unfounded surveillance orders, Gmail claims to have that too so I would not call the last feature unique but ETHICmail notifies the individual when they receive a warrant against him whenever it is possible.

ETHICmail legal resistant email

ETHICmail legal resistant email

ETHICmail email login interface has a banner on top listing a help phone number in Switzerland and displaying how many surveillance warrants have been served to them up to date, divided by interception and data seizure warrants.

Their email interface is clearly a customized cPanel UI, offering you Horde, RoundCube, SquirrelMail and ETHICmail logins, each one with a different layout, if you have used cPanel before you feel comfortable using it. If you wish, you can use your own domain name, it is easy to add, ETHICmail customer panel is based on WHM, a standard administrative web host manager deployed by most hosting companies.

Your emails are kept encrypted with ETHICmail SecureStorage but you have to encrypt messages before sending them out, this is not done by ETHICmail for you like Hushmail or Countermail do, you need to be familiar with PGP encryption and manage the whole process.

ETHICmail headquarters are in the Seychelles, a very privacy friendly jurisdiction, but I found out that part of their staff is is based in Gibaltrar, a territory ruled by British law. Being Britain NSA best buddy and a country where mass surveillance is routinely carried out with full government support, I wasn’t exactly thrilled. I am not sure how it affects legal subpoenas having the distribution centre offices in the United Kingdom.

A disturbing problem with ETHICmail is that the company claims that they only accept 10 type of surveillance orders, ranging from terrorism to copyright infringement. The accepted interception orders cover every single kind of crime, from the most severe to the most minor.

ETHICmail SecureStorage IP restriction

ETHICmail SecureStorage IP restriction

I don’t believe that any email service should help break the law, but when you start accepting surveillance orders for crimes that do not even carry a prison sentence, what is the point of paying extra for a self-proclaimed “legally resistant email service“. Not surprisingly law enforcement has been know to lie, there is no way ETHICmail can know if the copyright infringement really occurred or if it is something made up by a spy agency to get hold of the data.

Positive ETHICmail points are that emails are stored encrypted with your own private key to which the company has no access and they claim to be unable to recover encrypted data, you can wipe your account remotely with an SMS message and there is computer IP control restriction to whitelist account access.

Negative ETHICmail points are having part of their business in British soil, not providing automatic OpenPGP encryption when you send email like some of their competitors do and very expensive prices. ETHICmail legal assistance addon worth thousands of dollars is only affordable to big corporations.

If you are an individual, you can find better price and features in Countermail, Hushmail or AnonymousSpeech. If you are corporation with a huge budget maybe you want to consider ETHICmail but not managing OpenPGP keys would bother me because the average employee does not have a clue about PGP and without it you are open to illegal in transit email wiretapping, another big blunder is that I could not see the interface being mobile device friendly

Visit ETHICmail homepage

Intrusion Detection Linux distribution Security Onion

Security Onion is a Ubuntu based Intrusion Detection and Network Security Linux distribution for professionals. It can run as a live DVD or installed in your hard drive with just a few clicks. The distribution comes with well known offensive and defensive digital tools that are not very beginner friendly, you need to have a computer security background to understand what the tools do.

Fortunately Security Onion developers have uploaded a series of YouTube tutorials explaining how to search DNS traffic, how to use Sguil, Squert, Snorby and tcpreplay, there is also a well documented Wiki, a mailing list and Freenode IRC channel where you can post questions. If you wish to learn about digital forensics and hacking this will be a good place to start.

Intrusion Detection Linux distribution Security Oniion

Intrusion Detection Linux distribution Security Onion

Security Onion default window manager is XFCE, a minimalist lightweight desktop environment. You will find a basic Xubuntu software base, like the Synaptic package manager, text editor Abiword, graphic editor the Gimp and a couple of Solitaire games with a considerable bundle of network inspection software, the expected WireShark packet sniffer, Suricata, Xplico and Network Miner for network forensic analysis, Snorby, ELSA, Snort and a long etc of tools that security professionals will quickly recognise.

There is no root password in Security Onion, a default Ubuntu based distribution setting. Your account already has sudo permissions and you can add a new user with sudo adduser

This is an actively supported distribution, one of the developers is a SANS Institute GSE Community Instructor and other seasoned security professionals are also involved, a two training class about Security Onion has already taken place, with enough demand there is no reason why this should not happen more often.

Security Onion is a proper alternative to BackTrack that has all the tools a pen tester and digital forensics professional needs to detect network intrusion and test network defences before and attack happens. Security Onion is well documented with community based online support.

Definitely a distribution to look at if you work in the IDS field or if you would like to learn more about real computer security that actually needs some skill and it is not a point and click script kiddie cyberweapon.

Visit Security Onion homepage

Secure chat communications suite GoldBug

GoldBug is an open source secure Instant Messenger with cascade encryption, a way to secure your messages using multiple ciphers, also known as multiencryption. The program main features are encrypted groupchat, sending of encryption keys encrypting them, end to end encryption, public IRC channels with encryption, integrated BitMail, chat over Tor, forward secrecy, sending of random fake messages to confuse eavesdroppers, authenticated chat and many others.

This program constitutes a full suite of chat utilities using encryption with the advantage that you will be able to interact with your friends in multiple different ways without having to install new software, and the disadvantage being that so many buttons and technical terms can be confusing.

Encrypted Instant Messenger GoldBug

Encrypted Instant Messenger GoldBug

Documentation is clear and comprehensive, you can read every single feature detail in GodlBug website or download a .pdf help manual. GoldBug interface is fairly workable, with tabs quickly switching in between features, one click takes you to the IRC chat window and another click to the StarBeam filesharing and another click to the Instant Messenger chat.

After installation you will be asked to create a username and password with a minimum of 16 characters before generating the public encryption keys. GoldBug uses end to tend encryption with multiple layers implementing trusted open source cryptology like GnuPG and OpenSSL, you can set your own encryption components with RSA, EL Gamal and DSA, customizing key size, cipher, hash and iteration. Tailored integrals that should not significantly increase your security level, but nice to have anyway, the more security variables, the more an attacker will need to fingerprint you before launching an attack on the scheme you are using.

This program looks and security resembles my previously reviewed FireFloo Communicator, both programs appear to share part of the code but GoldBug has many more elements like the IRC chat, Tor and file sharing, and it is fully documented, I liked it much more because of this.

I liked that the messenger is open source and it adopts known encryption algorithms and technologies. I would feel reasonably safe behind this program, favouring it over others because third party data retention is not possible in GoldBug as there is no central server and all of the different ways it has to securely communicate with each other peer to peer, it comes out as a well thought messenger.

I wish other developers would stress user documentation as much as GoldBug has done, this is a first class secure communications program.

Visit GoldBug IM homepage

Bypass ISP Internet censorship with ShadowSocks

ShadowSocks is a cross platform socks 5 proxy available for Windows, Mac, Linux, Android and iPhone, the proxy can pierce corporate or ISP firewalls and access censored sites. If you find yourself in a situation where OpenVPN traffic is blocked or throttled, ShadowSocks is a good alternative to a VPN and it can be installed in OpenWRT routers to tunnel the entire network traffic.

The software tunnels and encrypts your Internet browsing, if you want to use an Instant Messenger or BitTorrent, you will have to configure those programs settings to use the applicable Socks 5 proxy and port.

Socks 5 proxy ShadowSocks

Socks 5 proxy ShadowSocks

The program comes with a graphical interface from where to select a server IP, if you have your own server, or choose one of the available ShadowSocks public server IPs, port, password if needed, socks 5 proxy, encryption method and time out for requests.  It would be moderately difficult for somebody who is not familiar with proxies to use ShadowSocks, the online help manual is clear but it contains technical terminology.

ShadowSocks Android version has a configuration option to bypass tunnelling for all sites located in China so that the proxy is only used for foreign sites which are the ones blocked by the Great Firewall of China. Unfortunately you need a rooted device to use ShadowSocks in Android and it only works with Wi-fi, the developers aim to add G4/LTE support in the future.

ShadowSocks asynchronous I/O technology makes browsing the Internet faster than OpenVPN but that in the end speed will depend on the server load and ping even if the protocol is light on resources. The greatest benefit of using ShadowSocks is that it is easy to set up your own ShadowSocks server on a cheap VPS, I personally would prefer surfing the Internet with OpenVPN or an SSH tunnel unless OpenVPN did not work and SSH ports were blocked.

Notice that this program has been designed as an anticensorship tool and not to make you anonymous on the Internet.

Visit ShadowSocks homepage