WAFW00F - Web Application Firewall Detector

The first step is to gather information about the target, knowing the firewall used by the domain would help a lot. It is very easy for an individual to detect the type of Firewall running on any domain using Fingerprinting. This makes it harder for companies as, if the firewall is detectable, it would be easier for a hacker to find and exploit the vulnerability.

There is an in-built tool in Kali Linux that can be used to do this, the so-called WAFW00F. It is a fingerprinting tool that identifies WEB APPLICATION FIREWALL used by the companies. An individual only needs to type wafw00f  into the terminal along with the domain name. 


For Example: wafw00f <domain_name>


Wafw00f basic example

To know more about the tool, you can use the man page. This can be accessed by typing man wafw00f in a terminal. Another way is to use the help flag by typing wafw00f -h.


List of options available

The help command shows the list of flags that are generally used like -v (verbose), -a (findall), -r (no redirect), -l (list), etc. Examples of the flags along with the commands are shown below:


  • -a: command can be used when you want to check the domain against all WAFs which are available in the database, i.e, do not stop testing on the first match. Sometimes it may happen that the behavior of the domain's WAF is the same as multiple WAFs. In this case, stoping the checks after the first match is not a good idea. 

Results with -a flag
  • -V (capital V) can be used to get the version of the wafw00f you are using. If it is not the latest version available, UPDATE IT!
The version of the tool
  • -l: this flag lists out all the Web Application Firewall Fingerprint present in the database of wafw00f
List of Firewalls
P.S.: This is not all the WAF Fingerprints available. The above picture is just to show you a demo.

We hope this helps. If any suggestions or doubts you can add a comment and we will reply as soon as possible.

The first step is to gather information about the target, knowing the firewall used by the domain would help a lot. It is very eas...

List of Common Hex Headers


To identify the file format or signatures, one typically only needs to look for the first few bytes of the file in question. This is what’s often called magic bytes, which help in identifying the type of file. It can be helpful to look for file format signatures.

Image File

File Type Extension HEX Digit ASCII Digit
Bitnamp .bmp 42 4D BM
FITS .fits 53 49 4D 50 4C 45 SIMPLE
GIF .gif 47 49 46 38 GIF8
Graphics Kernel System .gks 47 4B 53 4D GKSM
IRIS RGB .rgb 01 DA Not Applicable
ITC (CMU WM) .itc F1 00 40 BB Not Applicable
JPEG File Interchange .jpg FF D8 FF E0 Not Applicable
NIFF (Navy TIFF) .nif 49 49 4E 31 IIN1
PM .pm 56 49 45 57 VIEW
PNG .png 89 50 4E 47 .PNG
Postscript .[e]ps 25 21 %!
Sun Raster file .ras 59 A6 6A 95 Y.j.
TIFF format (big endian) .tif 4D 4D 00 2A MM.*
TIFF format ( little endian) .tif 49 49 2A 00 II.*
XCF Gimp file structure .xcf 67 69 6D 70 20 78 63 66 20 76 gimp xcf
XFIG .fig 23 46 49 47 #FIG
XPM format .xpm 2F 2A 20 58 50 4D 20 2A 2F /* XPM */


Compressed File

File Type Extension HEX Digit ASCII Digit
BZIP .bz 42 5A BZ
Compress .Z 1F 9D Not Applicable
GZIP .gz 1F 8B Not Applicable
PKZIP .zip 50 4B 03 04 PK..
RAR .rar 52 61 72 21 1A 07 01 00 Rar!...

Archive Files

File Type Extension HEX Digit ASCII Digit
TAR (pre-POSIX) .tar - (Filename)
TAR (POSIX) .tar 75 73 74 61 72 ustar (offset by 257 bytes)


Executable Files

File Type Extension HEX Digit ASCII Digit
MS-DOS, OS/2 or MS Windows - 4d 5a MZ
UNIX ELF - 7F 45 4C 46 .ELF


Miscellaneous Files

File Type Extension HEX Digit ASCII Digit
PGP Public Ring - 99 00 -
PGP Security Ring - 95 00 -
PGP Security Ring - 95 01 -
PGP Encrypted Data - A6 00 -


You might also interest in,
  • Magic Bytes and Important File Formats - Click Here!
  • How magic bytes can be used to go undetected - Click Here!

We hope this helps. If any suggestions or doubts you can add a comment and we will reply as soon as possible.

To identify the file format or signatures, one typically only needs to look for the first few bytes of the file in question. Thi...

Protect Metadata


Metadata is a very useful type of data that gives specific information like OS version, Application used, etc. So, metadata is a goldmine for cybercriminals as it can help tailor attacks for individuals and helps in targeted phishing.

There are many ways that you can protect your metadata from getting stolen.

  • VPN Service: These services not only cloak your presence online but offer industry-leading procedures to protect your metadata from getting stolen. They are available for your computer, tablet, and smartphones. Many of them offer family plans and low-cost subscription rates.
  • Adblock: Block those annoying ads that not only interrupt your browsing experience but track your online activity like a creepy stalker. Both Firefox and Chrome offer ad-block extensions.
  • Disable JavaScript:  This not only blocks ads but those annoying modal windows that beg you to share their site on your social media pages. It also turns off scripts that can leave you vulnerable to hackers and malware.
  • Password Policy: Generate strong and unique passwords for every website you frequently shop or visit. There are plenty of apps available for your computer and devices that will help you generate and manage your passwords.
  • Digital signatures: A digital signature is a way of indicating that a document is authentic, has been signed by a particular person, and has not been modified since the signature was applied. Digital signatures help certify the authenticity of documents. Note that this only applies to changes to the image pages or electronic files.  Changes to metadata or annotations will not be counted as changes for digital signature purposes.
  • Version Control: Once version control is enabled, changes to a document will be retained in the version history. From the Versions tab in the metadata pane, you can easily see all of the changes that have been made to the document over the course of its history. This includes changes to the document’s text, metadata, image pages, and electronic document. If invalid changes are made, it is very easy to revert to an older version of the document.

We hope this helps. If any suggestions or doubts you can add a comment and we will reply as soon as possible.

Metadata is a very useful type of data that gives specific information like OS version, Application used, etc. So, metadata is a ...

Importance of Metadata to Hackers


Metadata is a very useful type of data that gives specific information like OS version, Application used, etc. So, metadata is a goldmine for cybercriminals as it can help tailor attacks for individuals and helps in targeted phishing.

Let us go into a little detail, when planning any attack the hackers need to map out the attack surface and narrowing out the effective targets or individuals so as to improve the efficiency of the attack, this is known as Reconnaissance. Recon is one of the most important steps for any attack to succeed. So how is metadata vital in this process?  


As you know that phishing attacks are the number one vector to compromise a company. This can be done by a rather harmless-looking email that has a DOCX file as an attachment with an embedded VBA macro that drops a custom PowerShell RAT. For this kind of attack to succeed and not to raise suspicion requires detailed planning. Information that is very essential for these attacks is:

  • What software is the target using? If he/she uses LibreOffice rather than Microsoft Word, sending a VBA macro wouldn't work in that case.
  • What is the operating system of the target? Exploit leveraging a vulnerability in how Windows parses TTF fonts wouldn't work on Mac OS.
  • What's the target's username & e-mail address? This helps with getting a foothold in the post-exploitation phase while staying under the radar.
  • What is the file share; where most of the company documents are stored? An attacker can plan a lateral movement once the target is compromised or just blow it off with a targeted ransomware attack.
  • Which contractors are working for the target's company? It's known that advanced attackers sometimes choose contractors because of less strict security measurements.


The files that you publish without stripping off the sensitive metadata can reveal the above information leading to a personalized and sure-fire attack. This is just one of the ways the metadata can be exploited.

Hackers / Cybercriminals collect a large amount of data for carrying out various nefarious activities like:

  • Extort a business
  • Blackmail a business or individual
  • Apply for fraudulent loans and credit cards under a person’s or business’s name
  • Illegal money transferring
  • Gain unauthorized access to personal online accounts, such as Amazon or Facebook
  • For malicious enjoyment
  • Revenge against a person or a business


You might also interested in,


We hope this helps. If any suggestions or doubts you can add a comment and we will reply as soon as possible.

Metadata is a very useful type of data that gives specific information like OS version, Application used, etc. So, metadata is a ...

Metadata - Explained


Metadata means information about data. Metadata summarizes the basic information about the data, which makes working with data easier. The creation of metadata can be manual (to be precise) or automatic (to contain basic information).

A typical metadata example may consist of the following details which are usually not included in the data source:

  • Title and description,
  • Tags and categories,
  • Who created and when,
  • Who last modified and when,
  • Who can access or update?


For example, every time you take a photo with your mobile phone; it stores extra information about the file so as to efficiently store the image. The extra information may be the camera setting, geolocation, encoding style, or personal details like the name as shown in the image below.


USE OF METADATA

Metadata has various uses, resource discovery is one of the common ones. Here, it can be compared to effective cataloging, which includes identifying resources, defining them by criteria, characterizing resources based upon their similarities and dissimilarities. It is also an effective means to organize electronic resources, this is an important use as web-based resources are growing rapidly.


Another use of metadata is interoperability and integration of resources. Using metadata to describe resources is well understood by humans as well as by machines, thus allowing effective levels of interoperability.


Metadata also can facilitate digital identification by using standard numbers that uniquely define the resource specified in the metadata.


Metadata helps optimize various systems and resources as described below:

  • It can extend data longevity. The life-span of a typical data set can be very short, often because missing or unavailable relevant metadata renders it useless. When comprehensive metadata is developed and maintained, it counters typical data entropy and degradation.
  • It also facilitates data reuse and sharing. Metadata is key to ensuring that data that is highly detailed or complicated is more easily interpreted, analyzed, and processed by the data’s originator and others.
  • Metadata is essential for maintaining historical records of long-term data sets, making up for inconsistencies that can occur in documenting data, personnel, and methods. Comprehensive metadata can also enable data sets designed for a single purpose to be reused for other purposes and over the longer term.

METADATA MANAGEMENT

Metadata management is the administration of data that describes other data. It involves establishing policies and processes that ensure information can be integrated, accessed, shared, linked, analyzed, and maintained to best effect across the organization.


The goal of metadata management is to make it easier for a person or program to locate a specific data asset. This requires designing a metadata repository, populating the repository and making it easy to use information in the repository.


Benefits of metadata management include:

  • Consistency of definitions of metadata so that terminology variations don't cause data retrieval problems.
  • Less redundancy of effort and greater consistency across multiple instances of data because data can be reused appropriately.
  • Maintenance of information across the organization that is not dependent on a particular employee's knowledge.
  • Greater efficiency, leading to faster product and project delivery.

Metadata management goes by the end-to-end process and governance framework for creating, controlling, enhancing, attributing, defining, and managing a metadata schema, model, or another structured aggregation system, either independently or within a repository and the associated supporting processes (often to enable the management of content). For web-based systems, URLs, images, video, etc. may be referenced from a triples table of an object, attribute, and value.


You might also interested in,

We hope this helps. If any suggestions or doubts you can add a comment and we will reply as soon as possible.

Metadata means information about data. Metadata summarizes the basic information about the data, which makes working with data ea...

Identifying and Remove Metadata


Metadata is a very useful type of data that gives specific information like OS version, Application used, etc. So, metadata is a goldmine for cybercriminals as it can help tailor attacks for individuals and helps in targeted phishing.

ON WINDOWS

  • Right-Click on the file and go to Properties.
  • Go to the Details tab from the top.
  • You will see all the data that someone can get from that file. To remove metadata click on Remove Properties and Personal Information from the bottom. 
  • Click OK and you will have a copy with all the metadata removed.
  • Another option is to use Document Inspector, a built-in tool for Microsoft applications, which will identify metadata and give you the option of selectively removing some or all of it.


ON MAC

If you’re on a Mac system, don’t worry, you’ll be able to remove photo metadata too. Unfortunately, you’ll need to use a third-party app. You can view the metadata though, by doing the following:
ImageOptim is a tool generally used for reducing image file sizes. But the app does more than compress images. It also offers a feature to remove private EXIF metadata from photos while compressing them at the same time

  • After you download and unzip the ImageOptim, open it up to get started.
  • Click ImageOptim > Preferences from the menu bar or you can select the small settings icon on the right bottom corner.
  • Select the General tab and then check the boxes under Metadata and Color Profiles. These settings will remove metadata and other details from PNG and JPEG image file formats.
  • Close the Preferences.
  • Drag a photo from its location on your Mac to the app window. You’ll see a checkmark in green next to the photo when all processes finish, which should take less than a minute depending on the compression options you use.
NOTE - This will replace the original image with the compressed and no metadata. 
  • You can open the image in Preview to confirm that the metadata has been removed. 
  • To do that Go to Show Inspector Option (command + I).
  • You should not see EXIF or other tabs in the inspector.

You might also interested in,

We hope this helps. If any suggestions or doubts you can add a comment and we will reply as soon as possible.

Metadata is a very useful type of data that gives specific information like OS version, Application used, etc. So, metadata is a ...

Extraction of Metadata


Metadata is a very useful type of data that gives specific information like OS version, Application used, etc. So, metadata is a goldmine for cybercriminals as it can help tailor attacks for individuals and helps in targeted phishing.

Metadata can be extracted quite easily using various tools available in both online and offline formats.

  • ExifTool: It is a command-line tool that can be used for reading, writing, and editing meta information in a wide variety of files, the basic usage is for eg. exiftool path/to/file. 
  • jEXIFToolGUI: It is a user interface version of the above ExifTool and can be accessed easily by navigating through the software.
  • Exifinfo.org: This is an online application that helps to extract the metadata from the specified files. It just requires dragging and dropping the concerned files and viewing their metadata.
  • Metadata2Go: Another online platform for viewing the EXIF info of files.
  • Metadata Extraction Tool: This helps automatically extract metadata and output data in XML format. Download and extract the ZIP file. To run, double-click metadata.bat.
You might also interested in,

We hope this helps. If any suggestions or doubts you can add a comment and we will reply as soon as possible.

Metadata is a very useful type of data that gives specific information like OS version, Application used, etc. So, metadata is a ...

Cybersecurity - The Technical Skills


According to Wikipedia, cybersecurity or information technology security is the protection of computer systems and networks from the theft of or damage to their hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide.

To be a cybersecurity professional, one has to be an expert in a lot of different fields. We generally misinterpret or confused about the technical skills required for the job. Here are eight technical skills one has to know.

Intrusion Detection

Reactive security - identify and mitigate malicious activity. Maybe network-based or host-based. Example: Snort, OSSEC, Suricata, Bro, and etc.

Reverse Engineering

 Needed for malware analysis and vulnerability research. Example: IDA Pro (Disassembler), WinHex (Hexeditor), OllyDbg (Debugger).

Programming

Useful for scripting, tools development, security research, and reverse engineering. Example: Python, C/C++, Java, Assembly. 

Virtualization

Common across IT organizations - for research, lab development, and reverse engineering. Example: VMware, VirtualBox.

Cryptography

Understand and develop algorithms, ciphers, and security systems. Example: Encryption, digital signatures, hash functions, etc.

Networking

Understand networking protocols, packet sniffing, firewalls, routers, etc. Example: TCP/IP, ICMP, Wireshark.

Operating Systems

System architecture, application execution, logging details, configurations, and settings.

Data Modeling

Useful for threat modeling incident investigation. Example: Maltego and Synapse.
Note: This information is from an informal survey of big tech companies done by IBM.
We hope this helps. If any suggestions or doubts you can add a comment and we will reply as soon as possible.

According to Wikipedia, cybersecurity or information technology security is the protection of computer systems and networks from ...

Linux Run Levels - Explained

A run level is one of the modes that the Unix-based operating system will run on. It is a state of init with respect to what services are available.

When a Linux system boots, it launches the init process. Init is responsible for launching the other process on the system. For example, when you start a Linux computer, the kernel starts to init and the init executes the startup scripts that will start your hardware.


However, there is not only one startup script init executes. There are multiple run levels with their own startup scripts. For example, one run-level may bring up networking and launch GUI desktop; while another run-level leaves networking disabled and keep the GUI desktop. 


This means you can drop from GUI Desktop mode to text console mode with a single command. 


Run Level Name Description
0 Halt Shutdown the system along with all services
1 Single-User Mode Used for system maintenance like booting in recovery. Does not configure network interfaces, start daemons, or allow non-root logins.
2 Multi-User Mode (No Network Support) Used for maintenance and software testing. Do not configure network interfaces or start daemons.
3 Multi-User Mode (Network Support) Starts the system normally i.e., non-graphical text mode operations for server systems.
4 Undefined Not defined/user-defined, used by SysAdmin.
5 Graphical Mode (X11) Graphical management with the same usability as Run Level 3.
6 Reboot Reboots the system


The applications that are started by init are located in the /etc/rc.d folder. There is a separate folder for each run level, i.e., rc0.d, rc1.d, and so on under this directory.

To initiate a run-level, in terminal type, init <run_level_number>. For example, to reboot the command will be init 6. 


We hope this helps. If any suggestions or doubts you can add a comment and we will reply as soon as possible.

A run level is one of the modes that the Unix-based operating system will run on. It is a state of init with respect to what servi...