Monday, 7 May 2018

What is ICANN i.e Internet Corporation Assigned Name and Numbers.

To reach another person on the Internet you have to type an address into your computer - a name or a number. That address has to be unique so computers know where to find each other. ICANN coordinates these unique identifiers across the world. Without that coordination we wouldn't have one global Internet.
ICANN was formed in 1998. It is a not-for-profit partnership of people from all over the world dedicated to keeping the Internet secure, stable and interoperable. It promotes competition and develops policy on the Internet’s unique identifiers.
ICANN doesn’t control content on the Internet. It cannot stop spam and it doesn’t deal with access to the Internet. But through its coordination role of the Internet’s naming system, it does have an important impact on the expansion and evolution of the Internet.
What is the domain name system?
The domain name system, or DNS, is a system designed to make the Internet accessible to human beings. The main way computers that make up the Internet find one another is through a series of numbers, with each number (called an “IP address”) correlating to a different device. However it is difficult for the human mind to remember long lists of numbers so the DNS uses letters rather than numbers, and then links a precise series of letters with a precise series of numbers.
The end result is that ICANN’s website can be found at “icann.org” rather than “192.0.32.7” – which is how computers on the network know it. One advantage to this system – apart from making the network much easier to use for people – is that a particular domain name does not have to be tied to one particular computer because the link between a particular domain and a particular IPaddress can be changed quickly and easily. This change will then be recognised by the entire Internet within 48 hours thanks to the constantly updating DNS infrastructure. The result is an extremely flexible system.
A domain name itself comprises two elements: before and after “the dot”. The part to the right of the dot, such as “com”, “net”, “org” and so on, is known as a “top-level domain” or TLD. One company in each case (called a registry), is in charge of all domains ending with that particular TLD and has access to a full list of domains directly under that name, as well as the IP addresses with which those names are associated. The part before the dot is the domain name that you register and which is then used to provide online systems such as websites, email and so on. These domains are sold by a large number of “registrars”, free to charge whatever they wish, although in each case they pay a set per-domain fee to the particular registry under whose name the domain is being registered.
ICANN draws up contracts with each registry*. It also runs an accreditation system for registrars. It is these contracts that provide a consistent and stable environment for the domain name system, and hence the Internet.
In summary then, the DNS provides an addressing system for the Internet so people can find particular websites. It is also the basis for email and many other online uses.
What does ICANN have to do with IPaddresses?
ICANN plays a similar administrative role with the IP addresses used by computers as it does with the domain names used by humans. In the same way that you cannot have two domain names the same (otherwise you never know where you would end up), for the same reason it is also not possible for there to be two IP addresses the same.
Again, ICANN does not run the system, but it does help co-ordinate how IP addresses are supplied to avoid repetition or clashes. ICANNis also the central repository for IP addresses, from which ranges are supplied to regional registries who in turn distribute them to network providers.
What about root servers?
Root servers are a different case again. There are 13 root servers – or, more accurately, there are 13 IP addresses on the Internet where root servers can be found (the servers that have one of the 13 IP addresses can be in dozens of different physical locations). These servers all store a copy of the same file which acts as the main index to the Internet’s address books. It lists an address for each top-level domain (.com, .de, etc) where that registry’s own address book can be found.
In reality, the root servers are consulted fairly infrequently (considering the size of the Internet) because once computers on the network know the address of a particular top-level domain they retain it, checking back only occasionally to make sure the address hasn’t changed. Nonetheless, the root servers remain vital for the Internet’s smooth functioning.
The operators of the root servers remain largely autonomous, but at the same time work with one another and with ICANN to make sure the system stays up-to-date with the Internet’s advances and changes.
What is ICANN’s role?
As mentioned earlier, ICANN’s role is to oversee the huge and complex interconnected network of unique identifiers that allow computers on the Internet to find one another.
This is commonly termed “universal resolvability” and means that wherever you are on the network – and hence the world – that you receive the same predictable results when you access the network. Without this, you could end up with an Internet that worked entirely differently depending on your location on the globe.
How is ICANN structured?
ICANN is made up of a number of different groups, each of which represent a different interest on the Internet and all of which contribute to any final decisions that ICANN’s makes.
There are three “supporting organisations” that represent:
  • The organisations that deal with IPaddresses
  • The organisations that deal with domain names
  • The managers of country code top-level domains (a special exception as explained at the bottom).
Then there are four “advisory committees” that provide ICANN with advice and recommendations. These represent:
  • Governments and international treaty organisations
  • Root server operators
  • Those concerned with the Internet’s security
  • The “at large” community, meaning average Internet users.
And finally, there is a Technical Liaison Group, which works with the organisations that devise the basic protocols for Internet technologies.
ICANN’s final decisions are made by a Board of Directors. The Board is made up of 21 members: 15 of which have voting rights and six are non-voting liaisons. The majority of the voting members (eight of them) are chosen by an independent Nominating Committee and the remainder are nominated members from supporting organisations.
ICANN then has a President and CEO who is also a Board member and who directs the work of ICANN staff, who are based across the globe and help co-ordinate, manage and finally implement all the different discussions and decisions made by the supporting organisations and advisory committees. An ICANN Ombudsman acts as an independent reviewer of the work of the ICANN staff and Board.
How does ICANN make decisions?
When it comes to making technical changes to the Internet, here is a simplified rundown of the process:
Any issue of concern or suggested changes to the existing network is typically raised within one of the supporting organisations (often following a report by one of the advisory committees), where it is discussed and a report produced which is then put out for public review. If the suggested changes impact on any other group within ICANN’s system, that group also reviews the suggested changes and makes its views known. The result is then put out for public review a second time.
At the end of that process, the ICANN Board is provided with a report outlining all the previous discussions and with a list of recommendations. The Board then discusses the matter and either approves the changes, approves some and rejects others, rejects all of them, or sends the issue back down to one of the supporting organisations to review, often with an explanation as to what the problems are that need to be resolved before it can be approved.
The process is then rerun until all the different parts of ICANN can agree a compromise or the Board of Directors make a decision on a report it is presented with.
How is ICANN held accountable?
ICANN has external as well as internal accountabilities.
Externally, ICANN is an organisation incorporated under the law of the State of California in the United States. That means ICANN must abide by the laws of the United States and can be called to account by the judicial system i.e. ICANN can be taken to court.
ICANN is also a non-profit public benefit corporation and its directors are legally responsible for upholding their duties under corporation law.
Internally, ICANN is accountable to the community through:
  • Its bylaws
  • The representative composition of the ICANN Board from across the globe
  • An independent Nominating Committee that selects a majority of the voting Board members
  • Senior staff who must be elected annually by the Board
  • Three different dispute resolution procedures (Board reconsideration committee; Independent Review Panel; Ombudsman)
So thats it. Hope you guys like it. If yes then please .. comment down below and do not forgot to like follow and share our social media platforms. 

Facebook Page:- https://www.facebook.com/theprogrammer.harshit/ 

Friday, 4 May 2018

4 Best Linux Mini PC


If you want a portable solution of  We your Linux Machine, Linux Mini PC is the best solution for you.Because these are easy to handle,need low power consumption,fit on a small space and can operate with Open-Source Operating System.
Not all Linux Mini PC are created as same and it can be confusing to understand which one is right for you.No problem just go for the Best Linux Mini PC and find the right one for your needs.
In this guide, I will show you some exclusive Linux Mini PC that actually fulfilled your portability needs.


     

Best Linux Mini PC Comparison

CompuLab Mint Box
Processor1.00 GHZ (Quad-Core)
RAM4 GB
Stroage64 GB SSD
Built-IN OSLinux Mint
ASUS Chromebox
Processor1.4 GHZ (Dual-Core)
RAM2 GB
Stroage16 GB SSD
Built-IN OSGoogle Chrome OS
Azulle Quantum Byte
Processor1.33 GHZ (Quad-Core)
RAM2 GB
Stroage32 GB eMMC
Built-IN OSWindows 8.1
Jide Remix Mini
Processor1.6 GHZ (Quad-Core)
RAM2 GB
Stroage16 GB Flash Memory
Built-IN OSRemix OS 2.0

CompuLab Mint Box Mini


CompuLab Mint Box Mini is a great Linux Mini Pc.If you want a portable Linux Mintbased Desktop Computer, Mint Box can be your first choice.
Mint Box comes with preinstalled Linux Mint operating system with MATE Desktop Environment.It has 64 GB internal SSD storage which makes it Faster and Smaller.You can easily carry this device anywhere.On the other hand, it used very low power consumption.You can easily operate it with a single 12 Volt adapter.
I liked the Mint Box Mini so much.It is one of my best Linux Mini PC I have used ever.So, I decided to share my research findings with you.

A Complete Linux Mint Box

The Mint Box Mini is a complete Linux Mint Solution.Not only Linux Mint, you can also use and install other Linux distribution in this mini computer.It comes with 1GHz AMD A4 Micro-6400T 64bit Processor(Quad-Core ),4GB DDR3 Ram, 64GB Internal SSD Storage,AMD Radeon R3 Graphics and Realtek HD Audio.This specification will make your Desktop computing very easy and effective.
This mini PC also built-in LAN and WiFi.So, you can easily connect the Internet by using Wire or Wireless.On the other hand, the audio has two different output.Ordinary Stereo and 7.1 Digital output.The audio inputs are Analog Stereo Microphone and Digital S/PIDF input.So, you will get HQ audio input and output from one place.

Use Low Resources, Give High Performance

Mint Box Mini need a very low resource to operate.You can easily run it with a 12 Volt adapter.No need to use a high-powered power supply.

So thats it. Hope you guys like it. If yes then please .. comment down below and do not forgot to like follow and share our social media platforms. 

Facebook Page:- https://www.facebook.com/theprogrammer.harshit/ 

Tuesday, 1 May 2018

Key Concept about Malware Analysis.



The method by which malware analysis is performed typically falls under one of two types:
Static malware analysis: Static or Code Analysis is usually performed by dissecting the different resources of the binary file without executing it and studying each component. The binary file can also be disassembled (or reverse engineered) using a disassembler such as IDA. The machine code can sometimes be translated into assembly code which can be read and understood by humans: the malware analyst can then make sense of the assembly instructions and have an image of what the program is supposed to perform. Some modern malware is authored using evasive techniques to defeat this type of analysis, for example by embedding syntactic code errors that will confuse disassemblers but that will still function during actual execution.
Dynamic malware analysis: Dynamic or Behavioral analysis is performed by observing the behavior of the malware while it is actually running on a host system. This form of analysis is often performed in a sandbox environment to prevent the malware from actually infecting production systems; many such sandboxes are virtual systems that can easily be rolled back to a clean state after the analysis is complete. The malware may also be debugged while running using a debugger such as GDB or WinDbg to watch the behavior and effects on the host system of the malware step by step while its instructions are being processed. Modern malware can exhibit a wide variety of evasive techniques designed to defeat dynamic analysis including testing for virtual environments or active debuggers, delaying execution of malicious payloads, or requiring some form of interactive user input.


Stages

Examining malicious software involves several stages, including, but not limited to the following:
  1. Manual Code Reversing
  2. Interactive Behavior Analysis
  3. Static Properties Analysis
  4. Fully-Automated Analysis

Binary analysis tools

  • pestudio
  • peid
  • exeinfope
  • PEView
  • Resource hacker : free resource extraction utility and resource compiler for Windows by Angus Johnson
  • HxD : hex editor for Windows by Mael Horz

Disassemblers

  • IDA Pro: Disassembler by Hex-Rays
  • Radare2 : Disassembler by pancake
  • BinaryNinja : Disassembler by Vector 35

Debuggers

  • GNU Debugger: Debugger by GNU
  • WinDbg: Debugger by Microsoft
  • OllyDbg: Debugger by OllyDbg
  • x64Dbg: Debugger by x64Dbg

Malware Analysys Tools:

Threat intelligence and IOC resources.

Detection and Classification

Antivirus and other malware identification tools
  • AnalyzePE – Wrapper for a variety of tools for reporting on Windows PE files.
  • Assemblyline – A scalable distributed file analysis framework.
  • BinaryAlert – An open source, serverless AWS pipeline that scans and alerts on uploaded files based on a set of YARA rules.
  • chkrootkit – Local Linux rootkit detection.
  • ClamAV – Open source antivirus engine.
  • Detect-It-Easy – A program for determining types of files.
  • ExifTool – Read, write and edit file metadata.
  • File Scanning Framework – Modular, recursive file scanning solution.
  • hashdeep – Compute digest hashes with a variety of algorithms.
  • Loki – Host based scanner for IOCs.
  • Malfunction – Catalog and compare malware at a function level.
  • MASTIFF – Static analysis framework.
  • MultiScanner – Modular file scanning/analysis framework
  • nsrllookup – A tool for looking up hashes in NIST’s National Software Reference Library database.
  • packerid – A cross-platform Python alternative to PEiD.
  • PEV – A multiplatform toolkit to work with PE files, providing feature-rich tools for proper analysis of suspicious binaries.
  • Rootkit Hunter – Detect Linux rootkits.
  • ssdeep – Compute fuzzy hashes.
  • totalhash.py – Python script for easy searching of the TotalHash.cymru.com database.
  • TrID – File identifier.
  • YARA – Pattern matching tool for analysts.
  • Yara rules generator – Generate yara rules based on a set of malware samples. Also contains a good strings DB to avoid false positives.

Online Scanners and Sandboxes

Web-based multi-AV scanners, and malware sandboxes for automated analysis.
    • anlyz.io – Online sandbox.
    • AndroTotal – Free online analysis of APKs against multiple mobile antivirus apps.
    • AVCaesar – Malware.lu online scanner and malware repository.
    • Cryptam – Analyze suspicious office documents.
    • Cuckoo Sandbox – Open source, self hosted sandbox and automated analysis system.
    • cuckoo-modified – Modified version of Cuckoo Sandbox released under the GPL. Not merged upstream due to legal concerns by the author.
    • cuckoo-modified-api – A Python API used to control a cuckoo-modified sandbox.
    • DeepViz – Multi-format file analyzer with machine-learning classification.
    • detux – A sandbox developed to do traffic analysis of Linux malwares and capturing IOCs.
    • DRAKVUF – Dynamic malware analysis system.
    • firmware.re – Unpacks, scans and analyzes almost any firmware package.
    • HaboMalHunter – An Automated Malware Analysis Tool for Linux ELF Files.
    • Hybrid Analysis – Online malware analysis tool, powered by VxSandbox.
    • Intezer – Detect, analyze, and categorize malware by identifying code reuse and code similarities.
    • IRMA – An asynchronous and customizable analysis platform for suspicious files.
    • Joe Sandbox – Deep malware analysis with Joe Sandbox.
    • Jotti – Free online multi-AV scanner.
    • Limon – Sandbox for Analyzing Linux Malware.
    • Malheur – Automatic sandboxed analysis of malware behavior.
    • malsub – A Python RESTful API framework for online malware and URL analysis services.
    • Malware config – Extract, decode and display online the configuration settings from common malwares.
    • Malwr – Free analysis with an online Cuckoo Sandbox instance.
    • Metadefender – Scan a file, hash or IP address for malware (free).
    • NetworkTotal – A service that analyzes pcap files and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware using Suricata configured with EmergingThreats Pro.
    • Noriben – Uses Sysinternals Procmon to collect information about malware in a sandboxed environment.
    • PacketTotal – PacketTotal is an online engine for analyzing .pcap files, and visualizing the network traffic within.
    • PDF Examiner – Analyse suspicious PDF files.
    • ProcDot – A graphical malware analysis tool kit.
    • Recomposer – A helper script for safely uploading binaries to sandbox sites.
    • SEE – Sandboxed Execution Environment (SEE) is a framework for building test automation in secured Environments.
    • SEKOIA Dropper Analysis – Online dropper analysis (Js, VBScript, Microsoft Office, PDF).
    • VirusTotal – Free online analysis of malware samples and URLs
    • Visualize_Logs – Open source visualization library and command line tools for logs. (Cuckoo, Procmon, more to come…)
    • Zeltser’s List – Free automated sandboxes and services, compiled by Lenny Zeltser.

Domain Analysis

Inspect domains and IP addresses.
  • badips.com – Community based IP blacklist service.
  • boomerang – A tool designed for consistent and safe capture of off network web resources.
  • Cymon – Threat intelligence tracker, with IP/domain/hash search.
  • Desenmascara.me – One click tool to retrieve as much metadata as possible for a website and to assess its good standing.
  • Dig – Free online dig and other network tools.
  • dnstwist – Domain name permutation engine for detecting typo squatting, phishing and corporate espionage.
  • IPinfo – Gather information about an IP or domain by searching online resources.
  • Machinae – OSINT tool for gathering information about URLs, IPs, or hashes. Similar to Automator.
  • mailchecker – Cross-language temporary email detection library.
  • MaltegoVT – Maltego transform for the VirusTotal API. Allows domain/IP research, and searching for file hashes and scan reports.
  • Multi rbl – Multiple DNS blacklist and forward confirmed reverse DNS lookup over more than 300 RBLs.
  • NormShield Services – Free API Services for detecting possible phishing domains, blacklisted ip addresses and breached accounts.
  • SpamCop – IP based spam block list.
  • SpamHaus – Block list based on domains and IPs.
  • Sucuri SiteCheck – Free Website Malware and Security Scanner.
  • Talos Intelligence – Search for IP, domain or network owner. (Previously SenderBase.)
  • TekDefense Automater – OSINT tool for gathering information about URLs, IPs, or hashes.
  • URLQuery – Free URL Scanner.
  • Whois – DomainTools free online whois search.
  • Zeltser’s List – Free online tools for researching malicious websites, compiled by Lenny Zeltser.
  • ZScalar Zulu – Zulu URL Risk Analyzer.

Browser Malware

Analyze malicious URLs. See also the domain analysis and documents and shellcode sections.
  • Firebug – Firefox extension for web development.
  • Java Decompiler – Decompile and inspect Java apps.
  • Java IDX Parser – Parses Java IDX cache files.
  • JSDetox – JavaScript malware analysis tool.
  • jsunpack-n – A javascript unpacker that emulates browser functionality.
  • Krakatau – Java decompiler, assembler, and disassembler.
  • Malzilla – Analyze malicious web pages.
  • RABCDAsm – A “Robust ActionScript Bytecode Disassembler.”
  • swftools – Tools for working with Adobe Flash files.
  • xxxswf – A Python script for analyzing Flash files.

Documents and Shellcode

Analyze malicious JS and shellcode from PDFs and Office documents. See also the browser malware section.
  • AnalyzePDF – A tool for analyzing PDFs and attempting to determine whether they are malicious.
  • box-js – A tool for studying JavaScript malware, featuring JScript/WScript support and ActiveX emulation.
  • diStorm – Disassembler for analyzing malicious shellcode.
  • JS Beautifier – JavaScript unpacking and deobfuscation.
  • JS Deobfuscator – Deobfuscate simple Javascript that use eval or document.write to conceal its code.
  • libemu – Library and tools for x86 shellcode emulation.
  • malpdfobj – Deconstruct malicious PDFs into a JSON representation.
  • OfficeMalScanner – Scan for malicious traces in MS Office documents.
  • olevba – A script for parsing OLE and OpenXML documents and extracting useful information.
  • Origami PDF – A tool for analyzing malicious PDFs, and more.
  • PDF Tools – pdfid, pdf-parser, and more from Didier Stevens.
  • PDF X-Ray Lite – A PDF analysis tool, the backend-free version of PDF X-RAY.
  • peepdf – Python tool for exploring possibly malicious PDFs.
  • QuickSand – QuickSand is a compact C framework to analyze suspected malware documents to identify exploits in streams of different encodings and to locate and extract embedded executables.
  • Spidermonkey – Mozilla’s JavaScript engine, for debugging malicious JS.

File Carving

For extracting files from inside disk and memory images.
  • bulk_extractor – Fast file carving tool.
  • EVTXtract – Carve Windows Event Log files from raw binary data.
  • Foremost – File carving tool designed by the US Air Force.
  • hachoir3 – Hachoir is a Python library to view and edit a binary stream field by field.
  • Scalpel – Another data carving tool.
  • SFlock – Nested archive extraction/unpacking (used in Cuckoo Sandbox).

Deobfuscation

Reverse XOR and other code obfuscation methods.
  • Balbuzard – A malware analysis tool for reversing obfuscation (XOR, ROL, etc) and more.
  • de4dot – .NET deobfuscator and unpacker.
  • ex_pe_xor & iheartxor – Two tools from Alexander Hanel for working with single-byte XOR encoded files.
  • FLOSS – The FireEye Labs Obfuscated String Solver uses advanced static analysis techniques to automatically deobfuscate strings from malware binaries.
  • NoMoreXOR – Guess a 256 byte XOR key using frequency analysis.
  • PackerAttacker – A generic hidden code extractor for Windows malware.
  • unpacker – Automated malware unpacker for Windows malware based on WinAppDbg.
  • unxor – Guess XOR keys using known-plaintext attacks.
  • VirtualDeobfuscator – Reverse engineering tool for virtualization wrappers.
  • XORBruteForcer – A Python script for brute forcing single-byte XOR keys.
  • XORSearch & XORStrings – A couple programs from Didier Stevens for finding XORed data.
  • xortool – Guess XOR key length, as well as the key itself.

Memory Forensics

Tools for dissecting malware in memory images or running systems.
  • BlackLight – Windows/MacOS forensics client supporting hiberfil, pagefile, raw memory analysis.
  • DAMM – Differential Analysis of Malware in Memory, built on Volatility.
  • evolve – Web interface for the Volatility Memory Forensics Framework.
  • FindAES – Find AES encryption keys in memory.
  • inVtero.net – High speed memory analysis framework developed in .NET supports all Windows x64, includes code integrity and write support.
  • Muninn – A script to automate portions of analysis using Volatility, and create a readable report.
  • Rekall – Memory analysis framework, forked from Volatility in 2013.
  • TotalRecall – Script based on Volatility for automating various malware analysis tasks.
  • VolDiff – Run Volatility on memory images before and after malware execution, and report changes.
  • Volatility – Advanced memory forensics framework.
  • VolUtility – Web Interface for Volatility Memory Analysis framework.
  • WDBGARK – WinDBG Anti-RootKit Extension.
  • WinDbg – Live memory inspection and kernel debugging for Windows systems.

Windows Artifacts

  • AChoir – A live incident response script for gathering Windows artifacts.
  • python-evt – Python library for parsing Windows Event Logs.
  • python-registry – Python library for parsing registry files.
  • RegRipper (GitHub) – Plugin-based registry analysis tool.

Storage and Workflow

  • Aleph – Open Source Malware Analysis Pipeline System.
  • CRITs – Collaborative Research Into Threats, a malware and threat repository.
  • FAME – A malware analysis framework featuring a pipeline that can be extended with custom modules, which can be chained and interact with each other to perform end-to-end analysis.
  • Malwarehouse – Store, tag, and search malware.
  • Polichombr – A malware analysis platform designed to help analysts to reverse malwares collaboratively.
  • stoQ – Distributed content analysis framework with extensive plugin support, from input to output, and everything in between.
  • Viper – A binary management and analysis framework for analysts and researchers.
oda
ODA stands for Online DisAssembler. ODA is a general purpose machine code disassembler that supports a myriad of machine architectures.
Built on the shoulders of libbfd and libopcodes (part of binutils), ODA allows you to explore an executable by dissecting its sections, strings, symbols, raw hex, and machine level instructions.
ODA is an online Web Based Disassembler for when you don’t have time or space for a thick client. ODA is a BETA release that is limited by the resource constraints of the server on which it is hosted and the spare time of its creators.
Features:
  • Malware analysis
  • Vulnerability research
  • Visualizing the control flow of a group of instructions
  • Disassembling a few bytes of an exception handler that is going off into the weeds
  • Reversing the first few bytes of a Master Boot Record (MBR) that may be corrupt
  • Debugging an embedded systems device driver
So thats it. Hope you guys like it. If yes then please .. comment down below and do not forgot to like follow and share our social media platforms. 

Facebook Page:- https://www.facebook.com/theprogrammer.harshit/