Your New Google Password is your Phone

Yes its true ! Now you can use your Android Smart Phone to get access you your google account on any other device. Benefit of this feature is that you don't need to type your password every time you want to login into your google account from any other device. It makes your account more secure as nobody can track your password, even if the device you are using is not so secure.


How to activate Google Account Password as your Phone ?
Go to accounts.google.com from a secure device. It will ask you for your password. Now go to "Signing in to Google" section. Here you will find the option to turn on this feature.

Once you click to activate this feature, it will do certain checks, such as finding your android phone which is using the same google account and checking if the screen lock is enabled or not. If your screen lock in not enabled then it will ask you to do so, to make your account secure.

After completing a few steps this feature will be turned on.

What if my phone is not handy ?
In such case you will have the option to enter the password and access the account.

What if my phone is lost and somebody else tries to access my google account ?
To save you from such a hack, google checks if your screen lock is enabled before turning on this feature. If your phone is lost and in a locked condition then its secure. However you can easily track your phone or disable google account in that phone by simply accessing the account.google.com page from any other device. You can also erase the sensitive data from your phone using this service.

Every technology have its own benefits and drawbacks. But bestrix.blogspot.com found this feature quite safe and makes your google account more secure.

Get Backlinks From CNN, HuffingtonPost, NYTimes, or Fox News

Have you ever thought about how to increase your visits, and make strong damage to your competitors quickly?

I will give you 301 Url Redirect from interior pages of the following site:

CNN, 

FDA,

Times Magazine

Fox News

INC, 

Huffington Post, 

Entrepreneur, 

NY Times,

Los Angles Times

.........

Please note that I do not post new articles. I use their dead links on the current pages and make them live to point to your website.

You cannot choose the keywords because the articles are already on the website and posted. Also, I will not write or post new articles in such mentioned sites because the are very costly. In return, you will get reputation and improvement in Google.

Each may last anywhere from 6 months to 3 or 4 years. It all depends if the site gets updated or not.

For the basic gig, you will only Receive one link from the mentioned sites listed above.

So what are you waiting for? Rank in few weeks.

You can also send me the website you want to point to your website and I tell you if it is possible to get a backlink from them or not.

Please feel free to contact me if you have any question.

Best regards,

AUD/USD Forex Report 1st April 2017

AUd/USD Primary & Weekly Cycles

The medium term bias is to go higher and reach the 2017 highs @ .7785, whilst the short term bias is to dip down into the Weekly lows.

Random Support :- .7482  /  . 7513

AUD looks to be moving higher in the 2nd Quater, as it follow the Quarterly dynamics towards the 2017 highs @ .7785 - 79

Trade on the side of  .7625

Popular attacker tools & techniques: survey results

In my last blog post, I decided to create a survey as to get a better perspective on popular or favourite tools of attackers, red teamers and/or pentesters.

Below  I present the results, with additional & minimal commentary from my side. Comments are below the figures. Note this is not fully indicative of an attacker or threat actor's arsenal, but I do hope it can give anyone some pointers. Enjoy the journey.

Yes, you may use this data as long as you mention the original source, which is this exact blog post. You may find a direct SurveyMonkey link to the results here.

Figure 1 - What do you do

Answered: 76 

First and foremost question: what do you do? Are you a red/blue or purple teamer? Or no idea at all?

Most people that answered were red teamers. Awesome! If you have no idea what any of this means, or you are just starting with all this, then I definitely advise you to read the following:
The Difference Between Red, Blue, and Purple Teams.

Figure 2 - Favourite lateral movement method

Answered: 66

Second question definitely yielded interesting results; with Pass the Hash (PtH) as most favourite or preferred method of lateral movement. Note that I shamelessly used this list from Mitre's excellent ATT&CK page on Lateral Movement here: https://attack.mitre.org/wiki/Lateral_Movement

Figure 3 - Favourite AV bypass tool

Answered: 64 

Bypassing AV can be interpreted quite broadly, but let's say using the most well-known tools with ability to evaded AV - with which Metasploit takes the lead, and Veil a close second.

Figure 4 - Favourite web app pentest tool

Answered: 66

Burp seems to have the biggest share of being most popular or used web app pentest tool.

Figure 5 - Favourite PowerShell tool

Answered: 66

This is definitely one of the, if not the most, interesting results of all questions. PowerShell Empire takes the lead, with PowerSploit following very closely... And not too far off is PowerShell itself. Draw your conclusions.

Figure 6 - Favourite credential dumper

Answered: 67

Mimikatz seems to be the most preferred credential dumper all around.

Figure 7 - Favourite password brute forcer

Answered: 66

Hashcat, Hydra and John the ripper rank among the top three of password brute forcers.

Figure 8 - Usage of RATs

Answered: 69 

This question and the next overlap slightly - if an attacker doesn't (or can't) build custom malware, they may be more inclined to use RATs (freely available or not). Building a RAT is definitely more trivial than building or writing custom malware.

However, don't be fooled. If an attacker is strongly motivated, it's not a question of if they'll get on the network, but when. Take appropriate defensive measures.

Figure 9 - Usage of malware

Answered: 58

Repeating: attackers will not hesitate to use custom malware which is adapted or tailored to/for your environment! (and to evade any security controls or measures in place)

Figure 10 - Application Whitelisting bypasses

Answered: 69

A rather surprising result, seeing 11 of the respondents either skipped, or didn't know what Application Whitelisting is. (and as such, how it may be bypassed)

I can definitely recommend you to check out Casey Smith's Catalog of Application Whitelisting Bypass Techniques.

Extra comments

... provided by some of the respondents yielded additional tools and information:

Lateral movement methods:
PowerUpSQL, CrackMapExecWin, smbexec, PowerSCCM, Kerberoasting, CobaltStrike (after obtaining admin creds for another system), WMI, Password reuse.

AV bypass:
PS Empire, PEspin, Shellter, Unicorn.py and even manually.

Web app pentesting:
metasploitHelper, Dirb, dirbuster, Kali2.

PowerShell tools:
Compress-File.ps1, BloodHound, PowerLurk, PowerSkype.ps1, PowerOPS, PowerForensics, Unicorn.py.

Credential dumping:
mimikittenz, go-mimikatz.

Password brute forcing:
Nmap NSE "brute"-category scripts, patator, Invoke-SMBAutoBrute.ps1, HashcatOCL.

RATs and malware:
Empire, Meterpreter (Metasploit), ADC2.ps1, ThinkPwn, manwhoami/Bella, tinymet/Ultimet, CobaltStrike beacons.



Conclusion

You may wonder if every attacker will use every tool on this list. They may well do so, or not use any of the tools and scripts discussed at all, and rather write everything tailored to your environment.

Also keep in mind that an attacker's TTPs may change over the course of weeks, months or even years. However, some tools will always be popular and withstand the test of time.

What's next?

I definitely advise you to either subscribe to feeds, or follow people on Twitter - both red teamers and blue teamers. Often, they both provide a unique insight which in turn will help you to defend better as well. Don't hesitate to share your findings with the community!

Try to think like an attacker. Leave nothing out. Know your own environment.


I'm not sure where to start.

Why not start by checking out a real live intrusion that happened, featuring APT29? There's an excellent presentation out there by Matthew Dunwoody and Nick Carr here:

No Easy Breach

Another excellent blog to check out is: http://adsecurity.org/

I additionally advise you to check out Matt Swan's Incident Response Hierarchy of Needs. If you like hierarchies or pyramids. definitely check out the threat intelligence Pyramid of Pain by David Bianco.

There's also a good paper on detecting lateral movement in Windows infrastructure by CERT-EU.

Lastly, check out JPCert's excellent report on lateral movement here:

Detecting Lateral Movement through Tracking Event Logs

Still in doubt? Start Googling some of the TTPs mentioned above and check out their functionality - and shortcomings!

What about PowerShell and all its misuses?

If your organisation has no need for it, disable PowerShell by configuring AppLocker. Note that PowerShell has many valid usages as well, such as logon scripts. There's a short blog post by Michael Schneider here that touches on this very subject: A story about blocking PowerShell

If you do want to use PowerShell, I advise you to upgrade to the latest version (currently v5) and turn on all the logging! A blog post worth reading: Greater Visibility Through PowerShell Logging

And the last one in regards to PowerShell is a very recent blog post written by Ashley McGlone:
Practical PowerShell Security: Enable Auditing and Logging with DSC


What about AV and how it can be bypassed?

AV should never be your only layer of protection. Next-gen or not.


What about... ?

Where there are attackers, there are defenders and vice versa. Use Event Logging. Use Sysmon.


I'm a red teamer, where can I find more information?

A recent post by Artem Kondratenk offers a ton of resources and insight:
A Red Teamer's guide to pivoting


Can I use this data?

Of course! As long as you mention the original source, which is this exact blog post. You may find a direct SurveyMonkey link to the results here.


Thanks to all the participants, and to you for reading!

Please do comment with your feedback or questions or anything else you would like to discuss.

Guest Post - Updated List March 2017

Guest blogging is a method used by bloggers to increase blog traffic where bloggers write posts to be published on other bloggers' blogs. Guest posts and guest posting is where a writer who owns his or her own blog creates a unique and original post on another blog or site with a mention of the author and usually their blog at the bottom of the article. Guest posting can help build brand awareness with a different audience and help drive new traffic to your site.

Guest blogging is also a great way to establish yourself as an authority figure within your market and build relationships with other bloggers and experts within your field. It's an opportunity to take your expertise and share it with others, as well as an opportunity to increase traffic to both parties’ blogs. Since guest blogging should be a two-way street, when hopping on the bandwagon, you should also consider featuring posts developed by guest bloggers. Featuring guest posts will also expose your audience to a new perspective and fresh new content.

Please click here to download updated sites for Guest Post!

You may feel free to ask me any question anytime. Our services are perfectly customized to your Marketing Demand and needs. 

SEORapidly

Email: SEORapidly@gmail.com

Skype: SEORapidly

Website: https://seorapidly.blogspot.com/