• For testing we will use Google Chrome and Mozilla Firefox web browsers on Windows 10 with build version 1709.
• Open Google Chrome browser go to https://chrome.google.com/webstore/category/extensions and in Mozilla Firefox go to https://addons.mozilla.org/en-US/firefox/
• Now moving on to the, top Web Browser Extensions for Hackers and Security Researchers.

Privacy Badger

While making any financial or any other transactions, no user wants to share their details. Users can opt out for privacy badger which has capability of blocking unnecessary tracking. Now days most website uses tracker cookies to make an site preference for different users. This helps companies to collect data regarding preferences which user makes. According to privacy badger developers, privacy badger sends Do Not Track Signals to different websites. Privacy Badger removes outgoing links on third party sites and click tracking on social networking websites.

With its continuously usage of privacy badger, learns to block ads more efficiently. Download link privacy badger.

Ublock Origin

Ublock Origin is used for content-filtering, ad-blocking. It can blocks malicious web sites, block different ads, popus, tracker sites. Ublock Origin helps to surf on different sites by disabling the trackers. Mostly eCommerce platforms uses trackers to know their consumer preferences. Below shows how youtube.com trackers are blocked. The Red one indicates that trackers blocked and blue, white indicates that trackers allowed.

• Ublock works automatically, users don’t need to click on any icon.

Download Ublock_origin.

Go_Back_In_Time

Go back in Time is used to open archived web pages. This extension helps in viewing old web pages in its earlier version. Go back in time provides different search engines to view web pages in its earlier version.

• After installing extension. Open any web page, right click anywhere on web page. Click on Go Back In Time then click on any search engine for opening desired web page.
• We have used Google cache for opening YouTube old version. Other options are: CoralCDN, The Internet Archive, Yahoo! Cache, MSN Cache, Gigablast Cache, WebCite

Download Go Back In Time.

User-Agent-Switcher

User agent Switcher is a extension can be used by hacker or cyber security research for modifying the User Agent. User can use user agent switcher to confuse servers in impersonating its browser and OS details.

• For changing agent switcher. Download the chrome extension and click on Agent Switcher icon. Then select your desired agent switcher and click on apply.

• After changing agent switcher refresh web page & you will see that agent switcher will change

• Above shows that agent switcher has changed. Download User Agent Switcher

Exif-Data Information Extractor

Exif-data information shows meta data about any image. Capturing image also captures many more information than only an image. Image contains camera settings like – aperture, ISO, shutter speed, white balance, date, time, image histogram and other information. Stenography is an another process used in hiding files behind any image. But this extension only shows the exif-data information.

• For using this extension. Download exif-data viewer, then open any image which contains exif-data information. Right click on image then click on Show Exif Data.

• Above shows the exif-data with its date, time F.Length, Metering Mode, Flash, White balance. Above exif-data information can be used in initial part of information gathering of ethical hacking.

Wappalyzer

Gathering information about any website before starting penetration testing. Wappalyzer shows web servers details which helps security testers to move on next phases.

• Download and install the wappalyzer. Then open any website and click on below icon which shows the front-end and back-end languages which are used in information gathering.

• Above shows that certifiedhacker.com is using libraries and Apache web server.

Connect Remotely Using SSH

SSH (Secure Remote Login) helps users connect remotely with other machines. For connecting with SSH users have to enter the IP address and port 22. Then enter the username. Users can also use web browsers for connecting with another machines. For using SSH on Google Chrome. Download the extension.

• Open chrome browser, type chrome://apps, Click on Secure Shell App.

• Then click on enter. Now it will ask for password. Enter password.

• Above shows that SSH has login successfully in web browser. Now pentester can run different shell scripts from here.
• This extension comes in handy in ethical hacking courses offered by International Institute of Cyber Security

Traffic Masking – Chaff

Chaff helps in generating random sites traffic to confuse trackers or network traffic monitors. Chaff generates random fake network traffic. Users can configure different sites in Chaff settings on which sites users wants to generate fake traffic.

• Download Chaff and install. Then click on its icon. After then chaff will start generating fake network traffic. Chaff will open a new tab and will open another web page as per configured in chaff settings.

• For configuring Chaff settings, Go to sources for configuring site settings.

• Above settings are used for starting point for generating fake network traffic.

Nimbus_Screenshot

Many times while researching, pentester needs to download file. Some sites prohibit downloading option to stop spamming. There are numerous extensions which are used for taking screenshots. We will use Nimbus Screenshot. Nimbus creates, shares screenshots of any website. Nimbus also gives option for creating entire web page screenshot. Like any other snipping tools. Nimbus offers capturing particular part of web page, selected area or selected scroll and different options for capturing web pages.

• Download Nimbus Screenshot and install. Open any web page, right click on Nimbus icon.

• Select any options as per requirement for capturing screenshots.

• Above shows the Nimbus screenshot options shows image editing options.

Shodan

Shodan is very popular engine for finding information regarding devices on Internet. With shodan pentester can gather different information like hosted country, open ports, top CVE, vulnerabilities and other databases which are available online. Shodan also shows open servers, scada systems, open IOT devices. But today we will show you Shodan chrome extension which tells the open ports of any website user visits.

• Download Shodan and add to chrome. After that open website and click on shodan icon. You will find open ports of any website.

• Above shows the open ports, of testphp.vulnweb.com

The post Top Web Browser Extensions for Hackers and Security Researchers appeared first on Information Security Newspaper | Hacking News.

Dfirtriage is designed to give incident response to victim operating system. The tool comprises of small bunch of tools which is written in python. Depending on the usage, investigator can run each tool or can run single command which will execute all small tools automatically.

• For testing we will use Windows 10 (1809) 64 Bit. Download from : https://github.com/travisfoley/dfirtriage
• Unzip dfirtriage.zip
• or drop dfirtriage.exe on the target and execute with admin rights. This step is also explained as you will scroll down.
• Below you can see different list of tools. Dfirtriage will work only in Windows OS. This tool needs to run in compromised Windows OS.

• Above list of tools which are used while investigating target windows operating system.
• Starting with web browser history. The first executable shows the all installed browsers history. Open BrowserHistoryView folder & open browserhistoryview.exe as admin.

• Above shows the Opened webpages in Internet Explorer & chrome history. It shows all the webpages which are opened in web browser. If the history is deleted it will still show all recent history of web pages.
• Another helps to find which IP address are connected with the remote system. Below you can see all the connected IP addresses with their respective protocols.

• LastActivityView helps to find all the files which lastly opened with their location. It also shows the which users are associated with files or folders.

• Sysinternals shows the auto run programs or softwares in Windows OS. You will all the programs which are set autostart. autorunsc.exe also includes the windows internal programs which are most often hidden in startup of task manager.

• pslist shows the running programs. pslist shows all the hidden programs with CPU time & its elapsed time. It works just like task manager but only difference it shows hidden ongoing programs which are not visible in task manager.
• There are many malware which are designed to work in background without showing in task manager.

• PsLoggedon.exe shows the logged users on Windows OS. If different users are logged in. It will show all the user.

• psfile.exe shows the remote users which are connected to Windows OS. Currently it shows no other sessions is establish.

• PsInfo.exe shows hardware details on which Windows OS is running. Below it shows Windows uptime, kernel version, with its product type.

• It also shows the kernel version with registered name. PsInfo.exe also shows the processor speed & company of the processor.
• psloglist.exe shows system logs which are found in computer management. psloglist.exe shows the all events which are running in Windows.

• Tcpvcon.exe shows the connected IP address with their network protocols and process name. Below shows the remote connected IP addresses with respective process name.

• Whoami.exe a very basic utility shows the user name with hostname.

• Above we have shown the Forensics utilities & tools which are part of dfirtriage. All these tools are also part of Digital Forensics course offered by International Institute of Cyber Security.
• You can also use Dfirtriage directly at once. But it takes time to create an output.
• Earlier we have started dfirtriage.exe for getting complete output. It will save all output in text file.
• For starting dfirtriage. Open CMD as administrator. Go to location & type dfirtriage.exe

• Below shows dfirtriage has started forensic report using all the utilities & tools. You can also use all utilities or tools separately which are explained above.

• Some reports which are generated by dfirtriage. All the output are same but are saved in text form.

• Dfirtriage can be used in threat response. Thus helpful in creating various windows forensic report related to memory or web browser history.

The post Digital forensics tools for Windows 10 Forensics and incident response appeared first on Information Security Newspaper | Hacking News.