Start your reNgines!

Controversy in our APT Top 10, a new offer for Sec+, and a few other treats... [View this email in your browser]( SecPro #98: Start your reNgines! Hello! This week, after a little delay, we have finally mustered the courage to (almost) finish off our APT countdown. What took us so long? Well, if the _secpro readership loves one thing, it is controversy! Our third-to-last entry in our top 10 is the most controversial group to date, only eclipsed by next week's issue. Make sure to check out next week's double entry! And that's without even mentioning our guide on how to use reNgine, an automated reconnaissance framework that will kick your workflow up a gear. Sound good? Check out the links below. Cheers! [Austin Miller]( Editor in Chief This week's highlights: - [reNGine: An Automated recon Framework]( - [APT #3]( - [Learn Ethical Hacking from Scratch]( - [Learn Cybersecurity with Ian Neil]( - [This Week's Survey]( And with that - on with the show! [_secpro]( [Packt _secpro Newsletter]( [The _secpro Website]( [Studying for Sec+? Get 20% off Ian Neil's CompTIA Security+ guide!]( [GET STARTED WITH SEC+!]( This Week's Editorial Articles [reNgine: An Automated recon Framework]( The starting point and one of the most common things of any bug bounty engagement is reconnaissance. [APT #3 - Unit 8200]( This week's entry is a controversial one. Unit 8200 is an intelligence group and not recognised by most as an APT. However, that isn't true of all... Cybersecurity Fundamentals [Learn Ethical Hacking from Scratch]( We've changed course! This time, we're taking a quick look at [Learn Ethical Hacking from Scratch](. Make sure to check out the book to set up your systems for the lessons, then dive in with the _secpro! [LIKE WHAT YOU SEE? CLICK HERE]( [Creating fake access points with the MANA Toolkit]( In this section, we'll discuss a tool called the MANA Toolkit. The MANA Toolkit allows us to create fake APs. It is very easy to use, and it automatically creates fake APs for us, so that we don't have to manually type commands. The tool also has a few scripts, allowing us to run a number of tools to sniff traffic in the fake AP, bypass HTTPS, and even attempt to bypass HSTS. The tool comes with three main scripts: - start-noupstream.sh: Basically, this script will create a fake AP. This AP will not have an internet connection, so, when someone connects to this fake AP, they will not be able to connect to the internet. - start-nat-simple.sh: This creates a fake AP with an internet connection. So, when someone connects to this AP, they will be able to access the internet, and all of the packets will be flowing through our device (because we are the router), so we'll be able to analyze, capture, and read the packets. - start-nat-full.sh: This script will create an AP with an internet connection, and it will also automatically start sniffing and recording the packets that are flowing through the fake AP; it will attempt to bypass HTTPS and HSTS. We are not going to use the start-nat-full.sh script, because it actually fails a lot of the time. We're only going to use the start-nat-simple.sh script, for creating an AP with an internet connection. In the future, we'll see how to capture and analyze the packets. Before getting into more detail, let's take a look at the settings for the Kali machine. Go to Settings | Network, and make sure that you're using a NAT network. This is exactly what we saw in [Chapter 3]( Linux Basics. Run the following command to install the MANA Toolkit: apt-get install mana-toolkit If it is already installed, it will tell us that it is, along with its version. If we use ifconfig, we'll see that we have an interface called eth0; this interface is actually used by VirtualBox in the NAT network, so it's a virtual interface that is connected to that network. It's supplying an internet connection to the machine. At the moment, we don't have a wireless card connected to it. If we use iwconfig, we will see that the internet connection comes from eth0. We will now connect the wireless card to the Kali machine; go to Devices | USB, and pick our card. The card should now show up when we run iwconfig. So, the wlan0 card is only used to broadcast the signal; it's not used to provide the internet connection. This card is in the managed mode, and it's not connected to any network. Now, we're going to set up MANA's configuration and start the fake AP. First, we need to modify the hostapd-mana.conf file, which is located at /etc/mana-toolkit, using Leafpad editor. We are using Leafpad because this is the editor that we want to modify the file with. We will type the location where the file is located: leafpad /etc/mana-toolkit/hostapd-mana.conf Here, we can modify the settings of the fake AP that we're using. The most important thing is the interface that we're going to use to broadcast the signal; for us, it was called wlan0. Remember that when we run iwconfig, wlan0 is our wireless card that's going to broadcast the signal, and it's not connected to anything. Now, we can modify the MAC address (or the name of the network); the name of the network, in our case, is going to be Internet, and the channel is going to be set to 6. We will not be modifying anything else; this was just to illustrate how to check the name: The other file that we want to modify is the start-nat-simple.sh script; this is the file that will launch the AP. Again, we're going to use Leafpad, and the command is as follows: leafpad /usr/share/mana-toolkit/run-mana/start-nat-simple.sh The first thing to do is make sure that you correctly set phy parameter; this will be your wireless card. We already know that the wireless card was called wlan0. Next, the upstream parameter is very important; we should specify the card that has an internet connection. In our case, it was called eth0, the virtual card made by VirtualBox. Again, if everything is set up correctly, we will not modify anything. Our last step will be to run MANA, and it will be running the start-nat-simple.sh script. Instead of using leafpad, this time, we're going to use bash, in order to execute the file. Our command will be as follows: bash /usr/share/mana-toolkit/run-mana/start-nat-simple.sh Sometimes, we will get an error that says it cannot configure the file; in this case, just run the command again, and it should work the second time. Want to get a step-by-step guide of how to connect to a wireless adapter? [Click the link and check out the book]( It's free! [ChatGPT offering $20,000 bug bounty]( Did someone mention ChatGPT? Unless you've been living in a cave (and also ignoring your weekly updates from _secpro...), you probably know a fair bit about ChatGPT by now. In the wake of growing questions about the platforms security, OpenAI - the company behind the revolutionary software - has offered a [$20,000 bug bounty]( for anyone who can find an "exceptional discovery". What that entails, we're not 100% sure. But if you are the kind of person who is into trying to break things, this is a golden opportunity. [FIND OUT MORE HERE!]( Have You Tried...? Learning how to run forensic analysis on Linux is easier with a few tools specifically for running forensic analysis on Linux. Check out this week's selection and tell us your favorite one in the survey above! - [ashemery/LinuxForensics]( - Need a big collection to start studying hard? Look no further. - [aquasecurity/tracee]( - A Linux runtime security and forensics tool, using eBPF. - [intezer/linux-explorer]( - An easy-to-use live forensics toolbox for Linux endpoints. - [hard2bit/afbd]( - Need to pentest against teams with strong forensic capabilities? Test out this anti-forensics block device driver for Linux. - [M00NLIG7/ChopChopGo]( - Speed up your Linux forensics with this speedy artifact hunter. - [PacktPublishing/Digital-Forensics-with-Kali-Linux-Second-Edition]( - A book from [Packt]( all about how to run digital forensics with Kali. [FORWARDED THIS EMAIL? SIGN UP HERE]( [NOT FOR YOU? UNSUBSCRIBE HERE]( Copyright © 2023 Packt Publishing, All rights reserved. As a GDPR-compliant company, we want you to know why you’re getting this email. The _secpro team, as a part of Packt Publishing, believes that you have a legitimate interest in our newsletter and the products associated with it. Our research shows that you opted-in for communication with Packt Publishing in the past and we think that your previous interest warrants our appropriate communication. If you do not feel that you should have received this or are no longer interested in _secpro, you can opt out of our emails using the unsubscribe link below. Our mailing address is: Packt Publishing Livery Place, 35 Livery StreetBirmingham, West Midlands, B3 2PB United Kingdom [Add us to your address book]( Want to change how you receive these emails? You can [update your preferences]( or [unsubscribe from this list](.