Codex Alimentarius

About Me

Name:
Location: Winnipeg, Manitoba, Canada

The Wholefood Farmacy makes eating healthy easy, convenient and affordable. We offer pure, nutrient-dense, ready-to-eat, whole food meals, snacks, soups, smoothie mixes and treats for the children. All of our foods are vegetarian, most are raw and vegan as well. We also offer many gluten-free and nut-free whole food choices for those with food sensitivities - see our FAQ section of the Whole Food Farmacy Website for more information.

Monday, August 31, 2020

Nemesis: A Packet Injection Utility


"Nemesis is a command-line network packet injection utility for UNIX-like and Windows systems. You might think of it as an EZ-bake packet oven or a manually controlled IP stack. With Nemesis, it is possible to generate and transmit packets from the command line or from within a shell script. Nemesis attacks directed through fragrouter could be a most powerful combination for the system auditor to find security problems that could then be reported to the vendor(s)." read more...

Website: http://www.packetfactory.net/projects/nemesis

Related links

posted by Whole Food Farmacy | 12:44 AM | 0 comments

Sunday, August 30, 2020

$$$ Bug Bounty $$$

What is Bug Bounty ?



A bug bounty program, also called a vulnerability rewards program (VRP), is a crowdsourcing initiative that rewards individuals for discovering and reporting software bugs. Bug bounty programs are often initiated to supplement internal code audits and penetration tests as part of an organization's vulnerability management strategy.




Many software vendors and websites run bug bounty programs, paying out cash rewards to software security researchers and white hat hackers who report software vulnerabilities that have the potential to be exploited. Bug reports must document enough information for for the organization offering the bounty to be able to reproduce the vulnerability. Typically, payment amounts are commensurate with the size of the organization, the difficulty in hacking the system and how much impact on users a bug might have.


Mozilla paid out a $3,000 flat rate bounty for bugs that fit its criteria, while Facebook has given out as much as $20,000 for a single bug report. Google paid Chrome operating system bug reporters a combined $700,000 in 2012 and Microsoft paid UK researcher James Forshaw $100,000 for an attack vulnerability in Windows 8.1.  In 2016, Apple announced rewards that max out at $200,000 for a flaw in the iOS secure boot firmware components and up to $50,000 for execution of arbitrary code with kernel privileges or unauthorized iCloud access.


While the use of ethical hackers to find bugs can be very effective, such programs can also be controversial. To limit potential risk, some organizations are offering closed bug bounty programs that require an invitation. Apple, for example, has limited bug bounty participation to few dozen researchers.
Related news

posted by Whole Food Farmacy | 4:16 PM | 0 comments

BurpSuite Introduction & Installation



What is BurpSuite?
Burp Suite is a Java based Web Penetration Testing framework. It has become an industry standard suite of tools used by information security professionals. Burp Suite helps you identify vulnerabilities and verify attack vectors that are affecting web applications. Because of its popularity and breadth as well as depth of features, we have created this useful page as a collection of Burp Suite knowledge and information.

In its simplest form, Burp Suite can be classified as an Interception Proxy. While browsing their target application, a penetration tester can configure their internet browser to route traffic through the Burp Suite proxy server. Burp Suite then acts as a (sort of) Man In The Middle by capturing and analyzing each request to and from the target web application so that they can be analyzed.











Everyone has their favorite security tools, but when it comes to mobile and web applications I've always found myself looking BurpSuite . It always seems to have everything I need and for folks just getting started with web application testing it can be a challenge putting all of the pieces together. I'm just going to go through the installation to paint a good picture of how to get it up quickly.

BurpSuite is freely available with everything you need to get started and when you're ready to cut the leash, the professional version has some handy tools that can make the whole process a little bit easier. I'll also go through how to install FoxyProxy which makes it much easier to change your proxy setup, but we'll get into that a little later.

Requirements and assumptions:

Mozilla Firefox 3.1 or Later Knowledge of Firefox Add-ons and installation The Java Runtime Environment installed

Download BurpSuite from http://portswigger.net/burp/download.htmland make a note of where you save it.

on for Firefox from   https://addons.mozilla.org/en-US/firefox/addon/foxyproxy-standard/


If this is your first time running the JAR file, it may take a minute or two to load, so be patient and wait.


Video for setup and installation.




You need to install compatible version of java , So that you can run BurpSuite.
More articles

  1. Hacker Tools Mac
  2. Pentest Tools Open Source
  3. Hacking Tools For Windows 7
  4. Pentest Tools Linux
  5. Hacking Apps
  6. Hacking Apps
  7. Hacking Tools 2020
  8. Hacker
  9. Game Hacking
  10. Pentest Tools
  11. Hacking Tools Name
  12. Hacking Tools For Games
  13. New Hack Tools
  14. Pentest Tools Website
  15. Hacker
  16. Hacker Tools Mac
  17. Pentest Tools Free
  18. Hacking Tools Online
  19. Hacking Tools Free Download
  20. Pentest Tools Website
  21. Hack Tools
  22. World No 1 Hacker Software
  23. Hacking Tools
  24. Termux Hacking Tools 2019
  25. Hacker Tools Linux
  26. Hacking Tools For Windows Free Download
  27. Pentest Box Tools Download
  28. Pentest Tools Android
  29. Nsa Hacker Tools
  30. Black Hat Hacker Tools
  31. Computer Hacker
  32. How To Install Pentest Tools In Ubuntu
  33. Hack Tools Pc
  34. Ethical Hacker Tools
  35. Hacker Security Tools
  36. Pentest Tools For Mac
  37. Pentest Reporting Tools
  38. Pentest Box Tools Download
  39. Hack Tools Online
  40. Game Hacking
  41. Computer Hacker
  42. Hacker Tools Online
  43. Hacker Tools Apk
  44. Termux Hacking Tools 2019
  45. Pentest Tools Android
  46. Hack Tools
  47. Hacking Tools 2020
  48. Hacking Tools For Windows
  49. Hacker Tools Free Download
  50. Hacking Tools Hardware
  51. Kik Hack Tools
  52. Hack Tools
  53. Hack Website Online Tool
  54. Pentest Tools For Windows
  55. Hack Rom Tools
  56. Hack Tools For Ubuntu
  57. Hack App
  58. Hacker Tools Online
  59. Hacker Tools Github
  60. Hack Tools Github
  61. Hack Tools For Mac
  62. Hacker Tools Linux
  63. Hacker Tools 2020
  64. What Is Hacking Tools
  65. Hack Tools Online
  66. Pentest Tools Github
  67. Hacking App
  68. Hacking Tools Pc
  69. Hacking Tools Mac
  70. Hack Tools Mac
  71. Best Hacking Tools 2020
  72. Pentest Tools Apk
  73. Hacker Tools Software
  74. Hack Tools
  75. Pentest Tools Github
  76. Hack App
  77. Hacker Tools Free Download
  78. Hacking Apps
  79. Hacker Tools Apk
  80. Hacking Tools Online
  81. Hacking Tools For Mac
  82. Hacker Tools Free
  83. Pentest Tools Port Scanner
  84. Hack Apps
  85. What Is Hacking Tools
  86. Pentest Tools
  87. Pentest Tools Apk
  88. Hack Tools For Mac
  89. Hacking Tools For Windows 7
  90. Nsa Hack Tools
  91. Hacker Tools Software
  92. Black Hat Hacker Tools
  93. What Are Hacking Tools
  94. How To Hack
  95. Hacker Tools Online
  96. Hacker Tools Apk Download
  97. Hacking Tools For Windows Free Download
  98. Hacker Tools Hardware
  99. Pentest Tools Port Scanner
  100. Tools Used For Hacking
  101. Hacker Tools For Mac
  102. Wifi Hacker Tools For Windows
  103. Hacking Tools Online
  104. Free Pentest Tools For Windows
  105. Ethical Hacker Tools
  106. Pentest Tools Online
  107. Pentest Tools Subdomain
  108. Pentest Tools Url Fuzzer
  109. Install Pentest Tools Ubuntu
  110. Pentest Tools For Android
  111. Beginner Hacker Tools
  112. Hack Tool Apk

posted by Whole Food Farmacy | 7:48 AM | 0 comments

Saturday, August 29, 2020

Recovering Data From An Old Encrypted Time Machine Backup

Recovering data from a backup should be an easy thing to do. At least this is what you expect. Yesterday I had a problem which should have been easy to solve, but it was not. I hope this blog post can help others who face the same problem.


The problem

1. I had an encrypted Time Machine backup which was not used for months
2. This backup was not on an official Apple Time Capsule or on a USB HDD, but on a WD MyCloud NAS
3. I needed files from this backup
4. After running out of time I only had SSH access to the macOS, no GUI

The struggle

By default, Time Machine is one of the best and easiest backup solution I have seen. As long as you stick to the default use case, where you have one active backup disk, life is pink and happy. But this was not my case.

As always, I started to Google what shall I do. One of the first options recommended that I add the backup disk to Time Machine, and it will automagically show the backup snapshots from the old backup. Instead of this, it did not show the old snapshots but started to create a new backup. Panic button has been pressed, backup canceled, back to Google.


Other tutorials recommend to click on the Time Machine icon and pressing alt (Option) key, where I can choose "Browse other backup disks". But this did not list the old Time Machine backup. It did list the backup when selecting disks in Time Machine preferences, but I already tried and failed that way.


YAT (yet another tutorial) recommended to SSH into the NAS, and browse the backup disk, as it is just a simple directory where I can see all the files. But all the files inside where just a bunch of nonsense, no real directory structure.

YAT (yet another tutorial) recommended that I can just easily browse the content of the backup from the Finder by double-clicking on the sparse bundle file. After clicking on it, I can see the disk image on the left part of the Finder, attached as a new disk.
Well, this is true, but because of some bug, when you connect to the Time Capsule, you don't see the sparse bundle file. And I got inconsistent results, for the WD NAS, double-clicking on the sparse bundle did nothing. For the Time Capsule, it did work.
At this point, I had to leave the location where the backup was present, and I only had remote SSH access. You know, if you can't solve a problem, let's complicate things by restrict yourself in solutions.

Finally, I tried to check out some data forensics blogs, and besides some expensive tools, I could find the solution.

The solution

Finally, a blog post provided the real solution - hdiutil.
The best part of hdiutil is that you can provide the read-only flag to it. This can be very awesome when it comes to forensics acquisition.


To mount any NAS via SMB:
mount_smbfs afp://<username>@<NAS_IP>/<Share_for_backup> /<mountpoint>

To mount a Time Capsule share via AFP:
mount_afp afp://any_username:password@<Time_Capsule_IP>/<Share_for_backup> /<mountpoint>

And finally this command should do the job:
hdiutil attach test.sparsebundle -readonly

It is nice that you can provide read-only parameter.

If the backup was encrypted and you don't want to provide the password in a password prompt, use the following:
printf '%s' 'CorrectHorseBatteryStaple' | hdiutil attach test.sparsebundle -stdinpass -readonly

Note: if you receive the error "resource temporarily unavailable", probably another machine is backing up to the device

And now, you can find your backup disk under /Volumes. Happy restoring!

Probably it would have been quicker to either enable the remote GUI, or to physically travel to the system and login locally, but that would spoil the fun.
Continue reading

posted by Whole Food Farmacy | 11:21 PM | 0 comments