Are TOR Hidden Services really hidden? Demystifying HS Directory surveillance by injecting Decoys inside TOR!

Recently, I spoke at the C0C0N X Security & Hacking Conference 2017 held at Le Meridien, Kochi. The talk focussed on the 'Hiddenness' of TOR Hidden Services specific to the detection of HS Directory Surveillance by injecting Decoys or Honeypots inside the TOR network. Here’s the digest of the presentation.


What is TOR?
The Onion Router – Gateway to Anonymity
How TOR works?
Establishing the Circuit
Directory Authorities - The Gatekeepers of TOR

Introduction to TOR Hidden Services (HS)
Why run a TOR HS? - Sneak peek into HS features
How TOR HS works? - HS Rendezvous Protocol

Analysis of hiddenness of TOR HSs 
Research Hypothesis - Are TOR HS really Hidden?
The HS Honeypot Approach
Setting up the Onion Decoy Project

Live Demo
Hosting Tor Hidden Service in seconds with Docker Containers
How to setup Honeypots (aka Onion Decoys) inside TOR Network
Live probing of Onion Decoys to detect intrusions by attackers

Results of the Onion Decoy Experiment 
Private Hidden Services are not really hidden

Conclusion & Takeaways
Everything can be a Honeypot, if you don’t know it fully
The more you hide, The more somebody wants to know why



The Source Code of the Onion Decoy Project is available at https://github.com/OnionDecoy


Below is the presentation for the delivered talk.

Installing Mac OS X El Capitan 10.10 on Vmware ESXi 6.0

After a long struggle of 48 hours, I could finally able to install the Apple's latest Mac OS X El Capitan v10.11  on a Virtual Machine (VM). The experiment was conducted on Vmware ESXi 6.0 virtualization platform running over physical IBM Server X3650 M3.


Following are the installation steps:

Setting up ESXi for running Apple Mac OS X 

Vmware ESXi 6.0 doesn’t support OS X out of the box.

1. So, the first thing you need to do is to customise the hypervisor layer by executing

Signing Java .jar Files with CLI Command Jarsigner using Hardware Token in Windows

How to Configure Java JDK to Use the eToken

1. Download the JDK from Oracle.com.
   Note:    Even if you are using a 64-bit version of Windows, the 32-bit JDK is required.
2. Open a text editor (such as Notepad) and do the following:
   1. Copy and paste the following 2 lines into the text (Notepad) document:
      
      name=eToken
library=c:\WINDOWS\system32\eTPKCS11.dll
   2. Save this file as eToken.cfg in the appropriate directory for your version of the JDK, for example:
      • JDK 1.8
        C:\Program Files (x86)\Java\jdk1.8.0_20\bin
      Note:    If you are running a 32-bit version of Windows, the Java JDK is installed in C:\Program Files\Java\....
      

ECIL GET Interview Experience 2012 - Raj Srivastava

May I come in Sir?
Yes, Come in.

Good Morning all. May I sit down?
Sure, Please be seated.

So Mr. Raj, Tell me about yourself?

3 Ways to URL Redirection from HTML page

Sometimes, it's  useful & inevitable to redirect the End-user from a web page to a completely different URL automatically. So in this tutorial I'll be presenting the 3 most efficient ways to URL Redirection from a HTML webpage.

1. Using 'meta' refresh tag
<head> <meta http-equiv="refresh" content="0;url=new.html"> </head>

SetUp Eclipse CDT using MinGW for Windows

The standard Eclipse CDT IDE (for C/C++) needs integration with the GNU toolchain, before you can start making your C/C++ projects in Eclipse (the world's best Open-source IDE, Integrated Development Environment). This includes GNU's make, gcc compiler, and gdb debugger utilities. For windows, MinGW and Cygwin are the two main platform choices for acquiring the toolchain. It is important to note the difference between them. Cygwin produces executables that use the Cygwin POSIX runtime. MinGW produces native Windows executables that do not require a separate runtime.

In this tutorial I'll show you how to setup Eclipse CDT using MinGW toolchain in a Windows Platform.

Android Offline Installation Procedure (Windows)

In this tutorial, I'll show the 'Android Offline Installation Procedure' for computers on a Windows Platform which do not have a direct Internet Connection.

1. Install Android SDK Manager, Revision 16.
  - The Android SDK Tools Package is the only package that gets installed.


2. Close the Android SDK Manager & Go to the SDK Installation folder "C:\Program Files\Android\android-sdk".

Beginning Java Programming for Dummies, Best Book

Java for Dummies

Nowadays, the amount of excitement Java has generated, may get you the impression that Java will save the world or at least solve all the problems of the Internet. Not really. Java's hype has pushed it far beyond of its capabilities, and while Java is indeed new and interesting, it really is a programming language with which you write programs that run on almost any platform, yet designed. While in this respect, Java is closer to popular programming languages such as C++, Visual Basic, than it is to a page description language such as HTML, or a very simple scripting language such as JavaScript.

Specifically, Java is an Object-Oriented Programming(OOP) language developed by Sun Microsystems. Build after C++, the Java language was designed to be portable(Platform-Independent) across Operating Systems, both at the Source and at the Binary level.

Now to learn Java there are plenty of Books, but the problem most of the students face is that most of the books are written in a style such that the reader has to have a hand or some experience in programming in some other language like C++. Hence, I beleive the book 'Beginning Programming with Java for Dummies' by Bary Burd, Wiley Publication is the best book for learning Basic Java for those too who don't know C++ that well.

Forward mails from one email account to another in real-time

We all have multiple email accounts for different purposes & its time-consuming & worth troublesome to keep track of all of them, if you don't prefer to use an Email client software like Mozilla Thunderbird. The best solution to this is to aggregate all mails into one main account and manage this account for all your personal, professional & social mails at one place.

Freeware Download of the Day - Widget for Blogs & Websites.

If you'll carefully look at the right sidebar of my blog, you surely will notice a widget named 'Freeware Download of the Day', which puts up a new Freeware download link each day dynamically. Isn't it Awesome? Well It's basically a Javascript widget designed by Abhinav the Prince & you too can grab the code of the widget for your blog/website. So go ahead, copy the text below & use it the way you want.

Hard Disk Maintenance - Windows Tools, Don't ignore

Don't ignore your Hard Disk maintenance.

Inner view of a Hard disk

Are you really ignoring? If yes, then the life span of your hard disk is decreasing each day, & sooner you'll be facing the blue problem of Hard Disk Crash which may lead to a nightmare if worse conditions so prevail that Data Recovery becomes impossible even with Recovery tools like Pandora Recovery.

Hence,  there's a need of some routine maintenance of hard disks for fast, smooth, & healthy performance. The heuristic part is that every OS offers maintenance tools, but a handful of Enthusiasts use them.

Here, I'll discuss about 2 predefined tools in Windows OS viz.

Recover Permanently Deleted Data (Shift+Del or Empty Recycle Bin)

Today I will share a trick for newbies on how to recover lost data, deleted permanently using the Shift+Del scheme or Empty Recycle Bin scheme in Windows.
Well, when you delete files like this, the files never get Permanently deleted (though Windows says so, Misnomer). It still exists on the hard disk. This is termed as 'Data Remanance'. The file names only are deleted from the system directory. Hence, you can use a wonderful freeware tool called

How to Resize a Hard Disk Partition

Windows doesn't allow you to resize or partition a drive without losing data. Fortunately, there is an Award-winning Freeware application called EASEUS Partition Master that allows you to resize, reorder, move & basically manipulate the free space in a partition, that too quite easily with the user-friendly graphical interface (GUI).

Suppose you have enough unused free space inside a previously created partition (say D:\ drive) but you are running out of free space in another partition (say E:\ drive). Now, if you want to shift or move that free space from drive D:\ to E:\ or you want to make a new drive (say F:\) for that unused free space of D:\ drive, then you surely need this software.

Linux Distros & Distro Evolution Graph

Today I, here, will share about the various Linux Distros & the Distro Evolution Graph. Firstly,

What is a Distro?
A Linux version or Distribution is commonly referred to as a Distro.

How many Distros of Linux are there?
Currently, there are more than 360 Linux Distros, with different releases, offering wide range ofspecific & generic purposes.

Which are the most popular Distros?
Some of the popular distros are Ubuntu, RedHat, Fedora, Debian, OpenSuse, Gentoo, Puppy Linux, PCOSLinux, Mandriva, OpenGEU, Knoppix etc. with the 1st three being the most widely used.

Now, let's get into the Distro Evolution Graph. Actually Distros of Linux have been around almost as long as Linux itself, & many distros have spawned child, grandchild & even great-grandchild distros. A better understanding of distros can be made by knowing their roots in the family tree as they came from. The following chart is known as the Disto Evolution Graph.

How to Install Windows 7 from USB Drive

Bootable Non-Live way - Only for installation.

Here, I give a short & simple way to install Windows 7 into your system from a USB drive.The benefit you get with this native support for USB installation is that you can easily install Windows 7 on ultra portable machines & netbooks which don't have optical drives and at the same time, the speed you get while installing from a USB drive is much faster than installing it from an optical drive. So why not give it a try.

Follow the following steps to start off:

Presentation on Linux

Linux Logo

With growing urbanization, in today’s prevailing modern era, Linux OS has emerged on its pathway to compete with Microsoft's Windows. The number of Linux users has increased exponentially in the last 2 decades. This is an epitome of the success of Linux.

So, I, in my 2nd year of B.Tech (CSE), decided to deliver a presentation on this burning topic 'Linux' in my college with my 4 other fellow friends. The presentation was an outstandingly successful event and I, on the behalf of the group, am also grateful to my peer collegemates for all their worthy praises and solicited inspirations that we got all through.

The following is an overview of what we presented.


INTRODUCTION

• What is an Operating System(OS)?
• What is LINUX ?
• Misconceptions & Myths of Linux
• Only for Geeks & Professionals
• Command-based
• Free, hence bad
• Only for high-configuration computers
• Position of Linux in techno world
• Versions/Distributions or Distros

HISTORY & EVOLUTION

• Origin of Unix
• What is Minix ?
• Linus Trovalds, the inventor
• Open Source Community/GPL License
• Distro Evolution Graph
• Linux usage history

ADVANTAGES

• Low maintenance cost
• Security, Virus-Free
• Stability
• High Performance
• Network efficient
• Compatibility
• Multitasking
• Open Source benefits

DISADVANTAGES & DEMIRITS

• Format incompatibility with Windows
• Dependency on Internet connection
• No 3D Games
• Advanced tasks, Command-line based
• Complex installation
• Risky for amateurs

INSTALLATION & CONCLUSION

• Basic Terminologies
• 5 Steps of Installation
• Desktop Environments
• Gnome
• KDE
• Root Directory Concept
• Common Linux softwares
• OpenOffice.org
• VLC Media Player
• Gimp
• Mozilla Firefox
• K3B Burning studio
• Final concluding Highlights
• Not too difficult for a novice
• No more tensions of Virus
• Great cheap solution for Office use
• Not for Gamers
• Why not try something new ?

For a free copy of the .ppt file & the .doc file of the Presentation Report Click here.

For any other assistance, Contact abhinav.the.prince.7star@gmail.com

Hacking FAQs

I get a lot of emails about hacking & it is hard for me to answer each question frequently. So I have organized some of the most Frequently Asked Questions (FAQs) about Hacking this time.

• What is 'Hacking'?
• Who is a 'Hacker'?
• What is the Hacker Terminology?
• How do I hack?
• What do I need to be able to hack?
• What is The Hacker Toolbox?
• How do I secure my computer from being hacked?

What is 'Hacking'?

Computer hacking is the process of changing computer software & hardware to do something outside of the original vendor’s purpose. Hacking is an art of exploiting loopholes/bugs in a software/module

Who is a 'Hacker'?

Many people believe that hackers are computer criminals. They don't recognize the fact that criminals and hackers are different & Media is responsible for this. Actually Hackers are good and extremely intelligent people who use their knowledge in a constructive manner to help organizations, companies, government, etc. to secure secret information on the net. Hackers are the one who like to explore and learn how computer systems work, finding ways to make them do what they do better, or do things they were not intended to do.

What is the Hacker Terminology?

Since hacker terminology changes lot over a period of time some of the terminologies here may not still be relevant when they are being used. Inspite of this, most of the terminology will stay and only change slightly if it does.

• Hacker: Person who modifies something to perform in a way that was different than it was made for.
• Cracker: Who break into a computer system for an offensive purpose, e.g. defacement. A cracker is a hacker.
• Ethical Hacker: People who hack into systems for defensive purposes.
• White hat hacker: People with defensive security intentions, similar to ethical hacker. White hat hackers existed before ethical hackers.
• Black hat hacker: A hacker with malicious or offensive intentions.
• Gray hat hacker: Combination of white and black hat hackers. White hats are technically gray hats because black hat hackers can use the tools that white hats use.
• Vulnerability: A weakness of a system that could lead to compromised security. Somebody may write a script to exploit this vulnerability.
• Exploit: A defined method of hacking vulnerability.
• Black Box Attacks: Security testing with no knowledge of  network infrastructure, e.g. attacking a company from the net.
• White Box Attacks: Security testing with full knowledge of the network infrastructure.

How do I hack?

There's no easy way to hack. Read any information you can find on hacking. Read hacking forums & check out hacking websites. Learn a programming language like C++. Get a book like Hacking for Dummies which will teach you a lot. The best way to start hacking is to teach oneself !!!!

What do I need to be able to hack?

You need to understand how computer's operating system works, networks & protocols works, security settings and general PC knowledge. After this you need hacking tools which help you to hack.

What is The Hacker Toolbox?

Apart from their own ingenuity, the main resource hackers rely upon, is computer code. While there is a large community of hackers on net, only some hackers actually program code. Many hackers download code written by other people. There are different programs hackers use to explore computers and networks. These programs give hackers a lot of power over innocent users and organizations — once a skilled hacker knows how a system works, he can design programs that exploit it.

Malicious hackers use programs to:

• Log keystrokes: These programs allow hackers to review every keystroke a computer user make.
• Hack passwords: There are many ways to hack someone’s password, from educated guesses to algorithms that generate combination of letters, numbers and symbols.
• Infect a computer or system with a virus: A hacker might install a virus by infiltrating a system, but it is much more common for hackers to create simple viruses and send them out to potential victims via email, instant messages.
• Gain backdoor access: Similar to hacking passwords, some hackers create programs that search for unprotected pathways into network systems and computers. Another way a hacker might gain backdoor access is to infect a system with a Trojan horse.

How do I secure my computer from being hacked?

The best way is to having a basic knowledge of computer security and related topics such as Virus, Trojans, spyware, phishing etc. is more than enough to secure your computer. Install a good antivirus like Kaspersky and a firewall.