Monday, May 18, 2020

[SOC Advanced] How VirusTotal functions and Investigating Malicious URL's

Have you ever wonder based on what VirusTotal gives you the outcomes? The greater part of individuals thinks there must be a 50 or more antivirus scanners which truly examines the URL however the truth of the matter is diverse. In this article you will know how VirusTotal functions

VirusTotal is an assistance that utilizes a few command line variants of antivirus engines, refreshed consistently with legitimate signatures, databases, documents distributed and checked by particular security specialists.


VirusTotal is not a actual virus scanner which run scan checks on the web-application or software's it is just take it's history information from various database, you will know how by one of my example.

On a bustling day while working a some of the client reported a suspicious email and it's contains the URL connect including social engineering content and I began inspect it as a part of my Investigation.

Unfortunate propensities and sluggishness of the majority of cyber security specialists is whatever it is they simply put it in VirusTotal or any online sandbox and whatever the result out they believe it, This resembles general practice for everybody.

I did likewise and got VirusTotal clean report. Here it is : 




URL was  https://pendingoffice365onlinelogins.wordpress.com/releasepending/

But I barely trust anything over internet i continued to investigate and was checking website source code and found that there was an redirection URL.

window.location.replace("https://servnet.pressvp-net.xyz/?e=Y2hhbmdlZCBlbWFpbCBhZGRyZXNzIGZvciBibG9n==");


After verifying the URL seen that page asking for O365 login credentials which is again looks suspicious as the URL is something different and again started investigating source code and found that credentials stored at another server and there were no activity after.



<div class="mainContent"><div class="menu_login_container"><form method="POST" action="o365login/post.php" id="login_form">

$habbo = $_POST['email'];
$password = $_POST['pass'];
$ip = $_SERVER['REMOTE_ADDR'];
$f = fopen("password.html", "a");


And afterward I am confirmed this is a phishing web page and all around made a completely imperceptible as the redirections was utilized nicely.

Not all the cyber security tools or software's verify this sort of conduct and that is the reason must need a manual investigation to check.

I chose to report a site immediately with the goal that others will realize this URL is Phishing URL, I love revealing bad things. So, i decided to report page on PhishTank so that other experts will also confirms the webpage as Phishing or Malicious.

Reporting is simple just click on "Add Phish" and provide your URL and basic info and wait for sometime to pick up by some experts and verify your URL



After checked as a legitimate phish, databases gets refreshed in back-end by Well known security sellers and VirusTotal refreshed its database excessively brisk.

First scanned before investigation and reporting a site as a phishing on 22-10-2019 03:12 UTC and the result was clean.
Below is the result of latest scan of 22-10-2019 03:56 UTC (Approx. 40 mins to update DB)

 

Result as of 2020-02-03 14:08:16 UTC


Now you maybe have an question what i did about redirected login page URL? which is https://servnet.pressvp-net.xyz/?e=Y2hhbmdlZCBlbWFpbCBhZGRyZXNzIGZvciBibG9n== and yes i reported and get verified as well so you can still find this URL as malicious.

Where and what to report and verify if you find something suspicious or malicious
    • There are various valid forums and vendors which offers to verify phishing links, malicious files, IP address, Hashes You just need to submit it experts will verify or you can also verify for others and rate it.
    • Such as Google safe browse, Trend Micro, PhishTank, Fortiguard, AbuseipDB.


Conclusion :
                  VirusTotal simply aggregates the output of different antivirus vendors and URL scanners, it does not produce any verdicts of its own.

Dear Cyber security specialists you can now trust again on your VirusTotal 😁



Wednesday, May 13, 2020

SUPER LIST OF SMS VERIFICATION SITES ! VERIFY FOR FREE NOW !

Simply sharing an mega list that I figured out how to search some place on the web. Enjoy the free resources.

Receive an SMS: https://receive-a-sms.com
SMS Receive free: https://smsreceivefree.com
Online SMS: https://sms-online.co
Receive SMS online: https://smsreceiveonline.com
Get a free SMS number: https://getfreesmsnumber.com
Receive SMS: http://sms-receive.net
Receive SMS Online.NET: https://www.receivesmsonline.net
Free SMS checks: www.freesmsverifications.com
7 SIM.NET: http://7sim.net
HS3X: http://hs3x.com
Receive free SMS: http://receivefreesms.com
Receive free SMS.NET: http://receivefreesms.net
Receive SMS Online.IN: http://receivesmsonline.in
Receive SMS online: https://receive-sms-online.com
See SMS: https://www.smsver.com
Groovl: https://www.groovl.com
SMS.SELLAITE: http://sms.sellaite.com
Send SMS now: http://www.sendsmsnow.com
Receive SMS online.EU: http://receivesmsonline.eu
Proovl: https://www.proovl.com/numbers
Anon SMS: https://anon-sms.com
Hide my numbers: http://hidemynumbers.com
Pinger: https://www.pinger.com
Free online phone: https://www.freeonlinephone.org
5SIM: https://5sim.net
SkyCallbd free virtual number: https://freevirtualnumber.skycallbd.com
Capture SMS: https://catchsms.com
SMS Get: http://smsget.net
1S2U: https://1s2u.com
Receive SMS: http://getsms.org
Vritty: https://virtty.com
Text anywhere: http://www.textanywhere.net
Receive SMS online.ME: http://receivesmsonline.me
Temporary emails: https://www.temp-mails.com
Purchase virtual number: http://www.virtualnumberbuy.com
Free Receive SMS online: http://freereceivesmsonline.com
NDTAN SMS: https://sms.ndtan.net
SMS Listen: https://smslisten.com
Free virtual SMS number: https://freevirtualsmsnumber.com
SMS Tibo: https://smstibo.com
Receive SMS number: https://receivesmsnumber.com
Free SMS code: https://freesmscode.com
Online SMS numbers: https://smsnumbersonline.com
SMS reception: https://smsreceiving.com
Trash Mobile: https://es.mytrashmobile.com/nu

Comment and share the page. ✊

Saturday, June 15, 2019

Bitdefender Cross site scripting vulnerability - Refused to Accept

Recently i have reported Persistent and Reflected XSS vulnerability to Bitdefender and they refused to acknowledge it and fix the vulnerability within 15 days. It was such a shameless act by Bitdefender.

After reporting the vulnerability this is what they respond me

 








However the vulnerability is fixed so i decided to share about Exploitation of the vulnerability.

Also made a video find it end of the blog.


































Find POC video below :