nobody is so free to write man page for the exploit. look, there's the output when you type 'show options'You can write your own exploit modules on metasploit iirc
def that's a known payload/ exploit.
Defence Cyber Agency of India
- Thread starter hawwk
- Start date
def that's a known payload/ exploit.
DownWithCCP
Senior Member
- Joined
- Jul 22, 2020
- Messages
- 2,036
- Likes
- 8,726
Have you checked for any reports on the event in the certin's website?
DownWithCCP
Senior Member
- Joined
- Jul 22, 2020
- Messages
- 2,036
- Likes
- 8,726
nvm there isn't anything there as well.
rone
Regular Member
- Joined
- Dec 23, 2016
- Messages
- 924
- Likes
- 2,983
Hackforums and kali linux, is this skid competition or serious joke
What a shit show, no wonder we have to buy everything from abroad,
Ps: if they used immunity canvas or exploit pack I would be happy, but HF and off shelf kali running msf, in serious simulation exercise, kill me please I seen enough.
rone
Regular Member
- Joined
- Dec 23, 2016
- Messages
- 924
- Likes
- 2,983
That is a reverse handler, mostly just demoing, no active revsre session generated,
i don't think handlers have this big man page. they've run info command above.
second to bottom command looks like run. well no session was generated like you said.
imagine using msf when it gets flagged by every shitty av. nowadays even obfuscation doesn't stop the av from detecting it.Hackforums and kali linux, is this skid competition or serious joke
What a shit show, no wonder we have to buy everything from abroad,
Ps: if they used immunity canvas or exploit pack I would be happy, but HF and off shelf kali running msf, in serious simulation exercise, kill me please I seen enough.
i didn't even realize that they were using hackforums lmao.
rone
Regular Member
- Joined
- Dec 23, 2016
- Messages
- 924
- Likes
- 2,983
Won't be effective Kerala police already tried in name of cyber dom ended up bunch of man child's just show off their entry level bug bounty skills, no emphasis on cooperative red teaming or exploit development, even some IIT alumnis joined effort nothing good come out, it's a good poster child for increasing cyber security awareness tho, only effort found success was from Delhi Police but they recruited former Indian hacker group( come in to limelight when they hacked Indian Government sites as a protest) memebrs based on those skills
- Joined
- Nov 9, 2021
- Messages
- 5,010
- Likes
- 11,716
Yeah we could definitely try and do something like that. And Also we could as Civilians try and make our Information Warfare and security ops in which we will fight Information Warfare Against our enemies, looks pretty good! I don't know how feasible it is though but common citizens like us could do something to do our part in serving our Nation
- Joined
- Nov 9, 2021
- Messages
- 5,010
- Likes
- 11,716
For sure sir!Bang on @Super Flanker
- Joined
- Nov 10, 2021
- Messages
- 417
- Likes
- 2,175
I wonder if we have our own VEP framework? Anyone have any idea about that? I have searched high and low about it on the internet and the only close thing I could find was cis-India report of 2019/2020 where it said VEP is important for us but that's just it. No discussions about it in any of their further report.
As a nation what is our Doctorine on Cyber/Digital/Electronic security. Unless there is a comprehensive strategy in place, the capability will never be fully developed, harnessed and utilized.
I am attaching few documents of 2021 from UK, Israel and China, which will show how and what they have for Cyber-Security strategy and Capability.
I am attaching few documents of 2021 from UK, Israel and China, which will show how and what they have for Cyber-Security strategy and Capability.
- Joined
- Nov 10, 2021
- Messages
- 417
- Likes
- 2,175
As of now, our defense doctrine which is national cyber security policy, 2013 states that we have different agencies at diff. levels of govt institution to protect our CII from cyber attacks. NCIIPC is one such agency whose sole purpose to thwart any attacks on our critical infrastructures such as power stations, nuclear plants etc. CERT-IN is an incident response team and is nodal agency of our country whose sole purpose is to prepare and respond to when cyber attacks or system compromises happen to ensure least possible damage is done to our infrastructure. It also gives security guidelines and advises to system and network admin of institutions to protect themselves from any attacks as best as possible. Being reactive and they are also proactive by carrying out VAPT and profiling attackers for any future attacks. NCIIPC and CERT-IN share some common responsibilities but main diff is that NCIIPC protects our critical infrastructures and since it comes under NTRO it's accountable to PMO. Cyber Swachhta Kendra is for malware analysis and making our systems free from botnets/zombies. C&IS comes under MHA responsible for any cyber crime incidents, NISPG implementation and suggesting amendments to it if necessary. They also have various sub-divisions like cyber sec wing, info sec wing and monitoring wing. This isn't complete list of our agencies which deals with cyber defense, it's all I know from internet.
As for our offensive, each institution of our Indian armed forces has their own doctrine to carry out cyber attacks against our enemies.
Indian army:
Indian Air Force:
Indian Navy:
Now coming to DCA:
Defense Cyber Agency will able to hack into encrypted/unencrypted networks, carry out sophisticated attacks against critical infrastructures of our enemies and at the same time defend against attacks carried on us and allow making of indigenous exploits, softwares, hardware thereby reducing dependence on foreign players for procuring cyber weapons. Attaching some SS of VIF Task Force report which details what offensive and defensive capabilities the military must have:
[continued]
On DCA:
[continued]
Army, Navy and Air Force recommended doctrine:
[continued]
So, all in all I will say our doctrine is sound. We ranked 10th in the world in 2020's GCI and the 1st in the entire APAC region beating even China. So, I will say cyber defense doctrine and practices are bearing great fruits cuz we were able to stop almost every cyber attack that year. A new national cyber security policy is being formulated which was in its last as reported by some news article in Oct, 2021. As for cyber offensive, well we won't know how effective we are unless tested in active conflict or war but lemme in on you a little secret, we have a very effective, lethal and competitive cyber offensive since more than a DECADE!! Obviously, there was no armed conflict like Kargil since 1999 so how do I know? Indian state-sponsored APT groups! I have been studying a lot about these espionage actors of ours and lemme tell with 200% surety the amount of sophistication our APTs have, it matches those of Chinese, Americans, Russians etc. So yeah, we have quite a good enough cyber offensive and defensive but ofcourse a lot is still needed to be done.
My advice: To make our own cyberweapons just like Israelis and Americans so that we can stop our dependence on foreign or black market.
Last edited:
rone
Regular Member
- Joined
- Dec 23, 2016
- Messages
- 924
- Likes
- 2,983
I begg to differ on sophistication of our apt groups yes we are comapreable to Iran and tire 2 lvl cyber power not in the league of Russian American or Chinese, the reason for this bottle neck is we almost 70% dpend on external entities for exploits and tools second we lack centralized cyber command ( in paper we have one but in practice we don't)
- Joined
- Nov 10, 2021
- Messages
- 417
- Likes
- 2,175
Actually I should have mentioned this that sophistication doesn't arise from only making indigenous exploits which have to be 0-day but the damage the exploit is able to do when inside a network or system. Chinese also don't make their own exploits, they either purchase from black market or just reverse engineer the NSA exploits, use it for their purpose and call it a day. Except Americans and Israelis I don't think there are any countries which make their own exploit. But tools yeah they do and so do we. For eg, BITTER in 2021 I guess used their own indigenous tool to extract sensitive data from their compromised pakis govt personnel. DoNot used an Indian-made spyware in 2021 against a Toga activist and in 2020 they used their own malware dubbed Firestarter which uses firebase cloud!! There are actually really less no of cases where APT groups around the world have exploited 0-day than already known vulnerabilities in unpatched systems at govt or military orgs. The Hangover Op resulted in compromise of over 61% chinese nationals related to its govt or military. Monsoon Op is another example of our APT sophistication.
And APT groups have their own C2 servers(either hired or already compromised system in an enemy org) so they don't need our centralized military command otherwise it could be that it gets traced to us by threat hunters thereby jeopardizing the military. APTs are never accepted by any govt/military hosting them. But yea for mounting military attacks on targets our cyber command is yet to be activated.
Last edited:
Flying Dagger
Senior Member
- Joined
- Sep 26, 2019
- Messages
- 3,583
- Likes
- 9,441
Several Indian sites hacked By Malaysia Indonesia ( or china ? ) Based servers.
rone
Regular Member
- Joined
- Dec 23, 2016
- Messages
- 924
- Likes
- 2,983
?, servers or hacker's? These so called mass hacking just a joke if you own a web site in shared hosting make sure the hosted server have updated kernel and whm password is not simple one, these so called hacking done by script kiddies, the impact of these hacks very minimal,
DownWithCCP
Senior Member
- Joined
- Jul 22, 2020
- Messages
- 2,036
- Likes
- 8,726
