zscaler - Fake it till you make it?

So on the twitter sphere today, I saw a post about this website; http://securitypreview.zscaler.com/ which is supposed to be some "in the cloud" network security company, I guess? And their free check up script is supposed to do an "Automated Audit" on your system, via the web browser. I know right, silly to even type this, but that's the claim.

Well apparently some of us professionals in the know tried it out. And no matter your OS, Device, Browser, etc, we noticed that every single time on ANYTHING, this scan would tell you that you are Vulnerable to the "zbot Virus", which oddly enough, their company name also starts with a "z" as in "ZScaler" Twitter @zscaler. Coincidence? I think not. Scareware, I think yes.

Just imagine for a second, if you will, some overly zealous CEO of some small-medium corporation coming across this advertisement. He figures, sure, why not, I'll run a free scan! I'll show those over priced infosec companies, HA!

He then sees he's vulnerable to some erroneous "zbot" virus. "OH NO!" he exclaims, and promptly follows the companies call to action to sign up for their "service". Sigh.. we've all been saying this for years, this was bound to happen. but what Mr CEO Doesn't realize -- and it's our jobs to educate them on this -- is that Network Security auditing and/or Penetration Testing involves (should always) thinking outside the box. There is absolutely no "canned" or out of the box magic protection software/technology. It's not possible, and everyone who thinks that is just another foolish sheep.

Anyway, I know exactly nothing else about the above mentioned company, however, I do know that what they are doing is an underhanded, shady practice no different from any other traditional scareware tactics.

By the way, as I mentioned, it doesnt matter the platform you're on, they tell you that you are vulnerable to the zbot virus. I googled the zbot virus, and the only systems it can infect is

Trojan

Systems Affected:

Windows 2000, Windows 7, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Server 2008, Windows Vista, Windows XP

Notice it doesn't say anything about Linux/Unix or android, mac, etc. Yet on all of those devices, it said I was vulnerable.

Reference

-AfterBurn

Updates: Next Week

Starting Next Week:

I am going to begin compiling the data for the presentation on "Phases of NetSec" which will discuss all of the details, steps, etc in Network Security Auditing and Penetration Testing. So far it's 13 slides of just talking points, so there is a lot of ground to cover. 

I am trying to figure out how to Produce the Video. Meaning it's obviously going to have to be done in parts since there is so much information to cover. 

While I am working on that, don't forget to check out the newest video:
Tor-Buddy Script Demo Tor + Proxychains + Anonymous DNS:
https://www.youtube.com/watch?v=AedFlLSmJf8

I will still be making Quick Vids based on your guys input on what you would like to learn in the interim. We have had 2 requests so far, 1 for nmap and one for VM-tools for kali linux. nmap will be included in the next video set: "Phases of NetSec".

Remember, please don't forget to like and share our videos, Facebook, and of course this very blog with all of your friends, family, and co-workers! Our presence on the web has been growing steadily, and that is great! The more people interested, the more creative I can be! 

Thanks Guys! See you in the next Video!

Tor-Buddy Live

New Script: Tor Buddy! Now Live!

Available in our downloads section HERE

Demo Video:

Don't forget to Like, Subscribe, and Share! 

Updated OpenVAS-6 OpenVAS EZ Startup Script

Updated OpenVAS-6 OpenVAS EZ Startup Script

I have updated the OpenVAS-6 EZ Setup script located HERE to include not only the startup script I wrote but also the Check-Setup script provided by OpenVAS for debugging purposes. I decided to do this to help users who are having difficulty getting it setup or running.

I am also working on the ToR auto script tonight as mentioned in the video "Installing and Configuring ToR + Proxychains as seen HERE so Stay tuned for that script and a video showing it's usages :-)

Enjoy! And Stay Tuned! 

It's Monday!

Hey Guys,

Hope you enjoyed your weekend. I apologize for making a post so late in the day, but, well, it's Manic Monday here!

The day is un-winding now. I am hoping to get the new intro done today/tonight. Then I want to move onto getting my virtual lab finished so we can resume Hacking the machines in there on the videos. I am going to redo the lab, because I want to further segment it, and put a Virtual Router/Firewall in place to simulate real world excersizes on how to perform firewall evasion.

I will also do a video on setting up your own Virtual Lab as has been requested by one of our members!

I am also thinking of creating a forum where we can ask questions, get help, etc. This idea I am not sure about quite yet.

Enough out of me! Back to work! :-)

EDIT:

I think what we are going to do is save the Virtual Firewall for the Advanced Video Tutorials.

I really want to get into showing you guys some examples of hacking machines. Then we will do a Virtual Lab setup, and then I will re-do the lab and setup the virtual firewall, fire it up on a Public IP, and show advanced techniques in terms of firewall evasion, etc.  

New Video Intro

Hey Guys,

I am working on a new Intro to our videos. I find as I am becoming better with Video Editing, that the default intro is kinda boring. I am hoping that tomorrow I can get Win2k3 server installed on the VM server. Also, I need to reinstall win7 because somehow it decided to BSOD with the network config, Not even sure why, but that is MSFT windows for you. All of my UNIX/Linux VM's are chugging right along without a hitch. This is why I love linux!

Anyways it's Sunday and I am going to take the day to relax, it was a rough week! Of course though, my brain never shuts off, so I will be doing some reading on Techie stuff, etc LOL.

Enjoy the rest of your weekend. I will see you all tomorrow, and hopefully I can respond to any questions/emails in a timely fashion for the rest of today.

Also, again, Thanks for the feedback, and questions/suggestions you guys have provided so far! It really goes a long way for me to see people interacting and even helping each other on the comments! Our youtube channel now has 67 Subscribers so far! Not bad for under a month of the sites and videos being active (started this on May 15th). I have you guys to Thank for the fast growth of this project, so Thank You!

As always keep sharing our pages, videos, blog, etc. Thanks!

Good Morning Good People!

I am going to be out in the field today. I will do my very best to answer any questions you guys may have from my phone.

I hope you guys enjoyed the latest video on ToR and Proxy chains I did yesterday. Please keep spreading the word, Thumbs up the videos, share them, and our facebook page. Thank You!

Enjoy your day!

New Video: Installing, and Configuring ToR Proxy with Proxychains + Exmaples

New Video: Installing, and Configuring ToR Proxy with Proxychains + Exmaples

Enjoy!