tag:blogger.com,1999:blog-69128411110483827182024-02-20T17:33:05.584-08:00Backtrack TeamSPAM E-BOOKS NEWS PENTESTING SCRIPTS TUTORIALS VIDEOS WALLPAPERSMalik korrichhttp://www.blogger.com/profile/12435381533518749134noreply@blogger.comBlogger4696125tag:blogger.com,1999:blog-6912841111048382718.post-16117062786019147342016-09-30T01:00:00.000-07:002016-10-03T06:20:27.581-07:005 Best Ways to Secure Mobile Users<div dir="ltr" style="text-align: left;" trbidi="on">As mobile devices have become essential part of human life, soon it will be used as a tool for the employee to enhance their productivity. While workplace flexibility and convenience is increasing, mobile employees are actually putting enormous amounts of company data at risk. Most of the time employees use third party applications, ignores security updates, access unprotected network connections that leave personal and corporate data at risk and become the easiest target for the cyber criminals.<br /><br />To reduce such risk from employee end, <b>Alvaro Hoyos</b>, the Chief Information Security Officer at <a href="https://www.onelogin.com/" rel="nofollow" target="_blank">OneLogin</a> has suggested some tips that will surely enable organizations to double check the mobile user’s and the employee’s security.<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgd9Z8XFYAEYWdh1qDLUCuBpzUF09JRxVkdBY0puSr1TCE6-M8IZIWU-JFFbEOt_cxmBht51gbDUywTzX8MV9zaRP5ShMByv5mYtp-_eZTGXKiWHWd1z8jFCpL2Td3ag4MMFCT6Lz5NGJBh/s1600/5+Best+Ways+to+secure+mobile+users.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgd9Z8XFYAEYWdh1qDLUCuBpzUF09JRxVkdBY0puSr1TCE6-M8IZIWU-JFFbEOt_cxmBht51gbDUywTzX8MV9zaRP5ShMByv5mYtp-_eZTGXKiWHWd1z8jFCpL2Td3ag4MMFCT6Lz5NGJBh/s1600/5+Best+Ways+to+secure+mobile+users.png" /></a></div><br /><br /><h3 style="text-align: left;"><b>Realistic Security Policies:</b></h3><br />The organizations should prefer more reliable and realistic policies, if they implement policies that are rigged as compare to organization’s maturity, chances are that the employees will subvert or ignore them altogether. <br />Policies should be strict but also workable, so that it influence employee to follow the policy and get their work done. This is important when it comes to mobile users that operates cooperate applications on their Smartphone or tablets. Policies should be implemented for every device that is being used by the employees.<br /><br /><h3 style="text-align: left;"><b>Multifactor authentication:</b></h3><br />As many employees access their information and work for the organization from a remote location, it is most important to assure that right person is using the right information. For that Multi-factor authentication should be used that guarantees the access controls.<br />The hackers are evolving their attacking techniques; the only way to protect unauthorized access is to implement multi-factor authorization for mobile users to reduce the risk of any hacking incident.<br /><br /><h3 style="text-align: left;"><b>Empower Employee:</b></h3><br />Organizations deploy many automated detection systems that alerts them with any uncertain or unexpected activity. This process can spread to granular part of the organization that is employees. By empowering employees to become a part of the organization’s detection plan, employees will get to know about the activities they have direct control over, such as changing their password or logging in from a new location, it will help organization to make employee the part of the early detection plan.<br /><br /><b>Understanding the Risk of Mobility:</b><br /><br />Mobile devices, whether those used by employees or by mobile users, should not be the primary or users with complete access or should be carrying organizational confidential information. The organizations should consider the risk of stolen or misplaced devices, that how devastating it could be. To overcome this critical issue, mobile user should protect their devices with a trusted SaaS solution. Additionally, documents on mobile systems should be backed up on a daily basis.<br />Furthermore, policies should be defined for the mobile end users that what data can be copied to mobile devices and what data should never leave those same systems.<br /><h3 style="text-align: left;"><br /><b>Continuous Monitoring and tracking:</b></h3><br />As employees are accessing the systems from mobile devices in a huge number, it is possible that the device may get lost, stolen or misplaced. In such case asset tracking system should be implemented. No doubt these solutions are expensive, but worth investing to protect an organization’s asset from falling into the wrong hands. Devices that are no longer in use or have been lost or stolen need to be tracked as well, in case they reappear on your network.<br /><br />Just as making sure about which remote device is doing what from where, threats will be still there. Monitoring is the best option to expose the uncertain activities to prevent the employees to enter privileged mode or access the restricted information. Unauthorized mobile users can be devastating for any organization, so prevention techniques should be implemented to reduce this risk.<br /><div><br /></div></div>Malik korrichhttp://www.blogger.com/profile/12435381533518749134noreply@blogger.com0tag:blogger.com,1999:blog-6912841111048382718.post-68022870949926372402016-09-27T23:17:00.000-07:002016-10-03T06:20:27.992-07:00WPA WPA2 Phishing Tool: Linset<div dir="ltr" style="text-align: left;" trbidi="on">Linset is not a social engineering tool that is used to hack without bruteforce; it requires only two programs that are lighttpd and php5-cgi.<br /><br /><b>apt-get install lighttpd</b><br /><b><br /></b><b>apt-get install php5-cgi</b><br /><br />After you unzip the download, place the linset folder found in the download into root. This folder contains a php file, a backup php and an alldata.txt. You cannot change the name of the linset folder or place it in another location unless you change the bash coding.<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEisg_ns-L0ep76xvSRzM4mvoiRX_JDrVijFOzqwL-2y-n6IDkES77NJaSFarBbrMyVuTFz3Q8COyoyWthOZyzzjwpKqLPJPa8ibO2scQmzgkgPSLUQZ80ho5wIgVT0XdFrRn2nKJaN2w8bG/s1600/WPA+WPA2+Phishing+Tool-+Linset.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEisg_ns-L0ep76xvSRzM4mvoiRX_JDrVijFOzqwL-2y-n6IDkES77NJaSFarBbrMyVuTFz3Q8COyoyWthOZyzzjwpKqLPJPa8ibO2scQmzgkgPSLUQZ80ho5wIgVT0XdFrRn2nKJaN2w8bG/s1600/WPA+WPA2+Phishing+Tool-+Linset.png" /></a></div><br /><br /><b>How it works</b><br /><br />•<span class="Apple-tab-span" style="white-space: pre;"> </span>Scan the networks.<br />•<span class="Apple-tab-span" style="white-space: pre;"> </span>Select network.<br />•<span class="Apple-tab-span" style="white-space: pre;"> </span>Capture handshake (can be used without handshake).<br />•<span class="Apple-tab-span" style="white-space: pre;"> </span>We choose one of several web interfaces tailored for me (thanks to the collaboration of the users).<br />•<span class="Apple-tab-span" style="white-space: pre;"> </span>Mounts one FakeAP imitating the original.<br />•<span class="Apple-tab-span" style="white-space: pre;"> </span>A DHCP server is created on FakeAP.<br />•<span class="Apple-tab-span" style="white-space: pre;"> </span>It creates a DNS server to redirect all requests to the Host.<br />•<span class="Apple-tab-span" style="white-space: pre;"> </span>The web server with the selected interface is launched.<br />•<span class="Apple-tab-span" style="white-space: pre;"> </span>The mechanism is launched to check the validity of the passwords that will be introduced.<br />•<span class="Apple-tab-span" style="white-space: pre;"> </span>It de-authenticate all users of the network, hoping to connect to FakeAP and enter the password.<br />•<span class="Apple-tab-span" style="white-space: pre;"> </span>The attack will stop after the correct password checking.<br /><br /><b>How to Use</b><br /><br /><b>$ git clone https://github.com/chunkingz/linsetmv1-2.git</b><br /><b><br /></b><b>$ cd linsetmv1-2</b><br /><b><br /></b><b>$ chmod a+x linsetmv1-2</b><br /><b><br /></b><b>$ mv linset /</b><br /><b><br /></b><b>$ ./linsetmv1-2</b><br /><br /><br /><b>Download</b><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh2kVq4L6VMJVpfqVgZXbK-MADlkFj7amEebopl9hLUCE3zoOsSXH1-C4wCQZwqehfG4fgdG4wAPY9IBpG-lrPEwXb5zNsxyDlPER4MpMb80B1Xz5_CYausGUSZUs5d6dZcbtvv345dhoz-/s1600/698860-icon-129-cloud-download-128.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh2kVq4L6VMJVpfqVgZXbK-MADlkFj7amEebopl9hLUCE3zoOsSXH1-C4wCQZwqehfG4fgdG4wAPY9IBpG-lrPEwXb5zNsxyDlPER4MpMb80B1Xz5_CYausGUSZUs5d6dZcbtvv345dhoz-/s1600/698860-icon-129-cloud-download-128.png" /></a></div><span style="text-align: center;"> <a href="https://github.com/vk496/linset" rel="nofollow" target="_blank">Download Now</a></span></div>Malik korrichhttp://www.blogger.com/profile/12435381533518749134noreply@blogger.com0tag:blogger.com,1999:blog-6912841111048382718.post-47613783626984059632016-09-27T00:21:00.000-07:002016-10-03T06:20:28.076-07:00Durvasav: Bruteforce Password Cracker<div dir="ltr" style="text-align: left;" trbidi="on">Durvasav bruteforce password cracker is a simple bruteforce password hash cracker program written in C language. It is a console program released under GNU GPL version 3 and runs on Windows. This tool is used to extract plain text from any standard hashes. It uses the OpenSSL library for generating hashes.<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhTd42Cvb57-q2DWhJ2ExeL4YLkLfg3oXAlDTmvJcTYjcs48scb_PwQzha3B8FyHedVuDxMDWEc5UQpUvNtDIKKSLbGe4XlsGL8FC8mtZRVxPgA6v6stwrzJLUfthk92nuW2HuBD_oWFXdM/s1600/Durvasav-+Bruteforce+Password+Cracker.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhTd42Cvb57-q2DWhJ2ExeL4YLkLfg3oXAlDTmvJcTYjcs48scb_PwQzha3B8FyHedVuDxMDWEc5UQpUvNtDIKKSLbGe4XlsGL8FC8mtZRVxPgA6v6stwrzJLUfthk92nuW2HuBD_oWFXdM/s1600/Durvasav-+Bruteforce+Password+Cracker.png" /></a></div><br /><br />Durvasav allows us to compare thousands of hashes to a hash table at a time. It supports MD4, MD5, SHA0, SHA1, SHA224, SHA256, SHA384 and SHA512 standard hashing algorithms. You can also produce hash tables of all these hashes for different character sets or generate wordlists for reverse hash lookup.<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgNGwRSCs8jvGbHcddElW0c9Xys__q47fwmKs6LWM4rkW8VkYG44wlZJx-KmJl_bK9njWfO74EMqE-BDHE8fbGCEBPKpXlrHOqmzRve9_2nfOPjCcHKrkes7gCl4IJLwey4C9c4MBAw_8o2/s1600/Durvasav-Home.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgNGwRSCs8jvGbHcddElW0c9Xys__q47fwmKs6LWM4rkW8VkYG44wlZJx-KmJl_bK9njWfO74EMqE-BDHE8fbGCEBPKpXlrHOqmzRve9_2nfOPjCcHKrkes7gCl4IJLwey4C9c4MBAw_8o2/s400/Durvasav-Home.jpg" width="400" /></a></div><br /><br /><b>Features:</b><br /><b><br /></b>•<span class="Apple-tab-span" style="white-space: pre;"> </span>Supports MD4, MD5, SHA0, SHA1, SHA224, SHA256, SHA384 and SHA512.<br />•<span class="Apple-tab-span" style="white-space: pre;"> </span>Uses fast OpenSSL library.<br />•<span class="Apple-tab-span" style="white-space: pre;"> </span>Includes wide variety of character sets and a custom character set.<br />•<span class="Apple-tab-span" style="white-space: pre;"> </span>Performs ‘pseudo’ operation.<br />•<span class="Apple-tab-span" style="white-space: pre;"> </span>Hash table generation.<br />•<span class="Apple-tab-span" style="white-space: pre;"> </span>Generates bruteforce password table.<br />•<span class="Apple-tab-span" style="white-space: pre;"> </span>Import and compare hash tables containing thousands of hashes.<br />•<span class="Apple-tab-span" style="white-space: pre;"> </span>Maximum password length of 12 characters (will increase it).<br />•<span class="Apple-tab-span" style="white-space: pre;"> </span>Wordlist generation for all characters.<br />•<span class="Apple-tab-span" style="white-space: pre;"> </span>Compatible with Windows 32bit and 64bit.<br /><br />You can either choose from predefined character sets or a custom character set of your own.<br /><br />•<span class="Apple-tab-span" style="white-space: pre;"> </span>[0…9] – Numeric from 0-9.<br />•<span class="Apple-tab-span" style="white-space: pre;"> </span>[a…z] – Small letters from a-z.<br />•<span class="Apple-tab-span" style="white-space: pre;"> </span>[A…Z] – Capital letters from A-Z.<br />•<span class="Apple-tab-span" style="white-space: pre;"> </span>[0…z] – 0-9 numeric and a-z alphabets.<br />•<span class="Apple-tab-span" style="white-space: pre;"> </span>[0…Z] – 0-9 numeric and A-Z alphabets.<br />•<span class="Apple-tab-span" style="white-space: pre;"> </span>[a…Z] – All small and capital letters.<br />•<span class="Apple-tab-span" style="white-space: pre;"> </span>[0..a..Z] – All numbers, small letters and capital letters.<br />•<span class="Apple-tab-span" style="white-space: pre;"> </span>[All] – All numbers, small letters, capital letters and all special characters.<br />•<span class="Apple-tab-span" style="white-space: pre;"> </span>[Custom] – Select this if you want use a custom character set.<br /><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://github.com/vishnumaiea/Durvasav-BfPC" rel="nofollow" target="_blank">Download Now</a></div><div class="separator" style="clear: both; text-align: center;"><a href="https://github.com/vishnumaiea/Durvasav-BfPC" rel="nofollow" target="_blank"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiHnhscLvX1P5HR0pDzUKCqR15FNw23VaegKFzOj_IWj6NrfcKKreFkPK1COSruA-M0MgS2G_tYsYVyMfoK99FKYx9VBf3PUB7HXYabNNvcRcjtKIEMvUNO2PwnWlDpVIEYFXeRkMtbVddJ/s1600/698860-icon-129-cloud-download-128.png" /></a></div><div><br /></div></div>Malik korrichhttp://www.blogger.com/profile/12435381533518749134noreply@blogger.com0tag:blogger.com,1999:blog-6912841111048382718.post-77107540788058550672016-09-22T20:58:00.000-07:002016-10-03T06:20:28.154-07:00C Programming For Hackers - Part 4<div dir="ltr" style="text-align: left;" trbidi="on"><iframe allowfullscreen="" frameborder="0" height="270" src="https://www.youtube.com/embed/KQ7zi1F0d34" width="480"></iframe></div>Malik korrichhttp://www.blogger.com/profile/12435381533518749134noreply@blogger.com0tag:blogger.com,1999:blog-6912841111048382718.post-53220875915005140122016-09-20T22:56:00.000-07:002016-10-03T06:20:28.226-07:00Open Source OSINT Assistant: DataSploitThe various Open Source Intelligence (OSINT) tools used to capture data, gives the user all the relevant information about the domain / email / phone number / person, etc. It allows us to expand our attack/defense surface by collecting relevant information about the target.<br /><br />DataSploit simply requires the minimum data (such as domain name, email ID, person name, etc. It is developed by using different programming languages that are popular among the field, that are Python, MongoDb and Django. Once the data is collected, firstly the noise is removed, after which data is correlated and after multiple iterations it is stored locally in a database which could be easily visualized on the UI provided. The sources provided are picked after complete analysis and are known to be providing reliable information.<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi-lvSuLyaj69je9HCDOMsxwXlq0P5P4FVUxc5_-Fla_0QtFWW3Dw34sV-ACrl9hQ-a6trQE6XoVesqdZcrXjw76PJNBK4SXMF0ZRv9lVEg6Yq8ZuJhTx0XqpmYBZVVoqOgQ09X_-8oEJFv/s1600/Open+Source+OSINT+Assistant-+DataSploit.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi-lvSuLyaj69je9HCDOMsxwXlq0P5P4FVUxc5_-Fla_0QtFWW3Dw34sV-ACrl9hQ-a6trQE6XoVesqdZcrXjw76PJNBK4SXMF0ZRv9lVEg6Yq8ZuJhTx0XqpmYBZVVoqOgQ09X_-8oEJFv/s1600/Open+Source+OSINT+Assistant-+DataSploit.png" /></a></div><br /><br /><b>Features:</b><br /><br /><ul><li>Performs automated OSINT on a domain / email / username / phone and find out relevant information from different sources.</li><li>Useful for Pen-testers, Cyber Investigators, Product companies, defensive security professionals, etc.</li><li>Correlates and collaborate the results, show them in a consolidated manner.</li><li>Tries to find out credentials, api-keys, tokens, sub domains, domain history, legacy portals, etc. related to the target.</li><li>Available as single consolidating tool as well as standalone scripts.</li><li>Available in both GUI and Console.</li></ul><b>Requirements:</b><br /><br /><ul><li>MongoDb, Django, Celery and RabbitMq</li><li>Bunch of python libraries</li><ul><li>amqp==1.4.9</li><li>anyjson==0.3.3</li><li>BeautifulSoup==3.2.1</li><li>beautifulsoup4==4.4.1</li><li>billiard==3.3.0.23</li><li>bs4==0.0.1</li><li>celery==3.1.23</li><li>clearbit==0.1.4</li><li>config==0.3.9</li><li>Django==1.9.8</li><li>django-celery==3.1.17</li><li>dnspython==1.14.0</li><li>future==0.15.2</li><li>idna==2.1</li><li>json2html==1.0.1</li><li>kombu==3.0.35</li><li>lxml==3.6.0</li><li>piplapis-python==5.1.0</li><li>pyinotify==0.9.6</li><li>pymongo==3.3.0</li><li>python-Wappalyzer==0.2.2</li><li>python-whois==0.6.2</li><li>pytz==2016.6.1</li><li>requests==2.10.0</li><li>requests-file==1.4</li><li>simplejson==3.8.2</li><li>six==1.10.0</li><li>tldextract==2.0.1</li><li>tqdm==4.7.6</li><li>termcolor</li></ul></ul><div><b>Download:</b></div><div><b><br /></b></div><div class="separator" style="clear: both; text-align: center;"><a href="https://github.com/upgoingstar/datasploit" rel="nofollow" target="_blank"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiJuajYDp5zKOh5SkJFYZ0QyLwK3WCc_5upCg3a4Jx5QF4HOCSt6SLWi4nZJrvjV8b81oykQx7b7cH-RtzHTEXIxPUt0b5CvkRXW4vZ_YCk4rFP5AK8c9PVxCO3V8xBXTQiEniJzz4J3DpO/s1600/698860-icon-129-cloud-download-128.png" /></a></div><div style="text-align: center;"><b><br /></b></div><div style="text-align: center;"><b> <a href="https://github.com/upgoingstar/datasploit" rel="nofollow" target="_blank">Download Now </a></b></div>Malik korrichhttp://www.blogger.com/profile/12435381533518749134noreply@blogger.com0tag:blogger.com,1999:blog-6912841111048382718.post-74050469540399962542016-09-18T05:05:00.000-07:002016-10-03T06:45:56.474-07:00Has your password been leaked?<a href="#compromised">Don't want to read the theory? Just want to see if your password has been leaked. Click here or scroll down.</a><h2>How websites store data</h2><div>When you create an account on a website, <b>the website stores your registration details on it's SQL databases</b>. Very few people, even within the company/website have direct access to the databases.</div><div><br /></div><div><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgOF_DjeHRXZKzkBGpCeuFaw8ZEvr9q5gdZpksxkhLmIoe2L2oRRXQgNy5nwu9exRA9oTIXGrlkmaXfbY_aaO4YNMMebmTsyLLjHaYZlPxD3NwoqjCJCet_rm4ylh73uMcj3VYYb8MsVuw/s1600/download.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="168" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgOF_DjeHRXZKzkBGpCeuFaw8ZEvr9q5gdZpksxkhLmIoe2L2oRRXQgNy5nwu9exRA9oTIXGrlkmaXfbY_aaO4YNMMebmTsyLLjHaYZlPxD3NwoqjCJCet_rm4ylh73uMcj3VYYb8MsVuw/s320/download.png" width="320" /></a>In a naive world, the database would contain your plaintext passwords. However, since there are hackers doing SQL injection attacks to dump the database data, it's helpful to <b>keep the password hashed/ encrypted</b>. This would mean that even <b>if someone has access to the table</b>, he would see your username, email address, and <b>hashed password, but not the plain-text password</b>.<br /><br />Those who don't know about hashing may wonder <b>how does the website check if you are typing the correct password during login, if the site itself doesn't know you password</b>. Well, to understand that, you must understand what hashing is. You can read it up on wikipedia for a technical idea, but I'll (grossly over-)simplify it for you.</div><div><br /></div><div>Hashing is any operation which is easy in one direction, and difficult in reverse. For example, mixing two colors is easy, while finding out the constituent colors of a color mixture isn't quite that easy. Multiplying two large (prime) numbers is easy, but given a huge prime number, it isn't easy to find the two prime factors which multiplied result in that number.<br /><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgsXzxdOKbeWmW0siG-nI0XDT0gZYmwtusLGW-v8qvc1QxioP-IV9PZw5XN2o5rxI1ZRVsA0aBzPhDE3atX0_p5ud07YPvHBteMPdNy0BZJy-6uETV6Xw4yLtio9MQSh9zulpAoF8VWoEA/s1600/hash.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="216" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgsXzxdOKbeWmW0siG-nI0XDT0gZYmwtusLGW-v8qvc1QxioP-IV9PZw5XN2o5rxI1ZRVsA0aBzPhDE3atX0_p5ud07YPvHBteMPdNy0BZJy-6uETV6Xw4yLtio9MQSh9zulpAoF8VWoEA/s320/hash.png" width="320" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Hashing example</td></tr></tbody></table></div><div><br /></div><div>Let's say your password is "pass", and there's a hashing function f(x). Then, </div><div>f("pass") = d@A2qAawqq21109 (say).</div><div><b>Going the forward way is quite simple. On the other hand, figuring out the plain-text password from the hash (d@A2qAawqq21109) is almost impossible</b>.</div><div><br /></div><div>So, when you create an account and you type the password as "pass", <b>d@A2qAawqq21109 is stored in the databas</b>e.When you login and type password as "pass", <b>the server hashes it, and it becomes "d@A2qAawqq21109", which is matched with the SQL database</b>. If you typed out <b>some other password, </b>say "ssap",<b> then the hash generated would be different</b>, and you won't be able to log in. Note that while the hashing function gives different outputs for most strings, every once in a while, there may be collisions (two strings may have the same hash). This is very very very rare, and shouldn't be of any concern to us.</div><div><br /></div><div><b>Forgot Your Password - </b>Ever wondered why almost all websites give you a new password when you forget your old one, instead of just telling you your password. Well, now you know, it turns out that they themselves don't know your password, and hence can't tell you. When they offer you a chance to change your password, they just change the corresponding hash in their tables, and now your new password works.</div><div><br /></div><div><b>How hashes are cracked </b>- I wrote earlier that hash functions are easy to go one way, but almost impossible to go the other. The task of going the other way can be accomplished by bruteforce method. Basically, suppose someone had the password "pass". Now, a hacker who only has access to the hashes can hash all the passwords in alphabetical order and then check which hash matches. (assume hacker knows password has length four and only alphabets). </div><div>He tries 'aaaa','aaab', 'aaac',......'aaba', 'aabb' ,'aabc',.....'aazz' , 'abaa', ................ 'paaa','paab',.. ,'pass'. When he tries 'aaaa', the hash is not d@A2qAawqq21109, it is something else. Till he reaches 'pass', he gets a hash which doesn't match d@A2qAawqq21109. But for 'pass', the hash matches. So, the hacker now knows your password.</div><h2>Website leaks</h2><br /><div><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgB1wMcOr78orEIPKIDBsuDRrWTo4L9HEHNi3VKIZBRizjsQfugnxBvQhJHOCHdQc3wzMf8g3JzAPcs4FtWVG_UyyCPDT4ZakuA5JcnZTRnpcnzvpyij4xR6t_LMEIXaIi2wmgCcIr8fD0/s1600/dropbox+leaked+100mil.jpeg" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="259" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgB1wMcOr78orEIPKIDBsuDRrWTo4L9HEHNi3VKIZBRizjsQfugnxBvQhJHOCHdQc3wzMf8g3JzAPcs4FtWVG_UyyCPDT4ZakuA5JcnZTRnpcnzvpyij4xR6t_LMEIXaIi2wmgCcIr8fD0/s320/dropbox+leaked+100mil.jpeg" width="320" /></a>Due to the above reason, website leaks are bad, but not that bad. If the passwords are sufficiently complex, the hashing algorithm is secure, and salt (explained later) is used, then it's quite unlikely that the hackers would be able to get many passwords from the database dump. So, even if Facebook DB is leaked, your passwords are most probably safe. Unfortunately, most probably is not something one can work with, especially when you have so much to loose in case the 0.1% chance of password being compromised is the one that materializes. So, after a DB leak, the website often asks all it's users to change their passwords (eg. dropbox leak, linkedin leak, myspace leak etc.). Also, since you might be using the same password on different websites, it's important that you change your password everywhere.</div><div><br /></div><div>This isn't even the worst part though. Some websites don't hash your passwords, and store them in plain-text instead. If their database is leaked, the hacker has immediate access to millions of accounts on that website, plus possibly 10s of millions of accounts on other websites which use the same email/username - password combination.For example, 000webhost database had plain-text passwords, and it was leaked. I personally hosted a site there once, and my account was compromised as well. </div><div><br /></div><div><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjOIdGdDjQJ4kXwQbYTXz1GeT0TTh3LnQ8d1jAiOPeRwVIDTI76Bcgetdbnbb79jxFKM8Kj0qWkul16CK-1LOEmg3BKjwC_PTYUzMxKGN3W_U1RnYg5a8glgAgMAdjrDSPs2KU57iPMkdU/s1600/000webhost+leaked+plain-text.jpeg" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="185" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjOIdGdDjQJ4kXwQbYTXz1GeT0TTh3LnQ8d1jAiOPeRwVIDTI76Bcgetdbnbb79jxFKM8Kj0qWkul16CK-1LOEmg3BKjwC_PTYUzMxKGN3W_U1RnYg5a8glgAgMAdjrDSPs2KU57iPMkdU/s320/000webhost+leaked+plain-text.jpeg" width="320" /></a>But this still isn't the worst part. The hackers often dump the databases publicly. The responsible ones let the website know that their security sucks, and asks them to inform their customers about the leak and get their passwords changed. After sufficient time is given to the website to act, the hacker would often dump the database publicly. To see the extent of this, take 000webhost's example. The first search result for "000webhost leak" gives you the database, which you can download and see the passwords. The password I was using 3-4 years ago is there in the database. That very password is probably still there on some of the websites that I signed up for 3-4 years ago but haven't you them since then (and hence didn't update the password). </div><div><br /></div><div><b>Problem 1 : </b>Suppose there's an hashing scheme X. Under that scheme, "pass" becomes d@A2qAawqq21109. Now this is a very secure scheme and every website uses it. Now, there'a guy who has a lot of computational power and he computes the hashes of all possible letter combinations under the scheme X. Now, given a hashed value, he can simply lookup/search his table and see what password does it correspond to. He makes this table of word to hash available online. Now, it's quite easy to get the passwords from a database dump. </div><div><br /></div><div><b>Problem 2 : </b>Alternatively, even if the scheme isn't common, what one can do is that he can take a common password, say "password", then hash it, and then search all the users in the 100 million users password dump and see if any hash matches. If it does, then that means that the given user has the password "password". By using 1 million common password, he'll probably get 10% of the users password among the 100 million users.</div><div><br /></div><div><b>Solution : Hashing Salt - </b>To prevent that, each user chooses a password, and is given a random string, the hashing salt. The hashing function operates on both the password and the salt. So, if two users have same password, but different salts, then they'll have different hashes. This renders both the above techniques/problems useless. Now, to get the correct hash, the hacker has to input the correct password and the correct salt to the hashing function. This means that -<br /><br /><ol><li>The first problem where someone else pre-computed the password-hash table is solved, since now that person has to make password-salt-hash table (for every password and every salt combination, what's the hash), which is going to be too many possible combinations. If there are 10 million possible passwords, and 10 million possible salts, there would be 100 million million combinations (I don't even know what million million even is). If there are 10 common salts which are used very often, then the person can make a table with all the 10 million passwords hashed for the 10 common salts. Alternatively, the person can hash the 10 most common password with 10 million possible hashes. Thus, it's important to have both strong passwords and random salts.</li><li>The second problem is also kind of solved, since the person would have to solve the hash of common passwords with each salt in the table (note that he doesn't have to do it for all 10 million combinations, only the ones present in the table). Again, not using easy generic password like "password","hello", etc. would solve this issue.</li></ol></div><div><br /></div><div><b>Weak salts? </b>One of the flaws with hashing is that it could have weak salts. WPA/WPA-2 is quite robust, but since it used the SSID of the network as salt, the routers which use default SSID's ("linksys","netgear",etc.) are more vulnerable than others since <a href="http://www.kalitutorials.net/2016/09/things-you-should-know-wireless-hacking.html#rainbowtable" target="_blank">rainbow tables</a> exist which have hashes for most common passwords and most common SSIDs. That said, I'd like to re-iterate, WPA/WPA-2 is still quite damn secure, and I pointed this out only as a relevant example.</div><h2><a name="compromised">Are you compromised?</a></h2><div>Out of all the leaks so far, I had accounts in 4 of the leaks. My account was there in the Myspace leak, the LinkedIn leak, the dropbox leak, and the 000webhost leak. I had to change my password on multiple sites on multiple occasions. </div><div><br /></div><div>One way to find out if you're compromised is to look for all the dumps and check manually if you're in them. However, that's practically impossible (not all dumps are public, and looking for your name/email in a huge file takes the computer more time than you'd guess). Fortunately, there's a website which specifically exists for this purpose, known as <a href="https://www.leakedsource.com/main/?a=98911" target="_blank">LeakedSource</a>. You can search using your email free of cost. They offer some extra functionality for pretty affordable rates ($4 paypal, $2 bitcoin). </div><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://www.leakedsource.com/main/?a=98911" rel="nofollow" target="_blank"><img border="0" height="48" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjri6g_9WZlvk482DIdoDO6DKbehI8roihIwAAAfegpZ2DpzKVVWArybMoZO5Kpyd9rbf6tCkDpqEvmPYQpOaqImfNv_qpeXMdBeLScvkxhfmyPe4XOvpTTGZIu9jF2n_TmhYbtdsBNKeA/s400/banner3a.gif" width="400" /></a></div><div><br /><h2>I am compromised</h2></div><div>If you find out that your account is indeed compromised, then I suggest you quickly change your password on all services that you use which have the same password. Better yet, change all your passwords. It's good practice to keep changing your passwords regularly anyway. Also, if a website has the two step authentication feature, then it's suggested that you use it.</div>Malik korrichhttp://www.blogger.com/profile/12435381533518749134noreply@blogger.com0tag:blogger.com,1999:blog-6912841111048382718.post-36909707494627864612016-09-17T21:47:00.000-07:002016-10-03T06:20:28.311-07:00C Programming For Hackers - Part 3<div dir="ltr" style="text-align: left;" trbidi="on"><iframe allowfullscreen="" frameborder="0" height="270" src="https://www.youtube.com/embed/lTIUoWGXENk" width="480"></iframe><br /><br /><a href="http://www.ehacking.net/2016/09/c-programming-for-hackers-part-2.html">C Programming for Hackers - Part 2 ( Previous Part )</a><br /><br /></div>Malik korrichhttp://www.blogger.com/profile/12435381533518749134noreply@blogger.com0tag:blogger.com,1999:blog-6912841111048382718.post-23172739367337288692016-09-16T05:10:00.000-07:002016-10-03T06:20:28.393-07:00How to stop WhatsApp to share Mobile Number with Facebook<div dir="ltr" style="text-align: left;" trbidi="on">It’s been around more than two years that Facebook has officially acquired Whatsapp to expand the <a href="http://www.seoservicesusa.co/chicago-seo-services/" target="_blank">digital marketing</a> landscape. Despite Whatsapp CEO Jan Koum said that user privacy wouldn’t suffer, the services are about to get a little bit friendlier with their data sharing.<br /><br />Whatsapp has changed its privacy policy; in its new privacy policy it gives permission to share data, including your phone number, with Facebook. In an FAQ, WhatsApp says it is doing this to:<br /><br />•<span class="Apple-tab-span" style="white-space: pre;"> </span>More accurately count unique users.<br />•<span class="Apple-tab-span" style="white-space: pre;"> </span>Better fights spam and abuse.<br />•<span class="Apple-tab-span" style="white-space: pre;"> </span>Show better friend suggestions and more relevant ads to you on Facebook.<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhkYG80UFbEcwuxJmLxzickhK_Oc3PoA_jO2w2BspYYa0KahyKd7XYU_RBGTr64zMkkETxLTQv9iM1NEtVACupnp1cspCUfsVGN44zcPzMDBA7urdk9ToDztFTeDaCC3ANezn2cjn5kXn0O/s1600/How+to+stop+WhatsApp+to+share+Mobile+Number+with+Facebook.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhkYG80UFbEcwuxJmLxzickhK_Oc3PoA_jO2w2BspYYa0KahyKd7XYU_RBGTr64zMkkETxLTQv9iM1NEtVACupnp1cspCUfsVGN44zcPzMDBA7urdk9ToDztFTeDaCC3ANezn2cjn5kXn0O/s1600/How+to+stop+WhatsApp+to+share+Mobile+Number+with+Facebook.png" /></a></div><br /><br />In a blog post, Whatsapp stated the reason behind this data sharing that highlights its plan to test the ways to communicate with businesses.<br /><br />“Whether it’s hearing from your bank about a potential fraudulent transaction, or getting notified by an airline about a delayed flight, many of us get this information elsewhere, including in text messages and phone calls. We want to test these features in the next several months”.<br /><br /><b>What can be done to avoid this sharing of information between Whatsapp and Facebook?</b><br /><br />There are two ways to opt out the sharing your account information with Facebook for targeting purposes.<br /><br /><b>Method 1:</b><br /><br />On WhatsApp, don’t click Agree when it asks you to confirm you are happy with the change of terms. Instead, click read more. You should then see a check box or control button at the bottom of the screen which says “Share my WhatsApp account information with Facebook to improve my Facebook ads and product experiences”, Uncheck this.<br /><br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjEuovjPQF7DSP8TrN2W7_M2iVoQj6sEF6gHi-e9kqcM9AqLQe-YTyrwQXssuAi165hU1l7_5cQ21h0iuGl4b6b7tmQPqVdobdTOu3OjEClfg5MEgG0Qm0FRMB8eCkUTbZnvfzewWpEZQyX/s1600/whatsapp-agree.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjEuovjPQF7DSP8TrN2W7_M2iVoQj6sEF6gHi-e9kqcM9AqLQe-YTyrwQXssuAi165hU1l7_5cQ21h0iuGl4b6b7tmQPqVdobdTOu3OjEClfg5MEgG0Qm0FRMB8eCkUTbZnvfzewWpEZQyX/s1600/whatsapp-agree.jpg" /></a></div><br /><b>Method 2:</b><br /><br />If you have already agreed to the updated terms, you can go to to Settings > Account > Share my account info in the app. Then uncheck the box or toggle the control. But quick, WhatsApp says you only have 30 days to make this choice after agreeing to the new terms.<br /><br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiuqavasA0dAQsU0hveoZZogKLOAgGujs68FxiZuXslK_eiWMl_6ZNk-kxEArThXWErEG4As1Z206k-LZdD9B71s9P9A5ZAJdphjPrJY1DxdKOk28t60i_3zTIHTT0LtR_84lahGKiBRybY/s1600/whatsapp2.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiuqavasA0dAQsU0hveoZZogKLOAgGujs68FxiZuXslK_eiWMl_6ZNk-kxEArThXWErEG4As1Z206k-LZdD9B71s9P9A5ZAJdphjPrJY1DxdKOk28t60i_3zTIHTT0LtR_84lahGKiBRybY/s320/whatsapp2.jpg" width="190" /></a></div><br />It seems that you can’t completely opt out this, as Whatsapp says that your information is sent to Facebook for other purposes such as improving infrastructure and delivery systems, understanding how its services are being used, securing systems, and fighting spam, abuse, or infringement activities.<br /><br />So, it’s clear that somehow few of your information are accessible to the Facebook in a secure and reliable way. The only way to avoid this information sharing is to avoid the use of Whatsapp.<br /><div><br /></div></div>Malik korrichhttp://www.blogger.com/profile/12435381533518749134noreply@blogger.com0tag:blogger.com,1999:blog-6912841111048382718.post-64425877255299249952016-09-09T04:28:00.000-07:002016-10-03T06:29:04.853-07:004 Best Linux Command Line Books<p>Almost every geek is fascinated to Linux's complex beauty, security and flexibility but if you are a non-linux user or a beginner it is going to be headache to even extract a zip file and install a program using terminal. So if you want to learn Linux then I would strongly recommend you to read <strong>Linux Command Line and Shell Scripting Books, eBooks or PDFs</strong> to enhance your skills from scratch.</p> <div class="separator"><img alt="Linux Command Line" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEitBgf94r442KEa1ktyMrukJWnIOBU6K01o7tpZOuC5eUAKw2M-kr-DJM8AslHjZxBtA9A9hP97iXeU-5ipiK9B-VLSPovpVwwtl1uyIDCyUhD6W3f6XaiUZ1h85ZXBjnihtfhHU3FRlAY/s1600/Command-Line-Books-Linux.jpg" /></div> <h2>Best Books to learn Linux Command Line</h2><p>Linux is all about commands and codes without it, its nothing but surely it has been introducing nice looking GUIs since its dawn yet most of the task are done through terminal. And its nothing difficult once you begin doing it yourself, all you need is good resources and Linux PDF eBooks are said to be an excellent sources of learning quickly and easily.</p><hr/> <h3><a rel="nofollow" href="https://www.amazon.com/gp/product/1593273894/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1593273894&linkCode=as2&tag=hackw0rm-20&linkId=50d488d1d6e9fe25f68cff25fecb3727" target="_blank">The Linux Command Line: A Complete Introduction</a></h3><div class="separator" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><a rel="nofollow" href="https://www.amazon.com/gp/product/1593273894/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1593273894&linkCode=as2&tag=hackw0rm-20&linkId=50d488d1d6e9fe25f68cff25fecb3727" target="_blank"><img src="//ws-na.amazon-adsystem.com/widgets/q?_encoding=UTF8&MarketPlace=US&ASIN=1593273894&ServiceVersion=20070822&ID=AsinImage&WS=1&Format=_SL250_&tag=hackw0rm-20" ></a></div> <p>One of the <strong>best Linux book</strong> featuring complete introduction of <strong>command lines</strong> from basic file navigation to advance topics such as <strong>writing programs in Bash</strong>. It feeds you very practical examples and explains everything with in-depth tutorial. The initial part serves as an introduction and teaches fundamental lessons like manipulating files and directories, package installation, keyboard tricks etc and then it takes you to advance level of networking, package management, redirection, editing with Vi and compiling programs. You will also learn to automate boring tasks using <strong>Shell Scripting</strong>. It is very beginner friendly with easy digestible chapters and lots of illustrations as well.</p><hr /> <h3><a rel="nofollow" href="https://www.amazon.com/gp/product/1517392772/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1517392772&linkCode=as2&tag=hackw0rm-20&linkId=25b13ce70b80b6d669f9ca687617f6b3" target="_blank">Learn Linux FAST: Including All Essential Command Lines (Linux for Beginners)</a></h3><div class="separator" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><a rel="nofollow" href="https://www.amazon.com/gp/product/1517392772/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1517392772&linkCode=as2&tag=hackw0rm-20&linkId=25b13ce70b80b6d669f9ca687617f6b3" target="_blank"><img src="//ws-na.amazon-adsystem.com/widgets/q?_encoding=UTF8&MarketPlace=US&ASIN=1517392772&ServiceVersion=20070822&ID=AsinImage&WS=1&Format=_SL250_&tag=hackw0rm-20"></a></div> <p>If you are an <strong>absolute beginner</strong> and want to learn from very basic then this book is for you. It's a very helpful short read for newbies because its primary concern is mastering your base by teaching you important <strong> Command Lines and Tools</strong>. It teaches with step-by-step tutorials and unfolds some amazing <strong>tips and tricks</strong>, However it also contains loads of guides on Installation and getting started along with brief introduction of Linux distro, And after that it gives some serious practical lessons on Installing Softwares, Redirection and File Editing commands and wildcards too. </p><hr /> <h3><a rel="nofollow" href="https://www.amazon.com/gp/product/1491927577/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1491927577&linkCode=as2&tag=hackw0rm-20&linkId=659ab2c25b5ef2f2a3fadfb39cb9c505" target="_blank">Linux Pocket Guide: Essential Commands</a></h3><div class="separator" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><a rel="nofollow" href="https://www.amazon.com/gp/product/1491927577/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1491927577&linkCode=as2&tag=hackw0rm-20&linkId=659ab2c25b5ef2f2a3fadfb39cb9c505" target="_blank"><img src="//ws-na.amazon-adsystem.com/widgets/q?_encoding=UTF8&MarketPlace=US&ASIN=1491927577&ServiceVersion=20070822&ID=AsinImage&WS=1&Format=_SL250_&tag=hackw0rm-20" ></a></div> <p>This is the <strong>best book for Linux commands</strong> because it contains hundreds of commands with clear explanation and tutorials on topics such as <strong>Programming with Shell Scripts</strong>, Media, Text manipulation and pipelines, User management, controlling process and all other important commands which makes you a power user. Whether you are a novice, expert or a daily user you should always have it in your pocket for a <strong>quick reference guide</strong>. I personally suggest this book to everyone as it is capable of making you Linux ninja.</p><hr /> <h3><a rel="nofollow" href="https://www.amazon.com/gp/product/111898384X/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=111898384X&linkCode=as2&tag=hackw0rm-20&linkId=03eb6e7d22711376b57c8150157ac6b1" target="_blank">Linux Command Line and Shell Scripting Bible</a></h3><div class="separator" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><a rel="nofollow" href="https://www.amazon.com/gp/product/111898384X/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=111898384X&linkCode=as2&tag=hackw0rm-20&linkId=03eb6e7d22711376b57c8150157ac6b1" target="_blank"><img src="//ws-na.amazon-adsystem.com/widgets/q?_encoding=UTF8&MarketPlace=US&ASIN=111898384X&ServiceVersion=20070822&ID=AsinImage&WS=1&Format=_SL250_&tag=hackw0rm-20"></a></div> <p>Do you want to become expert at <strong>Command Line and Shell Scripting</strong>? then is what you need. This is a all in one Linux book covering wide range of lessons on <strong>Shell Scripting and Command Line fundamentals</strong>. It will actually teach you how to directly communicate with your computer using codes giving you more capability and time. The major part of the book is filled with immense guide on <strong>Creating Practical Scripts, Understanding and Creating Shell</strong>. You will learn to write simple script utilities to automate task, Dash and Bash Shell and Work with like nano, KDE and GNOME editors. It also features one of the largest list of <strong>Linux commands cheat sheet</strong>.</p>Malik korrichhttp://www.blogger.com/profile/12435381533518749134noreply@blogger.com0tag:blogger.com,1999:blog-6912841111048382718.post-34041406863078748812016-09-08T08:04:00.000-07:002016-10-03T06:20:28.480-07:00C programming for Hackers - Part 2<div dir="ltr" style="text-align: left;" trbidi="on"><iframe allowfullscreen="" frameborder="0" height="344" src="https://www.youtube.com/embed/f8CCY0acIIw" width="459"></iframe><br /><a href="http://www.ehacking.net/2016/09/c-programming-for-hackers-part-3.html"><br /></a><a href="http://www.ehacking.net/2016/09/c-programming-for-hackers-part-3.html">C Programming for Hackers - Part 3 ( Next Part )</a><br /><a href="http://www.ehacking.net/2016/09/c-programming-for-hackers-part-1.html">C Programming for Hackers - Part 1 ( Previous Part )</a></div>Malik korrichhttp://www.blogger.com/profile/12435381533518749134noreply@blogger.com0tag:blogger.com,1999:blog-6912841111048382718.post-8435173877407522392016-09-08T07:03:00.000-07:002016-10-03T06:20:28.554-07:00C Programming for Hackers - Part 1<div dir="ltr" style="text-align: left;" trbidi="on"><iframe allowfullscreen="" frameborder="0" height="270" src="https://www.youtube.com/embed/Js_v0k4Htog" width="480"></iframe><br /><br /><a href="http://www.ehacking.net/2016/09/c-programming-for-hackers-part-2.html">C Programming for Hackers - Part 2 ( Next Part )</a><br /><br /><br /></div>Malik korrichhttp://www.blogger.com/profile/12435381533518749134noreply@blogger.com0tag:blogger.com,1999:blog-6912841111048382718.post-54831248958973601342016-09-07T23:13:00.000-07:002016-10-03T06:20:28.653-07:00Facebook Bomb using VB-script<div dir="ltr" style="text-align: left;" trbidi="on"><iframe allowfullscreen="" frameborder="0" height="270" src="https://www.youtube.com/embed/WoZjk_YdtdI" width="480"></iframe><br /><br /><br /><br />Script :<br /><br /><br /><br />' InputBoxes<br /><br />Message = InputBox("What Is The Message?","WhatsApp DDos")<br /><br />MsgBox "VBScript Written By Priyank Gada"<br /><br />T = InputBox("How Many Times Needs It To Be Send?","WhatsApp DDos")<br /><br />If MsgBox("You've Filled It In Correctely", 1024 + vbSystemModal, "WhatsApp DDos") = vbOk Then<br /><br /><br /><br />' Go To WhatsApp<br /><br />Set WshShell = WScript.CreateObject("WScript.Shell")<br /><br />Return = WshShell.Run("https://www.facebook.com/messages", 1)<br /><br /><br /><br />' Loading Time<br /><br /><br /><br />If MsgBox("Search for the name and click on message section?" & vbNewLine & vbNewLine & "Press No To Cancel", vbYesNo + vbQuestion + vbSystemModal, "WhatsApp DDos") = vbYes Then<br /><br /><br /><br />' The Loop For The Messages<br /><br />For i = 0 to T<br /><br />WScript.Sleep 5<br /><br />WshShell.SendKeys Message<br /><br />WScript.Sleep 5<br /><br />WshShell.SendKeys "{ENTER}"<br /><br />Next<br /><br /><br /><br />' End Of The Script<br /><br />WScript.Sleep 3000<br /><br />MsgBox "Please Visit www.youtube.com/c/priyankgada"<br /><br />Set WshShell = WScript.CreateObject("WScript.Shell")<br /><br />Return = WshShell.Run("http://www.youtube.com/priyankgada", 1)<br /><br /><br /><br /><br /><br />' Canceled Script<br /><br />Else<br /><br />MsgBox "Process Has Been Canceled", vbSystemModal, "DDos Canceled"<br /><br />End If<br /><br />Else<br /><br />End If<br /><br /><div><br /></div></div>Malik korrichhttp://www.blogger.com/profile/12435381533518749134noreply@blogger.com0tag:blogger.com,1999:blog-6912841111048382718.post-16338214065165721062016-09-07T21:58:00.000-07:002016-10-03T06:20:28.745-07:00Whatsapp Bomb using VB-Script<div dir="ltr" style="text-align: left;" trbidi="on">Today , we are going to learn how to bomb messages on web whatsapp using VB-Script.<br /><br /><br /><iframe allowfullscreen="" frameborder="0" height="270" src="https://www.youtube.com/embed/TNGfvVKolXY" width="480"></iframe><br /><br />Explanation of the script.<br /><br />' InputBoxes<br />This section is the data input. Here we are taking inputs from the user . Contact stores the name of the contact. Message stores the message , T stores the times.<br /><br /><br />' Go To WhatsApp<br />This section redirects the user to web whatsapp.<br /><br />' Loading Time<br />This section will wait for you to load whatsapp web.<br /><br />' Go To The WhatsApp Search Bar<br />This section will press tab key and pass the pointer from URL address bar to Whatsapp message bar.<br /><br />' Go To The Contacts Chat<br />This section will type the contact name in the search bar.<br /><br />' The Loop For The Messages<br />This section will type message and press enter till the amount of times we need to spam the message. ( T ).<br /><br />' End Of The Script<br />This the popup that the script is completed<br /><br />' Canceled Script<br />This section will popup the cancellation of the script.<br /><div><br /></div></div>Malik korrichhttp://www.blogger.com/profile/12435381533518749134noreply@blogger.com0tag:blogger.com,1999:blog-6912841111048382718.post-52191280398833476632016-09-07T04:10:00.000-07:002016-10-03T06:20:28.825-07:00Create Your First Hidden Website with TOR<div dir="ltr" style="text-align: left;" trbidi="on">Want to explore the world of DarkNet and create your own Hidden Website with TOR? Ideal course is here “<a href="http://academy.ehacking.net/courses/create-hidden-website-using-tor-for-beginners" target="_blank"><span style="color: red;">Create Hidden Website Using TOR for Beginners</span></a>”. Now creating a hidden website on DarkNet is not difficult. Start as a beginner and explore the endless possibilities of using TOR web server from different perspective.<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiju1AqwVC_qQ-IYA6AxkAiFZT9wobFl3G5rQAJmbNfkRpLgYiqnstD1_IEwbkchTr5i1bWFZEM765hjbyrqWx8Yjal-b54firxbA4B3atwBsD9NiM1ofsIANKRJ7EgAf-rRdHKz6XMk1QO/s1600/Create+Your+First+Hidden+Website+with+TOR.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiju1AqwVC_qQ-IYA6AxkAiFZT9wobFl3G5rQAJmbNfkRpLgYiqnstD1_IEwbkchTr5i1bWFZEM765hjbyrqWx8Yjal-b54firxbA4B3atwBsD9NiM1ofsIANKRJ7EgAf-rRdHKz6XMk1QO/s1600/Create+Your+First+Hidden+Website+with+TOR.png" /></a></div><br /><b>In this course you will learn:</b><br /><br />•<span class="Apple-tab-span" style="white-space: pre;"> </span>How to configure a hidden web server using TOR hidden services.<br />•<span class="Apple-tab-span" style="white-space: pre;"> </span>How to tune Nginx for maximum anonymity.<br />•<span class="Apple-tab-span" style="white-space: pre;"> </span>How to serve HTML content to visitors with (almost) no web server installed to enable maximum anonymous service.<br />•<span class="Apple-tab-span" style="white-space: pre;"> </span>Important security tips anyone running hidden services server should know.<br /><br /><b>Who should take this course?</b><br /><br />•<span class="Apple-tab-span" style="white-space: pre;"> </span>This course is for anyone who wishes to set up their first own hidden TOR web server.<br />•<span class="Apple-tab-span" style="white-space: pre;"> </span>Anyone who is interested in exploring the DarkNet.<br /><br />Just <a href="http://academy.ehacking.net/courses/create-hidden-website-using-tor-for-beginners" target="_blank">E<b>nroll Now</b></a> and in several hours you will be able to start your own DarkNet website! In only <span style="color: red;"><b>$20</b> </span>start creating your own TOR websites.<br /><div><br /></div></div>Malik korrichhttp://www.blogger.com/profile/12435381533518749134noreply@blogger.com0tag:blogger.com,1999:blog-6912841111048382718.post-35966762564362808352016-09-06T03:21:00.000-07:002016-10-03T06:24:29.015-07:00Whatsapp 4G VIP SCAM - Technical Analysis<div dir="ltr" style="text-align: left;" trbidi="on"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjoaWTloxL3TZmqKt7wlqqJmA1mGXDLif7JR5IELa1m8Hjc07jO4QbBRbA3ekcxmsMy9ezbIuLS0YfZYqOt5xsa3vc9njC3Cca0eyCTELeAvBCw0IXB4XFL5gcd50sXR5HVpOwpeTBKXjA/s1600/123.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="467" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjoaWTloxL3TZmqKt7wlqqJmA1mGXDLif7JR5IELa1m8Hjc07jO4QbBRbA3ekcxmsMy9ezbIuLS0YfZYqOt5xsa3vc9njC3Cca0eyCTELeAvBCw0IXB4XFL5gcd50sXR5HVpOwpeTBKXjA/s640/123.png" width="640" /></a></div><br />This is a short blog post describing about a recent hoax pertaining the WhatsApp 4.0 version. I would like to clearly highlight that there is no such application as '<b>Whatsapp 4G</b>'. The version promises users unrealistic features video calling, new whatsapp themes, delete sent messages from both sides etc<br /><a name='more'></a><br />The following is how the message is being propagated:<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg77vCERkAmHwKfmo9on3qzZVK832pWb7JT9IW4f0Iuw1Yq0uQwTYTlm_tJ3vHsASW87yjQA9APncjESMxbVmbufHzF12i7KMjEz2R5PILcXh_bQu0CgnZHWs4wukFvSYl9uVnEt2CHFkU/s1600/123.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="115" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg77vCERkAmHwKfmo9on3qzZVK832pWb7JT9IW4f0Iuw1Yq0uQwTYTlm_tJ3vHsASW87yjQA9APncjESMxbVmbufHzF12i7KMjEz2R5PILcXh_bQu0CgnZHWs4wukFvSYl9uVnEt2CHFkU/s400/123.png" width="400" /></a></div><br /><h2>Technical Analysis </h2>Upon visiting the link you would be taken to a page where you would be asked to invite 15 friends before you can download the version, upon clicking the invite button, it would use WhatsApp scheme (whatspp://) in order send messages to your friends, and hence you would be promoting a hoax on behalf of the scammers:<br /><br />The entire business logic is based upon the following client side script - <b><u>http://new-4g-whatsapp.ga/invite.js</u>.</b><br /><div><br /></div><div>Upon examining invite.js it was discovered that the code sets a cookie and checks if 15 invites have been sent on the client side: </div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEippp-3uj4oqKsWd_HNdcO0UXkXglc2pjTBdqjGdB4Wu1aXTjT9-P2UgK5xww35n3eZTbR2YD6iKcM3Jgy8IpgLg0YpInbTG1MbgNegn1yPjKx0zy2voMfeLp3FtGd7sRtdySbtM3krQT8/s1600/1234.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="160" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEippp-3uj4oqKsWd_HNdcO0UXkXglc2pjTBdqjGdB4Wu1aXTjT9-P2UgK5xww35n3eZTbR2YD6iKcM3Jgy8IpgLg0YpInbTG1MbgNegn1yPjKx0zy2voMfeLp3FtGd7sRtdySbtM3krQT8/s640/1234.png" width="640" /></a></div><br /><br />Once, the counter has reached up to 15 invites or above, you would be redirected to the download link:<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhwAimSjK3zqyPeJYKKD9CbVjnhjFgyQhDpLlAj4aeCYOdFs3LhT2w1SMGSswvIbXVDq7RKkTHyop7leKmTIaChH5UeaoVeiEQTOIgY5kUBFA_s6tPtcOWbQ19x5YJrbMl2nt4TBiSBDmI/s1600/whatsappp.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="110" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhwAimSjK3zqyPeJYKKD9CbVjnhjFgyQhDpLlAj4aeCYOdFs3LhT2w1SMGSswvIbXVDq7RKkTHyop7leKmTIaChH5UeaoVeiEQTOIgY5kUBFA_s6tPtcOWbQ19x5YJrbMl2nt4TBiSBDmI/s640/whatsappp.png" width="640" /></a></div>From the above source code, if the value of <b>c </b>is greater or equal to <b>'15</b>', window.location.href would be set to "<b>ur</b>" variable which hosts the following download link - <b><u>http://ta3.co/new-4G-whatsapp/install.php</u></b><br /><br />The installation link seems to be dead, normally in such scams you would be asked to fill in surveys or installing *free apps* which would not be free as they might be shipped with Malware/adwares.<br /><b><br /></b><br /><h2>Update (Whatsapp Gold)</h2><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhGiZmRT1YNgqMDnWjeyms_AU0ZTDIJBdsUtr4ByYQZH_o8WISvfzVUt7xXq4dGXL46BzevI2WpzSLbUh5BUJ-f35-PfKt_-AtZUAtNrIQx0FVHaDjr31ZTUL5Vsa-chABwsDpQ5Jv96No/s1600/IMG_20160906_222448954.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="444" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhGiZmRT1YNgqMDnWjeyms_AU0ZTDIJBdsUtr4ByYQZH_o8WISvfzVUt7xXq4dGXL46BzevI2WpzSLbUh5BUJ-f35-PfKt_-AtZUAtNrIQx0FVHaDjr31ZTUL5Vsa-chABwsDpQ5Jv96No/s640/IMG_20160906_222448954.jpg" width="640" /></a></div><br />A new variation of Whatsapp 4G VIP scam has recently came into notice with name of <b>"Whatsapp Gold"</b>, which basically works on the same principle as above. The only thing that has changed the interface design and name.</div>Malik korrichhttp://www.blogger.com/profile/12435381533518749134noreply@blogger.com0tag:blogger.com,1999:blog-6912841111048382718.post-52326199957604850772016-09-04T06:41:00.000-07:002016-10-03T06:20:28.906-07:00Credit Card 101 - Part 1<div dir="ltr" style="text-align: left;" trbidi="on">Hello guys , we are back with another awesome article. In this series of articles ( credit card 101 ) we are going to learn about various credit cards , how credit cards work , how to hack credit cards and most important how to secure your personal credit card. So to start with credit card hacking we must first understand how credit cards are designed and how they work.<br /><br /><h2><br />Credit Card Numbers :</h2>So lets consider a random credit card for example ( This is not my credit card ).<br /><br /><div style="text-align: justify;"><span style="font-family: "slabo" , "helvetica neue" , "helvetica" , "arial" , sans-serif;"><span style="background-color: white; font-size: 17px; font-variant-ligatures: no-common-ligatures; letter-spacing: 0.17px; line-height: 25.5px; word-spacing: 1.7px;"><b>4485 3151 5882 2849</b></span></span></div><div style="text-align: justify;">Now the credit card number is divided into various parts which help the payment gateway to charge the original consumer of the credit card. </div><div style="text-align: justify;">1. The first number (4) is the MII</div><div style="text-align: justify;">2. The next 5-6 numbers are the issuer ID</div><div style="text-align: justify;">3. The next numbers leaving the last number are the user ID</div><div style="text-align: justify;">4. The last number is the check number also known as check algorithm number.<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhLvyGTpw-Nnkn8gjSWYo1RS5vf8TyHRPS-TT0sJgZvW0I9EqQX7hSKqAvWXNAyR-z4lLfgs1sixXB4SHgue0Oh-pvy0gTsQFuMuLeaIjRyQdX0ydpxgtVoLp_TjtXbMhlvXqTAo7KFiVc/s1600/how_to_hack_credit_cardsblog.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhLvyGTpw-Nnkn8gjSWYo1RS5vf8TyHRPS-TT0sJgZvW0I9EqQX7hSKqAvWXNAyR-z4lLfgs1sixXB4SHgue0Oh-pvy0gTsQFuMuLeaIjRyQdX0ydpxgtVoLp_TjtXbMhlvXqTAo7KFiVc/s1600/how_to_hack_credit_cardsblog.jpg" /></a></div><br /></div><h3 style="text-align: justify;"><br />What is MII ?</h3><div style="text-align: justify;">MII basically stands for major industry identifier . This is a constant number that is given to the consumer according to the needs of the consumer . For example in most cases a consumer uses his/ her credit card numbers for online transactions. This is the reasons most credit card numbers start from 4 and 5 which means banking and financial industry . This digit can range from 0 to 9. We will provide more information in the bottom of the article .</div><h3 style="text-align: justify;"><br />What is Issuer ID ?</h3><div style="text-align: justify;">The issuer ID basically stands for the card provider i.e. visa , mastercard , etc. For example if the digit is 4xxxx then it is a VISA card and the length of the card is 16. We have provided more information about in the bottom of the article.</div><div style="text-align: justify;"><br /></div><h3 style="text-align: justify;">What is User ID ?</h3><div style="text-align: justify;">This number is basically the Identity of the user and the bank to which the card was issued . It depends on the users account number and other details . This number can be reused if a particular card holder stops using the service.</div><h3 style="text-align: justify;"><br />What is check number ?</h3><div style="text-align: justify;">A check number is used to ensure the validity of the card. It is the last digit of the credit card. Credit cards follow luhn check algorithm.</div><div style="text-align: justify;"><br /></div><h3 style="text-align: justify;">Luhn's Credit Card Algorithm :</h3><div style="text-align: justify;"><br /></div><div style="text-align: justify;">Original Number : 4485 3151 5882 2849</div><div style="text-align: justify;"><br /></div><div style="text-align: justify;">1. From the back , double every alternate number.</div><div style="text-align: justify;">What we get : 8 (16) 6 (10) (10) (16) 4 8</div><div style="text-align: justify;"><br /></div><div style="text-align: justify;">2. If the doubled numbers are double-digit numbers then add them.</div><div style="text-align: justify;">What we get : 8 7 6 1 1 7 4 8</div><div style="text-align: justify;"><br /></div><div style="text-align: justify;">3. Write the alternate numbers that we deleted in the first step.</div><div style="text-align: justify;">8475 6111 1872 4889</div><div style="text-align: justify;"><br /></div><div style="text-align: justify;">4. Add the new credit card number that we get.</div><div style="text-align: justify;">8+4+7+5+6+1+1+1+1+8+7+2+4+8+8+9=80</div><div style="text-align: justify;"><br /></div><div style="text-align: justify;">5. If sum is a multiple of 10 then the credit card number is valid.</div><div style="text-align: justify;">Since 80 is the multiple of 10 . We can conclude that 4485 3151 5882 2849 can be a valid credit card number.</div><div style="text-align: justify;"><br /></div><div style="background: rgb(255, 255, 255); border: 0px; color: #383838; font-family: "Slabo 27px", "Helvetica Neue", Helvetica, Arial, sans-serif; font-feature-settings: 'kern' 1; font-kerning: normal; font-size: 17px; font-variant-ligatures: no-common-ligatures; letter-spacing: 0.17px; line-height: 25.5px; margin-bottom: 1.5em; outline: 0px; padding: 0px; text-align: justify; text-rendering: optimizeLegibility; vertical-align: baseline; word-spacing: 0.1em; word-wrap: break-word;"><strong style="background: transparent; border: 0px; color: black; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">MII</strong> <strong style="background: transparent; border: 0px; color: black; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">/</strong><strong style="background: transparent; border: 0px; color: black; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"> Digit Value Category</strong></div><div style="background: rgb(255, 255, 255); border: 0px; color: #383838; font-family: "Slabo 27px", "Helvetica Neue", Helvetica, Arial, sans-serif; font-feature-settings: 'kern' 1; font-kerning: normal; font-size: 17px; font-variant-ligatures: no-common-ligatures; letter-spacing: 0.17px; line-height: 25.5px; margin-bottom: 1.5em; outline: 0px; padding: 0px; text-align: justify; text-rendering: optimizeLegibility; vertical-align: baseline; word-spacing: 0.1em; word-wrap: break-word;"><strong style="background: transparent; border: 0px; color: black; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">0</strong> = other industry assignments <strong style="background: transparent; border: 0px; color: black; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><br />1 </strong>= Airlines industry assignments.<strong style="background: transparent; border: 0px; color: black; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><br />2</strong> = Airlines and other industry assignments<br /><strong style="background: transparent; border: 0px; color: black; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">3</strong> = Travel and entertainment <strong style="background: transparent; border: 0px; color: black; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><br />4</strong> = Banking and financial <strong style="background: transparent; border: 0px; color: black; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><br />5</strong> = Banking and financial <strong style="background: transparent; border: 0px; color: black; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><br />6</strong> = Merchandising and Banking <strong style="background: transparent; border: 0px; color: black; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><br />7</strong> = Petroleum <strong style="background: transparent; border: 0px; color: black; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><br />8</strong> = Telecommunications and other industry assignments <strong style="background: transparent; border: 0px; color: black; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><br />9</strong> = National assignment</div><div style="background: rgb(255, 255, 255); border: 0px; color: #383838; font-family: "Slabo 27px", "Helvetica Neue", Helvetica, Arial, sans-serif; font-feature-settings: 'kern' 1; font-kerning: normal; font-size: 17px; font-variant-ligatures: no-common-ligatures; letter-spacing: 0.17px; line-height: 25.5px; margin-bottom: 1.5em; outline: 0px; padding: 0px; text-align: justify; text-rendering: optimizeLegibility; vertical-align: baseline; word-spacing: 0.1em; word-wrap: break-word;"><span class="ulText" style="background: transparent; border: 0px; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><strong style="background: transparent; border: 0px; color: black; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">I</strong></span><strong style="background: transparent; border: 0px; color: black; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">ssuer ID Card Number</strong></div><ul style="background: rgb(255, 255, 255); border: 0px; color: #383838; font-family: "Slabo 27px", "Helvetica Neue", Helvetica, Arial, sans-serif; font-feature-settings: 'kern' 1; font-kerning: normal; font-size: 17px; font-variant-ligatures: no-common-ligatures; letter-spacing: 0.17px; line-height: 25.5px; margin: 0px 0px 1.5em 25px; outline: 0px; padding: 0px; text-align: justify; text-rendering: optimizeLegibility; vertical-align: baseline; word-spacing: 0.1em; word-wrap: break-word;"><li style="background: transparent; border: 0px; line-height: 1.5em; margin: 0px 0px 0px 0.5em; outline: 0px; padding: 0px; text-align: left; vertical-align: baseline;"><strong style="background: transparent; border: 0px; color: black; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">Diner's Club/Carte Blanche 300xxx-305xxx, 36xxxx, 38xxxx</strong></li><li style="background: transparent; border: 0px; line-height: 1.5em; margin: 0px 0px 0px 0.5em; outline: 0px; padding: 0px; text-align: left; vertical-align: baseline;"><strong style="background: transparent; border: 0px; color: black; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">American Express 34xxxx, 37xxxx </strong></li><li style="background: transparent; border: 0px; line-height: 1.5em; margin: 0px 0px 0px 0.5em; outline: 0px; padding: 0px; text-align: left; vertical-align: baseline;"><strong style="background: transparent; border: 0px; color: black; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">VISA 4xxxxx </strong></li><li style="background: transparent; border: 0px; line-height: 1.5em; margin: 0px 0px 0px 0.5em; outline: 0px; padding: 0px; text-align: left; vertical-align: baseline;"><strong style="background: transparent; border: 0px; color: black; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">Mastercard 51xxxx-55xxxx</strong></li><li style="background: transparent; border: 0px; line-height: 1.5em; margin: 0px 0px 0px 0.5em; outline: 0px; padding: 0px; text-align: left; vertical-align: baseline;"><strong style="background: transparent; border: 0px; color: black; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">Discover 6011xx </strong></li></ul><div><span style="font-family: "slabo" , "helvetica neue" , "helvetica" , "arial" , sans-serif;"><span style="font-size: 17px; font-variant-ligatures: no-common-ligatures; letter-spacing: 0.17px; line-height: 25.5px; word-spacing: 1.7px;"><b><br /></b></span></span></div><div><span style="font-family: "slabo" , "helvetica neue" , "helvetica" , "arial" , sans-serif;"><span style="font-size: 17px; font-variant-ligatures: no-common-ligatures; letter-spacing: 0.17px; line-height: 25.5px; word-spacing: 1.7px;"><b><br /></b></span></span></div><div><span style="font-family: "slabo" , "helvetica neue" , "helvetica" , "arial" , sans-serif;"><span style="font-size: 17px; font-variant-ligatures: no-common-ligatures; letter-spacing: 0.17px; line-height: 25.5px; word-spacing: 1.7px;"><b><br /></b></span></span></div><iframe allowfullscreen="" frameborder="0" height="270" src="https://www.youtube.com/embed/ukIXet5He6w" width="480"></iframe><br /><br /><div align="LEFT" style="line-height: 0.66cm; margin-bottom: 0cm;"><a href="http://groupflexi.com/creditcard101/pdf/credit_card_hacking_tutorial_part1.pdf">Download PDF of this article</a></div><div align="LEFT" style="line-height: 0.66cm; margin-bottom: 0cm;"><span style="color: black;"><span style="font-family: "glegoo";"><span style="font-size: 12pt;"><b><a href="http://www.groupflexi.com/creditcard101/video/credit_card_hacking_tutorial_part1.mp4">DownloadMP4 Video of this article</a></b></span></span></span></div><div align="LEFT" style="line-height: 0.66cm; margin-bottom: 0cm;"><span style="color: black;"><span style="font-family: "glegoo";"><span style="font-size: 12pt;"><b><a href="http://www.groupflexi.com/">Check Latest Article</a></b></span></span></span></div><div align="LEFT" style="line-height: 0.66cm; margin-bottom: 0cm;"><span style="color: black;"><span style="font-family: "glegoo";"><span style="font-size: 12pt;"><b><a href="http://groupflexi.com/creditcard101/pdf/credit_card_hacking_tutorial_part2.pdf">Check Next Article</a> ( will be updated soon )</b></span></span></span></div><br /><div style="margin-bottom: 0cm;"><br /></div><div style="margin-bottom: 0cm;"><div id="main-wrapper" style="background: 0px 0px rgb(255, 255, 255); border-right-color: rgb(238, 238, 238); border-right-style: solid; border-width: 0px 1px 0px 0px; box-sizing: border-box; color: #828282; float: left; font-family: "Droid Sans"; font-size: 13px; line-height: 25px; outline: 0px; padding: 0px; transition: all 0.5s ease; vertical-align: baseline; width: 783.359px;"><div class="main section" id="main" style="background: 0px 0px; border: 0px; box-sizing: border-box; margin: 0px 22.2969px 0px 0px; outline: 0px; padding: 0px; transition: all 0.5s ease; vertical-align: baseline;"><div class="widget Blog" data-version="1" id="Blog1" style="background: 0px 0px; border: 0px; box-sizing: border-box; line-height: 1.4; margin: 0px; min-height: 0px; outline: 0px; padding: 0px; position: relative; transition: all 0.5s ease; vertical-align: baseline;"><div class="blog-posts hfeed" style="background: 0px 0px; border: 0px; box-sizing: border-box; outline: 0px; padding: 0px; transition: all 0.5s ease; vertical-align: baseline;"><div class="post-outer" style="background: 0px 0px; border: 0px; box-sizing: border-box; outline: 0px; padding: 0px; transition: all 0.5s ease; vertical-align: baseline;"><div class="post" style="background: 0px 0px; border: 0px; box-sizing: border-box; min-height: 0px; outline: 0px; padding: 0px; position: relative; transition: all 0.5s ease; vertical-align: baseline;"><div itemprop="blogPost" itemscope="itemscope" itemtype="http://schema.org/BlogPosting" style="background: 0px 0px; border: 0px; box-sizing: border-box; outline: 0px; padding: 0px; transition: all 0.5s ease; vertical-align: baseline;"><br /><br /><article style="box-sizing: border-box; margin-top: 20px; outline: 0px; transition: all 0.5s ease;"><div class="post-body entry-content" id="post-body-8564163484991449695" itemprop="articleBody" style="background: 0px 0px; border: 0px; box-sizing: border-box; color: #5e5e5e; font-size: 15px; font-stretch: normal; line-height: 26px; outline: 0px; overflow: hidden; padding: 0px; transition: all 0.5s ease; vertical-align: baseline; width: 760.063px;"><div id="aim28564163484991449695" style="background: 0px 0px; border: 0px; box-sizing: border-box; outline: 0px; padding: 0px; transition: all 0.5s ease; vertical-align: baseline;"><div dir="ltr" style="background: 0px 0px; border: 0px; box-sizing: border-box; outline: 0px; padding: 0px; transition: all 0.5s ease; vertical-align: baseline;" trbidi="on"><div style="background: 0px 0px; border: 0px; box-sizing: border-box; outline: 0px; padding: 0px; transition: all 0.5s ease; vertical-align: baseline;"><div align="LEFT" style="background: 0px 0px; border: 0px; box-sizing: border-box; margin-bottom: 0cm; outline: 0px; padding: 0px; transition: all 0.5s ease; vertical-align: baseline;"><span style="background: 0px 0px; border: 0px; box-sizing: border-box; color: black; outline: 0px; padding: 0px; transition: all 0.5s ease; vertical-align: baseline;"><span style="background: 0px 0px; border: 0px; box-sizing: border-box; font-family: "glegoo"; outline: 0px; padding: 0px; transition: all 0.5s ease; vertical-align: baseline;"><span style="background: 0px 0px; border: 0px; box-sizing: border-box; font-size: 15pt; outline: 0px; padding: 0px; transition: all 0.5s ease; vertical-align: baseline;"><b style="background: 0px 0px; border: 0px; box-sizing: border-box; outline: 0px; padding: 0px; transition: all 0.5s ease; vertical-align: baseline;">More :</b></span></span></span></div><div align="LEFT" style="background: 0px 0px; border: 0px; box-sizing: border-box; margin-bottom: 0cm; outline: 0px; padding: 0px; transition: all 0.5s ease; vertical-align: baseline;"><br style="box-sizing: border-box; outline: 0px; transition: all 0.5s ease;" /></div><div align="LEFT" style="background: 0px 0px; border: 0px; box-sizing: border-box; margin-bottom: 0cm; outline: 0px; padding: 0px; transition: all 0.5s ease; vertical-align: baseline;"><span style="background: 0px 0px; border: 0px; box-sizing: border-box; color: black; outline: 0px; padding: 0px; transition: all 0.5s ease; vertical-align: baseline;"><span style="background: 0px 0px; border: 0px; box-sizing: border-box; font-family: "glegoo"; outline: 0px; padding: 0px; transition: all 0.5s ease; vertical-align: baseline;"><span style="background: 0px 0px; border: 0px; box-sizing: border-box; font-size: 13pt; outline: 0px; padding: 0px; transition: all 0.5s ease; vertical-align: baseline;">You can access full course free on the following platforms :</span></span></span></div><div align="LEFT" style="background: 0px 0px; border: 0px; box-sizing: border-box; margin-bottom: 0cm; outline: 0px; padding: 0px; transition: all 0.5s ease; vertical-align: baseline;"><a href="http://www.ehacking.net/" style="background: 0px 0px; border: 0px; box-sizing: border-box; color: blue; outline: 0px; padding: 0px; text-decoration: none; transition: all 0.5s ease; vertical-align: baseline;"><span style="background: 0px 0px; border: 0px; box-sizing: border-box; color: black; outline: 0px; padding: 0px; transition: all 0.5s ease; vertical-align: baseline;"><span style="background: 0px 0px; border: 0px; box-sizing: border-box; font-family: "glegoo"; outline: 0px; padding: 0px; transition: all 0.5s ease; vertical-align: baseline;"><span style="background: 0px 0px; border: 0px; box-sizing: border-box; font-size: 13pt; outline: 0px; padding: 0px; transition: all 0.5s ease; vertical-align: baseline;">www.ehacking.net</span></span></span></a></div><div align="LEFT" style="background: 0px 0px; border: 0px; box-sizing: border-box; margin-bottom: 0cm; outline: 0px; padding: 0px; transition: all 0.5s ease; vertical-align: baseline;"><a href="http://www.priyankgada.blogspot.com/" style="background: 0px 0px; border: 0px; box-sizing: border-box; color: blue; outline: 0px; padding: 0px; text-decoration: none; transition: all 0.5s ease; vertical-align: baseline;"><span style="background: 0px 0px; border: 0px; box-sizing: border-box; color: black; outline: 0px; padding: 0px; transition: all 0.5s ease; vertical-align: baseline;"><span style="background: 0px 0px; border: 0px; box-sizing: border-box; font-family: "glegoo"; outline: 0px; padding: 0px; transition: all 0.5s ease; vertical-align: baseline;"><span style="background: 0px 0px; border: 0px; box-sizing: border-box; font-size: 13pt; outline: 0px; padding: 0px; transition: all 0.5s ease; vertical-align: baseline;">www.priyankgada.blogspot.com</span></span></span></a></div><div align="LEFT" style="background: 0px 0px; border: 0px; box-sizing: border-box; margin-bottom: 0cm; outline: 0px; padding: 0px; transition: all 0.5s ease; vertical-align: baseline;"><a href="http://www.youtube.com/c/priyankgada" style="background: 0px 0px; border: 0px; box-sizing: border-box; color: blue; outline: 0px; padding: 0px; text-decoration: none; transition: all 0.5s ease; vertical-align: baseline;"><span style="background: 0px 0px; border: 0px; box-sizing: border-box; color: black; outline: 0px; padding: 0px; transition: all 0.5s ease; vertical-align: baseline;"><span style="background: 0px 0px; border: 0px; box-sizing: border-box; font-family: "glegoo"; outline: 0px; padding: 0px; transition: all 0.5s ease; vertical-align: baseline;"><span style="background: 0px 0px; border: 0px; box-sizing: border-box; font-size: 13pt; outline: 0px; padding: 0px; transition: all 0.5s ease; vertical-align: baseline;">www.youtube.com/c/priyankgada</span></span></span></a></div><div align="LEFT" style="background: 0px 0px; border: 0px; box-sizing: border-box; margin-bottom: 0cm; outline: 0px; padding: 0px; transition: all 0.5s ease; vertical-align: baseline;"><a href="http://www.facebook.com/webmaster.pg" style="background: 0px 0px; border: 0px; box-sizing: border-box; color: blue; outline: 0px; padding: 0px; text-decoration: none; transition: all 0.5s ease; vertical-align: baseline;"><span style="background: 0px 0px; border: 0px; box-sizing: border-box; color: black; outline: 0px; padding: 0px; transition: all 0.5s ease; vertical-align: baseline;"><span style="background: 0px 0px; border: 0px; box-sizing: border-box; font-family: "glegoo"; outline: 0px; padding: 0px; transition: all 0.5s ease; vertical-align: baseline;"><span style="background: 0px 0px; border: 0px; box-sizing: border-box; font-size: 13pt; outline: 0px; padding: 0px; transition: all 0.5s ease; vertical-align: baseline;">www.facebook.com/webmaster.pg</span></span></span></a></div><div align="LEFT" style="background: 0px 0px; border: 0px; box-sizing: border-box; margin-bottom: 0cm; outline: 0px; padding: 0px; transition: all 0.5s ease; vertical-align: baseline;"><a href="http://www.twitter.com/group_flexi" style="background: 0px 0px; border: 0px; box-sizing: border-box; color: blue; outline: 0px; padding: 0px; text-decoration: none; transition: all 0.5s ease; vertical-align: baseline;"><span style="background: 0px 0px; border: 0px; box-sizing: border-box; color: black; outline: 0px; padding: 0px; transition: all 0.5s ease; vertical-align: baseline;"><span style="background: 0px 0px; border: 0px; box-sizing: border-box; font-family: "glegoo"; outline: 0px; padding: 0px; transition: all 0.5s ease; vertical-align: baseline;"><span style="background: 0px 0px; border: 0px; box-sizing: border-box; font-size: 13pt; outline: 0px; padding: 0px; transition: all 0.5s ease; vertical-align: baseline;">www.twitter.com/group_flexi</span></span></span></a></div><div align="LEFT" style="background: 0px 0px; border: 0px; box-sizing: border-box; margin-bottom: 0cm; outline: 0px; padding: 0px; transition: all 0.5s ease; vertical-align: baseline;"><br style="box-sizing: border-box; outline: 0px; transition: all 0.5s ease;" /></div><div align="LEFT" style="background: 0px 0px; border: 0px; box-sizing: border-box; margin-bottom: 0cm; outline: 0px; padding: 0px; transition: all 0.5s ease; vertical-align: baseline;"><span style="background: 0px 0px; border: 0px; box-sizing: border-box; color: black; outline: 0px; padding: 0px; transition: all 0.5s ease; vertical-align: baseline;"><span style="background: 0px 0px; border: 0px; box-sizing: border-box; font-family: "glegoo"; outline: 0px; padding: 0px; transition: all 0.5s ease; vertical-align: baseline;"><span style="background: 0px 0px; border: 0px; box-sizing: border-box; font-size: xx-small; outline: 0px; padding: 0px; transition: all 0.5s ease; vertical-align: baseline;">Please note all the content is copyright (c) material of Priyank Gada. Using this without permissions should be prohibited .</span></span></span></div></div></div></div></div></article></div></div></div></div></div></div></div></div></div>Malik korrichhttp://www.blogger.com/profile/12435381533518749134noreply@blogger.com0tag:blogger.com,1999:blog-6912841111048382718.post-90621028201898868532016-09-02T05:52:00.000-07:002016-10-03T06:20:28.998-07:00A Critical Vulnerability in Inteno RoutersSecurity researchers are warning users regarding new critical vulnerabilities in Inteno routers, which could allow remote attackers to replace the firmware on a device to take complete control over it and monitor the internet traffic.<br /><br />According to <a href="https://www.f-secure.com/en_GB/welcome" rel="nofollow" target="_blank">F-Secure</a>, the issue affects the Inteno EG500, FG101, DG201 routers. However, more models could be affected, but it couldn’t be sure due to the vendor’s unwillingness to cooperate.<br /><br />F-Measure claimed the issue in January but, when the vendor replied two months later it argued that software issues are dealt with the operators that sell the equipment to the end users.<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjMyblTA9pZqV-XYoiJSI0jox4PMzTWZlOW1DgTvn233xXLs9dCWOx371DRI5dRbNSCy1ix_S8RIzX_D-k5vJWeJ3nHn5IckV3igW1oUtr3qqjHfuT70-HFqIVsWsz7dq6XoWfaVTL34H3E/s1600/A+Critical+Vulnerability+in+Inteno+Routers.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjMyblTA9pZqV-XYoiJSI0jox4PMzTWZlOW1DgTvn233xXLs9dCWOx371DRI5dRbNSCy1ix_S8RIzX_D-k5vJWeJ3nHn5IckV3igW1oUtr3qqjHfuT70-HFqIVsWsz7dq6XoWfaVTL34H3E/s1600/A+Critical+Vulnerability+in+Inteno+Routers.png" /></a></div><br /><br />The vulnerability itself is associated with the fact that several router models don’t validate the Auto Configuration Server (ACS) certificates. This means that it will allow an attacker to launch Man in the Middle (MITM) attack between ACS and the device and gain full administrative access to the router, allowing them to refresh the firmware.<br /><br />The implications of such a flaw are potentially serious, according to F-Secure cyber security expert, Janne Kauhanen. He warned:<br /><br />“By changing the firmware, the attacker can change any and all rules of the router. Watching video content you’re storing on another computer? So is the attacker. Updating another device through the router? Hopefully it’s not vulnerable like this, or they’ll own that too”.<br /><br />Although, HTTPS traffic is encrypted and won’t be beneficial if hacked by the attacker, but they can still redirect all your traffic to malicious sites that enable them to drop malware on your machine.<br /><br />However, if HTTPS is not implemented and the attacker is able to launch Man in the Middle attack, then there is no way left to prevent a successful exploitation. Janne Kauhanen told Infosecurity:<br /><br />“Gaining a MitM position is not trivial, but it’s not outside the realm of possibilities either, whether physically attacking a whole building by breaking into the distribution trunk in the building or using software tricks to route network traffic through a malicious site”.<br /><br />F-Secure recommended users to keep browsers and other software updated to prevent hackers exploiting any flaws. The use of effective and well known antivirus software is suggested to prevent any malware downloads and to use a VPN to encrypt internet traffic and prevent hackers gaining that initial foothold into the network.<br /><div><br /></div>Malik korrichhttp://www.blogger.com/profile/12435381533518749134noreply@blogger.com0tag:blogger.com,1999:blog-6912841111048382718.post-65356175013730928092016-09-01T03:07:00.000-07:002016-10-03T06:24:29.044-07:00Breaking The Great Wall of Web - XSS WAF Evasion CheatSheet<div dir="ltr" style="text-align: left;" trbidi="on"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEibRy6goTXeuHA_L7eAwJ-WgkkzVcb9Olv9Z63WxH0MFegk9eqeKQ_f64-ee-1xBxQ32tZLCamKBqunXW9w3GGKOapBTkL6JYsMJrpa-eCWVeCfPRd-rk_wuVoIsF3OxcCuTeCe0ULOFSk/s1600/14017993_1098329660221427_1648848796_n.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="640" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEibRy6goTXeuHA_L7eAwJ-WgkkzVcb9Olv9Z63WxH0MFegk9eqeKQ_f64-ee-1xBxQ32tZLCamKBqunXW9w3GGKOapBTkL6JYsMJrpa-eCWVeCfPRd-rk_wuVoIsF3OxcCuTeCe0ULOFSk/s640/14017993_1098329660221427_1648848796_n.png" width="452" /></a></div><br />I think it's mandatory to give back to Security community from where we learn cutting edge techniques and information. Therefore after months of effort i am presenting to you a new WhitePaper titled "<b><u>Breaking Great Wall of Web</u></b>" without any strings attached.<br /><b><br /></b> <br /><h2>Acknowledgements</h2>I would like to thank the <a href="http://acunetix.com/">Acunetix Team</a> for helping with proof-reading of the document. <br /><div class="separator" style="clear: both; text-align: center;"><a href="http://www.acunetix.com/" target="_blank"><img border="0" height="128" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhCVBddnQS-4VtX30PBm-XLo_wWXewKkycea7yuzyBoIn4WpDmoRDyupnj9By5i1xdcvlDBj2R1MXBhyphenhyphenrypnqAFHl_gtni1q-ItsYsaXoFsEMoA8Pjst0G-eegt5o_wMa4Rpn8L9myQeb8/s320/acunetix-big-logo.png" width="320" /></a></div><h2>Background</h2><br /><b><br /></b>The WhitePaper not only contains sophisticated XSS vectors but it aims at also explaining the methodology behind bypassing a WAF. The previous paper on this subject "<b><a href="http://www.rafayhackingarticles.net/2013/12/bypassing-modern-wafs-xss-filters-cheat.html" target="_blank">Bypassing Modern WAF's XSS Filters - Cheat Sheet</a>" </b>was released 3 years back. A lot has changed and evolved during these years, especially with the advent of ECMA Script a new horizon for evasion/obfuscation have been opened. I have already discussed/demonstrated several techniques presented in this whitepaper in my recent Webcast hosted by <b>Garage4hackers</b> team namely "<a href="http://www.rafayhackingarticles.net/2016/05/bypassing-modern-wafs-exemplified-at-xss.html" target="_blank"><b>Bypassing Modern WAF's Exemplified At XSS</b></a>".<br /><br /><h2>Abstract </h2><br /><br /> Input Validation flaws such as XSS are the most prevailing security threats affecting modern Web Applications. In order to mitigate these attacks Web Application Firewalls (WAF's) are used, which inspect HTTP requests for malicious transactions. Nevertheless, they can be easily bypassed due to the complexity of JavaScript in Modern browsers. In this paper we will discusses several techniques that can be used to circumvent WAF’s exemplified at XSS.<br /><br />This will paper talk about the concepts of WAF’s in general, identifying and fingerprinting WAF’s and various methodologies for constructing a bypass. The paper discusses well known techniques such as Brute Forcing, Regular expression reversing and browser bugs for bypassing WAF’s.<br /><br /><div style="text-align: center;"><a href="http://sh3ifu.com/paper/" rel="nofollow" target="_blank"><img src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjgEt3ugS3Cxe38qLO7ErMi1l6Z0daQu1qORgQGqghsnzIvp3tNJwL14h05SxrlGn9gQAMGcnIZh4RpWcp8AyBfMSai8NKn2h9VAireb5Lw9O8lDsgRpgHjHmCvz_f3FG6_-ripF0d_oIU/s320/Download-button.jpg" /></a></div></div>Malik korrichhttp://www.blogger.com/profile/12435381533518749134noreply@blogger.com0tag:blogger.com,1999:blog-6912841111048382718.post-81674234454579537882016-08-28T22:52:00.000-07:002016-10-03T06:20:29.071-07:00Want to become Security Engineer?The risk of financial and reputation damage caused by a data breach has led to greater demand for security engineers, and a growing skills gap. However, with a growing skills gap comes greater opportunity for a fulfilling and lucrative career as a security engineer.<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg7DywOby2ukp8tXQJp_ud4VqI1l3hcDcXLJK7dKnBq9_Svaz0s8TsKjsyNJj7R7aKYE_DXOY5MJ56OQbpLzwl7_qMdAIkrEZHF6J_aDEU2vFGqlpLd0y43MxDuxQQuaBI0FASKxv0QpMb_/s1600/Want+to+become+Security+Engineer-.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg7DywOby2ukp8tXQJp_ud4VqI1l3hcDcXLJK7dKnBq9_Svaz0s8TsKjsyNJj7R7aKYE_DXOY5MJ56OQbpLzwl7_qMdAIkrEZHF6J_aDEU2vFGqlpLd0y43MxDuxQQuaBI0FASKxv0QpMb_/s1600/Want+to+become+Security+Engineer-.png" /></a></div><br /><br /><b>So the question is what security engineer is and what skills are required to be one?</b><br /><br />A typical responsibility for a security engineer includes installing and maintaining hardware and software (firewalls, antivirus, and intrusion detection) to reduce security risks within an organization.<br /><br />The security engineer role is about building and maintaining IT security solutions that help organizations to stay protected against cyber threats. This differs from a security analyst, who is concerned with organizational awareness, policy and governance risk management.<br /><br /><b>Skills and Qualification:</b><br /><br />To become a security engineer, in term of qualification, an employee should have a bachelor’s degree in a technical subject. Such as: computer science, cyber security, mathematics, engineering or science.<br /><br />While experience in network security is beneficial, and certification with industry standard technologies like Juniper, Blue Coat, Checkpoint, Palo Alto Networks, Cisco IOS or Sophos Enterprise Portal would be a bonus. There is also a range of internationally recognized certifications from organizations such as: CEH, CISSP and (ISC).<br /><br /><b>Tips:</b><br /><br />A tip to become security engineer is to start learning new skills straight away. Watch YouTube videos, subscribe to security blogs and keep up-to-date on recent hacks in the news.<br /><br />Remember, you don't need a Masters in Cyber Security or ten years experience to become security engineer. An enthusiastic attitude and understanding of the main industry challenges can take you a long way.<br /><br />Moreover, you can also learn different practical based security courses to gain some practical knowledge, a security engineer requires both practical and theoretical backgrounds of security measure that are used to secure organization and it’s information system.<br /><div><br /></div>Malik korrichhttp://www.blogger.com/profile/12435381533518749134noreply@blogger.com0tag:blogger.com,1999:blog-6912841111048382718.post-71293398960649083482016-08-26T23:12:00.000-07:002016-10-03T06:20:29.145-07:00How to win against Phishing attacks?<div dir="ltr" style="text-align: left;" trbidi="on">A Phishing email will typically direct the user to visit a website where they are asked to update personal information, such as a password, credit card, social security, or bank account numbers, that the legitimate organization already has.<br /><br />Phishing attacks are originated by an attacker from a remote location using some authentic or similar to authentic sources. That tends user to click on their links and disclose their personal information.<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEieHDcXiGSrV6NCbbR6QoN0fs3nukG7tX8ZhvNO2dPHP4yk7Z1B0zt50OLHUKcjKXq3iYebCtXwYaBi9Brkt5hmdMk_cgu2lgwRstkG5waWGfk-Tn51vOumL1Qr9ldmvICUWSIdVvDTghAf/s1600/How+to+win+against+Phishing+attacks-.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEieHDcXiGSrV6NCbbR6QoN0fs3nukG7tX8ZhvNO2dPHP4yk7Z1B0zt50OLHUKcjKXq3iYebCtXwYaBi9Brkt5hmdMk_cgu2lgwRstkG5waWGfk-Tn51vOumL1Qr9ldmvICUWSIdVvDTghAf/s1600/How+to+win+against+Phishing+attacks-.png" /></a></div><br /><br />The attackers can run a Phishing campaign that takes only five minutes to put together, and within 25 minutes they get the access to corporate data that can lead to an organization-wide breach.<br /><br />There are some ways to win against these types of attacks.<br /><br /><b>Check source of Incoming email:</b><br /><br />Your bank or other financial institution will never ask you to give your financial detail, passwords or other personal information by email. Never respond to these emails, and in case of any doubt, call your bank for clarification.<br /><br /><b>Never follow your bank website link from emails:</b><br /><br />You should manually logon to your bank’s website, instead of following the provided links through email. It may take you to a dummy page that attacker have created to steal your login information.<br /><br /><b>Enhance security of your computer:</b><br /><br />Being observing is the key to identify the suspicious activities to protect your computer, but you should install a good antivirus solution to block these types of attacks. In addition, also keep your system and antivirus updated to detect latest attacks and malware.<br /><br /><b>Serve your sensitive data over private and protected websites only:</b><br /><br />There are many websites that are not secured, that are acquiring personal details without any security. Avoid such websites and make sure that you are connected to private and secured network and computer before sending your personal and classified information.<br /><br /><b>Have any doubt? Don’t risk it:</b><br /><br />Just in case you have a doubt that the website is acting abnormally or redirecting you towards unnecessary pages, stop there and don’t risk your information. This is the most basic technique to avoid Phishing attacks.<br /><br />These are some of the basic techniques to overcome and win against the Phishing attacks, but the organizations should also need to create network strategies to restrict users to access only trusted websites. Additionally, emails should be monitored continuously to block malicious links.<br /><div><br /></div></div>Malik korrichhttp://www.blogger.com/profile/12435381533518749134noreply@blogger.com0tag:blogger.com,1999:blog-6912841111048382718.post-21431328508963224332016-08-25T23:00:00.000-07:002016-10-03T06:20:29.224-07:00Why your security awareness program fails?The best way to protect organizations from cyber threat is to train employees, conduct an awareness program that enables them to work securely. Although risk is everywhere, millions of people become victim of identity theft each year and the number is rising.<br /><br />Even the best cyber security solution can’t protect your organization when your employees are unaware of the severity of their routine practice. Regular awareness can train them to handle threats at a granular level.<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgwnMlAbwEarjP7LldoqqmaCPLX5ODXxPVtQSlofycET7C6vrP6MqZkE3Rw7U6aPl4y_jtnS3HVpjocuRN3qO57GMHK-ZBN4a9pa-_FEuD59Ivg2WVJp87KKMoR80CkKAf_j58m8uPjPOIK/s1600/Why+your+security+awareness+program+fails-.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgwnMlAbwEarjP7LldoqqmaCPLX5ODXxPVtQSlofycET7C6vrP6MqZkE3Rw7U6aPl4y_jtnS3HVpjocuRN3qO57GMHK-ZBN4a9pa-_FEuD59Ivg2WVJp87KKMoR80CkKAf_j58m8uPjPOIK/s1600/Why+your+security+awareness+program+fails-.png" /></a></div><br /><br />Many organizations failed to provide successful security awareness to their employees. There are certain deficiencies in awareness programs that are relevant to the poor state of the awareness in many organizations.<br /><br /><b>Poor Governance:</b><br /><br />The greatest deficiency in most of the awareness programs is that they focus on what not to do instead of focusing on what they are supposed to do. Implementation of good security related behavior is the main purpose of this awareness program. In other words, security awareness programs should be the promotion of behaviors defined in governance.<br /><br />Security policies and procedures are not referred when conducting day to day tasks; it is the major flaw that skips the detection of threats on a routine bases.<br /><br /><b>Relying on Fear:</b><br /><br />In many organizations, the awareness program lacks the positive promotion of procedures and techniques. This is a gross mistake that makes security awareness program a big flop. Organizations are more concerned with frightening the employees so they adopt the awareness tips, surprisingly, it left employee afraid to do their basic routine task.<br /><br />Awareness program should not scare the employees; instead make them more confident to look ahead while performing their tasks safely.<br /><br /><b>The Hacker Mentality:</b><br /><br />The main objective of awareness program is to tell people that how a hacker can hack them and then telling not to fall victim to it. For example, they will tell you how a hacker can ask for your password over the phone, but you should not give out your password over the telephone.<br /><br />The deficiency in telling what not to do specifically is that the hacker will apply other techniques to acquire the passwords. They can ask the employee to modify registry files in the computer, as they are not told to deny such activity in an awareness program.<br /><br /><b>Bad Technical Security:</b><br /><br />The users should not be allowed to install software on systems, therefore ransomware should not be allowed to install on a system, if a user opens a malicious file. Storage devices should be encrypted and access to the suspicious and unsafe website should be prohibited.<br /><br />Although, users are aware of threats and security, but leaving technical security can be dangerous. It will work as a second layer to the end user that is securely operating. Poor technical security enables the inevitable user failing to become a serious incident.<br /><br /><b>Treating Awareness as an ordinary activity:</b><br /><br />While treating awareness program as ordinary activity, you are allowing insecure access to the internet from your own employees. It can be disastrous to the organization if attacker compromises or trick user to gain access.<br /><br />Making awareness program the top priority is the only solution to overcome many threats at initial and base level. Many organization think it’s unnecessary to do so, and it changes the whole scenario when came in contact to any cyber attack.<br /><br />The underlying problem is that security awareness programs are more difficult to implement than most security professionals want to acknowledge. It requires appropriate knowledge, skills, and abilities to implement a security awareness program more effectively. Organizations should consider not repeating such common mistakes to make their security awareness program successful.<br /><div><br /></div>Malik korrichhttp://www.blogger.com/profile/12435381533518749134noreply@blogger.com0tag:blogger.com,1999:blog-6912841111048382718.post-38863673194217286602016-08-24T23:59:00.000-07:002016-10-03T06:20:29.311-07:00Brutus: The Password Cracker<div dir="ltr" style="text-align: left;" trbidi="on">Brutus is one of the most powerful, fastest and most flexible remote passwords cracking tool available freely that you can get your hands on. Brutus password cracker bangs against network services of remote systems trying to guess passwords by using a dictionary and permutations thereof. It supports HTTP, POP3, FTP, SMB, TELNET, IMAP, NNTP, and more. It is only available for Windows 9x, NT and 2000 and other versions of Windows.<br /><br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgoO6rL9w5jKH2S7KXd8k5M0_mxmkoUFIRvWTzlalqlhBkTxLzwGiYj4TZ6Lt3UfcxwvinQ89tmg-hJUN59VYClrOyxBvWhcXsIdUzjH3DECfbYGYWs06L1mK0H_csOR1lRMLr-683Fmy-p/s1600/Brutus-+Password+Cracker.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgoO6rL9w5jKH2S7KXd8k5M0_mxmkoUFIRvWTzlalqlhBkTxLzwGiYj4TZ6Lt3UfcxwvinQ89tmg-hJUN59VYClrOyxBvWhcXsIdUzjH3DECfbYGYWs06L1mK0H_csOR1lRMLr-683Fmy-p/s1600/Brutus-+Password+Cracker.png" /></a></div><br />Brutus was written originally to help me check routers etc. for default and common passwords.<br /><h3>Features</h3>Brutus version AET2 is the current release and includes the following authentication types:<br /><br />•<span class="Apple-tab-span" style="white-space: pre;"> </span>HTTP (Basic Authentication)<br />•<span class="Apple-tab-span" style="white-space: pre;"> </span>HTTP (HTML Form/CGI)<br />•<span class="Apple-tab-span" style="white-space: pre;"> </span>POP3<br />•<span class="Apple-tab-span" style="white-space: pre;"> </span>FTP<br />•<span class="Apple-tab-span" style="white-space: pre;"> </span>SMB<br />•<span class="Apple-tab-span" style="white-space: pre;"> </span>Telnet<br /><br />Other types such as IMAP, NNTP, NetBus etc are freely downloadable from this site and simply imported into your copy of Brutus. You can create your own types or use other peoples.<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjF1UBPKxDwZUMGimWLjJAjUr2b7YWEIBxcQuPehwUXLqvUY3NyEnszT_4UtpPAJS9ieyic-dH3WZTPJj7MXIiu1Tvkvlo7BCWsFDvQxns9kdN0nOsrKpoAmFVISfKd3grEhMwl7xsqY5jY/s1600/brutus-5218766a.gif" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjF1UBPKxDwZUMGimWLjJAjUr2b7YWEIBxcQuPehwUXLqvUY3NyEnszT_4UtpPAJS9ieyic-dH3WZTPJj7MXIiu1Tvkvlo7BCWsFDvQxns9kdN0nOsrKpoAmFVISfKd3grEhMwl7xsqY5jY/s1600/brutus-5218766a.gif" /></a></div><br /><br />The current release includes the following functionality:<br /><br />•<span class="Apple-tab-span" style="white-space: pre;"> </span>Multi-stage authentication engine<br />•<span class="Apple-tab-span" style="white-space: pre;"> </span>60 simultaneous target connections<br />•<span class="Apple-tab-span" style="white-space: pre;"> </span>No username, single username and multiple username modes<br />•<span class="Apple-tab-span" style="white-space: pre;"> </span>Password list, combo (user/password) list and configurable brute force modes<br />•<span class="Apple-tab-span" style="white-space: pre;"> </span>Highly customizable authentication sequences<br />•<span class="Apple-tab-span" style="white-space: pre;"> </span>Load and resume position<br />•<span class="Apple-tab-span" style="white-space: pre;"> </span>Import and Export custom authentication types as BAD files seamlessly<br />•<span class="Apple-tab-span" style="white-space: pre;"> </span>SOCKS proxy support for all authentication types<br />•<span class="Apple-tab-span" style="white-space: pre;"> </span>User and password list generation and manipulation functionality<br />•<span class="Apple-tab-span" style="white-space: pre;"> </span>HTML Form interpretation for HTML Form/CGI authentication types<br />•<span class="Apple-tab-span" style="white-space: pre;"> </span>Error handling and recovery capability inc. resume after crash/failure.<br /><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="http://dw.cbsi.com/redir?ttag=restart_download_click&ptid=3001&pagetype=product_pdl&astid=2&edid=3&tag=link&siteid=4&destUrl=&onid=2344&oid=3001-2344_4-10455770&rsid=cbsidownloadcomsite&sl=en&sc=us&topicguid=desktop%2Flaunchers-shutdown&topicbrcrm=&pid=104" rel="nofollow" target="_blank"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj_wKRAqcdqLMRqW6SvjY2lk3EP2qjvI1hWctVg38lpnYQldfnxqt7wN4bVoADVqvl6GmBPwUtDtOS_E3S8yWL5XkpHM1nkLxYC0cVAauGLB2G2Lw3W-zkIWkbfCsTs6st4YIClhvuyQKdR/s1600/698860-icon-129-cloud-download-128.png" /></a></div><div class="separator" style="clear: both; text-align: center;"><a href="http://dw.cbsi.com/redir?ttag=restart_download_click&ptid=3001&pagetype=product_pdl&astid=2&edid=3&tag=link&siteid=4&destUrl=&onid=2344&oid=3001-2344_4-10455770&rsid=cbsidownloadcomsite&sl=en&sc=us&topicguid=desktop%2Flaunchers-shutdown&topicbrcrm=&pid=104" rel="nofollow" target="_blank">Download Now</a></div><div><br /></div></div>Malik korrichhttp://www.blogger.com/profile/12435381533518749134noreply@blogger.com0tag:blogger.com,1999:blog-6912841111048382718.post-77092297172940629752016-08-19T05:33:00.000-07:002016-10-03T06:20:29.394-07:00UFONet - DDoS Botnet via Web Abuse <div dir="ltr" style="text-align: left;" trbidi="on">UFONet - is a free software tool designed to test <a href="http://www.ehacking.net/search/label/DDOS">DDoS</a> attacks against a target using 'Open Redirect' vectors on third party web applications like botnet.<br /><br />It abuses OSI Layer 7-HTTP to create/manage 'zombies' and to conduct different attacks using; GET/POST, multi-threading, proxies, origin spoofing methods, cache evasion techniques, etc.<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgYWIEs3Md0J7i30qTl9KGHlwq-ZEdmMnlF2EBBl44tCqCwlLgVwyOOJPYqAbppQffDPWLk6Vb_3EoKshjVLYhc5L_5lcd9nxOqKjSzaS509vO-vxruBr7baXW7-edEiU3JhdTN6pRRByc/s1600/ufonet-gui4-ddos+attack.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgYWIEs3Md0J7i30qTl9KGHlwq-ZEdmMnlF2EBBl44tCqCwlLgVwyOOJPYqAbppQffDPWLk6Vb_3EoKshjVLYhc5L_5lcd9nxOqKjSzaS509vO-vxruBr7baXW7-edEiU3JhdTN6pRRByc/s1600/ufonet-gui4-ddos+attack.png" /></a></div><br /> UFONet runs on many platforms. It requires Python (2.x.y) and the following libraries:<br /><br /><blockquote class="tr_bq"> python-pycurl - Python bindings to libcurl<br /> python-geoip - Python bindings for the GeoIP IP-to-country resolver library</blockquote><br /> On Debian-based systems (ex: Ubuntu), run:<br /><br /><blockquote class="tr_bq"> sudo apt-get install python-pycurl python-geoip</blockquote><br /><h3 style="text-align: left;">Attacking a target:</h3> Enter a target to attack with a number of rounds:<br /><br /> ./ufonet -a http://target.com -r 10<br /><br />On this example UFONet will attacks the target a number of 10 times for each 'zombie'. That means that if you have a list of 1.000 'zombies' it will launch 1.000 'zombies' x 10 rounds = 10.000 requests to the target.<br /><h3 style="text-align: left;"><br />Special attacks:</h3><br />UFONet uses different ways to exploit 'Open Redirect' vulnerabilities. For example: You can use UFONet to stress database on target by requesting random valid strings like search queries:<br /><br /> ./ufonet -a http://target.com --db "search.php?q="<br /><br /><a href="https://ufonet.03c8.net/" rel="nofollow" target="_blank">Download and read more at ..</a></div>Malik korrichhttp://www.blogger.com/profile/12435381533518749134noreply@blogger.com0tag:blogger.com,1999:blog-6912841111048382718.post-75611589824778819532016-08-18T03:06:00.000-07:002016-10-03T06:20:29.465-07:00Hacking CCTV Camera System in 30 Seconds! <div dir="ltr" style="text-align: left;" trbidi="on">Security researcher Zayed Aljaberi, the founder of <a href="http://wesecure.ae/" rel="nofollow" target="_blank">wesecure.ae</a> has demonstrated the process to hack into the CCTV camera system in just 30 seconds. Here is what he has to say:<br /><br />Recently, attacks on the CCTV Camera System are increasing. Hackers can easily spy into your camera system without your knowledge everywhere and everytime they want.<br /><br />So, I decided to buy CCTV Camera System and try to hack it. Unfortunately, it was easy to bypass the login authentication. It took me less than 2 min two discover the vulnerability.<br /><br />At the end of this presentation:-<br /><br /><ul style="text-align: left;"><li>You will be able to hack CCTV Camera System of this product (PROLAB)</li><li>Understand how to spy everywhere not only at same network locally.</li><li>Increasing the security of the CCTV Camera System.</li></ul><br /><br />Presentation: <a href="https://docs.google.com/presentation/d/10cmvMBh_jBuebClGNgqYbOily8G0RojM7osS88xNllA/edit?usp=sharing" rel="nofollow" target="_blank">https://docs.google.com/presentation/d/10cmvMBh_jBuebClGNgqYbOily8G0RojM7osS88xNllA/edit?usp=sharing</a><br /><br /><br /><br />POC:<br /><center><iframe allowfullscreen="" frameborder="0" height="315" src="https://www.youtube.com/embed/qEZ11YdG-HI" width="420"></iframe></center><br /><a href="https://www.linkedin.com/pulse/hack-cctv-camera-system-30-seconds-zayed-aljaberi?trk=prof-post" rel="nofollow" target="_blank">His original post</a></div>Malik korrichhttp://www.blogger.com/profile/12435381533518749134noreply@blogger.com0tag:blogger.com,1999:blog-6912841111048382718.post-50385963042379200442016-08-17T06:30:00.000-07:002016-10-03T06:20:29.554-07:00Want Challenge? Get in the OSINT Challenge Training<div dir="ltr" style="text-align: left;" trbidi="on">Do you want to become an OSINT expert in just 7 weeks? Would you like to take this challenge started by EH Academy? Yes, EH Academy doing wonders as usual. And this time, the academy has <span style="color: blue;"><b><a href="http://academy.ehacking.net/courses/7-weeks-open-source-intelligence-training-challenge?product_id=145383&coupon_code=OSI30E" target="_blank">launched an interactive training session</a></b> </span>that aim to teach the open source intelligence techniques.<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiHSSTN791uDfyuXkrxjZia-4ueZ2fL-LDP2jZtLZxmi9_I-p3JDlv09y-e5vnQzVWxgIh3LTCBY0Q9qPsqYjwtJO2soryWPKBWqlngg9yoU3tyWHp8Ax8E8sb7RxFM9kKt365tCDj1RZU/s1600/OSINT+2+%25281%2529.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="334" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiHSSTN791uDfyuXkrxjZia-4ueZ2fL-LDP2jZtLZxmi9_I-p3JDlv09y-e5vnQzVWxgIh3LTCBY0Q9qPsqYjwtJO2soryWPKBWqlngg9yoU3tyWHp8Ax8E8sb7RxFM9kKt365tCDj1RZU/s640/OSINT+2+%25281%2529.png" width="640" /></a></div><br /><br />The course intends to train people in <b>7 weeks</b>; the course comprises of the real-world scenarios, tools, techniques and procedures to find the confidential information from <b>Deep, Dark and World Wide Web</b>. Students will get the procedure to dig in the technology infrastructure, social networking websites, dark net and other platforms to find and process the acquired data. Some key topics are:<br /><br /><center><iframe allowfullscreen="" frameborder="0" height="315" src="https://www.youtube.com/embed/RirPoo8vwm4" width="560"></iframe></center><ul style="text-align: left;"><li>Searching the web, advanced queries, mega and meta search engines</li><li>Scanning the technology infrastructure</li><li>Locating the incoming threats by using open threat intelligence techniques</li><li>Locating an individual or company using social networking and people search engine websites</li><li>Satellite imagery and other street views</li><li>Reversing to find the GEO location of the target</li><li>Verifying and investigating cellular numbers</li><li>Access restricted information</li><li>Digging in document sharing websites, auction sites, academic papers and more for the information</li><li>Analyzing the acquired information and draft the final report with recommendation</li></ul><div>You can avail the discount (<b>51% OFF</b>) by using the following coupon code:</div><div><br /></div><div><b><a href="http://academy.ehacking.net/courses/7-weeks-open-source-intelligence-training-challenge?product_id=145383&coupon_code=OSI30E" target="_blank"><span style="color: red; font-size: large;">OSI30E</span></a></b></div></div>Malik korrichhttp://www.blogger.com/profile/12435381533518749134noreply@blogger.com0