Penetration testing helps to secure networks, and highlights the security issues. In this paper investigate different aspects of penetration testing including tools, attack methodologies, and defense strategies. More specifically, we performed different penetration tests using a private networks, devices, and virtualized systems and tools. We predominately used tools within the Kali Linux suite. The attacks we performed included: smartphone penetration testing, MAN IN THE MIDDLE ATTACK(MITM).The paper also outlined the detailed steps and methods while conducting these attacks.
Phase I - The Learning phase
Ethical hacking is not only a cool skill to possess, it's also highly valued by employers. Before you go dive deeper into hacking you must have basic understanding about computer devices and networking. The idea is that you can't hack some thing unless you know how it works. So your first step is to learn how things work. Learning programming languages like C in which the Unix is written will give you deep knowledge about the working of the operating system, memory, etc. Languages like python, perl, ruby, etc will help you in writing scripts and automate your programs which will help you save your time doing tasks . There are plenty of tutorials available in the Internet to learn programming. If you are searching for books I have some recommendations for you.
For the past one year, Android based developments and applications have flooded international markets. Every other application is available on many third-party sites. How do we infer if we are using a legitimate, uninfected copy of the application ?
ADHRIT is an open source tool that can do this task. Basically a malware analysis tool, but can equally be used for CTFs and for APK modifications.
This script is able to extract an executable file with a random name and runs it.unlike other ransom-ware-type viruses, Spora does not rename encrypted files. The aforementioned HTA file also extracts a DOCX file. This file is corrupted and, thus, an error will be displayed once opened. This is being performed to trick victims into believing that the download of email attachments has failed. Following successful encryption, Spora generate a .html and .KEY files (both named using random characters), placing them in all folders that contain encrypted files.
As well as encrypting files, Spora disables Windows Startup Repair, deletes shadow volume copies, and changes BootStatusPolicy. The HTML file contains a ransom-demand message in Russian, which details the encryption and encourages victims to follow instructions provided on Spora's website. To restore files, victims must supposedly pay a ransom. The size of ransom depends on each individual situation and the victim's requirements.
Files targeted are those commonly found on most PCs today; a list of file extensions for targeted files include:
.xls, .doc, .xlsx, .docx, .rtf, .odt, .pdf, .psd, .dwg, .cdr, .cd, .mdb, .1cd, .dbf, .sqlite, .accdb, .jpg, .jpeg, .tiff, .zip, .rar, .7z, .backup
Who can read your private messages? We checked in with some of the most popular messaging apps out there, and here’s what we found.
What is ZeroNet?
ZeroNet is an Open Source project started in 2014 December as an alternative to Project Maelstrom. It is available to all platforms. ZeroNet makes decentralized websites using Bitcoin crypto and BitTorrent network. It looks pretty similar to the regular internet while you are using it, but it works using torrent-like software (Peer-To-Peer) combined with Bitcoin’s encryption. The concept is simple, you install the software you can connect with peers, and then download files which contain the code to run any website you want to visit – that site will then run locally on your own computer. When you leave that site, the files will remain on your computer so you can then start ‘seeding’ them – sharing them with peers who may wish to visit that site in the future. One of the great features is that you can access a ZeroNet site even if you are not connected to the internet. The site remains online as long as at least 1 peer serving it.
How It Works?
About the Author
DedSec is all about technology and threats to it. This blog will give you latest and most recent technology innovation as well as latest threats we are facing in this world.