Connect with us

News

BASIC ARTICLES ON HACKING FOR BEGINNERS

Published

on

EXPLOITING SOFTWARE
A Quick Reference To Metasploit Framework
By Abhinav Singh, the author of “Metasploit penetration testing cookbook,” a contributor of SecurityXploded community

Metasploit is currently the most widely used and recommended penetration testing framework. The reason which makes metasploit so popular is the wide range of tasks that it can perform to ease the work of penetration testing. The article is a quick introduction to the framework and various terminologies related to it.

My First Hack, Basic Introduction To Metasploit Framework
By Guglielmo Scaiola, I.T. Pro since 1987, MCT, MCSA, MCSE, Security +, Lead Auditor ISO 27001, ITIL, eCPPT, CEI, CHFI, CEH and ECSA

Hey Guys, are you ready for 0wning our first machine?
Yes, today we go together in the word of ethical hacking, we try to exploit our first machine, but not like a script kiddies, but with the five step of professional pentest…yes the machine has onboard an old operating system, yes the exploit is also old, but I hope you understand all our step and, with patience and study, you can exploit in the same manner newer machine….
The article addresses Metasploit Framework.

How To Capture Web Exploits With Fiddler
By Jerome Segura, A Senior Malware Research at Malwarebytes

Drive-by attacks are the most common infection vector and have been so for several years. The Exploit Kit market is also thriving and the kits getting more sophisticated and pricier. Whether you suspect your own site has been infected or you are a security researcher tracking down malicious URLs, Fiddler is a very capable and useful tool to help you identify traffic patterns, malicious code and exploit URLs. The article is about using this tool.

How To Reverse Engineer .NET files
By Jaromir Horejsi, A computer virus researcher and analyst

When a reverse engineer wants to analyze an executable program, he usually grabs a specialized piece of software called debugger which helps him to analyze and trace parts of the code which he is interested in. Executable files can be divided into two main groups – native executables and interpreted executables. Native executables are such programs that can be directly run in the native language of a particular CPU family. There are no additional conversion steps necessary in order for the instructions in the program to be executed. On the other hand, interpreted executables are such programs, that are compiled into intermediate ( managed ) code, which is a CPU independent set of instructions. The article describes the process of reverse engineering the .net files.

FORENSICS
An Introduction To Microsoft Windows Forensics
By Akshay Bharganwwar, a representative of INDIAN CYBER ARMY, HANS-ANTI HACKING SOCIETY & INTERNATINAL CYBER THREAT TASK FORCE.

The Interest in “Computer forensics” has increased in the last couple of years. This happened because criminals have moved to the digital world, using computers and computer networks to commit crimes. This article has been written to give an introduction to the world of computer forensics and explain how to apply it to windows computers.

Digital Forensics On The Apple OSX Platform
By David Lister, CISSP, CASP, CCISO, CCNA, CEH, ECSA, CPT, RHCSA, Security+

Forensic studies on the OS X and Apple Macintosh family of computers have been previously focused on low level details of the filesystem or specific applications. This article attempts to look at the forensic process from a perspective of the field examiner, when encountering an OS X 10.4 and greater system using EFI based firmware.
The goal of this paper is to provide an overview of forensics techniques that can be used against a target system running Apple’s OS X operating system.

HACKING
A Beginners Guide To Ethical Hacking
By Deepanshu Khanna, Linux Security Researcher and Penetration Tester at “Prediqnous – Cyber Security & IT Intelligence”

Computer hacking is the practice of altering computer hardware and software to carry out a goal outside of the creator‘s original intention. People who slot in computer hacking actions and activities are often entitled as hackers.
The majority of people assume that hackers are computer criminals. They fall short to identify the fact that criminals and hackers are two entirely unrelated things. Media is liable for this. Hackers in realism are good and extremely intelligent people, who by using their knowledge in a constructive mode help organizations, companies, government, etc. to secure credentials and secret information on the Internet. The article focuses on Ethical Hacking.

Hack Again, From Servers to Clients
By Guglielmo Scaiola, I.T. Pro since 1987, MCT, MCSA, MCSE, Security +, Lead Auditor ISO 27001, ITIL, eCPPT, CEI, CHFI, CEH and ECSA

Hi Guys, are you ready for our second hack?
In the first article we have seen how to hack a server, for do this we need one open port, one service listening, one daemon started, but if our network scan display only closed port? Or if the target is one or more client? Ok, don’t worry, in this article we will learn a client side attack, this is a “type” of attack and not “one” attack, we have a lot of client side exploits, some of that are based on application like java or acrobat reader, normally the big problem in client side attacks is to convince the client to open a web page or something like that.

How To Perform SQL Injection And Bypass Login Forms Like A Pro
By James Tan, ISO 27001, CISSP, CCSK, CISA, eCPPT, PMP

Have you ever wondered how ‘hackers’ managed to bypass login forms without knowing the username and password? In the movies, the ‘hacker’ would be shown performing some form of smart guess work or trying variants of the username and password pair at double time (brute-force). SQL Injection Attack (SQLIA) is probably too tough for Hollywood material but it is very common. Many remotely accessible applications are using some form of SQL server. Believe it or not, to ‘hackers’ advantages, there are developers who are still ignorant about the risks and preventions of SQLIA. The article focuses on these injections.

How To Become A Penetration Tester
By Preston Thornburg, A Senior Penetration Tester, worked for Rapid7, Knowledge Consulting Group, International Business Machines, Mantech International, and Sun Microsystems

In an age of drive-by malware, corporate espionage, and cyber-warfare, the web seems anything but ‘safe.’ The field of Information Security has flourished and as a result, the art of pro-active penetration testing has been born. There are hundreds of tools at your disposal, forums drenched in data, and online video tutorials at every corner but the million-dollar question remains – where do you begin? In this article you will learn about penetration testing.

Passwords Cracking: Theory And Practice
By Theodosis Mourouzis, A PhD student at University College London and Marios Andreou, MSc in Information Security from Royal Holloway (The University of London’s Information Security Group)

In this article, we discuss the usability of passwords in different applications and we also categorize them according to their entropy, or more simply according to how easily they can be cracked. We analyse the state-of-art regarding different password cracking techniques like brute-force and dictionary attacks and lastly we explain how one can use some existing ready software for recovering passwords used in some applications.

Fedora Security Spin – An All-in-one Security Toolbox
By Abdy Martínez, Telecommunications Administrator at AES Panama, specialized in Network / Information Security and Forensics

It is important for a hacker to have all the tools and software necessaries to perform a successful exploitation. Or if you are an ethical hacker (I love the word “ethical”), you will need a powerful set of tools to perform a penetration testing. Here we will check an excellent toolbox for that… no, it is not BackTrack. It is a great alternative called Fedora Security Spin.
In this article, you will learn about security tools, mainly Fedora Security Spin, what software it includes (not only to perform penetration testing), the benefits, advantages and features of this Fedora spin.

CLOUD
Intrusion Detection System (IDS): An Approach To Protecting Cloud Services
By Fahad F. Alruwaili, An Information Security Consultant, PhD Student, Research Assistant, and Full Time Lecturer at Shaqra University

For the past couple of years, major concerns have been addressed in regard to cloud computing environment. One of the highest concerns was security and compliance. In this paper I will discuss the importance of Intrusion Detection System (IDS) in protecting the different elements of cloud computing services and the current challenges. My approach is to establish a tentative framework to implement IDS in the online cloud environment via the utilization of process auditing and policy compliance to address some of the security control challenges. My approach has great value to those who consider using on-demand access cloud services and have concerns with the protection against malicious act.

Understanding Cloud Security Issues
By Moshe Ferber, One of Israel’s leading information security experts

In the middle of the first decade of the new millennium, Amazon faced business and technology issues: Business was very seasonal, as there was a demand for computing resources. For example, the powerful computer systems needed to cope with the Christmas shopping frenzy lay idle for the rest of the year. They say that was the scenario that gave birth to the new concept – after all, Amazon is the retail giant, so instead of just books and toys, somebody was clever enough to ask: why not market computing resources to our consumers? In 2006, this idea evolved into Amazon Web Services, which generate an estimated, annual income for Amazon of around one and a half billion dollars (Amazon does not publish the direct results of AWS). This move turned Amazon into the leading market
provider of infrastructure as a service (IaaS) and compute services to hundreds of thousands of customers.

SECURITY
How To Store Data Securely On Android Platform
By Stefano fi Franciska, Software analyst/developer

As an Android developer, you will need to store some data related to your applications. As you will know, there are lots of ways to store persistent data: databases, files, or preferences, either on internal or removable storage. Each of them presents some advantages and — of course — some problems if you want your data to be stored securely.
This article explores the various possible ways to store data on android, analyzing possible attacks and countermeasures, and it provides you with an almost secure way to store data, using strong cryptography. As a result, you will learn how to implement AES256 cryptography in your applications.

How To Secure Web Applications
By Vahid Shokouhi, An Information Security Consultant experienced in Service Provider environments

Applications and hence application security have become day to day topic and subject almost everywhere. We use many types of web applications and their functions in our daily activities; like Online shopping, Web mail services, Search engines, E-Banking, etc. There is no doubt that application security is now a major concern for both different kinds of Service Providers and Clients.
This article aims to open new points of view on root causes of vulnerabilities and principles and guidelines to secure our application, independent of Programming Language and their functions.

CouchDB – Database For Web And Mobile Platforms
By Zana Ilhan, A Senior Software Architect and Cloud Team Leader at a hi-tech R&D company

CouchDB is a new breed of database for web and mobile platforms, geared to meet needs of today’s dynamic web and mobile applications. With this article, you’ll learn how CouchDB’s simple model for storing, processing and accessing data makes it ideal for the type of data and rapid response users now demand from your applications. You’ll also learn how easy CouchDB is to set up, deploy, maintain and scale.

How To Get Maximum Security Of Your Information
By Ahmed Fawzy, CEH-ECSA-ITIL-MCP-MCPD-MCSD-MCTS-MCT

Everyone of us needs to secure his/her own information against disclosure, intrusion and theft, initially there is no product which name is security and which you can buy to be secure… this is a fact widely known and agreed between all security professionals around the globe, the security is an attitude and best practices. When you develop this attitude of security and implement the best practices you will be as secure as possible but this is no one hundred sure security in any system or solution. In this article Ahmed discusses the best security practices and the top advices provided by the ethical hackers and security professionals

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

News

4 Important Tips for Having a Vacation Abroad

Published

on

4 Important Tips for Having a Vacation Abroad

Are you planning to go abroad but still don’t know what to prepare? People dream of going abroad, especially to countries like America and Europe. If this is your first time going abroad, you should check the following tips!

Prepare All Important Documents

The first thing you need to do is prepare important documents. For example, passports, ID cards, visas, and international driving licenses if you are going to drive abroad. Make sure you know whether the country you are going to visit is visa-free or not. For Southeast Asian countries, the Maldives and Turkey are visa-free, so you only have to have a passport. But a visa is still needed if you want to go to South Korea, Europe, or America. Make sure to scan your document and save it in the cloud like Google Drive or iCloud. Oh, yes, remember to check your vaccination status. Because every country needs your health information.

Make Itineraries

Itinerary is important for those who want to travel abroad. The reason is holidays abroad cost a lot of money, so when you can, take advantage of it with a well-planned schedule. Research in detail the tourist destinations you want to visit. For example, what is unique in it, ticket prices, transportation to get there, to the distance from the inn you’re staying. Remember to include places to eat that you want to try. Make sure the place to eat is according to your preferences, such as halal or free of certain food allergies.

Book Tickets in Advance

When you know how long you will be on vacation with the itinerary that has been prepared, it’s time to book plane tickets and lodging. Find cheap tickets by:

  1. Using promos and discounts on travel agent applications.
  2. Comparing which price is lower and what kind of facilities you will get.
  3. Choosing accommodation that fits your budget but is still comfortable.

Oh yes, also remember to check how the pandemic situation is in the country you are going to visit. Do you have to quarantine or not? Because it will affect your itinerary and accommodation. Due to the pandemic conditions that have not fully recovered, check whether there is still Indonesia quarantine after returning from vacation.

Exchange Money and Check Your ATM Cards

Exchange your currency into the destination country’s currency, for example, yen, euros, dollars, won, and others. But remember, don’t carry too much cash because it’s also prone to theft, besides being wasteful. For the rest, you can do cashless transactions. Check your bank’s ATM card to see if it has Visa, MasterCard, or Cirrus logos. This row of stamps indicates that your bank is working with banks abroad. Or you can also use a credit card to make your transaction easier.

Continue Reading

News

Down 43%, Is This Tech Stock Worth Buying Right Now?

Published

on

Down 43%, Is This Tech Stock Worth Buying Right Now?

Skyworks Solutions (NASDAQ: SWKS) announced its fiscal 2022 fourth-quarter results (for the three months ended September 30) on November 3, and the supplier Apple’s stock price has risen 11% since then.

Skyworks beat expectations and showed solid growth at a time when smartphone sales were declining, but forecasts show the chipmaker is about to hit a bump. With that said, let’s take a closer look at the latest results from the chipmaker. Let’s take a closer look at whether the stock can sustain new momentum after losing 43% of its value in 2022.

Skyworks solutions deliver reliable results for non-mobile businesses
Skyworks’ fourth-quarter revenue increased 7% year-over-year to a record $1.4 billion. The company also reported non-GAAP (adjusted) earnings of $3.02 per share, up 15% year-over-year. Skyworks easily justified analyst estimates of $2.91 per share. For the year, the company’s revenue increased 7% to $5.5 billion and earnings rose similarly to $11.24 per share.

The strong growth of chipmakers in the fourth quarter was the result of successful diversification into new markets such as Internet of Things (IoT) and automotive, as well as relationships with major smartphone original equipment manufacturers (OEMs). Yes, it helped make up for it. Weakness in the smartphone market. space. However, it was the non-mobile business that put a lot of effort into Skyworks last quarter.
As CFO Chris Sennesael noted in the report, the company generated $500 million in revenue from broad market segments (counting chip sales for non-mobile applications like IoT), up 30% from the previous year. Last earnings conference call. Broad market companies contributed 36% of Skyworks’ revenue last quarter, up from 29% in the same period last year.

It’s also worth noting that Skyworks earned $2 billion in revenue from this segment for the entire fiscal year. That’s almost 43% more than the $1.4 billion in revenue last fiscal year. The good news is that the company’s business in a wide range of markets can maintain its momentum. This is because, as Skyworks showed in its earnings report, it is attracting new customers in high-growth niches like IoT.

“In IoT, we continue to win new customers and expand our content. We have partnered with Vodafone to launch the UK’s first WiFi 6E platform. We have launched a solution for Fi 6 hotspots.”

Skyworks also enables the deployment of O-RAN (Open Radio Access Network) and delivers record quarterly results in the high-growth automotive business niche. For example, the O-RAN market is expected to grow at an annual rate of 42% until 2030. Meanwhile, according to Mordor Intelligence, the demand for connected cars will grow by 19% per year until 2027.

These catalysts explain why Skyworks expects its broad commercial segment of the market “to be a major driver in FY23 and beyond.”

The mobile business was not in its best last quarter
Skyworks’ mobile business generated approximately $907 million in revenue last quarter (this is total revenue minus $500 million from the broader market business). By comparison, 71% of Skyworks’ $1.31 billion in revenue last year came from its mobile business, worth nearly $931 million.

Thus, the company’s mobile business, which generates most of its revenue, declined year-over-year in the most recent quarter. This is not surprising given that smartphone sales have been declining for the past five quarters. Skyworks considers Apple its biggest client, with the smartphone giant generating 58% of its revenue last year.

Last quarter, Apple shipped 48.5 million smartphones, 6.4% more than last year. However, the overall smartphone market was down 9% year-over-year. And now things could get even worse for Skyworks.

All of this explains why Skyworks management is targeting a sharp drop in sales and profits. The chipmaker expects revenue of $1.3 billion to $1.35 billion and adjusted earnings of $2.59 per share in the first quarter of fiscal 2023. These numbers show double-digit declines in both revenue and earnings compared to the last year.

Continue Reading

News

Tech Shares May Weigh On Taiwan Stock Market

Published

on

Tech Shares May Weigh On Taiwan Stock Market

(RTTNews) – The Taiwanese stock market fell nearly 230 points (1.7%) on Tuesday after falling for two days. The Taiwan Stock Exchange is currently just above the 14,700 plateau, but selling pressure is likely to resume on Wednesday.

The global outlook for Asian markets is mixed, with little change ahead of major economic events that could affect the interest rate outlook. European and US markets were mixed and flat, followed by Asian equities.

The Tokyo Stock Exchange closed sharply higher on Tuesday after gains in financial, technology and cement stocks.

The index closed at 14,709.64, up 152.77 points (1.05%) after trading between 14,449.05 and 14,716.58.
Among assets, Cathay Financial was up 3.45%, Mega Financial was up 1.78%, CTBC Financial was up 2.93%, Fubon Financial was up 2.94%, First Financial was up 1.35%, E Sun Financial rose 1.66%, Taiwanese semiconductor company rose 1.35% and United Microelectronics rose 1.35%. Corporation and Catcher Technology rose 0.56%, Largan Precision shed 0.22%, MediaTek rose 1.42%, Delta Electronics rose 1.71%, Novatek Microelectronics rose 0.51%, China Steel rose 0.51%. 2.87%, Formosa Plastics shed 0.22%, Nan Ya Plastics rose 0.92%, Asia cement rose 1.48%, Taiwanese cement rose 1.67%, and Hon Hai Precision remained unchanged.

Wall Street’s lead indicates a slight negative bias as the leading average rose, then fell in the middle of the session, but then rose to end the mix almost unchanged.

The Dow rose 3.07 points (0.01%) to close at 33,852.53, while the NASDAQ fell 65.72 points (0.59%) to close at 10,983.78, and The S&P 500 fell 6.31 points (0.16%) to 3957.63.

Volatile trading on Wall Street comes amid continued uncertainty about the situation in China following widespread outcry over the country’s Covid restrictions.

Traders may also have been reluctant to make any significant moves ahead of comments from Federal Reserve Chairman Jerome Powell today that could provide further clues about the rate outlook. Unemployment data continues to be released on Friday.

In terms of economic news, the Conference Board released a report showing a moderate decline in US consumer confidence in November.

Crude oil futures ended higher on Tuesday, extending gains from the previous session on hopes that OPEC could cut production to support prices later this week. West Texas intermediate oil futures rose $0.96, or 1.2%, to $78.20 a barrel in January.

Continue Reading

Trending