Friday, 8 July 2022

Phreaker

Phreaking is a slang term for hacking into secure telecommunication networks. The term phreaking originally referred to exploring and exploiting the phone networks by mimicking dialing tones to trigger the automatic switches using whistles or custom blue boxes designed for that purpose. Generally speaking, curiosity about how phone networks operated motivated phreaks, rather than a desire to defraud telecommunications companies. Phreaking has become synonymous with hacking now that networks have gone cellular and cracking them requires more clearly illegal methods.

Phreaks - a combination of phone and freaks - were a defined subculture in the 1970s. Using relatively low-tech hacks like the plastic whistle from Captain Crunch boxes to the do-it-yourself blue boxes, phreaks maintained a social network similar to that of ham radio enthusiasts. The rising complexity of network security meant that more explicit lines needed to be crossed in order to continue phreaking.

Possibly one of the first phreaking methods used was switch-hooking. It allows the placing of calls from a phone where the rotary dial or keypad has been disabled. It is accomplished by rapidly pressing and releasing the switch hook to open and close the circuit thus simulating the pulses generated by the rotary dial.

Now phreakers are seen as telecommunication hackers, active in phone cloning, bluehacking, network mimicry and other forms of cellular phone hacking.

Thursday, 7 July 2022

Hacktivism

What is hacktivism?

Hacktivism is the act of misusing a computer system or network for a socially or politically motivated reason. Individuals who perform hacktivism are known as hacktivists. Hacktivism is meant to call the public's attention to something the hacktivist believes is an important issue or cause, such as freedom of information, human rights, or a religious point of view. Hacktivists express their support of a social cause or opposition to an organization by displaying messages or images on the website of the organization they believe is doing something wrong or whose message or activities they oppose.

Motivates Hacktivists

Hacktivists usually have altruistic or ideological motives, such as social justice or free speech. Their goal is to disrupt services and bring attention to a political or social cause. For example, hacktivists might leave a visible message on the homepage of a website that gets a lot of traffic or embodies a point of view that the individual or group opposes. Hacktivists often use denial-of-service or distributed DoS (DDoS) attacks where they overwhelm a website and disrupt traffic. Hacktivists want others to notice their work to inspire action or change. They often focus on social change but also target government, business, and other groups that they don't agree with for their attacks. Sending a message and eliciting change trump profit motives for hacktivists.

Hacker and a Hacktivist

Hackers and hacktivists generally use the same tools and techniques to achieve their goals. Unlike hacktivists, hackers are not defined solely by social causes. The answer to the question, "Is hacktivism good or bad?" is a point of debate. The legality of hacktivist acts is less contentious.

DoS and DDoS attacks are federal crimes in the United States under the Computer Fraud and Abuse Act. Those types of attacks are illegal in many other places as well, including the European Union, the United Kingdom, and Australia. Website defacement, where attackers access a website and change its contents, is considered cyber vandalism and a crime. Corporate data theft is also illegal. Opponents of hacktivism argue that these acts cause damage in a forum where there is already ample opportunity for non-disruptive free speech. Others insist that such acts are the equivalent of peaceful protest and, therefore, are protected as a form of free speech. Hacktivists often consider their activities a form of civil disobedience, meaning they are willfully breaking a law to further their protest.

Types of hacktivism

Hacktivists use a variety of techniques to get their message across. Their tactics include the following:

Anonymous blogging.

Activists, whistleblowers, and journalists use this tactic. It protects the blogger while providing a platform for them to speak out about an issue, such as human rights violations or oppressive government regimes.

DoS and DDoS attacks

Hacktivists use these attacks to prevent users from accessing targeted computer systems, devices, or networks. DoS and DDoS attacks flood systems with traffic, overwhelm resources, and make them difficult to access.

Doxing

This involves the gathering of information -- through hacking or social engineering -- about a person or organization and making it public. The information is typically sensitive and is sometimes used in extortion schemes.

Geobombing

This technique enables internet users to add a geotag to YouTube videos to display the location of the video on Google Earth and Google Maps. Hacktivists use geobombing to display the location of videos posted by political prisoners and human rights activists.

Leaking information

This is a popular activist tactic. Typically, an insider source will access sensitive or classified information -- which implicates an individual, organization or government agency in an activity that reflects negatively on them -- and make it public. WikiLeaks is known for publishing leaked data.

RECAP

This software lets users search for free copies of documents that are otherwise only accessible by paying a fee to the United States federal court database known as Public Access to Court Electronic Records (PACER). RECAP is PACER spelled backward.

Website defacement

Hacktivists change a website's code or software so visitors see errors or messages expressing the attacker's point of view. The message may be threatening or embarrassing, or the attack may disable a key function of the site or software to get the hacktivist's message across.

Website mirroring

Here, hacktivists replicate a legitimate website's content but with a slightly different URL. This technique is often used to get around censorship that blocks a site. If a website has been censored, the hacktivist will duplicate the content and attach it to a different URL on a mirror site so the content is still accessible.






Wednesday, 6 July 2022

Script Kiddie

What is a Script Kiddie?

A script kiddie, or skid, is a term that describes a young hacker who has much to learn yet acts as if he or she knows everything. Most of them are teenagers who are in it for fun and treat hacking as a game. Mostly they hack for bragging rights. They also don’t make a real effort to improve their hacking skills. Most don’t even know how to write a hacking program or ‘script’ and are content to pirate those made by others. This lack of skills often leads to their arrest because they leave a trail that’s easy for investigators to track down.

In Internet slang, “script kiddie” is a derogatory term used to describe a person who uses scripts or codes developed by real hackers to attack a network or website. Script kiddies have little to no coding skills, and rely on available tools or exploit kits to carry out an attack. Script kiddies also go by the term’s variations, such as “kiddie” or “skid.

Script Kiddies Hackers

Script kiddies differ from real hackers because they do not understand source codes in any way. In other words, they do not know how the tools they are running work or even how the attack they are engaging functions. These individuals merely download software to use against targets. But they can move on from being a script kiddie to becoming a novice hacker once they start learning proper programming and know the logic behind the codes they use.

According to LiveOverflow, a dedicated YouTube channel for hacking enthusiasts, the term “kodez kiddies” may have been a possible predecessor to the word. It often functions as a derogatory term. “Kodez kiddies” was mentioned several times in 1994 in Yet Another Bulletin Board System (YABBS), which was published by Alex Wetmore, then a freshman at Carnegie Mellon University.

However, the modern use of the term was associated with an exploit called “crontab.” A forum thread from 1996 retrieved from R00t[.]org revealed a conversation between hackers at the time mentioning “script kiddies.”The term also appeared in two articles in a 1998 issue of Phrack[.]org. The author of the first article described the act of using a port scanner to find hosting vulnerabilities as “script kiddie behavior.” The other occurrence of the term in the publication was in a sarcastic remark about a hacking website that got hacked. To wit, the passage read: “Let’s give out scripts that every clueless script kiddie breaks into thousands of sites worldwide.”

Use in Gaming

The gaming community comprises a tight-knit group of developers, hackers, and cheat-devs who peddle game leaks and cheats to a pool of clients. Script kiddies (also known as “enchiladas”) are this community’s version of “hangers-on.” They infiltrate gaming groups and forums to steal the codes that developers intend to sell. That is primarily the reason why script kiddies gained the ire of the gaming community. The other, of course, is that they don’t have the sophisticated skill set in game design or programming.




Tuesday, 5 July 2022

Cracker vs Hacker

Computer cracker

A computer cracker is an outdated term to describe someone who broke into computer systems, bypassed passwords or licenses in computer programs, or intentionally breached computer security. Computer crackers were motivated by malicious intent, for-profit, or just because the challenge was there.

Cracker vs Hacker

The antiquated phrase computer cracker is not used anymore. It was originally proposed as an antonym, or the opposite, of the term hacker. Hackers initially applied to only those who used their computing skills without malicious intent -- they broke into systems to identify or solve technical issues. Skillful technologists with altruistic motives were called hackers; those with bad intent were called computer crackers. This distinction never gained much traction, however.

In 1993, the Internet Users' Glossary defined a hacker as "a person who delights in having an intimate understanding of the internal workings of a system, computers and computer networks in particular. The term is often misused in a pejorative context, where 'cracker' would be the correct term." The Glossary defined a computer cracker as "an individual who attempts to access computer systems without authorization. These individuals are often malicious, as opposed to hackers, and have many means at their disposal for breaking into a system."

The term computer cracker was subsequently subsumed by the term black hat, another outdated term for the threat actor. It should be noted, however, that people today rarely distinguish between ethical hackers and malicious hackers. Although hackers, by definition, do not have malicious intent, some people assume malicious intent when the word is used in an everyday context.

Types of computer crackers

A computer cracker has also referred to users who break into copyrighted software or devices. Jailbreaking is a common example of cracking. Jailbreaking removes restrictions a manufacturer sets in the phone's software. By bypassing the restrictions, the user can perform more advanced functions on the phone or use it on a different network.











Monday, 4 July 2022

PNP Coin (Digital Currenncy)

For All those who are interested in Crypto Currencies Or are Dealing or doing business in Crypto - Please kindly Sign up for this great new PNP Coin from Hong Kong, which is in its earlier stages and is very cheap to buy right now. 

PNP Coin is World’s First Regulated Cryptocurrency – A sound long-term investment that seeks an opportunity in the regulated crypto industry.

Use this link to Sign up 

https://app.pnpcoin.com/invite?ref=UD57348

Helios Groups a well-known wealth management company with over 10 years of experience in the field, has launched its own cryptocurrency, called the PNP coin 

Pnp is the world's first regulated cryptocurrency, which has its roots in Hong kong. It is a kind of cryptocurrency backed up with exciting features and developments.

Unlike other cryptos, PNP is completely regulated and thereby avoids all illegal transactional activities since all transactions are transparent and completely secure.

PNP coin transactions are relatively faster as compared to other cryptocurrencies. PNP coin transactions are done with zero transaction charges.

These transactions are anonymous with no names involved. Your private key is the only link between you and your PNP coins.

The private key is going to be secure, and the money will be kept safe.

It is said to be that there is no age limit for a person to hold the PNP coin. It is believed to change the world within a year’s time with its craze of strategic innovations.

The credibility is also said to be matched each time they bring a new feature.

Helios Groups has already sold 8 million coins before their Initial coin offering. The firm hoped the coin to double its value from 1 HKD to 2 HKD by the end of 2021.

However, a strong response from investors is expected to make the coin hit the 2HKD mark within the next three months.

It is easy to register for PNP Coin and the coin is completely regulated, safe, & secure. Helios Groups has a target to gain at least 1% of the bitcoin community. Even before its ICO,

PNP coin has gained popularity among the Indo-Asian markets as well as other parts of the world.

Helios Groups also offers a private wallet and a custom-made physical coin for its users & crypto investors

The regulated currency has no gas fees and there is no age limit for anyone to hold a PNP coin. All these characteristics make PNP coin different from other cryptocurrencies.

https://app.pnpcoin.com/invite?ref=UD57348


Sunday, 3 July 2022

LiveAction

 

 LiveAction

It is one of the best hacking tools for ethical hacking. It performance issues and reduces security risk with the deep visibility provided by Omnipeek. It is one of the best hacking apps that can diagnose network issues faster and better with LiveAction packet intelligence.


LiveAction is a sophisticated network performance management and QoS control tool that enables you to optimize the end-user experience and business application delivery by effectively managing your application-aware network performance.  LiveAction visually controls your enterprise networks by simplifying the complexity of monitoring, analyzing, and configuring technology areas such as QoS, LAN Switching, NetFlow, FnF, NBAR2, and Medianet, AVC, PfR, Routing, and IP SLA. The latest LiveAction 3.0 release provides improved scalability and guided workflows to quickly resolve business-critical performance issues in your WAN, SaaS, and cloud application, MPLS or DMVPN links, converged wired and wireless connections, and video, VoIP, and BYOD devices.


Features:

Powerful, easy-to-use network forensics software

LiveAction automates the capture of the network data required to quickly investigate security alerts

Software and integrated appliance solutions

Packet intelligence combines deep analysis

This network hacking tool provides rapid resolution of network and security issues

Easy to use Intuitive workflow

Expert and responsive technical support

Onsite deployment for appliances

Commitment to our customers and our products






















Saturday, 2 July 2022

Metasploit

History of Metasploit

The Metasploit Project was undertaken in 2003 by H.D. Moore for use as a Perl-based portable network tool, with assistance from core developer Matt Miller. It was fully converted to Ruby by 2007, and the license was acquired by Rapid7 in 2009, where it remains as part of the Boston-based company’s repertoire of IDS signature development and targeted remote exploit, fuzzing, anti-forensic, and evasion tools.
Portions of these other tools reside within the Metasploit framework, which is built into the Kali Linux OS. Rapid7 has also developed two proprietary OpenCore tools, Metasploit Pro, Metasploit Express.
This framework has become the go-to exploit development and mitigation tool. Prior to Metasploit, pen testers had to perform all probes manually by using a variety of tools that may or may not have supported the platform they were testing, writing their own code by hand, and introducing it onto networks manually. Remote testing was virtually unheard of, and that limited a security specialist’s reach to the local area and companies spending a fortune on in-house IT or security consultants.


Uses Metasploit

Due to its wide range of applications and open-source availability, Metasploit is used by everyone from the evolving field of DevSecOps pros to hackers. It’s helpful to anyone who needs an easy to install, reliable tool that gets the job done regardless of which platform or language is used. The software is popular with hackers and widely available, which reinforces the need for security professionals to become familiar with the framework even if they don’t use it.

Metasploit now includes more than 1677 exploits organized over 25 platforms, including Android, PHP, Python, Java, Cisco, and more. The framework also carries nearly 500 payloads, some of which include:
1) Command shell payloads that enable users to run scripts or random commands against a host
2) Dynamic payloads that allow testers to generate unique payloads to evade antivirus software
3) Meterpreter payloads that allow users to commandeer device monitors using VMC and to take over sessions or upload and download files
4) Static payloads that enable port forwarding and communications between networks.

Uses & Benefits

All you need to use Metasploit once it’s installed is to obtain information about the target either through port scanning, OS fingerprinting or using a vulnerability scanner to find a way into the network. Then, it’s just a simple matter of selecting an exploit and your payload. In this context, an exploit is a means of identifying a weakness in your choice of increasingly harder to defend networks or system and taking advantage of that flaw to gain entry.

The framework is constructed of various models and interfaces, which include msfconsole interactive curses, msfcli to alls msf functions from the terminal/cmd, the Armitag graphical Java tool that’s used to integrate with MSF, and the Metasploit Community Web Interface that supports remote pen testing.

White hat testers trying to locate or learn from black hats and hackers should be aware that they don’t typically roll out an announcement that they’re Metasploiting. This secretive bunch likes to operate through virtual private network tunnels to mask their IP address, and many use a dedicated VPS as well to avoid interruptions that commonly plague many shared hosting providers. These two privacy tools are also a good idea for white hats who intend to step into the world of exploits and pen testing with Metasploit.

As mentioned above, Metasploit provides you with exploits, payloads, auxiliary functions, encoders, listeners, shellcode, post-exploitation code and nops.
You can obtain a Metasploit Pro Specialist Certification online to become a credentialed pen-tester. The passing score to obtain the certification is 80 percent, and the open book exam takes about two hours. It costs $195, and you can print your certificate out once you’re approved.
Prior to the exam, it’s recommended that you take the Metasploit training course and have proficiency or working knowledge:

Windows and Linux OS
Network protocols
Vulnerability management systems
Basic pen testing concepts
Obtaining this credential is a desirable achievement for anyone who wants to become a marketable pen-tester or security analyst.
























Microsoft Thwarts Chinese Cyber Attack Targeting Western European Governments

  Microsoft on Tuesday   revealed   that it repelled a cyber attack staged by a Chinese nation-state actor targeting two dozen organizations...