I am happy to present you with this very first issue of our new project – Hakin9 Starter Kit. This issue will address various topics connected with IT Security. Although the line is mainly devoted to those of you who would like to start they journey with hacking, we strongly believe that each and every reader of ours will find something interesting here. For these, the issue an be regarded as a perfect repetition of the knowledge you already have.
Despite the fact that this issue addresses various topics, the following ones will stress particular topics like tools, methods, technologies or devices. With this first issue we wanted to shed some light on the structure and content of the whole project.
This time you will find sections as: Exploiting Software, Forensics, Hacking, Cloud and Security.
In case you were interested in writing a basic article for our forthcoming editions, please feel free to contact us at firstname.lastname@example.org.
We are really interested in your opinions on our new line too.
Please send them to the aforementioned mailing address.
Hope you enjoy the magazine!
A Quick Reference To Metasploit Framework
By Abhinav Singh, the author of “Metasploit penetration testing cookbook,” a contributor of SecurityXploded community
Metasploit is currently the most widely used and recommended penetration testing framework. The reason which makes metasploit so popular is the wide range of tasks that it can perform to ease the work of penetration testing. The article is a quick introduction to the framework and various terminologies related to it.
My First Hack, Basic Introduction To Metasploit Framework
By Guglielmo Scaiola, I.T. Pro since 1987, MCT, MCSA, MCSE, Security +, Lead Auditor ISO 27001, ITIL, eCPPT, CEI, CHFI, CEH and ECSA
Hey Guys, are you ready for 0wning our first machine?
Yes, today we go together in the word of ethical hacking, we try to exploit our first machine, but not like a script kiddies, but with the five step of professional pentest…yes the machine has onboard an old operating system, yes the exploit is also old, but I hope you understand all our step and, with patience and study, you can exploit in the same manner newer machine….
The article addresses Metasploit Framework.
How To Capture Web Exploits With Fiddler
By Jerome Segura, A Senior Malware Research at Malwarebytes
Drive-by attacks are the most common infection vector and have been so for several years. The Exploit Kit market is also thriving and the kits getting more sophisticated and pricier. Whether you suspect your own site has been infected or you are a security researcher tracking down malicious URLs, Fiddler is a very capable and useful tool to help you identify traffic patterns, malicious code and exploit URLs. The article is about using this tool.
How To Reverse Engineer .NET files
By Jaromir Horejsi, A computer virus researcher and analyst
When a reverse engineer wants to analyze an executable program, he usually grabs a specialized piece of software called debugger which helps him to analyze and trace parts of the code which he is interested in. Executable files can be divided into two main groups – native executables and interpreted executables. Native executables are such programs that can be directly run in the native language of a particular CPU family. There are no additional conversion steps necessary in order for the instructions in the program to be executed. On the other hand, interpreted executables are such programs, that are compiled into intermediate ( managed ) code, which is a CPU independent set of instructions. The article describes the process of reverse engineering the .net files.
An Introduction To Microsoft Windows Forensics
By Akshay Bharganwwar, a representative of INDIAN CYBER ARMY, HANS-ANTI HACKING SOCIETY & INTERNATINAL CYBER THREAT TASK FORCE.
The Interest in “Computer forensics” has increased in the last couple of years. This happened because criminals have moved to the digital world, using computers and computer networks to commit crimes. This article has been written to give an introduction to the world of computer forensics and explain how to apply it to windows computers.
Digital Forensics On The Apple OSX Platform
By David Lister, CISSP, CASP, CCISO, CCNA, CEH, ECSA, CPT, RHCSA, Security+
Forensic studies on the OS X and Apple Macintosh family of computers have been previously focused on low level details of the filesystem or specific applications. This article attempts to look at the forensic process from a perspective of the field examiner, when encountering an OS X 10.4 and greater system using EFI based firmware.
The goal of this paper is to provide an overview of forensics techniques that can be used against a target system running Apple’s OS X operating system.
A Beginners Guide To Ethical Hacking
By Deepanshu Khanna, Linux Security Researcher and Penetration Tester at “Prediqnous – Cyber Security & IT Intelligence”
Computer hacking is the practice of altering computer hardware and software to carry out a goal outside of the creator‘s original intention. People who slot in computer hacking actions and activities are often entitled as hackers.
The majority of people assume that hackers are computer criminals. They fall short to identify the fact that criminals and hackers are two entirely unrelated things. Media is liable for this. Hackers in realism are good and extremely intelligent people, who by using their knowledge in a constructive mode help organizations, companies, government, etc. to secure credentials and secret information on the Internet. The article focuses on Ethical Hacking.
Hack Again, From Servers to Clients
By Guglielmo Scaiola, I.T. Pro since 1987, MCT, MCSA, MCSE, Security +, Lead Auditor ISO 27001, ITIL, eCPPT, CEI, CHFI, CEH and ECSA
Hi Guys, are you ready for our second hack?
In the first article we have seen how to hack a server, for do this we need one open port, one service listening, one daemon started, but if our network scan display only closed port? Or if the target is one or more client? Ok, don’t worry, in this article we will learn a client side attack, this is a “type” of attack and not “one” attack, we have a lot of client side exploits, some of that are based on application like java or acrobat reader, normally the big problem in client side attacks is to convince the client to open a web page or something like that.
How To Perform SQL Injection And Bypass Login Forms Like A Pro
By James Tan, ISO 27001, CISSP, CCSK, CISA, eCPPT, PMP
Have you ever wondered how ‘hackers’ managed to bypass login forms without knowing the username and password? In the movies, the ‘hacker’ would be shown performing some form of smart guess work or trying variants of the username and password pair at double time (brute-force). SQL Injection Attack (SQLIA) is probably too tough for Hollywood material but it is very common. Many remotely accessible applications are using some form of SQL server. Believe it or not, to ‘hackers’ advantages, there are developers who are still ignorant about the risks and preventions of SQLIA. The article focuses on these injections.
How To Become A Penetration Tester
By Preston Thornburg, A Senior Penetration Tester, worked for Rapid7, Knowledge Consulting Group, International Business Machines, Mantech International, and Sun Microsystems
In an age of drive-by malware, corporate espionage, and cyber-warfare, the web seems anything but ‘safe.’ The field of Information Security has flourished and as a result, the art of pro-active penetration testing has been born. There are hundreds of tools at your disposal, forums drenched in data, and online video tutorials at every corner but the million-dollar question remains – where do you begin? In this article you will learn about penetration testing.
Passwords Cracking: Theory And Practice
By Theodosis Mourouzis, A PhD student at University College London and Marios Andreou, MSc in Information Security from Royal Holloway (The University of London’s Information Security Group)
In this article, we discuss the usability of passwords in different applications and we also categorize them according to their entropy, or more simply according to how easily they can be cracked. We analyse the state-of-art regarding different password cracking techniques like brute-force and dictionary attacks and lastly we explain how one can use some existing ready software for recovering passwords used in some applications.
Fedora Security Spin – An All-in-one Security Toolbox
By Abdy Martínez, Telecommunications Administrator at AES Panama, specialized in Network / Information Security and Forensics
It is important for a hacker to have all the tools and software necessaries to perform a successful exploitation. Or if you are an ethical hacker (I love the word “ethical”), you will need a powerful set of tools to perform a penetration testing. Here we will check an excellent toolbox for that… no, it is not BackTrack. It is a great alternative called Fedora Security Spin.
In this article, you will learn about security tools, mainly Fedora Security Spin, what software it includes (not only to perform penetration testing), the benefits, advantages and features of this Fedora spin.
Intrusion Detection System (IDS): An Approach To Protecting Cloud Services
By Fahad F. Alruwaili, An Information Security Consultant, PhD Student, Research Assistant, and Full Time Lecturer at Shaqra University
For the past couple of years, major concerns have been addressed in regard to cloud computing environment. One of the highest concerns was security and compliance. In this paper I will discuss the importance of Intrusion Detection System (IDS) in protecting the different elements of cloud computing services and the current challenges. My approach is to establish a tentative framework to implement IDS in the online cloud environment via the utilization of process auditing and policy compliance to address some of the security control challenges. My approach has great value to those who consider using on-demand access cloud services and have concerns with the protection against malicious act.
Understanding Cloud Security Issues
By Moshe Ferber, One of Israel’s leading information security experts
In the middle of the first decade of the new millennium, Amazon faced business and technology issues: Business was very seasonal, as there was a demand for computing resources. For example, the powerful computer systems needed to cope with the Christmas shopping frenzy lay idle for the rest of the year. They say that was the scenario that gave birth to the new concept – after all, Amazon is the retail giant, so instead of just books and toys, somebody was clever enough to ask: why not market computing resources to our consumers? In 2006, this idea evolved into Amazon Web Services, which generate an estimated, annual income for Amazon of around one and a half billion dollars (Amazon does not publish the direct results of AWS). This move turned Amazon into the leading market
provider of infrastructure as a service (IaaS) and compute services to hundreds of thousands of customers.
How To Store Data Securely On Android Platform
By Stefano fi Franciska, Software analyst/developer
As an Android developer, you will need to store some data related to your applications. As you will know, there are lots of ways to store persistent data: databases, files, or preferences, either on internal or removable storage. Each of them presents some advantages and — of course — some problems if you want your data to be stored securely.
This article explores the various possible ways to store data on android, analyzing possible attacks and countermeasures, and it provides you with an almost secure way to store data, using strong cryptography. As a result, you will learn how to implement AES256 cryptography in your applications.
How To Secure Web Applications
By Vahid Shokouhi, An Information Security Consultant experienced in Service Provider environments
Applications and hence application security have become day to day topic and subject almost everywhere. We use many types of web applications and their functions in our daily activities; like Online shopping, Web mail services, Search engines, E-Banking, etc. There is no doubt that application security is now a major concern for both different kinds of Service Providers and Clients.
This article aims to open new points of view on root causes of vulnerabilities and principles and guidelines to secure our application, independent of Programming Language and their functions.
CouchDB – Database For Web And Mobile Platforms
By Zana Ilhan, A Senior Software Architect and Cloud Team Leader at a hi-tech R&D company
CouchDB is a new breed of database for web and mobile platforms, geared to meet needs of today’s dynamic web and mobile applications. With this article, you’ll learn how CouchDB’s simple model for storing, processing and accessing data makes it ideal for the type of data and rapid response users now demand from your applications. You’ll also learn how easy CouchDB is to set up, deploy, maintain and scale.
How To Get Maximum Security Of Your Information
By Ahmed Fawzy, CEH-ECSA-ITIL-MCP-MCPD-MCSD-MCTS-MCT
Everyone of us needs to secure his/her own information against disclosure, intrusion and theft, initially there is no product which name is security and which you can buy to be secure… this is a fact widely known and agreed between all security professionals around the globe, the security is an attitude and best practices. When you develop this attitude of security and implement the best practices you will be as secure as possible but this is no one hundred sure security in any system or solution. In this article Ahmed discusses the best security practices and the top advices provided by the ethical hackers and security professionals