Welcome to the next edition of Hakin9. In this issue we focus on Offensive Programming. Many of you probably wonder how to define this popular term. Honestly, it is as broad as the topics of the articles
put together in this issue. Their content should be an accurate answer to such wondering. So let’s start with basics presented in the article ‘How To Use Offensive Security by Programming, Exploits And Tools. Then focus on attack tools like BeEF Bind, Hydra, Snort and DNSamp discussed in detail in the following
articles. The defense will show you how to secure your software and websites, but also contain a great article by Aladdin Gurbanov, which is a kind of prelude to forthcoming issue about malware. Finally we invite you to read article by Johannes Brodwall. The author shows a completely different perspective on the Offensive Programming, but advices that article contains will help fine-tune your programs
to the limit. Hakin9′s Editorial Team would like to give special thanks to the authors, betatesters and proofreaders.
We hope our effort was worthwhile and the Hakin9 Offensive Programming issue will appeal to you. We wish you a nice read.
How To Use Offensive Security by Programming, Exploits And Tools
By Akshay Bharganwar
Innovator, Entrepreneur, Public Speaker – ICTTF and Indian Cyber Army and HANS
The Interest for “Offensive Security” has increased the last couple of years. This happened because criminals have moved to the digital world, using computers and computer networks to commit crimes.
Interview with Akshay Bharganwar
By Radoslaw Sawicki
Exploiting Internal Network Vulnerabilities via the Browser Using BeEF Bind
By Ty Miller
CEO and Founder at Threat Intelligence
Browser exploits are a primary attack vector to compromise a victim’s internal systems, but they have major restrictions. Instead of exploiting the victim’s browser, what if the victim’s browser exploited their internal systems for you?
Using Hydra To Crack The Door Open
By Nikolaos Mitropoulos
CCNA, JNCIA and JNCIS-SEC
Take advantage of a cracking tool to test the resilience of your local or remote network servers and various other devices from a computer to router on the network.
Processing of PCAP files with Snort
By Steven McLaughlin,
Network Security Manager at NSW Ambulance Service
PCAP files are something which security and network administrators analyse on a regular basis. But how often do you process your packet capture files through an IDS engine to see what alerts it generates?
Session Hijacking Through Cross-site Scripting (XSS)
By Danny Chrastil
Senior Security Consultant at BT Global Services
Tired of explaining to clients how an alert() box is a valid proof of concept for a XSS vulnerability. You should be. The truth is that providing a straightforward proof-of-concept code for XSS attacks involving session hijacking, is not so straightforward.
How to run a Phishing Campaign
By Robert Simon
Senior Information Security Engineer
Learn how to create a phishing campaign to test and train associates on phishing emails. Use the statistics collected to identify the success rate of the email as well as which links were the most successful in engaging the recipient.
Offensive Python – DNSamp – Building a Denial of Service DNS Amplification Tool
By Andrew King
BS:IT, MS:ISA, MCITP, CCIE RS Candidate
In this article we will craft a DNS amplification tool, because a friend of mine wanted one. It’s a thing, and it should exist. It’s an in process, and we’ll include as much as we can.
Review of Vulnerabilities and Loss of Confidential Data Within Social Networks
By Jeremy Canale
CEO and Founder at AnoSearch
In this article we will discuss most recent vulnerability found on famous social networks and we will see how a malicious user has extracted a lot of information and in the last case, has taken full control of an account.
By Michael Christensen (Certified Business Continuity and It-Security Consultant -
CISSP, CSSLP, CRISC, CCM ISO:22301, CPSA, ISTQB and PRINCE2) and Danny Camargo (IT Consultant at outforce A/S, MCSE)
How to defend yourself from becoming a victim of a hacker? Programmers all over the world are working hard to write secure code, but some are taking the “ostrich” approach – with their head buried deep in the sand! Reading this magazine, however, you are probably not one of these.
Instead you get a new mission: Spread the word of “how to secure the code…”
By Aladdin Gurbanov
Malware Researcher & Analyst at Innotec System and Etelgy
First alert was detected by Kaspersky Lab in June 4, 2013. Describing in its topic some well- encrypted files. Sound’s very interesting, worth’s to take a look.
By Johannes Brodwall
Programmer and firestarter, Chief scientist at Exilesoft, Organizer of Oslo XP Meetup
Interview with Johannes Brodwall
By Radoslaw Sawicki
Ashampoo MP3 Cover Finder Review
By Casey Parman