I’m sure that many of you are planning what to do during summer time, or you are already on holidays, relaxing, and having fun. But don’t forget about us, because we prepared another issue for you!
Metasploit is a well known software that offers many possibilities. It’s used by beginners and specialists across the cybersecurity field. In this issue, we have an amazing tutorial about Cross Site Scripting with Metasploit, in which will learn in this step by step attack scenario how to infect someone's computer. Then Hitansh Kataria in his Metasploit Unleashed: Disabling Firewall & Killing Antivirus will show you how to disable the antivirus and upload any malicious file you want to execute on the victim’s computer. For those of you who prefer different topics, Alex Harasic in his article will show you how to hijack your home IoT appliance. We also have two articles about mobile, both iOS and Android. So if you want to learn more you those systems, you can’t skip those pieces!
Don’t forget to read the rest of the articles, because each of them can show you something new! We appreciate your feedback at all times, so if you have any comments or suggestions, do let us know.
Metasploit Unleashed: Disabling Firewall & Killing Antivirus
by Hitansh Kataria
Metasploit is an exploitation framework that allows attackers to develop and execute the exploit code on the victim’s machine. Written in Ruby, this framework has an immense number of tools and scripts in built with which an attacker can actually have a life long access to the victim’s machine.
Hijacking Your Home IoT Appliance In Two Parts
by Alex Harasic
Last year I bought this cool new heater for the winter that had WiFi connectivity. At first I thought it was pretty cool that I could control it from my phone, but the App was very limited and I could only turn it on, off, and set the temperature. I always thought there could be much more done on these devices with the right hack, for example, to schedule when you want the device to turn on/off, to set the heating power based on the temperature in the house, or to turn on and off the heater when I enter and leave the house. In this article, I'll try to explain how these devices connect, how the protocol in which they communicate works, and lastly how to hijack them and configure them for your own projects.
Metasploit for Pentesters
by Zakaria Brahimi
The objective of this lab is to provide a comprehensive coverage of the Metasploit Framework. We will see how to do pentesting, vulnerability assessment, information gathering, etc., with Metasploit.
Why Metasploit is one the preferred software used by Hackers?
by Moisés Rogério Fernandes
Metasploit is the powerful tool for the Penetration Test that has been used by all Security Analyst and Hackers, too. First, I’d like to show you how to install Metasploit Pro. In my opinion, we have the three best Linux systems to use for the Penetration Test: Kali Linux, Parrot Linux and Cyborg Hawk. All of them have the Metasploit Free version installed, as a default.
Must Have Soft Skills For Software Engineers
by Navjyotsinh Jadeja
With the advances in technology, software engineers are among the most in-demand people. Also, software engineering jobs are becoming the most lucrative and reputed jobs in the world. And most of the engineers around the world believe getting a job requires the desired programming skill set and there you have the best jobs in the world. Not so fast with those decisions. In the survey done in the leading software firms and talking to recruiters, some astonishing facts have come up. In this article, I will try to sum it up for you.
WannaCry: Everything you should know about the deadly Ransomware!
by Navjyotsinh Jadeja
Friday, the 12th of May, will be marked as the day in history when the cyberworld was affected by the biggest ransomware attack so far. The outreach of the ransomware was justified by the colossal damage that occurred and by large cyber defenders that are still worried and running over the infection capabilities of the malware. In the process, a lot of wires have gotten crossed and we figured it’s time to sit down and set the record straight on what we know, what we wish we knew, and what the near future might hold for us going forward.
iOS Pentesting in a Nutshell
by Aditya Vasekar
iOS pentesting is one of the processes that is carried out as a part of audits and mandatory activity across industries considering today’s risks associated with the data and identity theft. Usually, for pentesting iOS applications, a jailbroken device is required and this creates a dependency on the Apple devices. In this section, we will see how to start from setting up a pentesting environment to the advanced assessments of the iOS application.
Android Mobile App Pentesting
by Atul Singh
Mobile application pentesting is an upcoming security testing need that has recently obtained more attention with the introduction of the Android, iPhone, and iPad platforms, among others. Android is the biggest organized base of any mobile platform and developing fast—every day. Besides, Android is rising as the most extended operating system in this viewpoint because of different reasons.
Cisco makes security a little easier with Application Centric Infrastructure
by Jim Warman
Software Defined Networking (SDN) has been a buzzword for many years. Early on it was described as just the separation of the control plane and data plane in a network, and it was thought that the day of needing net- work engineers would be gone. However, over the past 24 months SDN, at least in the data center, has defined itself and proven why it belongs. Security seems to be one of the largest drivers behind SDN, as traditionally it has been an afterthought when putting together converged architectures. Application segmentation and micro-segmentation are key pieces to data center SDN offerings, as we’ll discuss.
Automated Resource Carving From Volatile Memory Dumps On Common Windows Applications
By Alexandre D’Hondt
Pulling resources out of volatile memory dumps is often a rewarding task in the scope of Digital Forensics. However, some resources can sometimes be laborious to retrieve and require many manual actions. This article presents some common techniques and tools focused on the carving of simple resources out of Windows user application memory and proposes a self-contained and extensible tool relying on Python that automates a few series of tasks performed with some well-known forensics tools, like Volatility and Foremost. Furthermore, it addresses resource carving using process memory dump and Virtual Address Descriptor (VAD) dump for some common Windows applications.
Metasploit with XSS (Cross Site Scripting)
by Pprasoon Nigam
Attack Scenario: Attacker will be sending victim an email with his social engineering technique to convince the victim to open a website (which will be vulnerable to XSS vulnerability) and download the malicious file (Trojan file), so that attacker can take all over his system and control it the way he (attacker) want.