• LOGIN
  • No products in the cart.

Portable Hacking Setup

Download
File
Portable Hacking Setup.pdf

Dear readers,

The spring is finally here, the first ray of sunshine has appeared. For those of you that celebrate it, Happy Easter! We hope that you had an amazing time with your family and friends during the Easter time.

Today we would like to present you the newest issue of Hakin9 Magazine. This time you will have a chance to read a few articles dedicated to threat hunting, its methodologies and tools. Samrat Das and Amine Amhoume wrote articles that will show you the theoretical part of threat hunting. For a more hands-on approach, you must read the text written by Biswashree Byomakesh Dash.

For those of you that are not interested in threat hunting, we have prepared other articles. Let's start with Portable Hacking Setup by Robert Fling. In this amazing tutorial you will learn how to use Raspberry Pi to construct your own pentesting device. And if you are looking for more articles about Raspberry Pi, don’t forget to check “Drop boxes on steroids” written by Paul Mellen. He presented this topic in 2013 at Hackerhalted in Atlanta.The article is updated accordingly to changes in our industry. If you have more interest in Arduino technology, I recommend reading “RubberUno” by Samir Maia Domingues Bastos and Renato Basante Borbolla. Authors present a new attack method that uses social engineering and an Arduino board.

“Python Source Code Portability and Cryptography using AES 128 bit” by our well known authors Sumanta Kumar Deb, Rohan Dutta, and Ankan Bhowmik is another great topic worthy of your time, especially if you have skills in programming with Python. “OSINT for Hackers” on the other hand is focused on rare, not well-known tools. With help of Jeff Minakata, you will learn how to use them, and what they can do.

We also have two pieces related to cloud security. The first one is written by Varun Malhotra, in his article you will find the most important information about cloud security, its providers, data management, etc. The second one is an interview with the co-founder of GameSec Company, Avi Bartov, about the cloud, security of SMB, and how DDoS attacks affect our current security systems.

We hope you will enjoy all of it.

We would also like to thank you for all your support. We appreciate it a lot. If you like this publication, you can share it and tell your friends about it! Every comment means a lot to us.

Enjoy your reading,

Hakin9 Magazine

Editorial Team


>>If you want to buy this magazine click here <<

>>Download Free Preview<<


>> Table of Contents <<

Cloud Security

Varun Malhotra

We all know the importance of Cloud Computing and the way it has been a disruptive technology that has the potential to enhance collaboration, agility, scaling and availability. Along with all that, it provides opportunities for cost reduction through optimized and efficient computing. With these opportunities, it also brings the sense of responsibility to make sure the security aspect is being taken care of from end to end. 


RubberUno

Samir Maia Domingues Bastos and Renato Basante Borbolla

Let's approach a new attack method that uses social engineering and an Arduino. With that, after the Arduino passes as a “rubber ducky”, we will put the Arduino inside a keyboard that does not work anymore, causing the Arduino with changed firmware to pass through a physical keyboard that is imperceptible to the attack.


OSINT for Hackers 

Jeff Minakata

For this article, we will be focusing more on the attacker side of OSINT. It is important to understand how your adversary thinks in order to combat him. We will also be looking at some methods you can use to counter these ‘attacks.’ It is important to note that, unlike phishing (A phishing attack or phishing campaign is when a hacker sends out fake emails to users. This is generally a wide number of users, with no one in particular being targeted. The addresses could be harvested from social media sites, sales records, etc.) or vishing (Is similar to Phishing, however the attack takes place over the phone, often using a spoofed number), OSINT is normally done without direct interaction with the target. I also wanted to note that there is a huge array of tools and methods when it comes to OSINT, enough to fill several books. We will be looking at some of the tools that can be used.


Portable Hacking Setup 

Robert Fling

The introduction of the Raspberry Pi to the market was pivotal in bringing a low cost, highly flexible computer into the development/experimental sector. One only needs to do a quick search online to find dozens of projects that can be carried out with the Pi. Today, we are going to look at one such project. By utilizing a Raspberry Pi and some additional hardware (some of which you may already have), we will construct a portable hacking setup that is not only easily concealable, if needed, but highly flexible in operation.


Python Source Code Portability and Cryptography using AES 128 bit

Sumanta Kumar Deb, Rohan Dutta and Ankan Bhowmika

Our objective is to develop a Python based application that enables portability of Python scripts in a secured manner. We encrypt our Python script using an AES 128-bit encryption standard so the receiver to whom the encrypted code is sent will receive a scrambled cipher text based on private key cryptography technique. A dedicated decrypt algorithm will convert it back to the plain script but abstracts the main script from the receiver involved by directly executing the script without giving read-write access to it. This will enforce Python script piracy and tamper proof during transmission from source to destination. Thus the user will be able to get the functionality from the script without read-write access to the source code.


The Misconception Of Threat Hunting With Other Security Practices 

Amine Amhoume

There is no controversy that cybersecurity attacks have increased in the last six years, and many organizations have confronted many security breaches; spreading malware left many damages to companies, too. And regardless of the security prevention system (Firewalls, IDS, SEIM) used, the ability to elude those detection systems is still growing, which creates even more challenges for security professionals. It is important to realize that the cybersecurity field is known to be composed of two separate parts, prevention and detection, in order to encounter any type of danger.


Threat Hunting                         

Biswashree Byomakesh Dash

So let’s discuss what assets we need to perform successful threat hunting activities. Well, all we need are logs from different types of servers such as Anti-Virus server, Proxy, DNS, Firewall, Windows, Linux and also logs from end point devices such as Sysmon or EDR logs in our network. Threat Hunting becomes more effective if you have devices to capture network traffic and they are placed in right places in the network (Corporate and DMZ) where you need to have the visibility. Network traffic contains a huge amount of valuable information, so they are also ideal sources to hunt for threat.


The Art of Threat Hunting: an Overview 

Samrat Das

Nowadays, an emerging skill set is emerging in the cyber security world called “Threat Hunting”. Threat hunting in simple words is the proactive process of searching through networks and isolating the threats by identifying them, which seemingly can bypass state of the art security solutions.


Drop Boxes on Steroids, Part 1, updated for 2018

Paul Mellen

This article will detail what a drop box is, how to define your own drop box and then how to construct a basic drop box, covering both theory and practical construction of your drop box.


“The question is not any more if a cyber attack will happen but when.” 

Interview with  Avi Bartov, co-founder of GamaSec Company

 

 


Download
File
Portable Hacking Setup.pdf

April 17, 2018

1
Leave a Reply

avatar
1 Comment threads
0 Thread replies
0 Followers
 
Most reacted comment
Hottest comment thread
1 Comment authors
deshi Recent comment authors

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  Subscribe  
newest oldest most voted
Notify of
deshi
Member
deshi

no money :(

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2013