SpiderFoot: Open Source Intelligence Automation

Dear readers,

It’s Halloween time! Do you celebrate the scariest day of the year?

As you may have noticed the main focus of this issue are Open Source Tools for Hackers, so in the remaining articles you will be able read up on Nmap, WireShark, Hydra, Metasploit and many more!

Enjoy your reading,

Hakin9 Magazine’s

Editorial Team

---

If you want to buy this magazine click here

>>Download Preview<<

>>Table of Contents<<

---

Cyber Security Horror Stories

---

Artificial Intelligence in Cyber Defense 

by Cpt (HE-A) Georgios Karapilafis Military Academy of Euelpidon, Technical University of Crete Thessaloniki, Greece

In a rapidly changing world, in which organizations put efforts into safeguarding data to survive in a challenging and unclear in its definition cyberspace arena, data play a key role in their functionality, prestige and survivability. The speed of processes and the amount of data to be used in defending the cyberspace cannot be handled by humans without considerable automation. The already existing techniques of analyzing data and recognizing abnormal behaviors and traffics keep facing unseen types of attacks and challenges. As such, decision making is a hard task and intelligent decision support is one of the as yet unsolved problems in Cyber Defense. This paper presents a brief survey of potential artificial intelligence applications in cyber defense era. 

---

Who would win the battle for the White House? 

by Samvel Gevorgyan

Who would win the battle for the White House to become the next President of the United States was a topic of hot debate in 2012. And how things look now? 

---

DDoS - Introduction 

by Jeffrey McAnarney

As a network administrator, you monitor your network for health and errant traffic.  Imagine you are watching your network, pleased with the design and capabilities because now your job is quite easy, since all you have to do is watch and answer the occasional help request.  Suddenly you are getting thousands of large transmissions broken into tiny fragments that your servers must reassemble, and then you start getting the same thing from hundreds of IP addresses at the same time.  Your servers’ CPUs start redlining, trying to keep up, until finally they either crash or become unresponsive.

---

How Open Source Security Tools Are Shaping Our Work 

by Anthony Caldwell 

Contemporary security reports recognize that a multi-layered approach to application security is necessary (Symantec, 2014) and of interest in this article is the structure of testing. In particular, the use of open source tools, which refers to software whose source code is available to the public and redistributed along with the original rights as defined by Open Source Initiative (OSI) (Vadalasetty, 2003).

---

QRLJacking - A new Social Engineering Attack Vector

Interview with Mohamed A. Baset, creator of   QRLJacking     

by Marta Ziemianowicz, Marta Sienicka & Marta Strzelec

QRLJacking is a technique based on simple solutions. So to carry out a successful attack, you need only two things: QR Code Refreshing Script and well crafted phishing webpage.

---

Phishing Report

by Mehrdad Yazdizadeh- Security Consultant

Phishing is the attempt to obtain sensitive information, such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication. The word is a neologism created as a homophone of fishing due to the similarity of using bait in an attempt to catch a victim. Communications purporting to be from popular social web sites, auction sites, banks, online payment processors or IT administrators are commonly used to lure unsuspecting victims.

---

Phishing and Persistence:  Innocent Email to System Compromise 

by Shane Rudy | Senior Security Consultant  CEPT | CPT | CEH | ECSA | RCSE | MCITP:EA | MCSA | MCTS

As a penetration tester, I have successfully carried out many phishing campaigns.  One of the campaigns I performed allowed me to get into the customer’s network, take over their domain controllers and stay hidden for over two weeks until I arrived on site to perform their internal penetration test.

---

OSINT

by Andrea Carnimeo

Open Source Intelligence (OSINT) utilizes information that is openly available to all. The world overflows with information – facts and figures, writing and descriptions, pictures, videos and audio recordings. Some of it is secured (or “classified”). Most is not but is disorganized and thereby hard to find. OSINT collection attempts to find nuggets of information, which can then be collated, synthesized, and analyzed. What does the latest Chinese stealth fighter plane look like? This was discovered through OSINT. 

---

SpiderFoot: Open Source Intelligence Automation                   

by Steve Micallef

Interview with Steve Micallef 

by Marta Ziemianowicz, Marta Sienicka & Marta Strzelec

SpiderFoot is an open source intelligence (OSINT) automation tool. Its goal is to automate the process of gathering as much intelligence as possible about a given target, which may be an IP address, domain name, hostname or network subnet.

---

Internet of Things: Opportunities and Security Concerns

by Bamidele Ajayi, CGEIT, CISM, CISA

The concept of the internet of things is to have all devices interconnected for information sharing. This represents a network of connected things and the connected things having a relationship between things-to-things, people-to-people, and things-to-people. One question that might come to mind is, would it be possible to have all devices uniquely identified? 

---

Android Hacking: Dissection of Android Apps

by Samrat Das

Android is the biggest market holder currently in the world, with recent stats revealing that over 80% of devices sold in recent times are droid devices. As the sales and usage increase, so do the security risks associated with it! Mobile Penetration Testing/ Security Auditing is a vast domain in itself, here I would like to cover a small facet for those people who would like to know the blend of reverse engineering and Android application security assessments together.

---

THC-Hydra Network Logon Cracker

by Sam Vega

This article will be based on a 'very fast network logon cracker' as quoted on tools.kali.org, hence the title of this article. The description of the tool from the same web page:

"Hydra is a parallelized login cracker which supports numerous protocols to attack. It is very fast and flexible, and new modules are easy to add. This tool makes it possible for researchers and security consultants to show how easy it would be to gain unauthorized access to a system remotely."

---

A sneak peek at Metasploit                          

by Vindhya Nagaraj

Metasploit Framework (MSF) is an Open source framework created by HD Moore in 2003. It is a tool for developing and executing exploit code against a remote target machine and has a database of exploits and an inbuilt scanner that is used in penetration testing and vulnerability assessment.

---

Open Source Tools for Hackers  

by Tom Madsen

Welcome to this overview of open source tools, which must be part of any self-respecting hacker’s toolbox. In this article, I will be going through a short list of tools, their functionality and the scenarios where these tools can make a difference in a penetration test. Some of these tools are undoubtedly already known to some of you, but for the beginning hacker, this overview can be just what the doctor ordered in terms of getting started down the path to becoming a professional hacker.

---

Operation and Structure of redBorder DDoS                 

by Eugenio Pérez Martín

Denial of Service attacks are currently one of the biggest problems facing the different devices connected to the Internet. They are all potential victims of a DoS attack: whether in the role of devices being attacked or attacking devices, and whether voluntarily or involuntarily. These attacks are very successful and have a significant economic impact, and are thus directed toward large companies and institutions and are cheaper and cheaper to carry out, which may be why, at least in the short term, it seems that the threat of DoS is growing. 

---

If you want to buy this magazine click here