We would like to present you with a special edition of Hakin9 - we gathered our best 20 hacking tutorials from last year in one place. The articles are focused on different topics such as Mobile hacking, attacking smart devices, phishing campaigns, Wi-Fi hacking, OSINT tools in practice and many more. Inside you will find more than 200 pages of “how-to” and “step-by-step” tutorials that will surely contribute to your development as a professional pentester or ethical hacker.
Enjoy the issue,
Table of Contents
Stealth Chained Wi-Fi Attacks
It is clear then that wireless protects itself in various ways using more or less powerful encryption methods, but the fact remains that believing that wireless is impregnable can be a serious mistake. In this case, however, we are going to analyze an attack that is a bit more complex, carried out with a different goal from the usual "WPA crack", the goal will be to chain a Wi-Fi attack to obtain persistence in a LAN physically far away, using the transmission power as a vector, and thus violate that network in the most stealthy and invisible way possible.
How Social Networks Are Directly Connected With The Improper Application of Social Engineering
It is usually to be expected that people who hold important positions will be targeted by malicious social engineers more often, but nowadays, we even have cases of botnets responsible for sending tens of thousands of phishing emails – for the purpose of stealing personal data – and even if the email is not the best, victims always fall, yielding data that may be sold or used to carry out other crimes in the future. With social networks it is also much easier to recognize the target. People usually post their entire personal lives on their networks, and even worse, they do not control who can access this information, a public profile in which intimate details of the information are stored about someone's life. It's a full plate for criminals.
Lightning Fast Profile Lookups Using NExfil
If you have performed profile lookups before then I am sure you will be aware of some existing tools for the same. NExfil is a new free and open source profile lookup tool written in Python. The goal of NExfil is to fetch accurate results quickly, which means low amounts of false positives in a short amount of time. It comes loaded with over 350 social media platforms, which can be expanded. Most of the popular social media platforms have been added and tested for accurate results.
Twitter OSINT Using Tinfoleak and Reverse Imaging
In this article, we will be talking about using OSINT for our Twitter investigations. We will be breaking this up into two sections, the first section is information collection on Twitter and the second part is verification of that information. To follow along with this article, you will need a web browser and an internet connection. We will be using browser based tools for this tutorial. The goal of this article is to understand how we can leverage online tools to collect information on Twitter users and also some tips on analyzing a post that may be misleading.
Hacking IoT with IoT
Daniel W. Dieterle
IoT (Internet of Things) vs IOT - reminiscent of the old Mad Magazine “Spy vs Spy” cartoon where there were two identical-looking cartoon spies of different colors that were always trying to kill each other. The rise of vulnerable deployed IoT devices and the offensive use of IoT devices is skyrocketing. In this article, we will cover attacking an IoT device, an office building security camera system, with another IoT device, a Raspberry Pi.
Red Teaming via ICS and SCADA Adversary Tactics
Cyber attacks on industrial control systems (ICSs) differ in impact based on a number of factors, including the adversary’s intent, their sophistication and capabilities, and their familiarization with ICS and automated processes. Generally speaking, cyber attackers target these ICS environments via a campaign of attempts that allows access and provides enough information to invent an effect. However, the most important point when it comes to ICSs, is that the knowledge of the adversary’s operations can help defenders appreciate the attacker’s possible intent, level of sophistication, capabilities and familiarization with the ICS, which together work to unveil the potential impact of the attack on an organization.
Automating the Mitre Att&ck with Python
In this article, I’ll focus on the Mitre Att&ck. Why? Because it’s a trending subject and because it’s the perfect example of what I said. If you look at the picture below, you’ll see that this framework allows exploring multiple threats, technologies, and attacks, making it a daunting task to keep organizations protected.
Manual Pentesting? Automate it with Metasploit Framework!
Metasploit is a heavyweight in the field of hacking and is an almost worry-free package. Metasploit's main focus is the exploit phase of hacking, but it also provides useful tools in information gathering and can centralize it in one place. Metasploit is an open-source project and is currently developed and published by Rapid7. There is a free version of the "Metasploit Framework" as a console tool and an additional paid version with some features such as a browser-based GUI and further automation. I believe the free version is suitable for everyone who wants to learn with Metasploit. This article refers exclusively to the free version of Metasploit.
Build your own Brute Force Tool
Daniel García Baameiro
In order to try to gain access to the private part of a website, brute force attacks tend to be used. These attacks are carried out by using a dictionary of possible users and passwords of a website. If valid credentials are found, access has been gained. This article aims to help users understand how web portals work so that they can then create their own tool in the programming language they feel most comfortable with.
Crawling Websites Using Burp Suite
Burp Suite is a platform created by PortSwigger consisting of various security tools used to perform web application penetration testing. These tools consistently work together to complete the testing process from analyzing surface attacks to finding and exploiting vulnerabilities. Here, I will demonstrate a default Crawl and Audit Scan and the website I used is ‘http://testphp.vulnweb.com/’. This is a vulnerability demonstration website for Acunetix Web Vulnerability Scanner.
Solving an Expert Lab from Web Security Academy
Hacking Techniques for Beginners: How to get the Control of a System
Verónica Berenguer Garrido
When we hear the word “hacker” we usually imagine a person that wears a black hooded sweatshirt doing illegal activities in a sinister terminal. However, this is not always the case because there is a big difference between cybercriminal and hacker. A hacker is a role that has knowledge of hacking techniques. Now, we can differentiate between ethical hackers and cybercriminals. Both have the same hacking knowledge, however, the first uses them to find vulnerabilities and report them to improve systems and applications, while the second pretends to obtain some benefit, such as economic compensation, extortion, etc. In this article, we are going to learn basic hacking processes and techniques to be an ethical hacker, from port scanning to privilege escalation. Finally, we will see with a real example how we can hack a remote machine applying these techniques.
Nmap, The Perfect Tool
Daniel García Baameiro
When I decided to write this article under the theme proposed by the Hakin9 team of "Best tools and techniques for hackers", my first thought was "nmap". This tool, key in a cybersecurity arsenal, allows information to be gathered about an asset. This information can be gathered by scanning ports, detecting the operating system or even obtaining information about the services present on a device. This article is oriented both for those who have never performed a port scan before and for those who are performing an offensive security certification such as the well-known OSCP. After reading it, the reader will be able to understand what the tool does with each type of scan and how to adapt them accordingly.
Kali NetHunter - For Those That Have a Fear of Commitment
Do you have a fear of commitment? Are you growing tired of the phrase “Got Root?” Are you driving yourself mad with all of the root your phone tutorials and bad apps? If you answered yes to any of these questions then this is the article for you. Whether you are new to penetration testing or a veteran in the biz, you will find some valuable knowledge in this article and perhaps a new weapon to add to your arsenal. After reading this article you will be able to pick up any stock device and get Kali NetHunter up and running.
Intercepting Data via iPhone
This article aims to demonstrate, in a simplified way, a different approach for capturing and intercepting network traffic data originating from an iPhone device. Obviously, the iPhone is not the only device subject to these approaches, and the strategies presented here are not the only ones capable of performing such intercepts.
Phishing Using NexPhisher
Phishing takes place when an attacker deceives a victim into opening a malicious link through email, messages, etc. which leads to a ransomware attack, installation of malware, and in most cases revealing sensitive information which might lead to huge losses. Such an attack might be very devastating to the user as it might lead to identity theft, unauthorized purchases, or stealing of funds. Let me show you how easy it is to create a phishing page for various social media.
SMISHING - Phishing Attacks Through Messages
Cleber Soares, Deivison Franco
In this article, Smishing will be presented, a type of technological fraud, a variant of Phishing, as well as Spear Phishing, Vishing, Offline Phishing, Dumpster Diving, Typosquatting, QR Code phishing, Pharming and Link Shorteners. This article will clarify and help the target audience to know the possibilities of attacks it is exposed to and to position itself in front of them, as well as ways to prevent and avoid them in the corporate use environment, or in the personal use environment.
Project Indigo Brick. New Pathways in Data Handling
In this article, we will not only explore the landscape of the problem that arises from ransomware attacks, but also some patent pending software we have created that we believe can make a global difference in this fight and secure our data with a new, dynamic solution. What is this solution, you ask? It’s called Project Indigo Brick.
Rogue - Hackers, RAT and "Marketing" on the Dark Web
It is a fact that nowadays many cyber criminals expose their achievements in forums via the dark web, but I swear to you that in my years of experience with cybersecurity, I have never seen marketing as strong as I am seeing with RAT Rogue. Exactly one year ago, the Rogue RAT was leaked on an internet forum (dark web), but even after the leak, there was a lot of demand for the purchase of the malware. After learning about the entire process that led to the sale of this malware, it is clear how exposed mobile devices are today.
Securing The Supply Chain
The pandemic of 2019/2020/2021 has laid bare just how fragile our supply chain networks are with shortages predicted in the near and long term. Car dealerships are flush with pre-owned models while the latest models float aimlessly in the holds of ships anchored at the Pacific ports waiting their turn to unload. Manufacturers are unable to meet or ship orders due to chip shortages that may not recede for months to come. The Supply Chain is the oxygen of the world economy and needs to be protected if industry and whole the economic system is to survive.