Dear Hakin9 Readers,

 

Welcome to the much-anticipated "Best of 2023" edition of our cybersecurity magazine! As we reflect on the dynamic and ever-evolving landscape of digital security, this issue promises a curated selection of the most compelling and cutting-edge articles that have captivated our readers throughout the year.

Within the offensive security domain, our adept contributors have explored the realm of penetration testing, concentrating on the formidable Raspberry Pi. They delve into the capabilities of The PenTesters Framework, unraveling its potential.

Additionally, they've explored the intricate techniques behind Bitcoin account hijacking using OSINT (Open Source Intelligence) methods, providing invaluable insights into the vulnerabilities that can be exploited within the cryptocurrency domain.

For those intrigued by the darker corners of programming, our authors have not shied away from examining the development of malicious software. From a tutorial on crafting a simple ransomware using Python to a comprehensive guide on Metasploit from scratch, readers will gain a deeper understanding of the tools and tactics employed by cyber adversaries.

This issue also features a glimpse into the world of password cracking with "Hashcat: A Beginner's Guide," empowering readers to comprehend the intricacies of cryptographic hashing and its vulnerabilities. On a more social level, our experts explore the art of social engineering, shedding light on the strategic interactions that can lead to information extraction and compromise.

In an exclusive interview, we sit down with Alexandre Teyar, the brilliant mind behind BurpGPT, unraveling the inspiration and innovation that led to the creation of this essential cybersecurity tool. Furthermore, we investigate the unique cybersecurity implications of Chat GPT, highlighting the potential cyber threats associated with the use of conversational AI.

To deepen our understanding of privacy and anonymity, we venture into the realm of Onion Routing, peeling back the layers to provide an introduction to this critical aspect of online security.

As we present the "Best of 2023," we invite you to explore the diverse facets of cybersecurity covered in this issue. From hands-on tutorials to in-depth interviews, this compilation serves as a comprehensive guide for enthusiasts, professionals, and anyone keen on staying at the forefront of the ever-evolving world of cybersecurity.

Without further ado,
Let’s dive in the reading process!

Hakin9 Magazine’s Editorial Team

---

TABLE OF CONTENTS

---

WEAPONIZING RASPBERRY PI WITH THE PENTESTERS FRAMEWORK

Dan Dieterle

Raspberry Pi Single Board Computers are used very frequently in security. The small and inexpensive units work very well for this function. One of the most popular usage cases is to install Kali Linux and use them directly as hacking stations or configure them as stealthy Pentest Drop Boxes. They can also be used as very cheap security lab training systems. What many don’t know is that you can easily use the default Raspberry Pi Operating System (Pi OS) as the base to build your Pi based security testing platform.

---

WRITING A SIMPLE RANSOMWARE USING PYTHON

Mohammad Saeed

Ransomware is a program designed to prevent a user or organization from accessing files on their computers. It encrypts the files and demands a ransom for the decryption key; this places organizations and individuals in a position where paying the ransom is the easiest,  cheapest, and quickest way to regain access to their files. Some types of ransomware have added functionalities – such as data theft too.

---

METASPLOIT FROM SCRATCH

Jorge Vázquez del Río

Metasploit Framework is a penetration testing technology that has new and enhanced capabilities, including automation APIs, evasion modules, and usability enhancements, and provides security researchers with a variety of tools and capabilities to validate the security of a given application or infrastructure deployment. With Metasploit, researchers can also test exploits against targets to see if they are at risk in an attempt to penetrate existing defensive measures.

---

BITCOIN ACCOUNT HIJACKING USING OSINT TECHNIQUES

Szilárd Pfeiffer

As with many other times in the history of attacks against cryptographic algorithms, the cause of a successful attack is not a vulnerability in the algorithm itself, but the fact that poor-quality software used an algorithm with insufficient care. It is crucial to obtain “high-quality” random numbers during the calculation of many cryptographic operations.

---

HASHCAT: A BEGINNER'S GUIDE

Aditya Kattimani

This is intended to be used solely for ethical purposes. Please make sure you don't try the below-discussed methods on a live machine without any authorization. At the very end of this article, I've included an URL (TryHackMe) to a practice lab. You are more than welcome to play around in that practice room.

---

EXCLUSIVE INTERVIEW WITH ALEXANDRE TEYAR - THE CREATOR OF BURPGPT

Alexandre Teyar and Hakin9

“AI is undeniably transforming the landscape of cybersecurity. At present, the most significant impact can be observed on the defensive side, with the widespread adoption of AI-powered intrusion detection and prevention systems (IDS/IPS) and other cutting-edge technologies employed by blue teams. On the offensive side, red teams are only just beginning to harness the potential of AI for cyberattacks, which has sparked numerous ethical debates on professional platforms like LinkedIn. As AI continues to evolve, its role in cybersecurity will undoubtedly become increasingly vital, shaping both the strategies of cyber defenders and the tactics of attackers.”

---

WHEN PT IN CHATGPT REFERS TO PENETRATION TESTING

Gabriele Bondo

Everybody does it. Everyone perceives that the utilisation of AI can benefit the Penetration Testing process. Everyone talks about it. This reminds us of when a few years ago, people spoke about "cloud" to disguise the fog in their brains. One thing for sure, there is a certain amount of hype about AI nowadays.

In this article, I am not describing what is AI, or what is ChatGPT. If you read this article, you should already have your homework done.

---

ENGAGING SOCIAL ENGINEERING: EXTRACTING INFORMATION THROUGH STRATEGIC INTERACTIONS

Throughout this process, it is important to exercise restraint; failure may result in a backfire of your own method. The method aims to anger or cause great sadness in the target and extract information. Remember, it's not illegal to gaslight or purposefully annoy the threat actor. It is crucial to approach this technique responsibly, ensuring that the methods are employed with good OPSEC and skill.

---

CYBER THREAT WITH CHAT GPT

Manish Mradul

ChatGPT is an AI-based natural language processing tool, developed for human-like interactions for the purpose of response and assistance. This AI chatbot has the potential to bring millions of dollars in savings in terms of customer costs, time and resources used on content creation. The fact that ChatGPT has crossed 100 million users, and is expected to reach revenue of up to $200 million, makes it one of the most popular and fast-rising AI tools across industries. Initially designed for conversational purposes, the bot has evolved rapidly, accommodating many unique features including generation of sophisticated code.

---

SLICING THE ONION: AN INTRODUCTION TO THE ONION ROUTING

Christian Barral López

In this article, we will make a superficial technical dive into the protocol that defines what we know today as the Tor network (a.k.a.“The Onion Router”), which is key to understand the security features offered to you as a user, as well as the vulnerabilities to which you may be potentially exposed.