|SpiderFoot: Open Source Intelligence Automation - Preview|
It’s Halloween time! Do you celebrate the scariest day of the year?
As you may have noticed the main focus of this issue are Open Source Tools for Hackers, so in the remaining articles you will be able read up on Nmap, WireShark, Hydra, Metasploit and many more!
Enjoy your reading,
Cyber Security Horror Stories
Artificial Intelligence in Cyber Defense
by Cpt (HE-A) Georgios Karapilafis Military Academy of Euelpidon, Technical University of Crete Thessaloniki, Greece
In a rapidly changing world, in which organizations put efforts into safeguarding data to survive in a challenging and unclear in its definition cyberspace arena, data play a key role in their functionality, prestige and survivability. The speed of processes and the amount of data to be used in defending the cyberspace cannot be handled by humans without considerable automation. The already existing techniques of analyzing data and recognizing abnormal behaviors and traffics keep facing unseen types of attacks and challenges. As such, decision making is a hard task and intelligent decision support is one of the as yet unsolved problems in Cyber Defense. This paper presents a brief survey of potential artificial intelligence applications in cyber defense era.
Who would win the battle for the White House?
by Samvel Gevorgyan
Who would win the battle for the White House to become the next President of the United States was a topic of hot debate in 2012. And how things look now?
DDoS – Introduction
by Jeffrey McAnarney
As a network administrator, you monitor your network for health and errant traffic. Imagine you are watching your network, pleased with the design and capabilities because now your job is quite easy, since all you have to do is watch and answer the occasional help request. Suddenly you are getting thousands of large transmissions broken into tiny fragments that your servers must reassemble, and then you start getting the same thing from hundreds of IP addresses at the same time. Your servers’ CPUs start redlining, trying to keep up, until finally they either crash or become unresponsive.
How Open Source Security Tools Are Shaping Our Work
by Anthony Caldwell
Contemporary security reports recognize that a multi-layered approach to application security is necessary (Symantec, 2014) and of interest in this article is the structure of testing. In particular, the use of open source tools, which refers to software whose source code is available to the public and redistributed along with the original rights as defined by Open Source Initiative (OSI) (Vadalasetty, 2003).
QRLJacking – A new Social Engineering Attack Vector Interview with Mohamed A. Baset, creator of QRLJacking
by Marta Ziemianowicz, Marta Sienicka & Marta Strzelec
QRLJacking is a technique based on simple solutions. So to carry out a successful attack, you need only two things: QR Code Refreshing Script and well crafted phishing webpage.
by Mehrdad Yazdizadeh- Security Consultant
Phishing is the attempt to obtain sensitive information, such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication. The word is a neologism created as a homophone of fishing due to the similarity of using bait in an attempt to catch a victim. Communications purporting to be from popular social web sites, auction sites, banks, online payment processors or IT administrators are commonly used to lure unsuspecting victims.
Phishing and Persistence: Innocent Email to System Compromise
by Shane Rudy | Senior Security Consultant CEPT | CPT | CEH | ECSA | RCSE | MCITP:EA | MCSA | MCTS
As a penetration tester, I have successfully carried out many phishing campaigns. One of the campaigns I performed allowed me to get into the customer’s network, take over their domain controllers and stay hidden for over two weeks until I arrived on site to perform their internal penetration test.
by Andrea Carnimeo
Open Source Intelligence (OSINT) utilizes information that is openly available to all. The world overflows with information – facts and figures, writing and descriptions, pictures, videos and audio recordings. Some of it is secured (or “classified”). Most is not but is disorganized and thereby hard to find. OSINT collection attempts to find nuggets of information, which can then be collated, synthesized, and analyzed. What does the latest Chinese stealth fighter plane look like? This was discovered through OSINT.
SpiderFoot: Open Source Intelligence Automation
by Steve Micallef
Interview with Steve Micallef
by Marta Ziemianowicz, Marta Sienicka & Marta Strzelec
SpiderFoot is an open source intelligence (OSINT) automation tool. Its goal is to automate the process of gathering as much intelligence as possible about a given target, which may be an IP address, domain name, hostname or network subnet.
Internet of Things: Opportunities and Security Concerns
by Bamidele Ajayi, CGEIT, CISM, CISA
The concept of the internet of things is to have all devices interconnected for information sharing. This represents a network of connected things and the connected things having a relationship between things-to-things, people-to-people, and things-to-people. One question that might come to mind is, would it be possible to have all devices uniquely identified?
Android Hacking: Dissection of Android Apps
by Samrat Das
Android is the biggest market holder currently in the world, with recent stats revealing that over 80% of devices sold in recent times are droid devices. As the sales and usage increase, so do the security risks associated with it! Mobile Penetration Testing/ Security Auditing is a vast domain in itself, here I would like to cover a small facet for those people who would like to know the blend of reverse engineering and Android application security assessments together.
THC-Hydra Network Logon Cracker
by Sam Vega
This article will be based on a ‘very fast network logon cracker’ as quoted on tools.kali.org, hence the title of this article. The description of the tool from the same web page:
“Hydra is a parallelized login cracker which supports numerous protocols to attack. It is very fast and flexible, and new modules are easy to add. This tool makes it possible for researchers and security consultants to show how easy it would be to gain unauthorized access to a system remotely.”
A sneak peek at Metasploit
by Vindhya Nagaraj
Metasploit Framework (MSF) is an Open source framework created by HD Moore in 2003. It is a tool for developing and executing exploit code against a remote target machine and has a database of exploits and an inbuilt scanner that is used in penetration testing and vulnerability assessment.
Open Source Tools for Hackers
by Tom Madsen
Welcome to this overview of open source tools, which must be part of any self-respecting hacker’s toolbox. In this article, I will be going through a short list of tools, their functionality and the scenarios where these tools can make a difference in a penetration test. Some of these tools are undoubtedly already known to some of you, but for the beginning hacker, this overview can be just what the doctor ordered in terms of getting started down the path to becoming a professional hacker.
Operation and Structure of redBorder DDoS
by Eugenio Pérez Martín
Denial of Service attacks are currently one of the biggest problems facing the different devices connected to the Internet. They are all potential victims of a DoS attack: whether in the role of devices being attacked or attacking devices, and whether voluntarily or involuntarily. These attacks are very successful and have a significant economic impact, and are thus directed toward large companies and institutions and are cheaper and cheaper to carry out, which may be why, at least in the short term, it seems that the threat of DoS is growing.