Dear Readers,

Welcome everyone to the first Hakin9 issue in 2016! It’s been more than a month since our last regular issue, but we are definitely back in the game and ready to face new challenges! We hope that this New Year will bring you joy and happiness.

We would also like to thank you for all your support. It means a lot to us, more than you know. We would love to invite you to follow us on Twitter and Facebook, and don’t forget to check our blog regularly!

Do you like our magazine? Would you like to share something with us? Which topics are you most interested in? Do it, like it, share it! We appreciate your every comment. You are the ones who shape Hakin9!

Enjoy your reading,

Hakin9 Magazine’s Editorial Team

TABLE OF CONTENT

Analysis of Linux Malware Tsunami Using Limon
By Monnappa K A

A number of devices are running Linux due to its flexibility and open source nature. This has made the Linux platform the target for malware attacks, so it becomes important to analyze the Linux malware. Today, there is a need to analyze Linux malwares in an automated way to understand its capabilities.

Never Assume Secure
by Paul Janes

It’s been a wild ride in the world of cyber security the past few years. Large corporations and small businesses alike have not been immune to the wrath of nation states, hacktivists, and professional hackers for hire. And don’t think it’s only crafty pros who are bent on mayhem. In the past two weeks alone, three teenagers and a 20-year-old have been arrested in the British telecom hack of Talk Talk, which potentially affected well over 1 million customers. This was Talk Talk’s 3rd known breach since December 2014 (Khandelwal, 2015).

Modern Age: WordPress Security Threats
by Aaditya Purani

The Internet has become a medium to connect billions of people online. Until afew years ago, people used to hire programmers to code their site. To overcome that, Web Content Management Systems were created which allow nontechnical users to build a website with little or no programming knowledge. Now, anyone can start their own blogs, Business, Forums and Organizations. It helps us to bring our ideas and projects to life in an “online” environment. Some of the Web CMS are WordPress, Joomla and Drupal. The most popular content management system is WordPress.

The Life Of A Vulnerability
by Louay Saleh

Battles are always about attack and defense. In military wars, armies combat on the battlefields and the one that wins is the one that had successful attacks on the other, which failed to strongly defend. In politics, the people overthrow their government by attacking its failed policies; while the latter is also not able to defend back by satisfying their needs either by convincing them with those rejected policies or issue new acceptable ones. In sports, the player or the team wins the match by attacking the opponent persistently and also defending against receiving goals or losing points.

Deanonymization
by Alexander Antukh

The Tor network is a group of volunteer-operated servers that allows people to improve their privacy and security on the Internet. Tor's users employ this network by connecting through a series of virtual tunnels rather than making a direct connection, thus allowing both organizations and individuals to share information over public networks without compromising their privacy. 

Agents of Shield: Diagnosis and Prevention of Dos/DDos Attacks
by Anthony Caldwell & Ronan Dunne

Given the relentless growth of online activities worldwide, the threat landscape utilized by hackers has become vast and complex. Reports indicated that individuals and organizations alike will continue to succumb to online threats and attacks. In 2014 survey conducted by the Cyberedge group, the report published that 71% of those surveyed were affected by a successful attack (Cyberedge, 2015). While a security mindset has led to some progressive security improvements in the dominant platforms for business and personal use such as Microsoft™ Windows® are leading to a decline in the number of vulnerabilities discovered, there are other problems emerging.

Formula Injection
by Samrat Das

To start with, Web Application Penetration Testing is the name given to software testing that focuses on web applications. Most websites out are vulnerable to wild attacks due to lack of security tests. Over 70 attacks exist which can result in a fatal impact on websites. Web Application Penetration Tests are legitimate hacking attacks carried out to discover all such vulnerabilities and inculcate proper remediation before launching the application to users.The OWASP Testing Guide is a popular testing list which is preferred by pentesters to audit applications.

Web Applications Pentesting Tools: Burp Suite Playbook
by Pranav Jagtap

Web Application pen testing can be done through various tools available. This article will mainly focus on ‘Burp Suite’ tool and its various interesting features. After reading this article, the reader will be able to configure burp suite with the browser, exploit XSS using burp plugins and will know how to use different tabs of burp suite.

How To Develop Secure Software - Action Plan To Make Secure Software
by Jeevan Dahake

The purpose of this article is to provide a guideline for secure software development. Easily avoided software defects are a primary cause of commonly exploited software vulnerabilities. By identifying insecure coding practices and developing secure alternatives, software developers can take practical steps to reduce or eliminate vulnerabilities while developing software product.

“Startup is a company that spends most of its time searching”
Interview with Yevgeniy (Jim) Brikman, founder of Atomic Squirrel
by Marta Sienicka, Marta Strzelec