#MachineLearning: Hacking Tools for Computer + Hacking With Kali Linux + Python Programming- The ultimate beginners guide to improve your knowledge of programming and data science
Oct 18 2021
Experts hacked a fully patched iOS 15 running on iPhone 13 at China’s Tianfu Cup hacking contest
White hat hackers earned $1.88 million at the Tianfu Cup hacking contest by finding vulnerabilities in popular software.
The Tianfu Cup is the most important hacking contest held in China, this year white hat hackers earned $1.88 Million demonstrating vulnerabilities in popular software.
The edition of this year took place on October 16 and 17 in the city of Chengdu, participants had three attempts of 5 minutes to demonstrate their exploits.
The winner is the security firm Kunlun Lab who earned $654,500, below the tweet of the amazing expert @mj0011 CEO of Cyber-Kunlun & Kunlun Lab and former CTO of Qihoo 360 and founder of team 360Vulcan.
Oct 15 2021
Human hacking increased as apps and browsers moved completely to the cloud
“Today’s hyper-targeted spear phishing attacks, coming at users from all digital channels, are simply not discernable to the human eye. Add to that the increasing number of attacks coming from legitimate infrastructure, and the reason phishing is the number one thing leading to disruptive ransomware attacks is obvious.”
Human interaction online has largely moved to the cloud
Apps and browsers are used as humans connect with work, family, and friends. Cybercriminals are taking advantage of this by attacking outside of email and taking advantage of less protected channels like SMS text, social media, gaming, collaboration tools, and search apps.
Spear phishing and human hacking from legitimate infrastructure increased in August 2021, 12% (or 79,300) of all malicious URLs identified came from legitimate cloud infrastructure like including AWS, Azure, outlook.com, and sharepoint.com – enabling cybercriminals the opportunity to easily evade current detection technologies.
Sep 05 2021
Pwned! The home security system that can be hacked with your email address
A researcher at vulnerability and red-team company Rapid7 recently uncovered a pair of risky security bugs in a digital home security product.
The first bug, reported back in May 2021 and dubbed CVE-2021-39276, means that an attacker who knows the email address against which you registered your product can effectively use your email as a password to issue commands to the system, including turning the entire alarm off.
The affected product comes from the company Fortress Security Store, which sells two branded home security setups, the entry-level S03 Wifi Security System, which starts at $130, and the more expensive S6 Titan 3G/4G WiFi Security System, starting at $250.
The intrepid reseacher, Arvind Vishwakarma, acquired an S03 starter system, which includes a control panel, remote control fobs, a door or window sensor, a motion detector, and an indoor siren.
(The company also sells additional fobs and sensors, outdoor sirens, which are presumably louder, and “pet-immune” motion detectors, which we assume are less sensitive than the regular ones.)
Unfortunately, it didn’t take much for Vishwakarma to compromise the system, and figure out how to control it without authorisation, both locally and remotely.
Pwned! The home security system
Life Hacks: DIY Home Camera Security System: Protect Your Property for FREE
![Life Hacks: DIY Home Camera Security System: Protect Your Property for FREE by [Tam S.]](https://m.media-amazon.com/images/I/51jUIZj0h0L.jpg)
Aug 13 2021
3 Ways To Avoid Internet Hacking Incidents With Sports Related Ventures
Nowadays just as one cannot take enough safety measures when leaving their house of work to avoid running into problems and tribulations along the way, the exact same measures are to be taken into consideration when strolling around the wonderful world of the internet. It can be argued that the internet stands right up there as being one of the most important tools that recent technology has offered mankind to make lives easier. You can look for information, shop, wager on sporting events like pro football games through sites that focus on NFL predictions for games amongst other services and many other activities.
The internet has become the perfect tool for anyone and everyone to find absolutely everything they may want, need or anything in between, it’s become a staple of commodity and leisure, but it can also be a very dangerous tool if not handled properly. This tech tool has especially garnered fame and recognition amongst sports fans who flock to it in order to find all items related to their favorite teams, athletes and sports, but rest assured, one wrong move and dire consequences could be on the way
Today though, let’s focus on one of sports fans’ favorite online activities, online sports betting and how to prevent hacking incidents from happening.
Table of Contents
- Always Look For Reputable Sites
- Constantly Update Your Password
- Only Wager In Your Personal Tech Devices
Incident Response & Computer Forensics
Aug 05 2021
How to Reset Kali Linux Root Password?
Forgot the Kali Linux root password? Stress not! This tutorial discusses the steps to reset Kali Linux system password. Follow the steps, and you will get it done within minutes.
Table of Contents
- Boot Into GRUB menu
- Edit GRUB menu
- Check RW Permissions on Root Partition
- Reset Kali Root Password
- Reboot System
Aug 02 2021
The European Space Agency Launches Hackable Satellite
We can assume strong encryption, and good key management. Still, seems like a juicy target for other governments.
Satellite Network Threats Hacking & Security Analysis : Satellite Network Hacking Security Analysis, Threats and Attacks, Architecture Operation design and technologies
Jul 20 2021
NSO Group Hacked
There’s a lot to read out there. Amnesty International has a report. Citizen Lab conducted an independent analysis. The Guardian has extensive coverage. More coverage.
Most interesting is a list of over 50,000 phone numbers that were being spied on by NSO Group’s software. Why does NSO Group have that list? The obvious answer is that NSO Group provides spyware-as-a-service, and centralizes operations somehow. Nicholas Weaver postulates that “part of the reason that NSO keeps a master list of targeting…is they hand it off to Israeli intelligence.”
This isn’t the first time NSO Group has been in the news. Citizen Lab has been researching and reporting on its actions since 2016. It’s been linked to the Saudi murder of Jamal Khashoggi. It is extensively used by Mexico to spy on — among others — supporters of that country’s soda tax.
here’s a tool that you can use to test if your iPhone or Android is infected with Pegasus. (Note: it’s not easy to use.)
7 Steps to Removing Spyware
Spyware and Adware
Jul 09 2021
Hacker deposited $1M in a popular cybercrime marketplace to buy zero-day exploits
A threat actor that goes online with the name “integra” has deposited 26.99 Bitcoins on one of the cybercrime forums with the intent to purchase zero-day Exploits from other forum members, researchers from threat intelligence firm Cyble.
According to the experts, the member “integra” has joined the cybercrime forum in September 2012 and has gained a high reputation over the course of time. The threat actor is also a member of another cybercrime forum since October 2012.
The threat actor aims at buying malware with zero detection,
The TA is willing to buy the following things with the deposited money zero-day exploits for RCE and LPE, in the latter case the member is offering up to $3 Million.
“The TA is willing to buy the following things with the deposited money.” states Cyble.
- 1. Buy the best Remote Access Trojan (RAT) that has not yet been flagged as malicious by any of the security products.
- 2. Buy unused startup methods in Windows 10 such as living off the land (LotL) malware and hiding in the registry evasion technique. The TA is willing to offer up to USD 150K for the original solution.
- 3. Buy Zero Day Exploit for Remote Code Executions and Local Privileges Escalations. The TA has mentioned that the budget for this particular exploit is USD 3Million.
The significant amount deposited as an escrow by the threat actor is concerning, the circumstance suggests that the threat actor is going to use the exploits for attacks or to resell them.
“Organizations should patch all known security updates and conduct timely internal Security Audits, in addition to being prepared for such attacks in the future.” concludes Cyble.
Jun 16 2021
A flaw in Peloton Bike+ could allow hackers to control it
A flaw in the Peloton Bike+ could be exploited by an attacker with initial physical access to gain root entry to the interactive tablet, taking complete control of the system.
A vulnerability in the popular Peloton Bike+ could have allowed an attacker to gain complete control over the device, including the camera and microphone to spy on the gym users.
The flaw was discovered by researchers from McAfee’s Advanced Threat Research (ATR) team, it could be exploited by attackers to gain remote root access to the Peloton’s “tablet.” The touch screen tablet allows users to access interactive and streaming content.
Experts pointed out that the attackers need physical access to the bike or access during any point in the supply chain (from construction to delivery),
Experts noticed that the tablet is a standard Android device, once compromised it, the attacker could install malware, eavesdrop on traffic, and take the full control of the Bike+.
“A hacker enters a gym or fitness center with a Peloton Bike+. They insert a tiny USB key with a boot image file containing malicious code that grants them remote root access. Since the attacker doesn’t need to factory unlock the bike to load the modified image, there is no sign that it was tampered with.” reads the analysis published by the experts. “With their newfound access, the hacker interferes with the Peloton’s operating system and now has the ability to install and run any programs, modify files, or set up remote backdoor access over the internet. “
The attackers could add malicious apps disguised as popular applications, such as Netflix or Spotify, that could allow them to steal the login credentials of the gym users. An attacker could also gather info regarding users’ workouts or spy on them via the bike’s camera and microphone.
Attackers could decrypt the encrypted communications from the bike to various cloud services and databases it accesses, potentially accessing sensitive information.
The researchers discovered that the Bike’s system did not verify that the device’s bootloader was unlocked before attempting to boot a custom image, allowing the experts to load a file that wasn’t meant for the Peloton hardware.
Jun 11 2021
Access Target’s Webcam, Microphone, Device location, and more
Cybercriminals and black hat hackers exploit system vulnerabilities and human weaknesses as well. This hacking tutorial discusses how a malicious actor can access any mobile or computer camera, microphone, physical location, and device information by just sending a URL along with some basic social engineering techniques.
Throughout this tutorial, we will glance at How Hackers Access Target WebCam Remotely and see what is happening on the other hand. To break into the victim’s webcam, we will utilize the tool Storm-Breaker and Kali Linux.
Recently in March 2021,
A group of hackers breached a massive trove of security-camera data collected by Silicon Valley startup Verkada Inc. gaining access to live feeds of 150,000 surveillance cameras inside hospitals, companies, police departments, prisons, and schools.
Storm-Breaker is going to assist us with a hack. With Storm-Breaker, you have.
- Get Device Information Without Any Permissions
- Access Location [SMARTPHONES]
- OS Password Grabber [WIN-10]
- Access Webcam
- Access Microphone
Let us get rolling!
Install Storm-Breaker in Kali Linux
Table of Contents
May 27 2021
I hacked my friend’s website after a SIM swap attack
Here’s how easily your phone number could be stolen, why a successful SIM swap scam is only the beginning of your problems, and how you can avoid becoming a victim of the attack
Just how easy is it to conduct a SIM swap attack and what can the attacker do once they have taken control of your phone number? In short, it’s worryingly easy and the criminals can do a lot once they have the keys to the kingdom.
We hear of SIM swapping – also known as SIM hijacking and SIM swap scams – all the time, and yet many people think it can’t ever happen to them. Indeed, people often tell me that they will never get hacked in any way and they actually even wonder why anyone would even target them. But the truth is that we are part of a huge numbers game for many malicious actors and they will continue to target the low-hanging fruit. So why don’t we just implement a few precautionary methods to reduce this risk?
I will come back to what you can do to mitigate the risks later, but first I want to tell you how I tested a SIM swap attack just so I could generate a talk and help people understand the risks. A real-life story is always better when helping people to be more cyber-aware. In fact, I ran a similar experiment last year when I showed how easy it is to hack anyone’s WhatsApp account by knowing their phone number. It was a very valuable lesson for the colleague-turned-victim.
I have known my friend – a let’s call him Paul – since school and we’ve been close friends ever since. I asked him recently if I could attempt to ethically hack him for the greater good and use anything that came from it in the name of cyber-awareness and helping protect people from future attacks. He was happy to oblige and even thought it would be fun to be part of an experiment.
How SIM swapping works
May 06 2021
Millions with old routers at risk of being hacked in their homes
Households across the country are using their home broadband more than ever, to work, educate their children or keep in touch with loved ones.
But many are unaware that old equipment provided by internet service providers (ISPs), including EE, Sky, TalkTalk, Virgin Media and Vodafone, could be putting them at risk of hackers spying on what they are browsing online or even directing them to malicious websites used by scammers.
Which? investigated 13 old router models and found more than two-thirds – nine of them – had flaws that would likely see them fail to meet requirements proposed in upcoming government laws to tackle the security of connected devices.
The legislation is not yet in force and so the ISPs aren’t currently breaking any laws or regulations.
Mar 17 2021
Hackable: How to Do Application Security Right
If you don’t fix your security vulnerabilities, attackers will exploit them. It’s simply a matter of who finds them first. If you fail to prove that your software is secure, your sales are at risk too.
Whether you’re a technology executive, developer, or security professional, you are responsible for securing your application. However, you may be uncertain about what works, what doesn’t, how hackers exploit applications, or how much to spend. Or maybe you think you do know, but don’t realize what you’re doing wrong.
To defend against attackers, you must think like them. As a leader of ethical hackers, Ted Harrington helps the world’s foremost companies secure their technology. Hackable teaches you exactly how. You’ll learn how to eradicate security vulnerabilities, establish a threat model, and build security into the development process. You’ll build better, more secure products. You’ll gain a competitive edge, earn trust, and win sales.
Hackable: How to Do Application Security Right
Mar 17 2021
Understand the core Concepts of Information Assurance & InfoSec
Today’s world uses the information for a variety of purposes. City officials install traffic signals with traffic movement information, and accounting professionals use revenue and expenditure information to calculate annual earnings. So, experts established different domains intending to secures information. Such domains are Information security, Cybersecurity, and Ethical hacking.
more on: Information Security VS Cybersecurity VS Ethical Hacking
Feb 22 2021
NSA Equation Group tool was used by Chinese hackers years before it was leaked online
The Chinese APT group had access to an NSA Equation Group, NSA hacking tool and used it years before it was leaked online by Shadow Brokers group.
Check Point Research team discovered that China-linked APT31 group (aka Zirconium.) used a tool dubbed Jian, which is a clone of NSA Equation Group ‘s “EpMe” hacking tool years before it was leaked online by Shadow Brokers hackers.
In 2015, Kaspersky first spotted the NSA Equation Group, it revealed it was operating since at least 2001 and targeted almost any industry with sophisticated zero-day malware.
The arsenal of the hacking crew included sophisticated tools that requested a significant effort in terms of development, Kaspersky speculated the Equation Group has also interacted with operators behind Stuxnet and Flame malware.
Based on the evidence collected on the various cyber espionage campaigns over the years, Kaspersky experts hypothesize that the National Security Agency (NSA) is linked to the Equation Group.
Jian used the same Windows zero-day exploit that was stolen from the NSA Equation Group ‘s arsenal for years before it was addressed by the IT giant.
In 2017, the Shadow Brokers hacking group released a collection of hacking tools allegedly stolen from the US NSA, most of them exploited zero-day flaws in popular software.
One of these zero-day flaws, tracked as CVE-2017-0005, was a privileged escalation issue that affected Windows XP to Windows 8 operating systems,
“In this blog we show that CVE-2017-0005, a Windows Local-Privilege-Escalation (LPE) vulnerability that was attributed to a Chinese APT, was replicated based on an Equation Group exploit for the same vulnerability that the APT was able to access.” reads the analysis published by CheckPoint. ““EpMe”, the Equation Group exploit for CVE-2017-0005, is one of 4 different LPE exploits included in the DanderSpritz attack framework. EpMe dates back to at least 2013 – four years before APT31 was caught exploiting this vulnerability in the wild.”
Source: NSA Equation Group tool was used by Chinese hackers years before it was leaked online
« Previous Page — Next Page »
