background preloader

Hacking

Facebook Twitter

-=HackInfo=- LIFE HACKS INSTITUTE OF HACKING 2. Creating and Curating Your Digital Professional Learning Network. Hello, hackers!

Creating and Curating Your Digital Professional Learning Network

Do you have a digital PLN? If not, this post will explain the concept and share some tips for success. I discovered the concept of the digital PLN (a web-based personal or professional learning network) through an information literacy instruction class I took in Fall 2013. One of the major class projects was to select and curate digital resources to facilitate our lifelong learning as librarians, according to our career goals. What is a PLN? A traditional PLN consists of actual people with whom you have collaborated or shared ideas. Why should I have a PLN? Building a formal digital PLN can help you become a better librarian and foster your personal brand. What resources should my PLN incorporate? Digital PLNs can incorporate the blogs you read, Twitter accounts you follow, web tools you use, LinkedIn or Facebook groups in which you participate, websites you monitor, conferences you attend, online communities with which you engage, and so on.

Hacking I Cybersécurité I Privacité I Hacktivism. Exploits and Security Tools Framework: EaST Framework. CyberPunk » Exploitation Tools Pentest framework environment is the basis of IT security specialist’s toolkit.

Exploits and Security Tools Framework: EaST Framework

This software is essential as for learning and improving of knowledge in IT systems attacks and for inspections and proactive protection. The need of native comprehensive open source pen test framework with high level of trust existed for a long time. That is why EAST framework was created for native and native friendly IT security markets. EAST is a framework that has all necessary resources for wide range exploits to run, starting from Web to buffer overruns. Backdoor Android APK: backdoor-apk.

Backdoor-apk is a shell script that simplifies the process of adding a backdoor to any Android APK file.

Backdoor Android APK: backdoor-apk

Users of this shell script should have working knowledge of Linux, Bash, Metasploit, Apktool, the Android SDK, smali, etc. This shell script is provided as-is without warranty of any kind and is intended for educational purposes only. Usage: root@kali:~/Android/evol-lab/BaiduBrowserRat# . Onion Services Security Scan: OnionScan. The purpose OnionScan is to make you a better onion service provider.

Onion Services Security Scan: OnionScan

You owe it to yourself and your users to ensure that attackers cannot easily deanonymize your service. Looking at dark web markets where people buy and sell drugs, fake IDs, and other illegal content one would expect that these sites have a strong interest in maintaining top-level security. Security Intelligence Collector: Machinae. Machinae is a tool for collecting intelligence from public sites/feeds about various security-related pieces of data: IP addresses, domain names, URLs, email addresses, file hashes and SSL fingerprints.

Security Intelligence Collector: Machinae

It was inspired by Automater, another excellent tool for collecting information. The Machinae project was born from wishing to improve Automater in 4 areas: Codebase – Bring Automater to python3 compatibility while making the code more pythonicConfiguration – Use a more human readable configuration format (YAML)Inputs – Support JSON parsing out-of-the-box without the need to write regular expressions, but still support regex scraping when neededOutputs – Support additional output types, including JSON, while making extraneous output optional Out-of-the-Box Data Sources. Google Tips, Tricks & Hacks. From Responder To Credentials: Gladius. Gladius provides an automated method for cracking credentials from various sources during an engagement.

From Responder To Credentials: Gladius

It can currently crack hashes from Responder, secretsdump.py, and smart_hashdump. The usefulness of Gladius is that any sort of file driven event can be captured and triggered. By default, it comes prepackaged with three types of events: Watching for files that match *NTLM* from Responder in Responder’s default directory on Kali:/usr/share/responderWatching for files that match *hashdump* from Metasploit’s smart_hashdump module in/root/.msf*/lootWatching for files that match *secretsdump* from CoreSecurity’s secretsdump.py also in Responder’s default directory What this means, is that once it is started, all one has to do is perform a smart_hashdump in metasploit or pipe the output from secretsdump.py into /usr/share/responder, and the resulting hashes are automatically passed to hashcat to begin cracking. How To Install Gladius Start python gladius.py.

Automatic Local Privilege Escalation Script. CyberPunk » Exploitation Tools An automated script which downloads potential Linux kernel exploits from exploitdb, and compiles them automatically Automatic Local Privilege Escalation Script searches exploitdb and will try to find the latest and applicable Linux privilege escalation exploits for the active kernel version.

Automatic Local Privilege Escalation Script

It does that by using searchsploit. The script asks for and passes the kernel version as first parameter. It will list all potential exploits and ask to copy all Linux privilege escalation exploits that it finds to local directory. Auto Backdooring Utility: backdoorme. Backdoorme is a powerful utility capable of backdooring Unix machines with a slew of backdoors.

Auto Backdooring Utility: backdoorme

Backdoorme uses a familiar metasploit interface with tremendous extensibility.Backdoorme relies on having an existing SSH connection or credentials to the victim, through which it will transfer and deploy any backdoors. Please only use Backdoorme with explicit permission. Backdoorme comes with a number of built-in backdoors, modules, and auxiliary modules. Backdoors are specific components to create and deploy a specific backdoor, such as a netcat backdoor or msfvenom backdoor. Modules can be applied to any backdoor, and are used to make backdoors more potent, stealthy, or more readily tripped. Deep Spying. Spying using Smartwatch and Deep Learning Wearable technologies are today on the rise, becoming more common and broadly available to mainstream users.

Deep Spying

In fact, wristband and armband devices such as smartwatches and fitness trackers already took an important place in the consumer electronics market and are becoming ubiquitous. By their very nature of being wearable, these devices, however, provide a new pervasive attack surface threatening users privacy, among others. In the meantime, advances in machine learning are providing unprecedented possibilities to process complex data efficiently. Allowing patterns to emerge from high dimensional unavoidably noisy data. Firmware Analysis Tool: Binwalk.

Binwalk is a fast, easy to use tool for analyzing and extracting firmware images Firmware Analysis Tool Binwalk supports Python 2.7 – 3.x.

Firmware Analysis Tool: Binwalk

Although most systems have Python2.7 set as their default Python interpreter, binwalk does run faster in Python3. Installation. Opensource RAT: Pupy. CyberPunk » Maintaining Access Pupy is an opensource RAT (Remote Administration Tool) written in Python. Pupy is a remote administration tool with an embeded Python interpreter, allowing its modules to load python packages from memory and transparently access remote python objects. Web Pen-Test Practice Application: OWASP Mutillidae. Mutillidae can be installed on Linux and Windows using LAMP, WAMP, and XAMMP for users who do not want to administrate a webserver. It is pre-installed on SamuraiWTF, Rapid7 Metasploitable-2, and OWASP BWA. The existing version can be updated on pre-installed platforms. With dozens of vulns and hints to help the user; this is an easy-to-use web hacking environment designed for labs, security enthusiast, classrooms, CTF, and vulnerability assessment tool targets.

Mutillidae has been used in graduate security courses, corporate web sec training courses, and as an “assess the assessor” target for vulnerability assessment software. OWASP Mutillidae II v2.6.26 Released. Chrome Keylogger Extension: ChromeLogger. A keylogger and form grabber for Google Chrome that runs as an extension ChromeLogger is a keylogger and form grabber that runs as a Google Chrome extension. Since it’s a Chrome addon, it’s compatible with the latest version of Chrome on all OS’s (Windows, Mac, Linux).

ChromeLogger will save all keystrokes typed into webpages that are opened by Chrome. There’s also an option to capture form submissions (ie, search boxes, login forms). After installing, ChromeLogger will be completely silent and will automatically start recording keylogs. Distributed Password Cracking: CrackLord. Over the past several years the world of password cracking has exploded with new tools and techniques. These new techniques have made it easier than ever to reverse captured password hashes. With the addition of powerful techniques, from GPGPU cracking to rainbow tables, it is easier than ever to access the plaintext for fun and profit. Furthermore, during our day jobs we have found that many other processes can benefit from distributed access to the resources of high powered systems.

With many people requesting access to this, CrackLord was born. CrackLord provides a scalable, pluggable, and distributed system for both password cracking as well as any other jobs we need. Ransomware Crypter Kit: eda2. Appie – Android Pentesting Portable Integrated Environment. Automatically Brute Force All Services - BruteX. CyberPunk » Password Attacks Automatically brute force all services. Automates Vulnerability Scanning: Seccubus. Seccubus automates regular vulnerability scans with vrious tools and aids security people in the fast analysis of its output, both on the first scan and on repeated scans. The goal is to reduce the analysis time for subsequent scans of the same infrastructure by only reporting delta findings. Awesome Windows Exploitation Resources.

Fast Parallel Login Brute-forcer: Medusa. Medusa is intended to be a speedy, massively parallel, modular, login brute-forcer Medusa 2.2 (Release Candidate 2) Released. Samurai - The Web Testing Security Framework. Phishing Campaign Toolkit: King Phisher. King Phisher is a tool for testing and promoting user awareness by simulating real world phishing attacks. It features an easy to use, yet very flexible architecture allowing full control over both emails and server content. King Phisher can be used to run campaigns ranging from simple awareness training to more complicated scenarios in which user aware content is served for harvesting credentials. Pentesting Distribution for Wireless Security: Xiaopan OS.

The Social-Engineer Toolkit: SET. Integrated Penetration-Test Environment: Faraday. MITMf - Man-In-The-Middle Attack Framework. Black-Box CAN Network Analysis Framework: CANToolz. Open Source GPS Tracking System: Traccar. Traccar is an open source GPS tracking system for various GPS tracking devices. This Maven Project is written in Java and works on most platforms with installed Java Runtime Environment. System supports more than 80 different communication protocols from popular vendors. Rogue WiFi Access Point Attack: WiFi-Pumpkin. Adventures of an apprentice. InfoSec Resources - IT Security Training & Resources by InfoSec Institute. Nobody Can Stop Information Insemination. Exploit.IN. Malware Analysis: The Final Frontier. Database. Malware URL. NoThink! Open Malware. Malware - Clean MX - realtime.

Buster Sandbox Analyzer. Sandboxes / Online Link checkers. List of Malware Sources. Index page. Antionline Forums - Maximum Security for a Connected World. Internet Storm Center - Internet Security. Open Threat Exchange (OTX) Security-Onion-Solutions/security-onion. GrayHat Hacking Security Exploits : How To Use MetaGooFil. Penetration Testing Tools. Edge-security group. Operator « US System Administration. PythonHackers Community. Parrot Security OS. Kali Linux NetHunter - Kali NetHunter. Hacker 10 - Security Hacker. World Best Hacking & Cracking Forum!

ANTICHAT.RU - ANTICHAT.RF. Legit carding forum. Carding Forum. Hack Forums. Writing a stealth web shell - Just Another Hacker. Security Tools & Info. Ethical Hacking. WiFinspect. Start - netsec. DarkComet RAT Official Website. Let them Find us. Resources. How to Become an Ethical Hacker. Welcome to SecurityTube.net. Zone-H.org - Unrestricted information. Pastebin password list. Reverse Engineering. HackRead – Latest Cyber Crime – Information Security – Hacking News. Cryptography. Hacking. Zeroday : Weaponizing code. Blackhat academy: "ok guys so _hypothetically_..." Things: We'll be doing them again soon!

DEF CON® Hacking Conference - Archive of Hacking Tools Released at DEFCON. About Darknet. SecTools.Org Top Network Security Tools. Top 15 Security/Hacking Tools and Utilities. Cheating Network.

Hacking Forums

How to phish(tutorial inside) Wonder How To » Show & Tell for Creators & Doers. Black Hat ® Technical Security Conference: USA 2010 // Archives. Blackbuntu Linux - Penetration Testing Distribution. The Elite Hackers Site - By Schiz0id - Learn how to become an elite hacker today! The Elite Hackers Site - By Schiz0id - Learn how to become an elite hacker today! SubSeven.org - The Official SubSeven Website.