background preloader

Ethical Hacking Tutorials

Related:  Hacking/Cracking - Videos Related To Phreaking The Hacker Manifesto by +++The Mentor+++ Written January 8, 1986 Another one got caught today, it's all over the papers. "Teenager Arrested in Computer Crime Scandal", "Hacker Arrested after Bank Tampering"... Damn kids. They're all alike. But did you, in your three-piece psychology and 1950's technobrain, ever take a look behind the eyes of the hacker? I am a hacker, enter my world... Mine is a world that begins with school... Damn underachiever. I'm in junior high or high school. Damn kid. I made a discovery today. Damn kid. And then it happened... a door opened to a world... rushing through the phone line like heroin through an addict's veins, an electronic pulse is sent out, a refuge from the day-to-day incompetencies is sought... a board is found. Damn kid. You bet your ass we're all alike... we've been spoon-fed baby food at school when we hungered for steak... the bits of meat that you did let slip through were pre-chewed and tasteless. Yes, I am a criminal. I am a hacker, and this is my manifesto.

Hacking the Xbox Challenges - How To Become A Hacker Copyright © 2001 Eric S. Raymond As editor of the Jargon File and author of a few other well-known documents of similar nature, I often get email requests from enthusiastic network newbies asking (in effect) "how can I learn to be a wizardly hacker?". Back in 1996 I noticed that there didn't seem to be any other FAQs or web documents that addressed this vital question, so I started this one. A lot of hackers now consider it definitive, and I suppose that means it is. If you are reading a snapshot of this document offline, the current version lives at Note: there is a list of Frequently Asked Questions at the end of this document. Numerous translations of this document are available: ArabicBelorussianBulgarianChinese, Czech. The five-dots-in-nine-squares diagram that decorates this document is called a glider. If you find this document valuable, please support me on Patreon. The hacker mind-set is not confined to this software-hacker culture.

Security researchers find new wafer-thin ATM card skimmers in use ATM card skimming is hardly a new activity, and neither are card skimmers that continue to get smaller and more discreet. As Brian Krebs of the Krebs on Security blog reports, though, a new development out of Europe has now crossed a key, and potentially troublesome threshold. The European ATM Security Team (otherwise known as EAST) has discovered a new type of wafer-thin card skimmer in use in at least one unnamed European country that's small enough to fit directly in the ATM's card slot -- that's as opposed to most current skimmers that can be well-disguised but generally sit on top of the card slot. As you can imagine, that makes it considerably more difficult to spot for even the most attentive ATM users, but Krebs notes that the skimmer still requires a secondary device like a camera or keypad overlay to record a person entering their PIN. Comments

Hacking, the card game, debuts at Black Hat | Security & Privacy LAS VEGAS -- There's much more to hacking than just the Hollywood portrayal of a speed typing contest, say the computer security professionals who've developed a new hacking-themed card game called Control-Alt-Hack. Control-Alt-Hack is based on Steve Jackson Games' Ninja Burger, but from the characters to the mission cards to the entropy cards, the demystification of white hat computer security is the name of this game. Game co-designer, security researcher, and University of Washington Computer Security and Privacy Research Lab honorary member Adam Shostack said at the Black Hat 2012 confab here that when it comes to teaching ethical hacking, also known as white hat hacking, not enough educators "use carrots, not sticks." "Humor creates an open atmosphere," that helps break down the shyness of learning, he said during the conference session about the game. In Control-Alt-Hack, you work as a researcher for a computer security company that gets hired to stress-test other companies.

Hackers build private 'Ninja Tel' phone network at Defcon | Security & Privacy Hackers who spent their teen years phone-phreaking -- breaking into telephone networks and making free calls -- have created their own GSM network at Defcon and are using creative and silly apps on highly customized Android phones. The Ninja hacker group is giving the phones away to people who have contributed to the community, and to their lucky friends. The phones and accompanying lanyards serve as "badges" that provide entrance to the annual Ninja party tonight. The phones are HTC One V phones running Android 4.0.3. The "Ninja Tel" network is "the biggest OpenBTS (base transceiver station) network ever," said Ninja Michael J.J. The Ninja Tel van, complete with official looking logo and hard-hat wearing workers, has a GSM base station; a 12-foot antenna; networking and Web app servers; and other equipment and is parked in a large room at Defcon. People choose their own phone number and username and can have their photos taken so that their face shows up in everyone's contact list.

Tools boast easy cracking of Microsoft crypto for businesses | Security & Privacy Cryptography specialist Moxie Marlinspike released tools at Defcon today for easily cracking passwords in wireless and virtual private networks that use a popular encryption protocol based on an algorithm from Microsoft called MS-CHAPv2, news that will no doubt worry many a network administrator. The tools crack WPA2 (Wi-Fi Protected Access) and VPN passwords used by corporations and organizations running networks that are protected by the PPTP (Point-to-Point Tunneling Protocol), which uses MS-CHAPv2 for authentication. ChapCrack captures the MS-CHAPv2 handshakes, or SSL (Secure Sockets Layer) negotiation communications, and converts them to a token that can be submitted to CloudCracker. It takes less than a day for the service to return results in the form of another token that is plugged back into ChapCrack where the DES (Data Encryption Standard) keys are cracked. The processing is being done on a supercomputer running customized chips created by David Hulton of Pico Computing.

Laws on Wi-Fi sniffing still up in the air, say specialists | Security & Privacy LAS VEGAS -- Got a Wi-Fi network? If someone, say Google or the government, sniffs your open network, you may think you're legally protected. Don't be so sure. It remains unclear whether the law protects your unencrypted Wi-Fi from interception, because there are differing interpretations and lack of court precedent, Kevin Bankston, senior counsel at the Center for Democracy and Technology, said in a session at Defcon yesterday. The federal wiretap statute prohibits sniffing of contents of communications by a device unless the contents are readily accessible to the general public. If the network is password-protected you're fine. Years ago, Congress amended the wiretap law to include protection for unencrypted cordless phone calls because millions of people were relying on them with the expectation of privacy. To confuse matters, the law may provide protection for some, but not all, of the wireless spectrum that's used by Wi-Fi router channels.

Air Traffic Control Could Be Spoofed The Federal Aviation Administration's next-generation air traffic control systems are vulnerable to hackers, who could send fake airplane signals to towers or track private planes carrying famous people. At the Black Hat conference currently going on in Las Vegas, security researcher Andrei Costin demonstrated a way to "spoof" an airplane's signal to an air traffic controller using about $1,000 worth of radio equipment. PHOTOS: Top 10 Spy Tactics The vulnerability comes from the way the new air traffic control system, which is scheduled to be fully on-line by 2020, gets its signals. Air traffic controllers are good at tracking "rogue" signals from the ground and the current system uses radar to "ping" an airplane, whose transponder sends a signal back. The new system, called Automated Dependent Surveillance-Broadcast or ADS-B, works a little differently. The down side is that the signals aren't encrypted, so anybody can listen in. It's easy to see why this could be a problem.

No safe haven: the global Secret Service hunt for three hackers Dave & Buster's store #32 in Islandia, New York—a restaurant and electronic funhouse for adults—seemed an unlikely target for an international credit card theft ring. Certainly no patron drinking beer and shooting miniature basketballs into a miniature hoop expected their credit card data to end up inside an encrypted Latvian server, waiting to be sold off to international criminals who would ring up more than $600,000 in charges on the cards. But that was because no patron knew anything about the Estonian hacker Aleksandr "JonnyHell" Suvorov. On May 18, 2007, Suvorov electronically entered the point of sale (POS) server at store #32. Every Dave & Buster's has a POS server, which vacuums up all the credit card data collected by each store's credit card swipe terminals and relays it upstream to a payment processor for verification and approval of the transaction. Suvorov didn't hack his way in, exactly—he actually had the proper credentials for the POS server. The TNP was happy to help.