Malicious Linux Commands - From (This article was originally published in Ubuntu Forums but was removed there. Ubuntuguide feels that knowledge about these risks is more important than any misguided attempts to "protect the public" by hiding their potential dangers or protect the (K)Ubuntu/Linux image. Vote Now! Top Ten Web Hacking Techniques of 2011 Every year the Web security community produces a stunning amount of new hacking techniques published in various white papers, blog posts, magazine articles, mailing list emails, etc. Within the thousands of pages are the latest ways to attack websites, Web browsers, Web proxies, and so on. Beyond individual vulnerability instances with CVE numbers or system compromises, we’re talking about actual new and creative methods of Web-based attack. The Top Ten Web Hacking Techniques list encourages information sharing, provides a centralized knowledge-base, and recognizes researchers who contribute excellent work. How the winners were selected… Phase 1: Open community voting (Ballot) [COMPLETE]
Top 10 Web hacking techniques of 2010 revealed Network World - A Web hack that can endanger online banking transactions is ranked the No. 1 new Web hacking technique for 2010 in a top 10 list selected by a panel of experts and open voting. Called the Padding Oracle Crypto Attack, the hack takes advantage of how Microsoft's Web framework ASP.NET protects AES encryption cookies. FROM THE SECURITY WORLD: Quirky moments at Black Hat DC 2011 If encryption data in the cookie has been changed, the way ASP.NET handles it results in the application leaking some information about how to decrypt the traffic. With enough repeated changes and leaked information, the hacker can deduce which possible bytes can be eliminated from the encryption key. That reduces the number of unknown bytes to a small enough number to be guessed.
Google Dorks cache: If you include other words in the query, Google will highlight those words within the cached document. For instance, [cache:www.google.com web] will show the cached content with the word “web” highlighted. This functionality is also accessible by clicking on the “Cached” link on Google’s main results page. The query [cache:] will show the version of the web page that Google has in its cache. For instance, [cache:www.google.com] will show Google’s cache of the Google homepage. How To Become A Hacker Copyright © 2001 Eric S. Raymond As editor of the Jargon File and author of a few other well-known documents of similar nature, I often get email requests from enthusiastic network newbies asking (in effect) "how can I learn to be a wizardly hacker?". Back in 1996 I noticed that there didn't seem to be any other FAQs or web documents that addressed this vital question, so I started this one. A lot of hackers now consider it definitive, and I suppose that means it is. Still, I don't claim to be the exclusive authority on this topic; if you don't like what you read here, write your own.
How the NSA's Firmware Hacking Works and Why It's So Unsettling One of the most shocking parts of the recently discovered spying network Equation Group is its mysterious module designed to reprogram or reflash a computer hard drive’s firmware with malicious code. The Kaspersky researchers who uncovered this said its ability to subvert hard drive firmware—the guts of any computer—“surpasses anything else” they had ever seen. The hacking tool, believed to be a product of the NSA, is significant because subverting the firmware gives the attackers God-like control of the system in a way that is stealthy and persistent even through software updates. The module, named “nls_933w.dll”, is the first of its kind found in the wild and is used with both the EquationDrug and GrayFish spy platforms Kaspersky uncovered. It also has another capability: to create invisible storage space on the hard drive to hide data stolen from the system so the attackers can retrieve it later. Here’s what we know about the firmware-flashing module.
Google hacking Basics The following search query will locate all websites that have the words "admbook" and "version" in the title of the website. It also checks to ensure that the web page being accessed is a PHP file. intitle:admbook intitle:version filetype:php One can even retrieve the username and password list from Microsoft FrontPage servers by inputting the given microscript in Google search field:
The Open Organisation Of Lockpickers This is a repository of the most up-to-date versions of Deviant's lock diagrams and animations. Seen in all of the TOOOL educational materials and slide decks, these files are all released under the Creative Commons license. You are free to use any of them for non-commercial purposes, as long as they are properly attributed and the same freedom for others is maintained in all derivative works. Please note that these diagrams have evolved and developed over time.
Phone hacking Phone hacking is the practice of intercepting telephone calls or voicemail messages, often by accessing the voicemail messages of a mobile phone without the consent of the phone's owner. The term came to prominence during the News International phone hacking scandal, in which it was alleged (and in some cases proved in court) that the British tabloid newspaper the News of the World had been involved in the interception of voicemail messages of the British Royal Family, other public figures, and the murdered schoolgirl Milly Dowler. Risks Although any mobile phone user may be targeted, "for those who are famous, rich or powerful or whose prize is important enough (for whatever reason) to devote time and resources to make a concerted attack, there are real risks to face.
Password crackers SecTools.Org: Top 125 Network Security Tools For more than a decade, the Nmap Project has been cataloguing the network security community's favorite tools. In 2011 this site became much more dynamic, offering ratings, reviews, searching, sorting, and a new tool suggestion form . This site allows open source and commercial tools on any platform, except those tools that we maintain (such as the Nmap Security Scanner , Ncat network connector , and Nping packet manipulator ). We're very impressed by the collective smarts of the security community and we highly recommend reading the whole list and investigating any tools you are unfamiliar with. NEW!!!! Destroy someone's Computer! : OFF Topic vampyre is right.1. LIL DEVIL IS AN A-HOLE2. THAT IS HACKING WHICH IS ILLEGAL3. LIL DEVIL IS AN A-HOLE X10= ASSHOLE ASSHOLE ASSHOLE ASSHOLE ASSHOLE ASSHOLE ASSHOLE ASSHOLE ASSHOLE ASSHOLE 4.
Smartsniff Password Sniffer Related Links Windows Password Recovery ToolsSmartSniff - Monitoring TCP/IP packets on your network adapter Mail PassView - Recover POP3/IMAP/SMTP email passwords. Dialupass - Recover VPN/RAS/Dialup passwords Short Film of the Day: Stuxnet: Anatomy of a Computer Virus Why Watch? Because we should challenge how we define a film. Most of the shorts featured in this column are either easy to spot as stories or completely experimental. Even when a documentary short is in the spotlight, it tells a clear tale of people doing things. This short, is none of those things. Stuxnet: Anatomy of a Computer Virus is an informational film made entirely of voice over narration and motion graphics. March 2011 Ok, here's a new quick tutorial for everyone who has been having to deal with Facebook blocking your entrance into someone's account due to logging in from a different location. Ever since I had been problems constantly having to deal with Facebook leaving me out off people's accounts I began to think that I should write over my experiences to help others. I will go over specific techniques and ideas to eventually grant you entrance to their accounts without having to deal with that Facebook problem having logging in from different location. 1.