Top gadgets all time

We know that every hacker use hardware for hacking today we discuss about them...... 
First:

Raspberry Pi 4

 We are now on the third generation of these low-budget computers, which can be used in multiple ways. A classic example in security audits is to use a Raspberry Pi with its appropriate battery pack, a distribution platform like Kali Linux , and applications like FruityWifi, which together act like the Swiss army knife of pentesting.

Is small—tiny in fact 
Low cost—around $40
Low power—uses around 2W 
Has GPIO (general purpose IO pins)—like the Arduino’s pins, these are used to connect external electronics

Second:

WiFi Pineapple 

This is my favorite tool.................................................................................................. 

WiFi” Pineapple is a pen testing tool, originally created in order to allow IT professionals to test the vulnerability of their networks. They can be used to de-authenticate and spoof a legitimate network, forcing employees to connect to this fake network.This set of tools for wireless penetration tests is very useful for various types of attacks, such as man-in-the-middle attack

• Dual Band 2.4/5 GHz
  533 MHz Network SoC
• Four Long Range Antennas
  up to 800mW per radio
• USB Ethernet, USB Serial,
  USB Host and Ethernet Ports
• 2 GB NAND Flash
• Power via USB or DC

Alfa Network Board

Every hacker use this for injecting packets. The Alfa stands out for the quality of its materials, and for its use of chipsets which can be set to monitoring mode – a requirement for wireless audits.

Rubber Ducky

This gadget is very useful .Since 2010 the USB Rubber Ducky has been a favorite among hackers, pentesters and IT pros. With its debut, keystroke injection attacks were invented – and since it has captured the imagination with its simple scripting language, formidable hardware, and covert design

HackRF One

this is open source hardware for software-defined radio.

This tool installs a powerful SDR (Software-Defined Radio) system. In other words it is essentially a radio communication device which installs software to be used in place of typically installed hardware.

This is open source hardware for software-defined radio. This way, it is capable of processing all kinds of radio signals ranging from 10 MHz to 6 GHz from a single peripheral, which can be connected to the computer via a USB port.

Proxmark3 Kit

The latest revision of the Proxmark III is the Proxmark3 RDV4 kit that enables sniffing, reading and cloning of RFID (Radio Frequency Identification) tags. It is currently the “gold standard” when it comes to RFID research.

Ubertooth One

The Ubertooth One is an open source Bluetooth test tool from Michael Ossmann.This device is an open-source 2.4 GHz code development platform for experimenting with Bluetooth, enabling users to appreciate the different aspects of new wireless technologies.

Thanks for reading please give me feedback.........

Read More

The Basics of protecting against computer hacking

A.o.A

How to protect our computer and data? 

I have a book pics which help you to learn Protecting your computer from hackers.....  

("This book is my favorite")

This book ony for learning

3

 4

5 

6

7

8

9

10

11

12

13

14

15

This Book only For Educational purpose   

Read More

System Hacking

Before starting the system hacking phase, an ethical hacker, or pentester must

remember that you cannot gain access to the target system in a go. You must

have to wait for what you want, deeply observe and struggle Than you will success

======System Hacking ======

 System Hacking Methodology:

There same   system hacking methodology

Cracking passwords
Its mean first we crack the passwords of system
you should know about three types for crack passwrd 
one = like username and password.
 two =  like biometrics
three = like registered / allowed devices
Every one know that a good password contains: -

Case Sensitive letters

Special characters

Numbers

lengthy password (more than 8 letters)

Types of Password Attacks
Password Attacks are  the following types: -

Non-Electronic Attacks/physical attack (types)



Active Online Attacks (types)[
"Active Online Attack includes different techniques that directly interact
with the target for cracking the password."
]
=============================
most use full are
Dictionary Attack (D.A)
Brute Force Attack (B.F.A)
Hash Injection (H.I)
=============================
Passive Online Attacks (types)
[
"Passive online attacks are performed without interfering with the target.
Importance of these attacks is because of extraction of the password
without revealing the information as it obtains password without directly
probing the target."
]
=============================
Wire Sniffing
Man-in-the-Middle Attack
Replay Attack
=============================
Default Password (types)
["Every new equipment is configured with a default password by the
manufactures. It is recommended to change the default password to a
unique, secret set of characters."]

Offline Attack (types)["
An example of offline attacks is comparing the password using a
rainbow table. Every possible combination of character is computed for
the hash to create a rainbow table.
"]
=============================

Pre-Computed hashes and Rainbow Table
=============================

Escalating privileges

Executing applications

Hiding files


Covering tracks

If you have any problem so comment me

Pease give me feedback

Read More

IoT Hacking

 In this lecture we understanding IoT

concepts, an overview of IoT threats and attacks, IoT hacking methodology,
tools and techniques of IoT hacking, security tool and penetration testing.
Internet of Things (IoT) is an environment of physical devices such as home
appliances, electronic devices, sensors, etc.

The world is rapidly moving towards automation. The need for automated
devices which controls our daily tasks on fingertips is increasing day by day.
SO,
IoT technology simply requires unique identity.Every one know that unique identity refers to the IP
address, especially IPV6 addresses to provide each and every device a unique
identity. IPv4 arid IPV6 planning and deployment over an advance network
structure requires thorough consideration of advanced strategies and
techniques. In IP version 4, a 32-bit address is assigned to each network node
for the identification while in IP version 6, 128 bits are assigned to each node
for unique identification. Advance IP address must consider IP address which supports efficiency, reliability,

and scalability in the overall network model.
Internet of Things (IoT) Technologies and Protocols

IoT Communication Models

There are same ways in which IoT devices can communicate with the other devices.
First:
Device to device model

Device to device model is a basic IoT communication model in which two devices are communicating with each other without interfering any other device.
For example, consider a real-life scenario of a home where multiple sensors are installed for security reasons such as motion detector, cameras,temperature sensor, etc.
D-to-G Model

Device-to-Gateway(D to G) model is similar to Device to cloud model. IoT gateway device is added in this Device-to-Gateway model which collects the data from sensors and send it to the remote application server.

B-End D-S Model

Back-End Data-Sharing (B end D.S)Model is an advanced model in which devices are communicating with the application servers.

IoT Attacks
There are same attacks:
1: DDoS Attack
2: BlueBome Attack
3: Jamming Attack
4: Rolling Code Attack

IoT Hacking Methodology
Every one know that  rules of hacking are 
 Information Gathering 
Vulnerability Scanning
Perform/Launch Attack
Gain Access
Maintain Attack

Secure yourself from this hack by simply steps
Firmware update
Block unnecessary ports
Disable Telnet
Use encrypted communication such as SSL/TLS
Use strong password
Use encryption of drives
User account lockout
Periodic assessment of devices
Secure password recovery
Two-Factor Authentication
Disable UPnP

Read More

Cryptography

What is Cryptography ?

Cryptography is a technique of encrypting the clear text data into a scrambled
code. This encrypted data is sent over public or private network toward
destination to ensure the confidentiality. This encrypted data known as
"Ciphertext" is decrypted at the destination for processing. Strong encryption
keys are used to avoid key cracking.
Types of Cryptography
There two types of cryptography :
1: Symmetric Cryptography
2: Asymmetric Cryptography

Symmetric Cryptography
The tpye  of cryptography symmetric Key Cryptography is the oldest and most widely used
cryptography technique in the domain of cryptography. Symmetric ciphers
use the same secret key for the encryption / decryption of data. Most

widely used symmetric ciphers are ABS and FES.

Asymmetric cryptography

Asymmetric cryptography, also known as public key cryptography, uses public and private keys to encrypt and decrypt data. The keys are simply large numbers that have been paired together but are not identical (asymmetric). One key in the pair can be shared with everyone; it is called the public key.

Encryption Algorithms

There are same types of  Encryption Algorithms

Ciphers

A cipher is a set of rules by which we implement encryption. 

Substitution

Simply In this method, every single character of data is substituted with another

character.

Polyalphabetic

This method makes substitution even more difficult to break by using

multiple character substitution.

Keys

Every person know that what is keys. In the above example of substitution, we used a key of “three,” Key plays the

main role in every cipher algorithm. Without knowing the key, data cannot be

decrypted.

Stream Cipher

A type of symmetric key cipher that encrypts the plain text one by one. 

Block Cipher

A type of symmetric key cipher that encrypts the plain text on the fixed

length of the group.

Data Encryption Standard (DES)

Data Encryption Algorithm (DES) is a Symmetric Key Algorithm that was

used for encryption.

Secure Hashing Algorithm (SHA)

This is as message digest 5 (MD5) is a cryptographic hashing algorithm, another

most popular, more secure and widely used hashing algorithm is Secure

Hashing Algorithm (SHA).

exp:

Syntax: The password is 12345

SHA-1: 567c552b6b559eb6373ce55a43326ba3db92dcbf

Cryptography Tools

Basic Data Encrypting Using HashCalc

Basic Data Encrypting Using MD5 Calculator

Basic Data Encrypting Using Advance Encryption Package

Basic Data Encrypting Using TrueCrypt

Basic Data Encrypting Using CrypTool

Encrypting and Decrypting the Data Using BCTextEncoder

Basic Data Encrypting Using Rohos Disk Encryption

At the end we see Mind Map

Read More

Hunting Bugs

Introduction to Hunting Bugs:

I have a video ( not My ) I also learn from this course

Why do we learn to hunt bugs?There are several reasons, and reasons vary from person to person. But first and foremost reason is we want to be better security professionals or researchers. When a security professional is able to hunt security bugs in any web application and because they are helping the whole community to remain safe and secure, it earns them respect as well. At the same time, the successful bug hunter usually gets a bounty for their effort. Almost every big web application, including Google, Facebook, and Twitter, Tumbler etc has its own bug hunting and bounty program. So learning to hunt bugs may also help you to earn some extra money. There are many security experts and researchers who make this their profession and earn regular money by hunting bugs.
After this we read about same Bug hunt platforms:
Hackerone
Cobalt
Bugcrowd 
BountyFactory
Synack
AntiHack
Hackenproof
Zerocopter
Japan bug bounty program
Bug bounty programs list

and we also see same tools which is used in bugs hunting
Burp Suite:
Many ethical hackers and security professionals opine that finding vulnerabilities in any web application has been made easy with the help of the Burp Suite tool.

OWASP ZAP:
Many security professionals, use this tool besides (Burp Suite).Because in some cases, OWASP ZAP works better than Burp. So, in the very beginning you need not worry about buying the professional Burp Suite.

OPEN Burp Suite

If you use Kali Linux than In toolbox on the left side of  Kali Linux , the fifth/other icon belongs to Burp Suite. Clicking it will open the Burp Suite.

Open OWASP ZAP

(Kali Linux) Go to the top left corner of Kali Linux and click the Applications tab. There you get the Web Application Analysis link here you see OWASP ZAP.

Click on the OWASP ZAP link and it will open 

Same other tools

For web application analysis, we already have tools like wpscan, httrack, and sqlmap in Kali Linux. However, we may need to scan the ports, so nmap will be extremely useful. That is also available in Kali Linux. Another good web application vulnerability scanner is nikto. However, the range of nmap is quite big, and you can not only do the web application analysis but also use it for vulnerabilities analysis, information gathering, etc.

Click Me

Read More