Ethical Hacking

Ethical Hacking is to evaluate the security of a system or network in order to find weakness or other malicious activities if possible in the system.

Ethical Hacking is a computer field that involves hacking a computer network or security system belonging to an organization, in order to find the vulnerabilities in the security system of an organization and improving the weak points that could be exploited by other hacker to hack the system. If you are interested in computer and networking and looking for a challenging job than this field can suit you the best.

Kill switch

The software contained a URL that, when discovered and registered by a security researcher to track activity from infected machines, was found to act as a “kill switch” that shut down the software before it executed its payload, stopping thespread of the ransomware. The researcher speculated that this had been included in the software as a mechanism to prevent it being run on quarantined machines used by anti-virus researchers; he observed that some sandbox environments will respond to all queries with traffic in order to trick the software into thinking that it is still connected to the internet, so the software attempts to contact an address which did not exist, to detect whether it was running in a sandbox, and do nothing if so. He also noted that it was not an unprecedented technique, having been observed in the Necurs trojan. On 19 May, it was reported that hackers were trying to use a Mirai bot net variant to effect adistributed attackon WannaCry’s kill-switch domain with the intention of knocking it offline. On 22 May, @MalwareTechBlog protected the domain by switching to a cached version of the site, capable of dealing with much higher traffic loads than the live site.

WannaCry malware

WannaCry is the ransomware computer worm that targets computers running Microsoft Windows. Initially, the worm uses the Eternal Blue exploit to enter a computer, taking advantage of a vulnerability in Microsoft’s implementation of the Server Message Block(SMB) protocol. It installs Double Pulsar, a backdoor implant tool, which then transfers and runs the WannaCry ransomware package. Several organizations have released detailed technical write ups of the malware,including Microsoft, Cisco, Malware bytes, and McAfee. The “payload” works in the same fashion as most modern ransomware: it finds and encrypts a range of data files, then displays a “ransom note” informing the user and demanding a payment inbitcoin. It is considered a network worm because it also includes a “transport” mechanism to automatically spread itself. This transport code scans for vulnerable systems, then uses the Eternal Blue exploit to gain access, and the Double Pulsar tool to install and execute a copy of itself.

WannaCry ransomware attack?

The WannaCry ransomware attack was a world wide cyber attack by the WannaCry ransomware crypto worm, which targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitcoin crypto currency. The attack began on Friday, 12 May 2017, and within a day was reported to have infected more than 230,000 computers in over 150 countries. Parts of Britain’s National Health Service(NHS), Spain’s Telefónica, Fed Exand Deutsche Bahnwere hit, along with many other countries and companies worldwide. Shortly after the attack began, a web security researcher who blogs as “Malware Tech” discovered an effective kill switch by registering a domain name he found in the code of the ransomware. This greatly slowed the spread of the infection, effectively halting the initial outbreak on Monday, 15 May 2017, but new versions have since been detected that lack the kill switch. Researchers have also found ways to recover data from infected machines under some circumstances. WannaCry propagates using Eternal Blue, an exploit of Windows’ Server Message Block(SMB) protocol. Much of the attention and comment around the event was occasioned by the fact that the U.S.National Security Agency(NSA) had discovered the vulnerability in the past, but used it to create an exploit for its ownoffensive work, rather than report it to Microsoft. It was only when the existence of this vulnerability was revealed by The Shadow Brokersthat Microsoft became aware of the issue, and issued a “critical” security patchon 14 March 2017 to remove the underlying vulnerability on supported versions of Windows, though many organizations had not yet applied it. Those still running older, unsupported versions of Microsoft Windows, such as Windows XP and Windows Server 2003, were initially at particular risk, but Microsoft released an emergency security patch for these platforms as well. Almost all victims of the cyberattack were running Windows 7, prompting a security researcher to argue that its effects on Windows XP users were “insignificant” in comparison. Within four days of the initial outbreak, security experts were saying that most organizations had applied updates, and that new infections had slowed to a trickle.

Best 7 Most Notorious Android apps used in hacking by hackers


  • Zanti

Zanti is one of the top notoriousapp developed by Zimperium and have many of download. Basically, this app is used for wi-fi network penetration or security assessment. But on theother side, many users perform wi-fi hacking and do illegal activities using this app. Using this app you can control those smartphone, tablets devices who connected same wi-fi- as you. You can also do a prank with your friends and redirect toparticular URL and upload images to his screen and more stuff.


  • Droidsqli

Many of your heard about SQL Injection attack that most of thetime perform on vulnerable websites and all and now there is one app named DroidSQLI that enable you to perform SQL Injection on websites through your android device. This is oneand only app which perform anSQL injection attack. Many of app are available but no one can beat this one. This app is also known as one of the best hacking apps for android smartphones.


  • Dsploit

Dsploit is a power suit app for network assessment. You can fully analyse your network that which services and devices running on your network. Who is connected to your network and all types of information? Many of black hat use this app to hack into the network and get access to devices and also deserved in the list of android hacking apps. In this app, you can access to features like Login Cracker, Simple sniff, password sniffer and kill connection and lot of other features that many of hackers and crackers need it.


  • WPA WPS Tester

WPA WPS tester app is usually used to check wi-fi vulnerability but now these days people use this app for wi-fi hacking. When you launch this app they show you the vulnerable wifi in the green tab so you can easily apply random PIN that given by this app and get wifi password of that network. To Use this appcorrectly you need to root your smartphone so you can easily hack wifi password. This app is basically for finding network vulnerability so we recommend to not use this app for hacking.


  • Nmap (Network map)

Nmap is one of the most popular names in networkmapping cause this is powerful tool bu whole networking industry so they also developed Nmap app for android. It is working on both rooted and unrooted smartphone. Basically,it can map your all of network like who is connected to it who is trying to connect and this kind of information that mapping process need. Nmap is used by network professionals who perform network exploration to find vulnerable part of the network.it can scan the whole network including ports, network protocol, users and other details of hosts who are connected. It can show your network details after mapping so you can find vulnerable part of your network and fix it.


  • APK Inspector

Many of android users know this app named APK inspector cause this is the most popular app in the field of reverse engineering. You can get any android app’s source code using this app and do changes in source code and get access to their full features. You can perform reverse engineering on any android app and make changes as your desired and perform any of task you want bysome apps. You can fully control any android apps by make changes. You need to root your smartphone if you want to access this app on yourandroid devices.


  • AndroRAT

First Android Remote Administration tool that let you access to some other system via remote connection from your android device. You can control other machines with this small android app. Many of users illegally use this app to access someone computers or smartphones nd performs illegal activities. It is based on client/Server connection and operation performed between them.

Top 10 Best Hacking Software For Windows Users

​1.  Metasploit

Penetration Testing Software:It provides data on the vulnerabilities in the security system and performs penetration tests. Metasploit evades leading anti-virus solutions 90% of the time and enables you to completely take over a machine you have compromised from over 200 modules. As a penetration tester, it pin points the vulnerabilities with Nexpose closed–loop integration using Top Remediation reports. Using the open source Metasploit framework, users can build their own tools and take the best out of this multi-purpose hacking tool.

2.  Acunetix Web

Acunetixis a web vulnerability scanner (WVS) that scans and finds out the flaws in a website that could prove fatal. By using Acunetix Web Vulnerability Scanneryou can perform a full web scan from your computer in windows. This is the fast and easy which scans WordPress websites from more than 1200 vulnerabilities in WordPress.

3.  Nmap (Network Mapper)

Nmap(Network Mapper) is a port scanner tool. It is used to discover hosts and services on a computer network. It is capable of Host Discovery, Port Scanning,Service Name and Version Detection, OS Detection. It is capable for tasks such as network inventory, managing service upgrade schedules, and monitoring host or serviceuptime.

4.  oclHashcat

You might be aware of the free passwordcracking tool Hashcat. While Hashcat is aCPU-based password cracking tool, oclHashcat is the advanced version that uses the power of your GPU. oclHashcat is the world’s fastest password cracking tool with world’s first and only GPGPU based engine.For using this tool, NVIDIA users require ForceWare 346.59 or later and AMD users require Catalyst 15.7 or later. It is released as free software and the versions available for Linux, OS X, and Windows and can come in CPU-based or GPU-based variants.

5.  Wireshark

Wireshark is the world’s foremost and widely-used network protocol analyzer.Wireshark has rich features such as Deepinspection of hundreds of protocols, with more being added all the time, Multi-platform i.e; Runs on Windows, Linux, MacOS, Solaris, FreeBSD, NetBSD, and many others. It monitors every single byte of the data that is transferred via thenetwork system.

6.  Maltego

Maltego is proprietary software used for open-source intelligence and forensics, developed by Paterva. It focuses on providing a library of transforms for the discovery of data from open sources and visualizing that information in a graph format, suitable for link analysis and data mining.It is a great hacker tool that analyzes the real world links between people, companies, websites, domains, DNS names, IP addresses, documents and whatnot. Based on Java, this tool runs in an easy-to-use graphical interface with lost customization options while scanning.

7.  Social-Engineer Toolkit

It is an advanced framework for simulating multiple types of social engineering attacks like credential harvestings, phishing attacks, and more.It automates the attacks and generates disguising emails, malicious web pages and more.

8.  Nessus Vulnerability Scanner

Nessus is a proprietary comprehensive vulnerability scanner which is developed by Tenable Network Security.It is free of charge for personal use in a non-enterprise environment. Nessus allows scans for. Vulnerabilities that allow a remote hacker to control or access sensitive data on a system. Misconfiguration (e.g. open mail relay, missing patches, etc.). Default passwords, a few common passwords, and blank/absent passwords on some system accounts. Nessus can also call Hydra (an external tool) to launch a dictionary attack. Denials of service against the TCP/IP stack by using malformed packets. Preparation for PCI DSS auditsMost of the worlds are using Nessus to audit business-critical enterprise devices and applications.

9.  Nessus Remote Security Scanner

It was an open source but recently it has been changed to closed source. It is the mostly used Security Scanner over 75,000 organizations worldwide.Most of the worlds are using Nessus to audit business-critical enterprise devices and applications.

10.  Kismet

Kismet differs from other wireless network detectors in working passively. Namely, without sending any loggable packets, it is able to detect the presence of both wireless access points and wireless clients and to associate them with each other.It is also the most widely used and up to date open source wireless monitoring tool. also includes basic wireless IDS features such as detecting active wireless sniffing programs including NetStumbler, as well as a number of wireless network attacks.

Here are the top 8 Websites ToLearn Ethical Hacking


  • Hackaday

Hackaday is one of the top ranked sites that provide hacking news and all kinds of tutorials for hacking and networks. It also publishes several latest articles eachday with detailed description about hardware and software hacks so that beginners andhackers are aware about it. Hackaday also has a YouTube channel where it posts projects and how-to videos. It provides users mixed content like hardware hacking, signals, computer networks and etc. This site is helpful not only for hackers but also for people who arein the field of Digital Forensics and Security Research.

  • Evilzone Forum

This hacking forum allows you see the discussionon hacking and cracking. However,you need to be a member on this site to check out queries and answers regarding ethical hacking. Allyou need to do is register to get yourID to get an answer for your queries there. The solution to your queries will be answered by professional hackers. The Remember not to ask simple hacking tricks, the community peoplehere are very serious.


  • HackThisSite

HackThisSite.org, commonly referred to as HTS,is an online hacking and security website that gives you hacking news as well as hacking tutorials. It aims toprovide users with a way to learn and practice basic and advanced “hacking” skills through a series ofchallenges, in a safe and legal environment.


  • Break The Security

The motive of the site is explained in its name. Break The Security provides all kind ofhacking stuff suchas hacking news, hacking attacks and hacking tutorials. It also has different kind of useful courses that can make you a certified hacker. This site is very helpful if you are looking to choose the security and field of hacking and cracking.


  • EC-Council

      The International Council of Electronic Commerce Consultants (EC-Council) is a member-supported professional organization. The EC-Council is known primarily asa professional certification body. Its best-known certification is the Certified Ethical Hacker. CEH, which stands for Comprehensive Ethical Hacker provides completeethical hacking and network security training courses to learn white hat hacking. You just have to select the hacking course package and join to get trained to become a professional ethical hacker. This site helps youto get all kinds of courses that makeyou a certified ethical hacker.


  • Hack In The Box

This is a popular website that provides security news and activitiesfrom the hacker underground. You can get huge hacking articles about Microsoft, Apple, Linux, Programming and much more. This site also has a forum community that allows users to discuss hackingtips.SecToolsAs the name suggests, 


  • SecTools

 

means security tools. Thissite is devoted to provide significant tricks regarding network security that you could learn to fight against the network security threats. It also offers security tools with detailed description about it.

11 YouTube Channels For LearningEthical Hacking Course Online

1. AB Tech Gallery

2.  Ethical Hacking Tutorial – Just Programming

3. Vivek Ramachandran

4. Penetration Testing in Linux

5. Open Security Training

6. Hak 5

7. Ethical Hacking Tutorial – TutorialBotss

8. CEH v8 – Certified Ethical Hacker Full Training

9. Ethical Hacking and Penetration Testing (Kali Linux) Bhargav Tandel

10. The new boston

11. DedSec

The Top 7 Highest-Paying IT Certifications

​1. Certification in the Governance of Enterprise IT (CGEIT)

The CGEIT certification, by ISACA, recognizes IT professionals with deep knowledge of enterprise IT governance principles and practices, as well as the ability to enhance value to the organization through governance and risk optimization measures, and align IT with business strategies and goals. Since the program started, more than 6,000 individuals have achieved the CGEIT credential through ISACA.

The CGEIT exam covers five domains: Framework for the Governance of Enterprise IT (Domain 1), Strategic Management (Domain 2), Benefits Realization (Domain 3), Risk Optimization (Domain 4) and Resource Optimization (Domain 5).

Requirements:

Pass one exam (150 questions, four hours); prove a minimum of five years of cumulative work experience in IT enterprise governance including at least one year defining, implementing and managing a governance framework; adhereto the ISACA Codeof Professional Ethics and comply with the CGEIT Continuing Education Policy.

Exam cost: $440 to $675, depending on whether you are an ISACA member and whenyou register.

2. ITIL Expert

Information Technology Infrastructure Library(ITIL) certifications are tied to the ITIL framework, which describes best practices for designing, implementing and managing a wide variety of IT service projects. InITIL-speak, certifications are referred to as “qualifications,” which create a classic certification ladderbeginning with the basic-level ITIL Foundation and culminating with the pinnacle ITIL Master. One rung below the Master level is the popularITIL Expert.A professional with the ITIL Expert qualification has a deep understanding of ITIL service best practices as they apply across an IT environment, not just to one service area. In other words, the Expert is able to support an organization by bridging service lifecycle stages, seeing the big picture as a sum of the parts.

Requirements: Achieve the ITIL Foundation certificate or a Bridge qualification equivalent, acquireat least 17 credits per the ITIL Credit System and pass the Managing Across the Lifecycle (MALC) exam at the end ofan approved training course.

Exam cost: $799 (online) to $2,800 (classroom), whichincludes training and exam.

3. Certified in Risk and Information Systems Control (CRISC)

One of the most sought-after GRC certifications by candidates and employers alike is the CRISCfrom ISACA, which identifies IT professionals who are responsible formanaging IT and enterprise risk andensuring that risk management goals are met. A CRISC is often heavily involved with overseeing the development, implementation and maintenance of information system (IS) controls designed to secure systems and manage risk. Since 2010, ISACA has issued over 18,000 CRISC credentials, which is a relatively high number in the GRCcertification field.

The CRISC exam covers four domains: Risk Identification (Domain 1), Risk Assessment (Domain 2), Risk Response and Mitigation (Domain 3) and Risk and Control Monitoring and Reporting (Domain4).

Requirements: Pass one exam (150 questions, four hours), prove a minimum of three years of cumulative work experience in IT risk and information systems associated with at least two of the four domains, adhere to the ISACA Code of Professional Ethics and comply with the CRISC Continuing Education Policy.

Exam cost: $440 to $675, depending on whether you are an ISACA member and whenyou register.

4. Certified Information Systems Security Professional (CISSP)

A Certified Information Systems Security Professional (CISSP) is a seasoned employee or consultant, usuallywith a title like Security Manager, Security Analyst orChief Information Security Officer, toname a few. This person has been on the job for 5 or more years and has a thorough knowledge of the IT threat landscape, including emerging and advanced persistent threats, as well as controlsand technology that minimize the attack surface. A CISSP also createspolicies that help set the framework for proper controls, and can perform or oversee risk management and software development security.

Requirements : You must be able to show proof of 5 paid full-time yearsof work experiencein at least 2 of the 8 CISSP CBK domains, such as Identity and Access Management, Security Engineering, Security and Risk Management, Security Operations and more. On the job experience is crucial for both theexam and the certification process.

5. Certified Information Security Manager (CISM)

This certification course is also a must have for ethical hackers and security researchers. However, unlike the CISSP, theCISMcertification is focused primarily on information security management. If you intend to look for the post of CSO or CIO, you should take this certification.The test will cost approximately$415 excluding prep materials andtutions and consists of 200 multiple choice questions. The only issue with thistest is that you need 5 years of hands on experience in the relevant field. Passing the CISM certification will land you a$121,177 per year (average) job with good career opportunities.

6. Certification in Risk Management Assurance (CRMA)

The Institute of Internal Auditors (IIA) is a global professional association that provides information, networking opportunities, and education to auditors in business, government and the financial services industry. One of the IIA’s certifications is theCRMA, which recognizes individuals who are involved with risk management and assurance, governance, quality assurance and control self-assessment. ACRMA is considered a trusted advisor to senior management and members of audit committees in large organizations.Requirements:Oneexam in two parts: CIA Exam Part 1 – Internal Audit Basics (125 questions, 2.5 hours) and CIA Exam Part 2 – Internal Audit Practice (100 questions, 2 hours). In addition,prove achievementof a 3- or 4-year post-secondary degree (or higher), or two years of post-secondary education and five years of internal auditing experience (or equivalent) or seven years of internal auditing experience. Prove at least two years of auditing experience or control-related business experience in risk management or quality assurance. Finally, provide a character reference signed by a person holding an IIA certification or a supervisor, provideproof of identification and agree to abide by the Code of Ethics established by TheIIA.

Exam costs:$350 (members), $450 (non-members).

7. Project Management Institute-Risk Management Professional (PMI-RMP)

Anyone who has pursued a project management certification is familiar with the Project Management Institute (PMI), either through research or by picking up the coveted Project Management Professional (PMP) credential. However, PMI alsooffers theRisk Management Profession(PMI-RMP) certification, as well as several others that focus on business management, processes, analysis and scheduling.The PMI-RMP identifies IT professionals involved with largeprojects or working in complex environments whoassess and identify project-based risks. They are also competent in designing and implementing mitigation plans that counter the risks from system vulnerabilities, natural disasters and the like.The PMI-RMP exam covers five knowledge domains: Risk Strategy and Planning (Domain 1), Stakeholder Engagement (Domain 2), Risk Process Facilitation (Domain 3), Risk Monitoring and Reporting (Domain4) and Perform Specialized Risk Analyses (Domain 5).

Requirements: Pass one exam (170 questions, 3.5hours), prove achievement of a secondary degree (high school diploma, associate’s degreeor global equivalent), and prove at least 4,500 hours of project risk management experience and 40 hours of project risk management education. The experience and education requirement can be substituted witha four-year degree (bachelor’s degreeor global equivalent), at least 3,000 hours of project risk management experience and 30 hours of project risk management education.

5 Reasons why internet security is crucial in 2017

​1. Computer viruses and malware are more complex than ever.

The Locky ransomware, by far, is the most dangerous computer virus you could have. The intruders will send you a fake email demanding you to openan attachedWord document. Once you open the document, it will enable Macro commands and the malware could get inside your computer.

2. Scammers are using more advanced ways of tricking users.

PhishMe’s chief technology and officer Aaron Higbee saidthe recent Google Docs phish scam tricksthe user into granting permissions to a third-party app. The scammers will not leadyou to fake websites for you to give up yourpasswords. They will not use malware to cause harm. The scammers are pretty good at mimicking Google webpages you would think they are authentic.

3. Data breaches in 2017 are the worst so far.

When an unauthorized individual used your sensitive and confidentialdata, you just became a victim of data breaching. Aside from individuals, popular hotel chains, fast food chains, and even job-seeking websites have been victims of data breaching.

4. 

There are hackers who will do everything they can to cause disruption.

Some hackers will not harm your computer with a virus but will steal your data for their advantage. Hackers usually target government networks because it becomes easier for them to access people’s personal information,including social security numbers and fingerprints.

5. Business Email Compromise (BEC) attack would likely continue to grow according to FBI.

In this kind of phishing scam, the attacker willimpersonate a company’s executive and will encourage customers or employees to transfer funds. You may use an email protection kit to stop attacks before they reach your inbox.

How To Create Free Android Apps Without Coding?


  • AppsGeyser

AppsGeyser is one such service that allows you to convert your content into an app and will also let you monetize that content. The app itself, will havethe option of usinga host of utilities including messaging, social sharing, tabs and full support for HTML5 enhancements.


  • Appypie

Appypie is the fastest growing cloud based Mobile App Builderaround – that enables a user to create a mobile app without havingto code a single line.This app is available in both the Google Play Store & the Apple App Store. With this tool, all you need to do, is drag and drop operations to create your mobileapp. Once created you will receive an HTML 5 based hybrid app that is compatible with Android, iPhone, iPad, Windows Phone andBlackberry.


  • Buzztouch

Buzztouch is an open source enabled search engine for mobile applications. It works and is used along with the software development kits (SDKs) of both iOSand Android. The BtCentral Control Panel is open source web-based software that is used to administermobile apps created using Buzztouch.


  • Appyet

Appyet is another good resource to develop an androidapp from scratch without any prior coding knowledge.All you need to provide is links to RSS/Atom feed or website and you will get your content created into a wonderful mobile application. What’s more, is that this app, will be a native app forandroid rather than HTML5 basedlike some other resources on this list.


  • Appclay

ShepHertz Technologies is the brains behind this nifty resource.It provides an esteemed and intuitive interface, for its users to develop their mobile applications. The apps generated will be native HTML and Android apps.


  • App Machine

Like this name suggests, this tool was created for the purpose of being an app generating machine. App Machine aims to make your app development experience easier and more affordable than ever.


  • Good Barber

Another reliable resource for creating android applications. This tool is targeted towards users wanting more of a professional look for their applications.


  • Mobile Roadie

The last resource in this list is a tool recommended for fast moving to market android apps.  Apps made via the Mobile Roadie will have native support for a range of media formats as well as supporting automatic importing of RSS and an auto-refreshing fan wall.