Skip to main content

Thinking Like The Bad Guys



Malicious attackers often think and work like  thieves,  kidnappers,  and  other  organized criminals you hear about in the news every day. The  smart  ones  constantly  devise  ways to  fly under the radar and exploit even the smallest weaknesses that lead them to their target. The following are examples of how hackers and malicious users think and work. This list isn’t intended  to  highlight  specific  exploits  that  I cover in this  blog  or  tests that I  recommend you carry  out,  but  rather  to demonstrate  the  context and approach of a malicious mindset:

 ✓ Evading  an intrusion  prevention  system  by changing their MAC address or IP address every few minutes to get further into a network without being completely blocked

 ✓ Exploiting a physical security weakness by being aware of offices that have already been cleaned by the cleaning crew and are unoccupied (and thus easy to access with little chance of  getting caught),  which  might be made obvious by, for instance, the fact that the office blinds are opened and the curtains are pulled shut in the early morning

 ✓ Bypassing web access controls  by changing  a  malicious  site’s  URL to its  dotted decimal IP address equivalent and then converting  it  to  hexadecimal  for  use  in  the web browser

Also read this :― Social Engineering Toolkit (SET)

Using unauthorized software that would otherwise be blocked at the firewall  by changing  the  default  TCP  port  that  it  runs  on

 ✓ Setting  up  a  wireless  “evil  twin”  near  a local Wi‐Fi hotspot to entice unsuspecting Internet surfers onto a rogue network where their information can be captured and easily manipulated

Also read this :―Wi‐Fi Protected Setup

 ✓ Using an overly‐trusting colleague’s user ID and password  to gain access to sensitive  information  that  would  otherwise  be highly improbable to obtain

  ✓ Unplugging  the power cord or Ethernet connection to a networked security camera that monitors access to the computer room or other sensitive areas and subsequently gaining unmonitored network access

 ✓ Performing SQL injection or password cracking against  a  website  via  a neighbor’s unprotected wireless network in order to hide the malicious user’s own identity

 Malicious hackers operate in countless ways, and this list presents only a small number of the techniques hackers may use. IT and security professionals need to think and work this way in order to really  dig in and find security vulnerabilities that may not otherwise be uncovered.

Like us on Facebook : Grey Hat Hackers

NOTE: This is for educational purpose only we are not responsible for any type of inconvenience caused by reader. 

Comments

Popular posts from this blog

Social Engineering Toolkit (SET)

Social Engineering Toolkit  (SET) is an advanced,  multifunctional, and easy-to-use computer-assisted social engineering toolset, created by the founders of  TrustedSec (https://www.trustedsec.com/). It helps you prepare the most effective way to exploit client-side application vulnerabilities and makes a fascinating attempt to capture the target's confidential information (for example, e-mail passwords). Some of the most efficient and useful attack methods employed by SET include targeted phishing e-mails with a malicious file attachment, Java applet attacks, browser-based exploitation, gathering website credentials, creating infectious portable media (USB/ DVD/CD), mass-mailer attacks, and other similar multiattack web vectors. This combination of attack methods provides you with a powerful platform to utilize and select the most persuasive technique that could perform an advanced attack against the human element.

 To start SET, navigate to  Applications  |  Kali Linux  |  Expl…

Cracking Wifi Using :Fern(GUI)

Fern(GUI)

As a part of Kali linux , fern can be directly used from kali linux , i would be recommending the use of kali because while using other linux environments it could be a trouble because while using fern it automatically detects the path of aircrack-ng and python installed , while in other environments it is needed to set it manually...so follow the following steps :-->

1.) Download kali linux iso and make a bootable pendrive .....if you dont know how to make bootable pendrive  then follow the steps given in blog of trinity rescue kit

Kali linux iso (amd64) recommended -->here
Link to trinity rescue kit blog --> here


 2.)Open Kali linux Goto Applications-->Wireless Attack--> Fern

3.)Select Interface card wlan0

4.)Double click any where in GUI

5.)Select enable x-terms ...so that you can view that happening ...while through a automated program...

6.)Click on select network

7.)Choose the type of network that is WEP/WPA

8.)I would recommend to add dictonary file ..…

Deep Web - Part 1

What is deep web ?

Deep web Aka Invisible web Aka Hidden web are parts of the world wide web whose contents are not indexed by standard search engines.
LEVELS OF WORLD WIDE WEB :
SURFACE WEBBERGIE WEBDEEP WEBCHARTER WEBMARIANAS WEB SURFACE WEB :
The surface web also known as Visible web , Clearnet , Indexed web or Lightnet is that portion of the world wide web that is readily available to the general public and searchable with standard web search engines. Level of web where vast majority of internet users are connected to and which is accessible in any nation that does not block internet access.E.g: Social media sites like Facebook, informational websites like Wikipedia, general websites, etc

BERGIE WEB :

It is the part of world wide web that is not indexed by search-engines,which is directly accessible and no proxy required. E.g: Google locked results, recently web crawled old content, pirated media, pornography etc
DEEP WEB:
Deep web Aka Invisible web Aka Hidden web are parts of the wo…