The Magical Code Injection Rainbow (MCIR) in Metasploitable2 Tutorial

Magical Code Injection Rainbow (MCIR) feature

The Magical Code Injection Rainbow (MCIR) a Web-based training projects Dan Crowley, a data security aficionado and independent resheacher with Trustwave, has composed and brought forth five exceptionally amazing training suites. His Web-based training projects are easy to explore and come with different testing levels. His most recent creation is a pound up of his web … Read more The Magical Code Injection Rainbow (MCIR) in Metasploitable2 Tutorial

World’s first Power outage using Malware

Die Hard 4.0 seems real enough now as we have the world’s first power outage accomplished by a malware. The culprits are…..you guessed it, the blackhats. Now hackers have used a highly elegant and destructive malware to successfully infect at least three regional Ukrainian power authorities. So, their pre-Christmas 23rd December was pretty much a …lights out. The … Read more World’s first Power outage using Malware

Search engine for hackers, and it lists every device on the net

Meet Censys, a Shodan like search engine for hackers.

censys

Last month the security consultants at the SEC realized that the work-shy manufacturers of IoT(Internet Of Things) using the same old set of hardcoded cryptographic keys leaving over 3 million of IoT devices vulnerable to mass hijacking. But how did they found out the exact number??

Easy! Censys told them. A search engine that ransacks the net for vulnerable devices.

It knows everything and sees everything

Censys is designed for one purpose, to scan for the poor bastards who got logged on to the net without much thought about unauthorized access to them. Clarification, the poor bastards are the devices. In this aspect Censys is a lot like shodan .

However, the methodology used by Censys is much more complex. All this to make internet a safer place.

Released for free in October by the researchers at the University of Michigan, is powered by google, world’s biggest search engine.

As a part of an open source project, census was created to keep track of every data on the internet. And then create a database out of it. the goal of this is to help companies to unearth their vulnerabilities on the net.

Modus Operandi of Censys.

This search engine for hackers does daily scans of Ipv4 address space. By this it collects the information of hosts and websites. Two tools are plied for this purpose

  1. Zmap : Open Source network Scanner
  2. ZGrab: Application layer scanner

Then databases are maintained after the collection of data(DUH!). This gives the information about how websites are configured.

Zmap’s job is to scan over 4 billion IP addresses every day. What’s more is this helps determining to whether fix the machines right away or not. Whether the prowling eyes of hackers is upon the device already?

Flaws caused by IT administrator can’t hide either.

  So what do ya thing about this? Should this exist? And if it has to, how vulnerable are you?

Post your comments and enlighten our asses.

 

 

Optic hacking or hacking through eyes

NO !NO! Its not some cool ass Adam Jensen microchip eye, but a rather creepy hacking way that you may go through all day in the cyber cafe…and that rhymes! What is Visual hacking? Visual Hacking or i would like to say quaintly Optic Hacking is one of the major security threat on a system. Its like … Read more Optic hacking or hacking through eyes

Top 10 insecure programming languages

New research shows that scripting languages cause web vulnerabilities To this news, I was like.WHHHHHHHAAAAAAAAAAttt?? But it is true. A new research showed that scripting languages, in general, spawn security vulnerabilities regarding web applications. Now this got many on the web their panties got all twisted. As millions are websites are now under potential security … Read more Top 10 insecure programming languages

Top 3 antivirus for Top 3 Windows OS

In this awesome age of gaming and OS, you gotta be protected. So these are the TOP 3 antivirus for the TOP 3 Windows OS. Let’s start with the oldest but still the best(for me atleast). Windows 7 Now we all know that HOW ABSURDLY pathetic the microsoft antivirus solution is. Always bringing out false positives and … Read more Top 3 antivirus for Top 3 Windows OS

Manual SQL Injection By The Help of Firebug

sql-injection part 1

Mutillidae: Manual SQL Injection By The Help of Firebug Web Penetration Testing: Part 3 What is SQL Injection? SQL Injection is a technique used to data by Web page or data driven applications. This is done by using SQL statement or SQL command in an entry field of the website. It is a vulnerability inside … Read more Manual SQL Injection By The Help of Firebug

Downloading and intallation of NESSUS

Downloading and installing nessus on kali linux

Downloading Nessus Download Nessus 5.0 or higher from http://www.tenable.com/products/nessus/select-your-operating-system. Select 32bit or 64 bit Debian packages as per you Operating System. Read agreement of terms & condition and if acceptable agree to the statement by hit on Agree button. Remember the location where the Nessus’s .deb file is downloaded to as it will be needed … Read more Downloading and intallation of NESSUS