NetHunter Article Featured in Hakin9 Magazine

The latest Hakin9 Magazine is out! This issue is all about Android security and features my article on using Kali NetHunter and Responder together for getting quick user credentials.

Front Cover

In my article I explain how you could recover network credentials from a Windows network using the Android based Kali NetHunter and Responder (an LLMNR, NBT-NS & MDNS poisoner). I also show how you can “pass the hash” with credentials obtained and gain remote shell access to an unsecured or improperly secured Windows Server.

Other Articles in this Issue Include:

Mobile Penetration Testing Tutorial

by Olivia Orr

The objective of this tutorial is to learn the most common vulnerabilities in mobile applications using an app intentionally designed to be insecure. This tutorial will be based on the Windows platform, but you can use other systems if you wish.


Quick Android Review Kit (QARK) – A comrade for Android security analysis

by Vinayak Joshi and Venkatesh Sivakumar (Pranav Venkat)

QARK stands for Quick Android Review Kit. A quirky companion to get the hidden potential vulnerabilities of any Android applications. It is an open community tool designed to assist mobile application security pentesters to leverage its capabilities to reverse engineer mobile applications and conduct static analysis on the hidden vulnerabilities that can potentially create critical breaches. This article will explain how to use it.


Peeping Inside Android Applications: Reverse Engineering with Androguard

by Ajit Kumar

Reverse engineering is one of the ways to find out what’s inside of any Android applications; it also helps developers to learn, test and debug their and applications as well as applications written by others. Reverse engineering is a complex and cumbersome task, so tools like Androguard make this task automated and hence ease the job of reverse engineers. This tutorial provides a brief introduction of Androguard, explains various tools available inside Androguard and provides some examples of basic reverse engineering with Androguard.

And much more, check it out!

Advertisements

The May issue of Hakin9 Magazine is out!

hakin9 May 2014The may issue of Hakin9 Magazine is out!

This month’s magazine includes my article, “Detecting and Exploiting the OpenSSL-Heartbleed Vulnerability”:

“In this article we will discuss how to detect systems that are vulnerable to the OpenSSL-Heartbleed vulnerability and learn how to exploit them using Metasploit on Kali Linux.”

It is a step-by-step tutorial that shows how to detect systems that are vulnerable to the Heartbleed exploit in your organization and also shows how to exploit the bug.

Check out the intro to the article here.

Also in this issue:

What is Reverse Engineering

by Aman Singh

Reverse engineering as this article will discuss it is simply the act of figuring out what software that you have no source code for does in a particular feature or function to the degree that you can either modify this code, or reproduce it in another independent work.

Write Your Own Debugger

by Amr Thabet

Do you want to write your own debugger? Do you have a new technology and see the already known products like OllyDbg or IDA Pro don’t have this technology? … Do you write plugins in OllyDbg and IDA Pro but you need to convert it into a separate application? …

The Logic Breaks Logic

by Raheel Ahmad

People – Process – Technology, your Internet industry is based on these three words as a base of everything including the software market. Think for a second and you will realize that the Software industry is actually driven from the keyboard of a programmer and in reality it’s the logic design by the programmer.

Playing with the Ports Redirection 49

by Davide Peruzzi

Whether you are performing a penetration test or that your goal is to debug an error in your complicated corporate network or, why not, to bypass control of a very restrictive firewall that does not allows to display web pages categorized as “hacking”, the port redirection is a technique as basic as it is powerful.

And much more, check it out!

Hakin9 Exploiting Software September Issue is out!

Another excellent issue of Hakin9 Exploiting Software is here!

Check out these exciting articles:

Windows 8 Security in Action
By Daniel Dieterle

In this issue I wrote the article “Windows 8 Security in Action” which gives a short look at the new Windows 8 look for those who haven’t seen it yet and then delve into its updated security features and lingering security issues from previous versions of Windows:

Is Windows 8 the next operating system for your enterprise? In this article, we will take a quick look at Microsoft’s new OS – Windows 8. We will see some of the new security features that make it more secure than its predecessor Windows 7. We will also run the security through the paces and see some of the possible issues that are new to the OS and some that have carried over from previous versions of Windows. From the Backtrack 5 r3 security testing platform, the author uses the Metasploit Framework and Social Engineering Toolkit to see how Windows 8 stands up to the most common internet based threats.

Raspberry Pi Hacking
By Jeremiah Brott

Follow this guide at your own risk. I take no responsibility for any outcome from anything you attempt to do within this guide – says the author. The Raspberry Pi is a credit-card sized computer that plugs into your TV and a keyboard. It’s a capable little PC which can be used for many of the things that your desktop PC does, like spreadsheets, word-processing and games. It also plays high-definition video. We want to see it being used by kids all over the world to learn programming. If you love your Pi you’ll definitely love to hack it.

Malware, Botnet and cyber threats, what is happening to the cyberspace?
By Pierluigi Paganini

The article proposes an analysis of the main cyber threats that worry security experts and that are profoundly changing the cyber space. The exponential growth of the number of cyber threats and attacks is rebutted by a wide range of statistical provided by reports published by the major security firms. The scenario is really scaring due concomitant action of cybercriminals, hacktivists and state sponsored hackers that are producing malware and botnets of increasing complexity.

Live Capture Procedures
By Craig Wright

Live data capture is an essential skill in required for both Incident Handlers as well as Forensic
practitioners and it is one that is becoming more, not less, important over time as we move towards networked and cloud based systems. This article has introduced a few tools that, although free, can be used together to create a powerful network forensics and incident response toolkit. Like all of these tools, the secret comes to practice.

  • SQL Injection By Wong Chon Kit
  • Network Pen Testing Breaking the Corporate Network through Hackers Perspective By Amar Wakharkar
  • Intel SMEP overview and bypass on Windows 8 By Artem Shikhin
  • Android Application Assessment By Nilesh Kumar

Check it out!

Hakin9 Exploiting Software SamuraiWTF Toolkit

A new issue of Hakin9 Exploiting Software is out!

Diving Through SamuraiWTF Toolkit – Massive article on setting up and using SamuraiWTF the Web Pentesting Ubuntu Distro platform.

Penetration Testing LAB Setup Guide – Exceptional article on setting up a kickin network test lab by Jeremiah Brott. I normally use physical machines or VMWare virtual machines, but in this article Jeremiah covers setting up an awesome lab using VirtualBox and PFSense. I now use this setup regularly – it works fantastic.

Web Filtering with Websense. To be or not to be filtered: that is the dilemma – Great article on Websense the web filtering program. Also a great article on why your company needs web filtering.

Malware, a cyber threat increasingly difficult to contain – I haven’t read this article yet, but read a lot of Pierluigi Paganini’s material. He is an exceptional writer and security expert.

Also in this issue:

  • Burp Suite Automating Attacks By Ric Messier
  • Memory Levels Gate Mitigation By Amr Thabet
  • Anti-Rootkits in the Era of Cyber Wars By Igor Korkin
  • Password Construction and Management By Gaurav Kumar
  • Picking Up Mushrooms in the Rain Forest – Social Engineering Information Gathering By Vlad Styran

Subscribe to Hakin9 Exploiting Software now!