|Hacking Career Jumpstart preview.pdf|
This time we wanted to create something that will give an initial boost for those who are just starting their hacking careers, and that’s why we prepared an issue full of tutorials and case studies – everything on beginner and intermediate level. Let’s dive into it!
We start off with Hacking Techniques for Beginners – a lengthy and very helpful article covering techniques every hacker must know! Then we drift off to Nmap with A Detailed and Friendly Introduction to Network Scanning with Nmap – the title speaks for itself!
If you’re in need of a reliable source of information about Metasploit, we present to you two articles that will get you covered: Manual Pentesting? Automate it with Metasploit Framework! and Explo!t: A View on MS17-10 and its Application.
To help you expand your hacking skills even more, we prepared great introductions to OSINT – Basic OSINT with SpiderFoot – and password cracking – John the Ripper and Hashcat: A Brief Introduction to Password Cracking.
Later on you’ll learn how to Bypass Kaspersky Endpoint Security for Windows with TrevorC2 + Pyfuscation, and then we’ll switch to Reverse Image Search 101, which will help you understand what is reverse image searching and how to use it.
Last but not least, our authors will help you test your security solution, explain what are insider threats, and present the OWASP top 10 mobile vulnerabilities.
We hope this issue will help you jumpstart your hacking career, as we believe everybody needs a helpful hand and a reliable source of information. We would also like to send gratitude to our contributors, reviewers and proofreaders, who helped us create this unique issue!
Stay safe and enjoy!
Hakin9 Editorial Team
TABLE OF CONTENTS
Hacking Techniques for Beginners: How to get the Control of a System
Verónica Berenguer Garrido
When we hear the word “hacker” we usually imagine a person that wears a black hooded sweatshirt doing illegal activities in a sinister terminal. However, this is not always the case because there is a big difference between cybercriminal and hacker. A hacker is a role that has knowledge of hacking techniques. Now, we can differentiate between ethical hackers and cybercriminals. Both have the same hacking knowledge, however, the first uses them to find vulnerabilities and report them to improve systems and applications, while the second pretends to obtain some benefit, such as economic compensation, extortion, etc. In this article, we are going to learn basic hacking processes and techniques to be an ethical hacker, from port scanning to privilege escalation. Finally, we will see with a real example how we can hack a remote machine applying these techniques.
A Detailed and Friendly Introduction to Network Scanning with Nmap
Christian Barral López
As a cybersecurity professional, knowing the available set of tools that are at our disposal to complete our tasks and goals is important, but it is even more important to know and understand how those tools work behind the scenes: What happens when a specific argument is written? Should we be able to complete our task faster if we change this value? What may happen to the target machine or network we are targeting if we run this command? Those are some of the challenges that cybersecurity professionals must face when learning these tools, especially one of the most powerful and indispensable network scanners nowadays, which is Nmap (nmap.org, Github: Nmap – the Network Mapper, 2021).
Manual Pentesting? Automate it with Metasploit Framework!
Metasploit is a heavyweight in the field of hacking and is an almost worry-free package. Metasploit’s main focus is the exploit phase of hacking, but it also provides useful tools in information gathering and can centralize it in one place. Metasploit is an open-source project and is currently developed and published by Rapid7. There is a free version of the “Metasploit Framework” as a console tool and an additional paid version with some features such as a browser-based GUI and further automation. I believe the free version is suitable for everyone who wants to learn with Metasploit. This article refers exclusively to the free version of Metasploit.
Explo!t: A View on MS17-10 and its Application
Have you ever imagined being able to invade and gain remote control of a computer? In this article, I will talk about a widely known and used tool that makes this completely possible. And the best part, I will teach you how to do it. In 2003, we had the first version of Metasploit, a portable networking tool created in Perl by H. D. Moore. A few years later (2007) they rebuilt the tool in Ruby language, and only in 2009 did the security company Rapid7 buy Metasploit. In this article, we will talk only about its subproject, known as Metasploit Framework, a tool that uses several exploits – programs developed to exploit vulnerabilities in software – that, after finding what they are looking for, execute malicious code known as payloads, to succeed in an invasion. And when this invasion is successful, the exploits return a Telnet or SSH session so that you can remotely control the target computer.
Basic OSINT with SpiderFoot
Daniel W. Dieterle
SpiderFoot is an Open-Source Intelligence (OSINT) and recon tool that is fast and easy to use. It can collect OSINT on multiple targets including domains & IP addresses, people’s names, usernames, e-mails and telephone numbers. It not only can scan a website directly but it also checks the Dark Web and numerous external reconnaissance and data intelligence services for information. It is a great tool for pentesters & Red Teams, Threat Intelligence, Asset Discovery and Attack Surface Monitoring. In this article, we will cover using the SpiderFoot version that comes with Kali Linux.
John the Ripper and Hashcat: A Brief Introduction to Password Cracking
Rafael J. Lara L.
In this article, you’ll see a beginner introduction of John the Ripper (JTR) and Hashcat, two of the most common password cracking tools in the Penetration Testing (PT) process and Capture The Flag (CTF) challenges. However, in my experience, a well-founded understanding of some concepts about password cracking are more important than understanding how to use a specific tool. Thus, here I’ll cover some aspects about password cracking and cryptography in general and it’ll be a big part of this article, followed by a brief introduction about using JTR and hashcat in Windows (it’s my main OS). I hope you enjoy this article and find it usable for your daily work and for fun. Let´s get our hands dirty!
Bypass Kaspersky Endpoint Security for Windows with TrevorC2 + Pyfuscation
Joas Antonio dos Santos
As a personal experience, I had many occasions when I had to learn a new tool, a new programming language, a new technique and overcome some challenges in order to obtain a satisfactory result in the end. And some of the times, curiosity took me to higher levels, and one of those occasions was a bypass that I performed in Kaspersky Endpoint Security for Windows, using tools that I usually use in my daily life. Curiosity led me to test whether or not the Endpoint of the company that I was servicing would detect it. In this case, I used a controlled environment, but it brought good results and opened up possibilities for countless ideas. Using two tools, Trevorc2 and Pyfuscation, we are able to bypass Kaspersky.
Reverse Image Search 101
All of us are familiar with searching images on the web using our favorite search engines but we usually search with keywords and we get results in context to our keywords. Some search engines have another trick up their sleeves known as reverse image searching – that is, searching with an image itself instead of keywords. Reverse image searching is based on Content Based Image Retrieval (CIBR) technique that analyses the actual content of the image, such as colors, shapes, and textures, instead of metadata or keywords. Many algorithms have been developed over the years to improve this technique, some are public and some are closed source, but I will not cover that part as it’s out of the scope of this article. This article will teach you how to perform reverse image searching and which tools are the most effective in certain situations.
Test Your Security Solution (article available in free preview!)
The purpose of this document is to execute several efficiency and detection tests in our endpoint solution, provided by Cybereason. This document brings the result of the defensive security analysis with an offensive mindset performed in the execution of some techniques as a DLL Injection, Shell Injection using a payload created by msfvenom from the Metasploit platform in our test environment.
Insider Threats – Employees/Consultants
As information technology teams and businesses grow rapidly, their dependence on critical systems, applications and human capital continues to put a strain on effective project planning, rollout of new initiatives and the organization’s future directional road map and technology/process adoption. Now more than ever, project teams are rarely composed of tried and tested, locally sourced, English speaking “neighbor next door” type staffers. Modern teams are most often composed of a small core team (possibly) situated in a native (founder/HQ) location, with additional team members distributed across other satellite offices or other states or globally connected across multiple geographical nations and time zones. Even the necessity for the natively located team and its office has been upended by the pandemic due to the need to keep staffers at a safe working distance remotely. This article presents types of insider threaths and ways to prevent them.
OWASP MOBILE TOP 10
Dr Akashdeep Bhardwaj, Arohi Magal
OWASP stands for Open Web Application Security Project, which is a non-profit organisation. Although it was started with the aim to secure web applications, now they have emerged in other security domains as well, for example, mobile security, IOT security, etc. It ranks the vulnerabilities based on the frequency of detection of a particular vulnerability rather than the criticality of the vulnerability. Hence, the top 10 list requires a lot of data analytics, extensive services and a considerable amount of funding, so there is no defined period after which they release the updated or reviewed top 10 list. It doesn’t only provide the list of top 10 vulnerabilities but also provides the solution documentation, methodologies, technologies, tools and articles. In this article, we are going to discuss the latest list, which was released in 2016.