Ramesh

How to Become an Ethical Hacker

An essential guide to becoming an ethical hacker

I receive lots of mails asking for guidance on how to become an ethical hacker. Most requests are on how to become a black hat hacker which are usually ignored. Let’s take a look at the definition of an ethical hacker. Read More :  https://www.linkedin.com/pulse/how-become-ethical-hacker-ramesh-r

Kali Linux 2016.2 — Download Latest Release

As promised at the Black Hat and Def Con security and hacking conferences, Offensive Security – the creators of Swiss army knife for researchers, penetration testers, and hackers – has finally released the much awaited Kali Linux 2016.2.

Kali Linux is an open-source Debian-based Linux distribution designed to help ethical hackers and security professionals with a wide range of tools for penetration testing, forensics, hacking and reverse engineering together into a single package.

Earlier the Kali Linux distribution was known as BackTrack.

You can download the latest Kali Linux 2016.2 ISOs from its official website now. The Kali Linux team has also promised to bring a lot of exciting announcements in the next few weeks, so keep an eye on its announcements for the latest updates.

Top Usernames And Passwords Used By Hackers To Attack Your Servers

During the past one year, the cyber security firm Rapid7 has been collecting data from Heisenberg — its public-facing network of low-interaction honeypots. The honeypots were made to look like the real-life office, PoS, and kiosk payment systems with their RDP port open.

Under this project, Rapid7’s servers collected 221,203 login attempts that were spread across 119 countries and came from 5,076 IP addresses. During these attempts, hackers tried to break the system using 1,809 different usernames and 3,969 passwords.

The test also measured the complexity of the passwords. The findings showed that the majority of passwords attempted were very simple, indicating the widespread use of convenient passwords and ignorance of security risks.

Easy-to-use passwords are easy-to-hack!

Surprisingly, the most tried password was “x” (11,865 times), followed closely by “Zz” (10,591 times) and “[email protected]” (8,014 times). Here’s the top to most attempted passwords by hackers:

  1. x
  2. Zz
  3. [email protected]
  4. 1
  5. [email protected]
  6. bl4ck4ndwhite
  7. admin
  8. alex
  9. …….
  10. administrator

At the end of 2015, password management company SpashData released its annual report of the Worst Passwords of 2015 and “12345” and “password” remained at the top. The report stated that regular humans are terrible at selecting passwords. Keeping such trends in mind, hackers are inclined towards making simple guesses.

If we look at the username attempts that were made, a similar trend was observed. The top most tried out usernames were “administrator” (77, 125 times), “Administrator” (53,427 times), and “user1” (8,575 times). Here’s the complete top 10 list of most attempted usernames by hackers:

  1. administrator
  2. Administrator
  3. user1
  4. admin
  5. alex
  6. pos
  7. demo
  8. db2admin
  9. Admin
  10. sql

Most password login attacks came from China!

It should be noted that most of the login attempts came from China (88,227 attempts), followed by the US, (54,977) and South Korea (13,182). The other countries in the top 10 are Netherlands, Vietnam, the UK, Taiwan, France, Germany, and Canada.

Best Operating Systems For Ethical Hacking And Penetration Testing

Kali Linux:

kali_linux

Developed by Offensive Security as the rewrite of BackTrack, Kali Linux distro tops our list of the best operating systems for hacking purposes. This Debian-based OS comes with 600+ preinstalled pen testing tools that make your security toolbox richer. These versatile tools are updated regularly and are available for different platforms like ARM and VMware. For a forensic job, this top hacking operating system comes with a live boot capability that provides a perfect environment for vulnerability detection.

Download Kali Linux

Parrot Security OS:

parrot

Debian-based Parrot Security OS is developed by Frozenbox’s team. This cloud-friendly operating system is designed for ethical hacking, pen testing, computer forensics, ethical hacking, cryptography etc. Compared to others, Parrot Security OS promises a lightweight OS that is highly efficient. Along with its plethora of legally recognized tools, you also get the opportunity to work and surf anonymously.

For those who don’t know, Parrot Security OS is a mixture of Frozenbox OS and Kali Linux. The OS uses Kali repos for updating its tools, but it has its own dedicated repo for storing the custom packets. It comes with MATE desktop environment and the powerful interface is derived from famous Gnome 2. This highly customizable hacking oeprating system also comes with a strong community support.

Download Parrot Security OS

BackBox:

backbox

BackBox Linux is an Ubuntu-based operating system with its focus on security assessment and penetration testing. BackBox Linux comes with a wide range of security analysis tools that help you in web application analysis, network analysis etc. This fast and easy to use hackers’ favorite Linux distro comes with a complete desktop environment. The software repos of the hacking tools in this hacking operating system are regularly updated with the most stable versions.

Download BackBox Linux

BlackArch Linux:

blackarch_linux

BlackArch Linux is available as a complete Linux distribution for security researchers and ethical hackers. It’s derived from Arch Linux and one can also install the BlackArch Linux components on top of it.

The constantly growing repo of this useful operating system for hacking purposes is stuffed with more than 1400 tools that are thoroughly tested before being added to the codebase.

Download BlackArch Linux

10 Private Search Engines That Do Not Track You

Private browsing using the private or incognito modes provided in your browser, does not give you the level of privacy you think it does. If you really don’t want to be tracked and also don’t want anyone tracking your searches, try these search engines

1.DuckDuckGo

DuckDuckGo is a very secure search engine that never tracks your searches while providing you really good search experience. The main purpose of building this search engine is for people who likes to remain private while searching, and delivers instant results without tailored ads on the search pages. DuckDuckGo gets around 10M+ searches a day.

2.WolframAlpha

This is a great computable search engine which provides very accurate answers and offers open knowledge. WolframAlpha’s main purpose is to serve knowledge and nonetheless it does not track what you search for.
WolframAlpha performs dynamic calculations using built-in algorithms and delivers an expert knowledge about calculations, people, money & finance, health & medicines, music & movies and much more.

3.Startpage

Startpage is a powerful search engine which provides accurate results while protecting your searches and avoiding tracking your steps. Startpage offers browsing through a proxy server and helps protecting you from websites that track your IP address or location. You can add Startpage to your browser, on Firefox or Chrome , and even change its color theme.

4.Privatelee

There is nothing much to talk about Privatelee but it enables strict filters and secure searches if you need it. Privatelee doesn’t keeps your search keywords to be used for surveillance or adds. It offers ‘PowerSearch‘ commands that lets you configure search source and more. It is also famous by name Qrobe.it.

5.Yippy

Yippy allows you to manually filter the results according to categories and flag any inappropriate result. Unlike some engines, it allows searching of many types of content including images, web, news, blogs, jobs, government data, etc.
Yippy lets you view cached pages (like Google) and filter results by tags like sources, clouds, websites. Yippy does not track your search queries and doesn’t show customized ads.

6.Hulbee

This is a private search that delivers instant searches while not tracking your location history or search. Hulbee provides very intelligent information yet never analyses or stores its visitor’s details.
All your searches are encrypted for security against man in the middle attacks and data leaks. There is an option to choose a region for most relevant search results and then lets you ‘clear your activity‘ to avoid any trace of information.

7.Gibiru

Gibiru is a fully uncensored yet encrypted search engine that prevents data leaks to third parties. It works faster than most other private search engines because it uses the ‘Google Custom Search‘ to provide its service but removes all tracking methods followed by Google.

8.Disconnect Search

Just like Gibiru, Disconnect Search uses search assistance from major search engines like Google, Yahoo and Bing but it does not track your online activities or searches or IP address. It lets you search by location so that you get accurate and relevant search results based on the information you provided.

9.Lukol

Lukol uses a proxy server to give you customized search results from Google using its own enhanced custom search. It conserves your privacy by removing traceable entities. It is considered as one of the best private search engines that protects from online information and keeps the spammers away from you by safeguarding you from inappropriate and misleading sites. It ensures full anonymity for your searches.

10.MetaGer

MetaGer lets you make confidential untraceable searches that leave no footprints. It also integrates a proxy server so that you can open any link anonymously from the search result pages and yet keep your IP address hidden from the destination server. It also never tracks your keywords.
This prohibits third parties or advertisers to target you for ads or any of malicious attacks. Its default language is in German.

Real-Time Cyber-Attack Map Shows Scope of Global Cyber War

Norse is an Internet security company that helps companies prevent and deflect malicious attacks. And to give you a better idea of how many attacks it could help prevent, it has created its Norse Attack Map.

The image above — which looks like Missile Command on steroids — shows just a snippet of hacking attempts around the world, the countries from which they originate, and the countries that they are attacking.

In reality, the attackers are hitting what Norse calls honey pots — special traps designed to detect unwanted network intrusions by hackers. It’s important to note that the location an attack comes from isn’t necessarily its true origin, as hackers can make an attack look like it’s coming from one place when it’s really coming from another.

Secure your Gmail Account with Yubikey

When it comes to password alternatives, the USB dongle YubiKey Neo is a popular option for providing two-factor authentication; it has been certified as providing the “highest level of security.” The device has been lauded by third parties “for its tight security and ease of use.”google

People who use Gmail and other Google services now have an extra layer of security available when logging into Google accounts. The company today incorporated into these services the open Universal 2nd Factor (U2F) standard, a physical USB-based second factor sign-in component that only works after verifying the login site is truly a Google site.

2-Step Verification offers a strong extra layer of protection for Google Accounts. Once enabled, you’re asked for a verification code from your phone in addition to your password, to prove that it’s really you signing in from an unfamiliar device. Hackers usually work from afar, so this second factor makes it much harder for a hacker who has your password to access your account, since they don’t have your phone.

Security Key works with Google Accounts at no charge, but you’ll need to buy a compatible USB device directly from a U2F participating vendor. If you think Security Key may be right for you, Read more from Google