Remesh R

An essential guide to becoming an ethical hacker

I receive lots of mails asking for guidance on how to become an ethical hacker. Most requests are on how to become a black hat hacker which are usually ignored. Let’s take a look at the definition of an ethical hacker. Read More :  https://www.linkedin.com/pulse/how-become-ethical-hacker-ramesh-r

Remesh Ramachandran

During the past one year, the cyber security firm Rapid7 has been collecting data from Heisenberg — its public-facing network of low-interaction honeypots. The honeypots were made to look like the real-life office, PoS, and kiosk payment systems with their RDP port open.

Under this project, Rapid7’s servers collected 221,203 login attempts that were spread across 119 countries and came from 5,076 IP addresses. During these attempts, hackers tried to break the system using 1,809 different usernames and 3,969 passwords.

The test also measured the complexity of the passwords. The findings showed that the majority of passwords attempted were very simple, indicating the widespread use of convenient passwords and ignorance of security risks.

Easy-to-use passwords are easy-to-hack!

Surprisingly, the most tried password was “x” (11,865 times), followed closely by “Zz” (10,591 times) and “[email protected]” (8,014 times). Here’s the top to most attempted passwords by hackers:

1. x
2. Zz
3. [email protected]
4. 1
5. [email protected]
6. bl4ck4ndwhite
7. admin
8. alex
9. …….
10. administrator

At the end of 2015, password management company SpashData released its annual report of the Worst Passwords of 2015 and “12345” and “password” remained at the top. The report stated that regular humans are terrible at selecting passwords. Keeping such trends in mind, hackers are inclined towards making simple guesses.

If we look at the username attempts that were made, a similar trend was observed. The top most tried out usernames were “administrator” (77, 125 times), “Administrator” (53,427 times), and “user1” (8,575 times). Here’s the complete top 10 list of most attempted usernames by hackers:

1. administrator
2. Administrator
3. user1
4. admin
5. alex
6. pos
7. demo
8. db2admin
9. Admin
10. sql

Most password login attacks came from China!

It should be noted that most of the login attempts came from China (88,227 attempts), followed by the US, (54,977) and South Korea (13,182). The other countries in the top 10 are Netherlands, Vietnam, the UK, Taiwan, France, Germany, and Canada.

As promised at the Black Hat and Def Con security and hacking conferences, Offensive Security – the creators of Swiss army knife for researchers, penetration testers, and hackers – has finally released the much awaited Kali Linux 2016.2.

Kali Linux is an open-source Debian-based Linux distribution designed to help ethical hackers and security professionals with a wide range of tools for penetration testing, forensics, hacking and reverse engineering together into a single package.

Earlier the Kali Linux distribution was known as BackTrack.

You can download the latest Kali Linux 2016.2 ISOs from its official website now. The Kali Linux team has also promised to bring a lot of exciting announcements in the next few weeks, so keep an eye on its announcements for the latest updates.