Archive for the ‘ethical hacking’ Category

Hacking Basics

Posted: January 28, 2015 by scratbagroberts in book reviews, books, computer programming, computer security, computers, computing, ethical hacking, hacking, malware, technology, textbooks
Tags: , , , , , , , , , ,
0

The book I read to research this post was The Hacker’s Underground Handbook which is a very good book that I read at kindle unlimited. This is a kind of general guide to hacking and I think is mainly aimed at people like pen testers or white hat crackers. It does detail how to get started in the field of hacking. You should aspire to become an elite hacker with programming knowledge and maybe even write your own hacking tools. The first programming language you should learn and it is one of the easier ones is HTML. Then you should move on to learning C which is what most tools are written in. You should aim to master the latest version of Windows and he recommends Ubuntu Linux as a good entry level version of Linux. It is user friendly and the vast majority of linux programs work quite happily with it. Often you will run Linux from a live cd which is what we call it when it isn’t installed on the hard drive and computer runs it directly from a cd in a virtual environment. Note you may have to change the boot order in your set up program to make this work. Many hacking programs are Linux only. You should also choose a program from each potential use you will have in hacking and focus on mastering it. You might use Wireshark for checking security on your wireless network. John the Ripper for testing the security of passwords etc. I did quite enjoy this book and do recommend it.

 

Hacking

Posted: January 23, 2015 by scratbagroberts in book reviews, books, business, computer networks, computers, computing, ethical hacking, hacking, malware, technology, textbooks, Uncategorized
Tags: , , , , , , , , , ,
0

The book I read to research this post was The Hackers Playbook by Peter Kim which is a very good book that I bought from kindle. Peter isn’t a professional hacker but is very interested in the subject and has written this book about what tools he finds useful. There is a long list in the book of an example pen test and the tools you would use to carry out. In general carrying out a pen test is quite a fruitless task taking many hours and often achieving little in terms of actually succeeding in hacking the network you are testing. Normally if pen testers have hacked the network they feel they have failed in their job. Normally a computer used for hacking will be a dual boot with the latest version of Windows and he suggests Kali Linux which is optimized for cracking. You can automate a SQL injection attack with SQLMap. It gives a report on vulnerabilities as well as general information on things like what database and operating system are running. Cain and Abel is probably best for hacking passwords. He suggests taking tools that are useful and recreate them in another scripting language because that is the best way to learn how they work. One trick hackers use in installing malware on a computer is to give it an illegal filename that Windows doesn’t accept is appropriate. This can be starting with a number for example and the malware is still there but not displayed. Ettercap is a good linux program for finding passwords. Many hackers work in powershell for sending various commands because it works in the memory so if the computer is shut down there is no trace. I did enjoy reading this book and would definitely recommend it.

Ethical Hacking

Posted: June 14, 2014 by scratbagroberts in book reviews, books, business, computer networks, computer security, ethical hacking, internet, pen testing, textbooks, virus
Tags: , , , , , , , , ,
0

The book I read to research this post was Ethical Hacking Secrets Guide by Govind Parihar which is a very good book which I bought from kindle. This book is a kind of manual to an educational course in ethical hacking that takes you through it step by step. It’s ideal for people new to the subject and is fairly easy to follow. Govind teaches a course in this subject. There is good advice for people trying to secure their computers against attack like using specialist dictionaries like star wars ones to come up with secure but memorable passwords. The book is primarily for pen testers who are paid to try and hack a computer network and tests its secureness. It tells you all about your options regarding tools. One of the best is lophtcrack which looks for clues to try and enable you to crack the password. It tells you all about the legal aspects and how someone can’t be prosecuted for a hacking crime unless they can prove that person knew he was trespassing on a network he wasn’t supposed to. Some hackers say they are doing it for educational means but it causes a lot of trouble for the system administrator who can only assume the hacker is malevolent. The book is a decent length but the writing on each page tends to be quite brief. I did really enjoy reading this book which helps make a difficult subject readable. Some hackers cause damage by using low level languages like python and C to create huge files to flood a network called a denial of service attack. Higher level languages check file sizes. Most viruses are written in java and many computers use a java sandbox which limits the virus to a small area on a computer where it can’t do any damage. Some viruses use active x controls which can’t be limited in this way. This idea of limiting what something can do on a computer is often referred to as virtualization. This is becoming very big especially in business computing.

 

Hacking

Posted: April 3, 2014 by scratbagroberts in book reviews, books, business, computer networks, computers, computing, ethical hacking, hacking, law, textbooks
Tags: , , , , , , , , ,
0

The book I read to research this post was Hacking For Dummies 4th edition which is a very good book which I read at http://safaribooksonline.com. This book is primarily about ethical hacking which is checking computers and computer networks for vulnerabilities. Any computer won’t be totally invulnerable to hacking but the trick is to make it so difficult and time consuming it’s not worth it. With most computer networks hackers don’t bother hacking the password with a password cracker program instead they resort to dumpster diving or social engineering. Dumpster is diving in the potential victim’s trash to see what you can find. It’s amazing what people don’t shred. Social engineering normally takes the form of someone phoning the company helpdesk and pretending they are an employee who has lost his password or pretend they are the computer repair men, there to repair one of the servers. In many companies the helpdesk is situated a distance from the entrance enabling anyone to walk in at busy times unnoticed. A hacker will often use a packet sniffer like wireshark to look at the traffic going to and from your server prior to the attack. Wireshark is free but not as easy to use as some commercial programs. For the actual cracking the password a program like Cain And Able or John The Ripper are the 2 best known. An important point is employees should have the screensaver enabled to come on when the system is not being used and should require the password for the user to log back in. Interestingly 80% of security breaches come from employees and former employees. One nightmare for many companies is the number of digital cameras and smartphones brought onto company premises each capable of photographing anything on a computer screen. Most companies don’t take this problem as seriously as they should. In the back of this book it lists loads of resources in connection with hacking even a phishing toolkit which I assume has dark motives. I really enjoyed this book and I think it’s obvious it is an interesting subject. One final point is you might moan about the cost of securing your computer or network but if it gets breached the cost is likely to be much higher. That’s especially true if you are a company or organization.