Computer security, cybersecurity or information technology security is the protection of computer systems and networks from information disclosure, theft of or damage to their hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide.
| Keith Rayle| Cybersecurity You have been in the security industry for a couple of years and are looking for a way to propel your career to the next level. You saw the Associate C|CISO certification, and it sounded good. You went for it, and you obtained that certification. Excellent! One question remains: What are the…
The post I’m an Associate C|CISO – Now What? appeared first on Cybersecurity Exchange.
September 16, 2023 Hey everyone, here is my walkthrough of the VulnHub Machine ColddBox: Easy created by Martin Frias aka C0ldd. This walkthrough consists of… Continue reading on Medium » Article posted by: https://medium.com/@arunfrancis3/vulnhub-walkthrough-colddbox-easy-beginners-version-bd2febec73d3?source=rss——cehv12-5 ——————————————————————————————————————– Infocerts, 5B 306 Riverside Greens, Panvel, Raigad 410206 Maharashtra, India Contact us – https://www.infocerts.com
First off all we have to clear the truth that we simply can’t hack Facebook or Instagram. But when we search on Google there have a lots of free tools that giving us password of any Facebook user by just typing user’s email address. If you tried this kind of tools, then you are not on the general level of stupidity. Congratulations, you have achieved a higher level of stupidity. Come on, if this was so easy then Facebook needs to shut down their business.
When some sites or tool says it can hack Facebook passwords by just typing username or e-mail id you should understand that it is fake. They all have some common things which are following :
Then what does actually meaning of Facebook hacking. Many of us are mislead by the term of hacking. They think hacking means steal someone’s password and gaining unauthorized access but hacking is so much more.
When we try to learn hacking Facebook we need to understand some things how Facebook works means understand the functioning of the website, find about Facebook’s database management systems, scripts used, use of cookies, language use to build the website.
Then need to find out vulnerabilities in the the website in our case that is Facebook or Instagram.
Then need to code exploits to break through the obstacles and gain privileges into Facebook’s system, using suitable payloads. Then we need to check their database and the passwords will be encrypted in Facebook’s own way, we need to decrypt the passwords, then the last step is to set a backdoor for easy access next time, and we must need to clear our traces so that we don’t get caught.
Believe us, not everyone can do this, means we read some blogs and learned much things on hacking and Kali Linux, that is not enough for Facebook Hacking. So, the conclusion is that hacking Facebook is a real big deal, not everyone’s cup of tea. Even elite level hackers can’t do it. Nothing is impossible but hacking Facebook in above way is practically very close to impossible.
But wait, here we are talking like this, but that kid next door claims he can get Facebook password of anyone, and he is good, but not “code a exploit for Facebook” good, no not that kind good. This is where the social engineering steps in.
With time the level of security in technology fields are getting stronger. The encryption has reached to the unbeatable stage with 256 bit encryption, cracking a password will take practically forever (thousands of years). But it is very easy to make fool a human brain.
Humans are the weakest point in any security system.
Phishing is the most common method to terminate someone’s Facebook account. The most popular type of phishing is creating a fake login page, and send the link of page by e-mail or SMS or social media. The login page will look exactly like the Facebook login page.
 |
| Check the URL please. It’s not real Facebook |
If the victim logs in, the credentials (id and password) will be sent to attacker not in real Facebook. This process is a bit difficult because we need to host a website and create a login page. But some tools really made it kids play. We have some tutorials which makes phishing very easy. Tools like Modlishka can even bypass two factor authentication on a phishing attack. Check following :
How to be safe from Phishing?
Keyloggers works can be simply understand by it’s name. Yes it logs all the key strokes on the keyboard that user makes, without their knowledge. When user types their username and password keyloggers capture it.
 |
| Hardware Keylogger |
Keylogger are generally two types “software keylogger” and “hardware keylogger”.
How to be safe from Keyloggers ?
Then if it asks to reset the password by the email. This will not work for the attacker. The attacker need to choose “No longer have access to these ?“
Then depending on Facebook’s recent policy attacker might need to choose the pictures of friends uploaded or answer the security question or type email that isn’t linked any Facebook account.
In this method of Facebook hacking if attacker is a close friend of victim then it will be grate for him. Attacker just need to make an educated guess.
How to be safe from recover account?
If the attacker terminate our email address then he can easily access our Facebook account by just resetting our Facebook password.
But how attacker can get into our email address ? By phishing or any other social engineering attacker can get the password of our mail address.
How to be safe from E-mail hacking ?
Peoples are getting smarter, now these days very few people choose 12345678 or 00000000 as password. But for easily remember they choose easy passwords, like birthday, old or current mobile numbers, nicknames. These type of passwords are very easily hacked.
How to be safe from easy passwords?
 |
| Man-In-The-Middle Image Copyright researchgate.net |
How to be safe from MITM ?
Our Facebook can be hacked if someone who is peeping from behind, watching us type our passwords.
Another way of looking password is checking the victim’s personal computer physically. A common man always saves the username and the password in the browser in his personal computer for easy access next time, but the password can be seen very easily if attacker have access to victim’s personal computer. Attacker will check the advanced settings and privacy section of the browser.
How to be safe from this?
Here the question comes how our Facebook account can be hacked by a low security website ? Again we need to scan human’s brain. Most of common internet user have accounts in multiple websites. To remember passwords easily users use same passwords everywhere.
Here is a chance if any old (not updated) or low security website’s database got hacked then the attacker can try those hacked passwords to log in our Facebook account.
How to be safe from low security websites?
Some times in our devices such as phone and computer may be infected with malicious software like virus, malwares or spywares. These types of apps sends our all saved passwords and cookies in browsers to the hacker. In this way our accounts can be terminated.
How to be safe from viruses?
So, this is how our Facebook account got hacked. From this tutorial we learned how to be safe, and Facebook hacking is very easy if the user is careless. There are some zero day hacking. Great hackers able to find vulnerabilities in Facebook or Instagram but we don’t need care for this. Facebook developers will fix it as soon as possible. Zero day attackers normally targets the celebrates because zero day attacks is the code exploit attacks that we talked on the starting of this tutorial. This type of hacks needs high end skills and hard works, for this they normally don’t choose normal users they targets well known personalities or celebs.
We need to make our Facebook stronger. Follow our provided steps and be safe from Facebook hacking.
This tutorial is for new learners who is new in this field. Everyone should have an clear idea how Facebook, Instagram and other social media account can be hacked and how to be safe. This tutorial is for educational purpose only. Hacking Facebook, Instagram or any other account is a serious crime. If anyone do any illegal activity then we are not responsible for that.
Love our writings? Make sure to follow us on Twitter and GitHub, we post article updates there.
To join our family, join our Telegram Group. We are trying to build a community for Linux and Cybersecurity.
For anything we always happy to help everyone on the comment section. As we know our comment section is always open to everyone. We read each and every comment and we always reply.
You’ve probably heard that cybersecurity is an in-demand career field right now. If you’ve wondered why, look at the damage security breaches do to a company: lost intellectual property, a damaged reputation, and a loss of competitive advantage in the marketplace. Experts report that a single security incident can cost an enterprise more than USD 4 million (IBM, 2023). And since new threats emerge every day, it’s easy to see why businesses are putting resources behind information security.
The post What Is a Cyber Range? The Beginner-to-Expert Learning Path in Cybersecurity appeared first on Cybersecurity Exchange.
| David Tidmarsh | Penetration Testing The Kerberos protocol enables different machines and devices to exchange information continuously and securely. Without a robust protocol such as Kerberos authentication, this information is vulnerable to unauthorized access and even manipulation—for example, with a man-in-the-middle attack. Various organizations have developed their own authentication protocols. An authentication protocol allows…
The post What is Kerberos? An Introduction to Secure Authentication appeared first on Cybersecurity Exchange.
Cybersecurity penetration testing aims to simulate an attack on a computer system or network, identifying possible vulnerabilities and security flaws so that they can be fixed before an attacker takes advantage of them.
The post How to Advance Your Career with Penetration Testing appeared first on Cybersecurity Exchange.
Here we have listed some best USB Wireless adapters Kali Linux in 2021. These WiFi adapters are 100% compatible with Kali Linux and supports monitor mode and packet injection, which will help a lot in WiFi penetration testing.
|
Sl
No. |
WiFi
Adapter |
Chipset
|
Best
for |
Buy
|
|
1
|
AR9271
|
Good Old Friend
|
||
|
2
|
AR9002U/RTL8188EUS
|
Single Band for Beginners
|
||
|
3
|
RTL8821AU
|
Best in Budget
|
||
|
4
|
RT
3070 |
Best
in it’s Price Range |
||
|
5
|
RT
3070 |
Compact
and Portable |
||
|
6
|
RT
5572 |
Stylish
for the Beginners |
||
|
5
|
RTL8812AU
|
Smart
Look & Advanced |
||
|
6
|
RTL8814AU
|
Powerful & Premium
|
||
|
7
|
RT5372
|
Chip, Single Band
|
We are using this USB WiFi adapter from the BackTrack days (before releasing Kali Linux) and still we consider it as one of the best. For it’s long range signals we can do our penetration testing jobs from a long distance.
Alfa AWUS036NH is plug and play and compatible with any brand 802.11g or 802.11n router using 2.4 GHz wavelength and supports multi-stream & MIMO (multiple input multiple output) with high speed transfer TX data rate up to 150 MBPS. It also comes with a clip which can be used to attach this adapter on a laptop lid.
TP-LinkWN722N have AR9002U chipset on it’s version 1 and RTL8188EUS chipset on version 2/3 We have an article to use TP-Link WN722N Version 2 and 3 for monitor mode and packet injection on Kali Linux.
We need to remember one thing that this adapter’s version 2 and 3 didn’t support Monitor Mode and Packet Injection directly we need a tweaking on it as we discussed on this article.
Here comes the real budget king. This TP-Link AC600 or T2U Plus has really proven itself with monitor mode, packet injection and soft AP support. This WiFi adapter is not plug and play on Kali Linux. We just need to set the driver for TP-Lnik AC600 on Kali Linux.
It comes with a fixed 5dBi antenna which can be 180° rotatable. In this price segment it supports monitor mode on both 2.4 Ghz and 5 Ghz networks. It can be the best choice for ethical hacking students. It has lots of features in this budget.
It also require a very little bit of tweaking to make it work on Kali Linux. All about it we had already discussed on our previous article. In our opinion go with this WiFi adapter when have a tight budget, because it’s build quality is not like the Alfa Cards.
This plug and play WiFi adapter supports monitor mode and packet injection in any Linux distribution and Kali Linux. Alfa AWUS036NHA comes with a 4 inch 5 dBi screw-on swivel rubber antenna that can be removed and upgrade up to 9 dBi.
This Alfa WiFi Adapter is compact and tiny, but it has a good range. It supports plug and play so connect it with Kali Linux machine and start playing with WiFi security. The antenna is detachable and makes it very portable. We have used this to build our portable hacking machine with Raspberry Pi and Kali Linux.
Alfa AWUS036NEH is the ultimate solution for going out and red teaming attacks. The long high gain WiFi antenna will give us enough range to capture even low signal wireless networks. This adapter is slim and doesn’t require a USB cable to use.
Besides Alfa, Panda is also a good brand for WiFi adapters with monitor mode. Panda PAU09 is a good WiFi adapter to buy in 2020. This dual-band plug & play adapter is able to attack both 2.4 GHz as well as 5 GHz 802.11 ac/b/g/n WiFi networks.
This adapter comes with a USB docker and dual antennas, which looks really cool. It is also detachable into smaller parts. This adapter is reliable even on USB 3 and works great and fully supports both monitor mode and injection which is rare on a dual band wireless card out of the box.
In Kali Linux 2017.1 update Kali Linux was released a significant update – support for RTL8812AU wireless chipset. Now Alfa AWUS036ACH is a BEAST. This is a premium WiFi adapter used by hackers and penetration testers. It comes with dual antennas and dual band technology (2.4 GHz 300 Mbps/5 GHz 867 Mbps) supports 802.11ac and a, b, g, n.
These antennas are removable and if we require higher range, then we can connect an antenna with greater dbi value and use it as a long range WiFi link which makes this one of the best WiFi adapters. Also this adapter has an awesome look.
If budget is not an issue then this adapter is highly recommended.
Now this is the beast, then why is it at last? It is last because of its high price range. But the price is totally worth it for this USB WiFi adapter. If the previous adapter was a beast then it is a monster. Alfa AWUS1900 has high-gain quad antenna that covers a really long range (500 ft in an open area).
This is a dual band WiFi adapter with high speed capability 2.4GHz [up to 600Mbps] & 5GHz [up to 1300Mbps]. It also has a USB 3.0 interface.
Monitor mode and packet injection supported with both bands and it will be very useful for serious penetration testers. We also can attach this on our laptop display with it’s screen clip provided with the box.
There are some more WiFi adapters that we did not cover because we didn’t test them on our hands. These WiFi adapters were owned by us and some of our friends so we got a chance to test these products.Be Careful to choose from unofficial sellers, because sometimes they sell exactly same model with a cheaper chipset which surely not support monitor mode neighter packet injection. As per our own experience Alfa cards are the best in the case of WiFi Hacking.
Before
going through WiFi adapter brands let’s talk something about what kind
of WiFi adapter is best for Kali Linux. There are some requirements to
be a WiFi penetration testing wireless adapter.
Here are the list of WiFi motherboards supports Monitor mode and Packet injection.
So
we need to choose WiFi Adapter for Kali Linux carefully. For an
Example, on the Internet lots of old and misleading articles that
describe TP Link N150 TL-WN722N is good for WiFi security testing. But it is not totally true. Actually it was.The
TP Link N150 TL-WN722N’s previous versions support monitor mode. The
version 1 comes with Atheros AR9002U chipset and supports monitor mode.
Version 2 and 3 has the Realtek RTL8188EUS chipset and requires some modification on it’s driver then we can use it. TP Link N150 TL-WN722N version 1 is not
available in the market right now. So clear these things and don’t get
trapped.
Kali Linux is the most widely used penetration testing operating system of all time. It comes with lots of tools pre-installed for cyber security experts and ethical hackers. We can perform web application penetration testing, network attack as well as wireless auditing or WiFi hacking. We have already posted some lots of tutorials on our website and some good WiFi auditing tutorials like AirCrack-Ng.
A WiFi adapter is a device that can be connected to our system and allows us to communicate with other devices over a wireless network. It is the WiFi chipset that allows our mobile phone laptop or other devices which allows us to connect to our WiFi network and access the internet or nearby devices.
But most of the Laptops and mobile phones come with inbuilt WiFi chipset so why do we need to connect an external WiFi adapter on our system ? Well the simple answer is our in-built WiFi hardware is not much capable to perform security testing in WiFi networks.Usually inbuilt WiFi adapters are low budget and not made for WiFi hacking, they don’t support monitor mode or packet injection.
If we are running Kali Linux on Virtual Machine then also the inbuilt WiFi Adapter doesn’t work for us. Not even in bridge mode. In that case we also need an external WiFi adapter to play with WiFi networks. A good external WiFi adapter is a must have tool for everyone who has interest in the cyber security field.
Most WiFi attacks require that we are able to inject packets into the AP while, at the same time, capturing packets going over the air. Only a few WiFi adapters are capable of doing this.
WiFi adapter manufacturers are not looking to add extra features to their standard wireless adapters to suit penetration testers needs. Most wireless adapters built into your laptop are designed so that people can connect to WiFi and browse the web and send mails. We need something much more powerful and versatile than that.
If we can’t inject packets into the Access Point (in Aircrack-ng, this is the function of Aireplay-ng), then it really limits what we do.
If we are using Kali Linux and want to be a security tester or ethical hacker then a special WiFi adapter is a must have tool in our backpack. As per our own experience listed Alfa cards in this list are best USB wireless adapter for Kali Linux, going with them may be costly but they are really worth it. For more assistance comment below we reply each and every comment.
Here we have listed some best USB Wireless adapters Kali Linux in 2021. These WiFi adapters are 100% compatible with Kali Linux and supports monitor mode and packet injection, which will help a lot in WiFi penetration testing.
|
Sl
No. |
WiFi
Adapter |
Chipset
|
Best
for |
Buy
|
|
1
|
AR9271
|
Good Old Friend
|
||
|
2
|
RT
3070 |
Best
in it’s Price Range |
||
|
3
|
RT
3070 |
Compact
and Portable |
||
|
4
|
RT
5572 |
Stylish
for the Beginners |
||
|
5
|
RTL8812AU
|
Smart
Look & Advanced |
||
|
6
|
RTL8814AU
|
Powerful & Premium
|
||
|
7
|
RT5372
|
Chip, Single Band
|
We are using this USB WiFi adapter from the BackTrack days (before releasing Kali Linux) and still we consider it as one of the best. For it’s long range signals we can do our penetration testing jobs from a long distance.
Alfa AWUS036NH is plug and play and compatible with any brand 802.11g or 802.11n router using 2.4 GHz wavelength and supports multi-stream & MIMO (multiple input multiple output) with high speed transfer TX data rate up to 150 MBPS. It also comes with a clip which can be used to attach this adapter on a laptop lid.
Alfa again. Alfa provides the best WiFi adapters for Kali Linux. This adapter is the older version of Alfa AWUS036NH with Ralink RT3070 chipset. AWUS036NHA is the IEEE 802.11b/g/n Wireless USB adapter with 150 Mbps speed This is also compatible with IEEE 802.11b/g wireless devices at 54 Mbps.
This plug and play WiFi adapter supports monitor mode and packet injection in any Linux distribution and Kali Linux. Alfa AWUS036NHA comes with a 4 inch 5 dBi screw-on swivel rubber antenna that can be removed and upgrade up to 9 dBi.
This Alfa WiFi Adapter is compact and tiny, but it has a good range. It supports plug and play so connect it with Kali Linux machine and start playing with WiFi security. The antenna is detachable and makes it very portable. We have used this to build our portable hacking machine with Raspberry Pi and Kali Linux.
Alfa AWUS036NEH is the ultimate solution for going out and red teaming attacks. The long high gain WiFi antenna will give us enough range to capture even low signal wireless networks. This adapter is slim and doesn’t require a USB cable to use.
Besides Alfa, Panda is also a good brand for WiFi adapters with monitor mode. Panda PAU09 is a good WiFi adapter to buy in 2020. This dual-band plug & play adapter is able to attack both 2.4 GHz as well as 5 GHz 802.11 ac/b/g/n WiFi networks.
This adapter comes with a USB docker and dual antennas, which looks really cool. It is also detachable into smaller parts. This adapter is reliable even on USB 3 and works great and fully supports both monitor mode and injection which is rare on a dual band wireless card out of the box.
In Kali Linux 2017.1 update Kali Linux was released a significant update – support for RTL8812AU wireless chipset. Now Alfa AWUS036ACH is a BEAST. This is a premium WiFi adapter used by hackers and penetration testers. It comes with dual antennas and dual band technology (2.4 GHz 300 Mbps/5 GHz 867 Mbps) supports 802.11ac and a, b, g, n.
These antennas are removable and if we require higher range, then we can connect an antenna with greater dbi value and use it as a long range WiFi link which makes this one of the best WiFi adapters. Also this adapter has an awesome look.
If budget is not an issue then this adapter is highly recommended.
Now this is the beast, then why is it at last? It is last because of its high price range. But the price is totally worth it for this USB WiFi adapter. If the previous adapter was a beast then it is a monster. Alfa AWUS1900 has high-gain quad antenna that covers a really long range (500 ft in an open area).
This is a dual band WiFi adapter with high speed capability 2.4GHz [up to 600Mbps] & 5GHz [up to 1300Mbps]. It also has a USB 3.0 interface.
Monitor mode and packet injection supported with both bands and it will be very useful for serious penetration testers. We also can attach this on our laptop display with it’s screen clip provided with the box.
There are some more WiFi adapters that we did not cover because we didn’t test them on our hands. These WiFi adapters were owned by us and some of our friends so we got a chance to test these products. We didn’t listed some WiFi adapters like following:
Be Careful to choose from these, because we don’t know that they surely support monitor mode & packet injection or not. As per our own experience Alfa cards are the best in the case of WiFi Hacking.
Before
going through WiFi adapter brands let’s talk something about what kind
of WiFi adapter is best for Kali Linux. There are some requirements to
be a WiFi penetration testing wireless adapter.
Here are the list of WiFi motherboards supports Monitor mode and Packet injection.
So
we need to choose WiFi Adapter for Kali Linux carefully. For an
Example, on the Internet lots of old and misleading articles that
describe TP Link N150 TL-WN722N is good for WiFi security testing. But it is not true. Actually it was.
 |
| TP Link N150 TL-WN722N newer models doesn’t work |
The
TP Link N150 TL-WN722N’s previous versions support monitor mode. The
version 1 comes with Atheros AR9002U chipset and supports monitor mode.
Version 2 has the Realtek RTL8188EUS chipset and doesn’t support monitor
mode or packet injection. TP Link N150 TL-WN722N version 1 is not
available in the market right now. So clear these things and don’t get
trapped.
Kali Linux is the most widely used penetration testing operating system of all time. It comes with lots of tools pre-installed for cyber security experts and ethical hackers. We can perform web application penetration testing, network attack as well as wireless auditing or WiFi hacking. We have already posted some lots of tutorials on our website and some good WiFi auditing tutorials like AirCrack-Ng.
A WiFi adapter is a device that can be connected to our system and allows us to communicate with other devices over a wireless network. It is the WiFi chipset that allows our mobile phone laptop or other devices which allows us to connect to our WiFi network and access the internet or nearby devices.
But most of the Laptops and mobile phones come with inbuilt WiFi chipset so why do we need to connect an external WiFi adapter on our system ? Well the simple answer is our in-built WiFi hardware is not much capable to perform security testing in WiFi networks.Usually inbuilt WiFi adapters are low budget and not made for WiFi hacking, they don’t support monitor mode or packet injection.
If we are running Kali Linux on Virtual Machine then also the inbuilt WiFi Adapter doesn’t work for us. Not even in bridge mode. In that case we also need an external WiFi adapter to play with WiFi networks. A good external WiFi adapter is a must have tool for everyone who has interest in the cyber security field.
It doesn’t make sense, when we are using Kali Linux then we are penetration testers so a basic WiFi adapter can’t fulfill our requirements. That’s why we should have a special WiFi adapter that supports monitor mode and packet injection. So in this tutorial Kali Linux supported means not only supported it means the chipset has ability to support monitor mode and packet injection.
In wireless technology, the equivalent is monitor mode. This enables us to see and manipulate all wireless traffic passing through the air around us. Without this ability, we are limited to using our WiFi adapter to only connect to wireless Access Points (APs) that accept and authenticate us. That is not what we are willing to settle for.
In the Aircrack-ng suite, we need to be able to use airodump-ng to collect or sniff data packets.
Most WiFi attacks require that we are able to inject packets into the AP while, at the same time, capturing packets going over the air. Only a few WiFi adapters are capable of doing this.
WiFi adapter manufacturers are not looking to add extra features to their standard wireless adapters to suit penetration testers needs. Most wireless adapters built into your laptop are designed so that people can connect to WiFi and browse the web and send mails. We need something much more powerful and versatile than that.
If we can’t inject packets into the Access Point (in Aircrack-ng, this is the function of Aireplay-ng), then it really limits what we do.
If we are using Kali Linux and want to be a security tester or ethical hacker then a special WiFi adapter is a must have tool in our backpack. As per our own experience listed Alfa cards in this list are best USB wireless adapter for Kali Linux, going with them may be costly but they are really worth it. For more assistance comment below we reply each and every comment.
| Vinjaram Prajapati| Netwrok Security As organizations transition to the most up-to-date ERP (Enterprise Resource Planning) systems, they must address security oversights. ERP systems encompass various elements in manufacturing, human resource, supply chain, procurement, inventory, and other departments. By consolidating business processes into integrated systems, ERP systems enable organizations to achieve greater efficiency, automation, and…
The post Securing ERP Systems: Strategies & Threats in Modern Business Operations appeared first on Cybersecurity Exchange.
| Graham Thomson| Cybersecurity In the ever-dynamic domain of modern-day threat landscapes, the conventional approach to security is limited and needs transformation using the infusion of intelligence from security data nodes, accompanied by an exceptional degree of agility. A swift and resolute trajectory for agile security has to be charted to help steer cyber security capabilities…
The post Decoding Cybersecurity 2023: An In-Depth Chat with CISO Graham Thomson appeared first on Cybersecurity Exchange.
