DireSearch — Easy Scanner for Juicy Files

CyberSecurity Updates, Kali Linux / By CyberArk

We are covering dirsearch tutorial in this post. it’s a simple command-line python based website directory/path scanner which can brute-force any targeted site for it’s directory and files. This is very common job in pentesting and dirsearch do this job much faster then the traditional DIRB. It is a mush have tool in our Kali Linux machine.

Now with Kali Linux 2021.2 DirSearch comes pre-installed with kali-linux-full image or we can download it by applying following command:

sudo apt install dirsearch -y

After installing it, we can check the help options of dirsearch by using following command:

dirsearch -h

The above command will show us the help menu of dirsearch as we can see on the following screenshot:

Now it’s time to use dirsearch. For an example we assume that google.com is our target and we need to check it’s directory and files. We use following command:

dirsearch -u google.com -e aspx,php

Here we look for only php and aspx files, and we have specified our target URL using -u flag.

After running the above command we can see that dirsearch started it’s work as we can see on the following screenshot:

Time to scan is depending on our target website’s size. When it finished, we can see a “Task Completed” message on our terminal, as we can see in the following screenshot:

On the above screenshot we can see that dirsearch searched for tons of paths and directories on our target website. We might get suspicious or sensitive page from here, but a good bounty hunter or pen tester will gather more information about every location or manually check everything.

Vulnerabilities can be anywhere.

Dirsearch also save the generated output file on a text format (plain, json, xml, md, csv), default format is txt. We can see the path of saved output on the upper side (need to scroll up) of terminal, shown on the following screenshot:

This is how we can search for hidden and sensitive directories using dirsearch on our Kali Linux system. Dirseach is faster then infamous tool DIRB.Love our articles? Stay updated with our articles by following us on Twitter and GitHub. Be a part of the KaliLinuxIn community by joining our Telegram Group, where we focus on Linux and Cybersecurity. We’re always available to help in the comment section and read every comment, ensuring a prompt reply.

How to improve your digital document security

CyberSecurity Updates, Kali Linux / By CyberArk

Our world is becoming very digitalized, and this process also touches on documentation. Creating documents includes creativity and good writing skills. For example, if you are a student, you might need some assistance with your papers. The best way to resolve writing issues is to contact a writing service, www.essayshark.com, which is irreplaceable when you need help with any type of college papers and other documents.

Secure your documents with passwords

Password protection is one of the best ways to improve your digital document security. Each user must create a strong password that will contain not only letters but also numbers and other specific signs that will make. It’s almost impossible for hackers to violate your privacy. The history of password access control began in the 1970s when computers were started to control by the Resource Access Control Facility. Since then, passwords have been required for almost every action by users, online or offline, which means providing any private information. When it comes to digital documents, using passwords is crucial. If you store your digital documents on your laptop or smartphone, you should protect your device first and secure it with a password, fingerprints, or Face ID, depending on the system’s facilities. Here are some more tips for using passwords to protect essential files and documents:

The longer password you have, the better
Do not use the same password for multiple platforms or websites.
Never write down your passwords on stickers or something you can store behind your computer.
Regularly change your passwords to prevent violation of privacy.
Pay attention to security alert messages from the accounts you have.

Audit your security

Today’s technologies are developing very fast, and you must keep your hand on a pulse when auditing your security. Different software requires a different approach to safety, and if you can determine the security vulnerabilities of any system you use, you will be protected. Your documents must be handled and shared according to the insider security policies that are common for your personal computer system or the system of your company. The first step to take in terms of regular security is to remember to update your software and systems according to the schedule of updates and renovations to avoid accessing your secret documents by other parties that are not involved in the process of work and sharing the information.

Watermark your documents

Adding your documents with a specific watermark stamp is an excellent form of making them highly secure. There are various forms of digital watermarks that you can use, which can be dynamic or static. Suppose you want to ensure your digital security level is high and feel safe while using various documents; you should add each copy of your digital documents with a watermark. Watermarks are very effective no matter what type of documents you want to secure. They are widely used in design and companies using vast digital data. Watermarks are irreplaceable if you need to determine such preferences of the document access time, the identity of a person who viewed the document data, and other information about the version of the document.

Encrypt your files

After you finish working with your digital document and ensure you are happy with the final version, check it for plagiarism and end encryption to a document. Encrypting means that all files on your computer will be safe with the highest level of security. Encryption is easy to use. When you add encryption to your files on a computer, you prevent them from reading by people who do not know the password of your encrypted files. Only after entering the password does the file return from the encrypted version to normal. By the way, both widely used systems Mac and Windows, have pre-installed and built-in encrypting systems so you can use them.

Use infographics

One of the very effective ways to secure information in digital documents is by presenting as much data as possible through infographics. Using specifically presented data is helpful if you want to ensure that the information is safe. Work on specific pieces of training for your team to teach employers how to use infographics and how to apply particular instruments to create working content for digital documents. Implementing infographics will let you reach the highest level of digital document security.

Control access to documents

Controlling access to your documents is a great and effective way to secure them. Of course, each file in the private company that works with the vast amount of data must be secured by passwords. Allowing access to new people is common for almost all businesses. However, working with the team means staying in control of and applying the data security policies to each process in the company. Of course, you might think that each team member is reliable, but the security protocols must be followed in any circumstances. Ensure that day by day operations of your company are safe and controlled by specific features that lead to control access.

Afterall

Improving your digital document security is crucial to feeling safe regarding all the information you store within laptops, hard drives, and cloud storage. By reading our article, you can get a working checklist and ensure you follow all our recommendations. First, one should secure digital documents with passwords, which must be strong and contain various symbols, letters, and numbers to avoid hacking. Also, you must check and change your passwords occasionally, and do not use the same password for different accounts. Remember to audit security, implement new technologies to update the software on time, and stay in touch with the latest ideas regarding digital security. Adding watermark stamps on your digital documents is a great way to make them safe and secure. Apply encrypting files and follow the encryption policies, no matter what storage you use for your digital documents. Control access to documents as it is a great and effective way to secure information. Specific features must control the day-by-day operations of your company. We hope these recommendations are helpful and you will use all of them to secure your digital documents.

Best Ways to Customize Look & Feel of Kali Linux

CyberSecurity Updates, Kali Linux / By CyberArk

Kali Linux developers added Xfce as the new default desktop environment in Kali Linux for the new release. One of the main benefits of Xfce, in terms of customization, is that it is a fully modular desktop. We can use all kinds of programs to change its behavior and appearance.

After the 2020.1 update we can use Kali Linux as our main operating system and use it in our daily life.

While developers thinks Kali looks impressive out of the box, we the users love to customize. In this detailed article, We’ll talk about some tricks to customize the new Xfce desktop environment of Kali Linux and help make our computer stand out.

General Tips and Tricks

Here we discuss about some general tips then we demonstrate some examples.

Changing the theme to dark/light

Changing Kali’s look isn’t overly complicated, but if we are switching the dark/light theme or want to install a new one, then we need to know which settings will make the whole desktop look uniform. Those are the following:

Appearance theme
Icon theme
Window Manager theme
Terminal color scheme
Text editor color scheme

General script

With the following scripts we can quickly switch between Kali’s light/dark themes. The only thing we need to change manually is qterminal’s color scheme.

For the Light theme

We can use following commands to set up light theme in our Kali Linux:

xfconf-query -c xsettings -p /Net/IconThemeName -s Flat-Remix-Blue-Light

xfconf-query -c xsettings -p /Net/ThemeName -s Kali-Light

xfconf-query -c xfwm4 -p /general/theme -s Kali-Light

gsettings set org.xfce.mousepad.preferences.view color-scheme Kali-Light

For the Dark theme

Dark theme’s commands are as following:

xfconf-query -c xsettings -p /Net/IconThemeName -s Flat-Remix-Blue-Dark

xfconf-query -c xsettings -p /Net/ThemeName -s Kali-Dark

xfconf-query -c xfwm4 -p /general/theme -s Kali-Dark

gsettings set org.xfce.mousepad.preferences.view color-scheme Kali-Dark

Transparent panel

Xfce-panel settings allows us to modify each panel configuration separately (right-click over the panel → Panel → Panel preferences).

Once we’ve selected the one we want to modify, we need to go to the Appearance tab, change the Background→Style setting to Solid color and we use the color selector that will appear below. In case we want to adjust its opacity or make it completely transparent, we can move the slider located under the color box. Which is shown in following animation.

If we also want to remove the panel’s shadow, we can open the Window Manager Tweaks application, and, inside the Compositor section, disable the Show shadows under dock windows check-box. Alternatively, we can use the following command:

xfconf-query -c xfwm4 -p /general/show_dock_shadow -s false

Changing the menu icon

We can change the menu icon also Right-click over the menu icon → Properties.

The icon selector will show us all the icons comes pre-installed on our computer, but, if we want, we also can use a custom image as well.

Plank The Advanced Taskbar

Plank is a customizable dock. Plank is meant to be the simplest dock on the planet. The goal is to provide just what a dock needs and absolutely nothing more.

We can install plank via following command:

sudo apt-get install plank

The only tricky part is that if we need to configure it to launch on login. To do so, we need to open the Session and Startup application and add Plank to the autostart list.

As with Xfce-panel, you will need to disable dock shadows. Otherwise, it will draw a shadow line in the middle of your desktop.

Window Manager Tweaks → Compositor → disable Show shadows under dock windows.

Tip: If ywe want to open Plank settings we can press Ctrl + Right-click over plank dock. We can change the theme and make it completely transparent.

Numerical workspace switcher

In some cases, the numerical workspace switcher looks better than the miniature view. To configure it, disable the “Show miniature view” inside the widget’s settings (right-click it → Preferences). Then, we open the workspace settings and manually replace their names with numbers.

Tip: If we want to increase the button dimension, add some spaces to each side of the workspace name. We don’t need to do it with all of them, only with one, and the rest will use the same size.

We can see the detailed customization in following animation:

Window animations using Compton

Xfce uses Xfwm4 as the default display compositor, which is very lightweight. It lacks all the animations of the modern desktops, which makes it look outdated. Hopefully, as we mentioned before, Xfce is a modular desktop, thus we can replace it with a different display compositor, such as Compton.

Installing Compton in Kali Linux

We can install Compton in Kali Linux by using following command:

sudo apt-get install compton -y

It is very crucial to disable Xfwm compositing before launching Compton (inside Window Manager Tweaks → Compositor), and we need to add it to the autostart list as well. We also recommend disabling the Draw frame around selected window while cycling option. Alternatively, we can use the following command:

xfconf-query -c xfwm4 -p /general/use_compositing -s false

Restore Kali’s default appearance

If we did anything wrong and our Kali looks like a shit, and we don’t know what we have did or how to fix it. Then, we can use a single command to undo all the visual changes that we’ve applied to our desktop and we are back into Kali’s default apperarance. The command is following:

rm -rf ~/.config/xfce4/ && sudo reboot

Examples of customizations

It may be easier to follow these customizations. We can just follow following steps to customize our Kali Linux and give it an outstanding look.

Example #1

Settings:

Theme: Kali-Dark
Wallpaper: kali-rings
Panel settings (following screenshot):

Example #2

Settings:

Theme: Kali-Light
Wallpaper: kali-small-logo
Font Family: Quicksand Medium Bold
Panel settings (following screenshot):

Example #3

Settings:

Theme: Kali-Dark
Wallpaper: kali-small-logo
Desktop Icons:Icons orientation: Bottom Right Vertical

Window Manager settings:

Title alignment: Left
Move window close/maximize/minimize buttons to the left side
These settings allow you to save some vertical space, as the title-bar and the panel will be joined when the window is maximized.

Plank settings:

Theme: Transparent
Position: Left
Alignment: Center
Icon Size: 48
Icon Zoom: Enabled

Behaviour

Hide Dock: Enabled – Intellihide

Panel settings(following screenshot):

Example #4

Settings:

Theme: Kali-Dark
Wallpaper: Community Wallpaper link included below

Plank settings:

Theme: Transparent
Position: Bottom
Alignment: End
Icon Size: 64
Icon Zoom: Disabled
Behaviour:Hide Dock: Enabled – Intellihide

Panel settings(following screenshot):

Wallpaper
link of the wallpaper

We can download more cool wallpaers of Kali Linux by using following commands:

sudo apt install -y kali-community-wallpapers

sudo apt install -y kali-legacy-wallpapers

Best terminal graphical tools for Kali Linux

We were only going to talk about desktop customizations, but after adding all the screenshots with the terminal windows, it’s our duty to share the tools we used.

To stylize the terminal a bit more, we like to hide the menu bar and increase the terminal’s transparency to 15%. We can find both settings inside the preferences window with right-click → Preferences, in the Appearance section of Terminal.

We need to uncheck the Show the menu bar box and change the transparency values. For this, wee need to find two different values: the Application transparency will change the whole window opacity, and the Terminal transparency will only change the area of the terminal.

htop

htop is an interactive system-monitor process-viewer and process-manager. It is designed as an alternative to the Unix program top. It shows a frequently updated list of the processes running on a computer, normally ordered by the amount of CPU usage.

sudo apt-get install -y htop

gotop

This terminal-based graphical activity monitor not included in the above screenshots, but we can use it to give a out of this world look.

sudo apt install -y golang

go get github.com/cjbassi/gotop

go run github.com/cjbassi/gotop

neofetch

This is the command line system information tool appeared used in above screenshots.

sudo apt-get install neofetch -y

lolcat

Get rainbows and unicorns on neofetch. This tool commonly appears used together with neofetch, adding a stunning rainbow effect to its output.

sudo apt-get install lolcat -y

We can run lolcat with neofetch by applying following command:

neofetch | lolcat

Have a customized Kali Linux?

During the worldwide lock-down we can customize our Kali Linux at home, and learn something new from our other articles.

Download this best wallpaper for Kali Linux.

Used any of the tips in this article, we’d love to see the results. Share a screenshot and tag us on Twitter: KaliLinux.In. Follow us on Twitter and Medium for quick updates.

Autopsy — Digital Forensic Toolkit

CyberSecurity Updates, Kali Linux / By CyberArk

In our this detailed tutorial we are going to Learn about Autopsy digital forensic toolkit in our Kali Linux system.

Autopsy is one of the digital forensics toolkit use to investigate Windows, Linux, Mac, Android and IOS images. Autopsy is a digital forensics platform and graphical interface to Sleuth Kit Suite® and other digital forensics tools.

It is used by law enforcement, military, and corporate examiners to investigate what happened on a computer. We can even use it to recover files from our pen drive. Everyone wants reports quicker so Autopsy produces results in real time, making it much more compatible over other forensics tools.

Opening Autopsy

Autopsy comes pre-installed in our Kali Linux machine. We can find the option “forensics” in the application tab. Select “autopsy” from the list of forensics tools, this works for root user but with the newer version of Kali Linux we got non-root user in default so it might not work. In that case we can simply run sudo autopsy command in terminal.

sudo autopsy

The screenshot is following:

When we start autopsy, it will open a terminal where we can see a program information, the version number listed as 2.24 with the path to the evidence locker folder as /var/lib/autopsy and an address http://localhost:9999/autopsy to open it on a web browser.

Now we copy that link and open it in our Kali Linux’s web browser, we will be in the home page of autopsy. This tool is running on our local web server accessing the port 9999. We can seethe home page of autopsy as following screenshot.

Creating a new case

There will be three options on the home page of autopsy: “OPEN CASE“, “NEW CASE“, “HELP“.

For digital forensic investigation, we need to create a new case and arrange all the information and evidences, so we select “NEW CASE“.

This will lead us to a page where we have been asked to add case name, description and investigator names, as following screenshot:

We can add more than one investigator name because in these scenarios usually a team of forensic investigators working on a single cyber forensic case.

After fill this page we click on the “New Case“.

The above screenshot is simply showing us the name of the case, the destination where it will be stored i.e. /var/lib/autopsy/Example-Case/, and the destination where its configuration file will be stored i.e. /var/lib/autopsy/Example-Case/case.aut

Then we need to choose investigator’s name and then select ‘ADD HOST’ option below.

Then autopsy will be ask to enter the name of the computer we are investigating and the description of the investigation. After that it will ask us the time zone (leaving it blank will select the default setting).

Timeskew adjustments means a value in seconds to compensate for differences in time, path of alert hash means a path to the created database of bad hashes and a path of ignore hash database means specifying a path to the database of good hashes.

Then we select ‘ADD HOST’ to continue.

Here we can import investigating image file.

Creating an Image file

Now we need to add an image file of the system or drive which we want to investigate. The reason for doing this is analysis cannot be conducting on an original storage device.

A disk Image can be defined as a file that stores the contents and structure of a data storage device such as a hard drive, CD drive, phone, tablet, RAM, or USB. This image file can be taken locally or remotely.

There are many ways to create the image file. We can use the guymager to acquire a disk image.

Once we get the image file, we can select “ADD IMAGE FILE” option.

In the above screenshot we can see that we need to enter the location of our evidence image file, type and the mode of import. Then we click on “Next”.

Then we click on “ADD”, and the screen appears like following screenshot.

This is showing the hash value of the evidence image file and links the image into the evidence locker. Here we click “OK” to continue.

Analyzing The Case

Now we have successfully imported the file for digital forensic investigation. Now we can start analysis by clicking on “Analyze“. The screenshot is following:

We can see that to start analyzing the image file we need to choose an analysis mode from the above tabs. For an example we choose “File Analysis” mode.

In this detailed article we have learned how to use a forensic toolkit Autopsy to investigate an image file in our Kali Linux system and analyze the contents inside that file. We also calculated the hash value of the image file so that in future if there is a need to prove the integrity of the image file you can easily validate it by matching the hash values to maintain evidence integrity.

Stay updated with our articles by following us on Twitter and GitHub. Be a part of the KaliLinuxIn community by joining our Telegram Group, where we focus on Linux and Cybersecurity. We’re always available to help in the comment section and read every comment, ensuring a prompt reply.

Pastejacking — Exploiting Remote Machines

CyberSecurity Updates, Kali Linux / By CyberArk

In pastejacking attacks, hackers use a malicious program to replace the contents of the user’s clipboard with a different set of data, such as a malicious URL, password or other sensitive information. When the user attempts to paste the original content, they end up pasting the malicious data instead, which can lead to various types of cyber threats, such as phishing attacks, malware infections, or stealing sensitive data.

In today’s detailed tutorial we are going to learn a dangerous exploitation called pastejacking. In this article we learn

What is pastejacking.
How to avoid pastejacking.
Practical of pastejacking in our Kali Linux.

What is pastejacking ?

Pastejacking is a dangerous attack technique with the help of this attacker can control victim’s clipboard and paste malicious codes in targeted machine, then attacker get control victim’s machine.

pastejacking and pastejacker in kali linux 2020

Pastejacking or clipboard hijacking is a method that malicious websites use to gain control of the clipboard on victim’s computer and change that content into malicious content without victim’s knowledge. Pastejacking is an exploit in which a person’s clipboard’s content is replaced by malicious lines, like a link to malicious web server, malicious code or commands.
Example: User surfing web and he got some useful command for him. The command is copied by the user, but if it is a pastejacking then the user not copied the normal looking useful command. User even don’t know that he have copied some malicious command in the place of the normal looking useful command.
When he paste and run the the command in Linux terminal or Windows powershell his machine will be compromised.

How to avoid pastejacking?

Avoiding from this kind of attacks is very easy. We shouldn’t copy and paste commands from websites to terminal directly. It is a good practice to type our required commands.
In case if we must need to copy commands from websites we then can copy it, but before pasting it on terminal we should paste it on text editor like notepad, mousepad, leafpad etc.
If it is a pastejacking then in text editor will show us that what command we have pasted. The terminal also can show us but we shouldn’t try it on terminal for security reasons.
This is the process to be safe from pastejacking attacks:

We should not copy command from websites better type by own
For very long commands, before pasting on terminal or powershell we check the command by paste it on text editor.
Turn on clipboard notifications: Some operating systems allow us to turn on clipboard notifications, which will notify we every time something is copied to our clipboard. This can help you catch any suspicious activity and protect our sensitive information.
Use a password manager with autofill: Password managers like LastPass or 1Password have autofill features that can fill in login information for you without the need to copy and paste.
Use a fun password generator: Instead of using the same old boring password, use a fun and quirky password generator that creates passwords like “UnicornPizza88!” or “JellyfishRainbow123#”. This can make the password creation process more enjoyable and less of a hassle.

By taking these steps, we can protect ourself from pastejacking attacks while also having some fun along the way!

How to use pastejacking ?

So basically it can be triggered from websites so, good knowledge in web development can implement this or we can simply use automated scripts like PasteJacker in our Kali Linux machine.
To use the PasteJacker tool we need to clone it from it’s GitHub repository by using following command:

git clone https://github.com/D4Vinci/PasteJacker

The following screenshot shows the output of the preceding command:

git clone git clone https://github.com/D4Vinci/PasteJacker

Then we install PasteJacker with the following command:

sudo python3 -m pip install ./PasteJacker

Then it will install all required python packages for PasteJacker tool. This automated script also install PasteJacker tool in our Kali Linux, as we can see in the following screenshot:

Then we can run PasteJacker tool anywhere in our terminal by applying command:

sudo pastejacker

After applying the above command PasteJacker tool’s main menu will appear as following screenshot:

Now we can use PasteJacker tool.

The menu shows us two options. If we are going to use against a Windows target then we can go with option 1, for using it against Linux we can choose 2. Here for an example we choose 2 and press enter.

Here the first option will create a hidden bash command that download our and execute our msfvenom payload in victim’s system using wget (do your own research on wget, we are not going to spoon-feed).
The second option will create a reverse connection of victim’s computer using netcat.

In the third one we can create our one-liner malicious commands and use it to perform pastejacking.

We can use the first or second option those are also easy and automated, but we are not going to harm anyone so we write a non-malicious one-liner custom pastejacking for just proof of concept. So we choose option 3.The screenshot is following:

Here we need to type our one line command. We can use any harmful command for Linux users but we have typed an simple command to display a text.

Here we need to choose a template for pastejacking. Here it have 3 types of pastejacking methods. For our those example we choose option 2 , i.e. pastejacking using javascript.

Then PasteJacker tool will prompt for the port we can leave it blank and press enter because the default port will be 80.

Here we need to type the text and we need to press enter double time to finish it. This will be the normal looking command, we can type anything to attract victim’s attention.

PasteJacker tool starts a localhost server in port 80. We open a browser and go to our localhost or 127.0.0.1 and we can see the normal looking command. If we paste and run it will change in to our that one-liner command.

Here we have opened our localhost and copied the command and paste it on mousepad text editor and see what we have got in the following screenshot:

We can even modify the webpage, and give it to a real life website look. To do that we open a terminal our root user directory:

sudo su

Then we type cd and enter to go to the root user’s directory:

cd

Then we can modify the html page by using following command:

sudo mousepad .pastejacker/index.html

In the above screenshot we can see the locally hosted webpage’s html codes. We can modify it is as we want like we have modify it a little bit.

This is how we can do pastejacking on our local network. Now we can use port forwarding using SSH or host our this HTML webpage to any hosting site to use pastejacking attack over the internet. Here is a demo.

So, in this tutorial we have learned about pastejacking. What is it and how to be safe from it. We have also learned how to use it in our Kali Linux system.

Airgeddon — Easy Wireless Network Security Auditor

CyberSecurity Updates, Kali Linux / By CyberArk

Airgeddon is a multi-featured tool for penetration testing on WiFi system or wireless networks. This all-in-one WiFi auditing tool is written in bash by v1s1t0r1sh3r3.

Key-Features of Airgeddon

Airgeddon has so much features for WiFi hacking. They are following:

Interface mode switcher (Monitor-Managed) keeping selection even on interface name changing.
DoS over wireless networks using different methods (mdk3, mdk4, aireplay-ng). “DoS Pursuit mode” available to avoid AP channel hopping (available also on DoS performed on Evil Twin attacks).
Full support for 2.4Ghz and 5Ghz bands.
Assisted WPA/WPA2 personal networks Handshake file and PMKID capturing
Cleaning and optimizing Handshake captured files.
Offline password decrypting on WPA/WPA2 captured files for personal networks (Handshakes and PMKIDs) using dictionary, bruteforce and rule based attacks with aircrack, crunch and hashcat tools. Enterprise networks captured password decrypting based on john the ripper, crunch, asleap and hashcat tools.
Evil Twin attacks (Rogue AP)
- Only Rogue/Fake AP mode to sniff using external sniffer (Hostapd + DHCP + DoS).
- Simple integrated sniffing (Hostapd + DHCP + DoS + Ettercap).
- Integrated sniffing, sslstrip2 (Hostapd + DHCP + DoS + Bettercap).
- Integrated sniffing, sslstrip2 and BeEF Browser Exploitation Framework (Hostapd + DHCP + DoS + Bettercap + BeEF).
- Captive portal with “DNS blackhole” to capture wifi passwords (Hostapd + DHCP + DoS + Dnsspoff + Lighttpd).
- Optional MAC spoofing for all Evil Twin attacks.
WPS features
- WPS scanning (wash). Self parameterization to avoid “bad fcs” problem.
- Custom PIN association (bully and reaver).
- Pixie Dust attacks (bully and reaver).
- Bruteforce PIN attacks (bully and reaver).
- Null PIN attack (reaver).
- Known WPS PINs attack (bully and reaver), based on online PIN database with auto-update.
- Integration of the most common PIN generation algorithms (ComputePIN, EasyBox, Arcadyan, etc.).
- Offline PIN generation and the possibility to search PIN results on database for a target.
- Parameterizable timeouts for all attacks.
Enterprise networks attacks
- Fake AP using “smooth” and “noisy” modes capturing enterprise hashes and plain passwords.
- Custom certificates creation.
WEP All-in-One attack (combining different techniques: Chop-Chop, Caffe Latte, ARP Replay, Hirte, Fragmentation, Fake association, etc.).
Compatibility with many Linux distributions (see Requirements section).
Easy targeting and selection in every section.
Drag and drop files on console window for entering file paths or autocomplete using tab key on every path input for easier use.
Dynamic screen resolution detection and windows auto-sizing for optimal viewing.
Controlled Exit. Cleaning tasks and temp files. Restoring nftables/iptables after an attack that require changes on them. Option to keep monitor mode if desired on exit.
Multilanguage support and autodetect OS language feature (see Supported Languages section).
Help hints in every zone/menu for easy use.
Auto-update. Script checks for newer version if possible.
Docker image for easy and quick container deployment. Use already built image on Docker Hub or build our own.
Http proxy auto detection for updates.
Wayland graphic system supported (not only X window system).
Tmux support for headless (systems without X window) environments.
Multiple configurable options based on fallback substitution variables options system which allow to configure many enhancements like enable/disable colors, 5Ghz band, auto updates, hint printing, etc.
Full compatibility with iptables and nftables with autodetection and possibility to force iptables by setting an option.
Available plugins system to let the community create their own content in an easy and flexible way using the created function hooking system. More info at Plugins System section.

Installing Airgeddon on Kali Linux

We can install airgeddon from it’s GitHub repository by cloning/downloading the repository. But in Kali Linux 2021.1 update this tool is added to Kali Linux repository. We can install it by simply using apt-get install command from any version of Kali Linux:

sudo apt-get install airgeddon

This command will install airgeddon on our Kali Linux system. The above command will prompt for root password and disk space permissions. After that this airgeddon and it’s essential requirements will be installed.

Airgeddon also requires some additional tools to use all it’s features. To install them all on our Kali Linux we use following one liner command:

sudo apt install bettercap isc-dhcp-server hostapd hostapd-wpe udhcpd mdk4 hcxdumptool lighttpd hcxtools -y

Now we can use airgeddon on our system.

Requirements for Airgeddon

WiFi networks for testing.
WiFi adapter that supports monitor mode & packet injection [List].

Using Airgeddon on Kali Linux

Now we can run following command to run airgeddon on our Kali Linux system.

sudo airgeddon

Then airgeddon will open in front of us as shown in the following screenshot:

After it will ask to check for all the tools installed or not, we need to press ↵ Enter to continue.

In the above screenshot we can see that we have all the tools. Now we plugin our external USB WiFi adapter that supports monitor mode and packet injection. Then we again need to press ↵ Enter again to continue.

Here we can see the list of interfaces on our system, as the following screenshot.

In our case our wlan1 interface supports monitor mode and packet injections, so we press 5 and hit ↵ Enter. This will tell airgeddon that we are going to work with that interface.

After that we got the main menu of airgeddon script.

Here at the top we can see our interface name and mode. The mode is ‘managed’ we need to change it to ‘monitor’ mode. Here everything is very clear and simple.

We can use option 2 to change the interface mode to monitor. We press 2 and ↵ Enter.

In the above screenshot we can see that our interface is changed from wlan1 to wan1mon and the mon is for monitor mode.

Now we can perform attacks using this script. For example here we demonstrate handshake capturing and evil-twin attacks using airgeddon on Kali Linux.

Capture and Crack Handshake File using Airgeddon

For an example first we capture handshake of a wireless network. Now what is handshake file? We know if we previously used a WiFi network using password and the password isn’t changed then we can easily connect to the network because of the handshake file. This file stores the password with encryption.

To perform handshake capture attack we enter in the handshake tools menu by pressing 5 and ↵ Enter. Then the handshake menu comes in front of us as the following screenshot.

Here the option number 6 is for capture the WiFi handshake. So we press 6 and hit ↵ Enter.

We did not choose any network, so airgeddon is redirect us to select a target WiFi network. We need to press ↵ Enter to continue.

Here we explore for target WiFi network. We can start the attack by pressing ↵ Enter, when we think we have found our target network we can press CRL+C to stop searching.

Here we can see that a another window is opened to search for networks. We can see that we have only target. So we can stop the search by pressing CTRL+C. Then it will show the list of targets.

As we told, we have only one WiFi network (we live in a remote area). That’s why airgeddon automatically select this. Otherwise we need to select the number of the WiFi network to select it.

We press ↵ Enter to continue.

Now airgeddon got a valid target it it asks to continue the handshake capture. We again press ↵ Enter to continue.

Then airgeddon again prompts for the methods to capture the handshake file, as we can see in the following screenshot.

For an example we choose the deauth attack (No. 1). So we choose number 1 and press ↵ Enter.

Here we need to type of the value in seconds. We can simply press ↵ Enter to left it on it’s default value, which is 20. Then it show us some advises as we can see in the following screenshot:

before starting the handshake capturing on airgeddon

We can see in the above screenshot that the tool is going to capture the handshake. It also advice us to not close the windows manually during handshake capturing. We will know when airgeddon capture the handshake file. We need to press ↵ Enter to continue.

Then we can see some terminal window is opened in front of us in the following screenshot. We should not close them.

To clear some things here airgeddon sending de-authentication packets to the network, then all the WiFi users will disconnect for some seconds for the flood. Whenever the devices trying to connect back the WiFi network airgeddon will capture the handshake file.

After successfully capturing the handshake file these will close automatically, and show us a congratulations message. It also asks where we want to save our handshake file. The default is under /root/handshake**.cap as we can see in the following screenshot.

airgeddon successfully captured handshake file

Here also we goes with the default by just pressing ↵ Enter. Then the handshake file is stored successfully on the root folder. Handshake capturing is complete now. We can press ↵ Enter again to back in the menu.

We can press 0 and ↵ Enter to return to the main menu.

Our captured handshake file is stored on /root/ directory. We can see it by opening our thunar file manager with root permission (sudo thunar).

We can crack the handshake file in various way. We can use airgeddons menu Airgeddon > Offline WPA/WPA2 decrypt menu > Personal > (aircrack + crunch) Bruteforce attack against Handshake/PMKID capture file. We also can use aircrack-ng or some other brute-forcing tool. There are also some online tools are available.

Evil Twin Attack using Airgeddon

We can do a lot of attacks using airgeddon. Evil twin is one of them. In this attack we create a copy of our target access point and whenever the user of the access point try to connect with our fake access point with their access point’s password we got it. But why they do it?

Because we continuously send de-authentication packets to the target access point (AP), so that the user will not able to connect with the original AP, and got trapped.

First of all we set the mode to monitor. Then we choose ‘Evil Twin attacks menu’ by pressing 7 and ↵ Enter.

Here we need to explore for the target by typing 4 as we did in the previous attack. We got auto-selected because we have only one target nearby.

Then we click ↵ Enter to continue. We get back to the ‘Evil Twin attacks menu’. Here we choose 9 for captive portal attack.

Now here we choose option 2 for ‘Deauth aireplay attack’.

Airgeddon will ask us some question. First it will ask that if we want to integrate “DoS pursuit mode”. The default is N for no, we also know that our AP will not change the channel in this case, so we press ↵ Enter to keep it default. Then it will ask if we want to spoof our mac address. We also goes with default (that is N).

Now airgeddon will ask us that have we captured the handshake of this access point. In our above attack we had captured it. So we choose Y for yes. Then it will prompt for the location of the handshake file, and we provide it, as we can see in the following screenshot:

Then it asks the location where the saved password will stay in a text file. Default location is under /root/ directory. We again goes with the default by just pressing ↵ Enter.

We can see in the above screenshot that our path is valid and we can move forward by pressing ↵ Enter.

In the next step airgeddon will create a phishing page and asks us for it’s language, as we can see in the following screenshot:

Here we choose 1 to select English, and press ↵ Enter.

Now airgeddon is ready to run the attack. All parameters and requirements are set. The attack is going to start. Multiple windows will be opened, don’t close anyone. When we want to stop the attack press ↵ Enter on this window and the script will automatically close them all.

We can see lots of terminals here for various works like de-authentication, control, DNS, Web Server etc.

Now we can see on our mobile device that we are not connected to our locked main WiFi access point and there are another access point with same name, in the following screenshot:

Whenever we connect to the other network. It automatically redirect to log in, as shown in the following screenshot:

Now here if our target use the password it will show the user that it was correct password.

We get it on our txt file on root directory. It also shown in the control terminal window. We need to keep the terminal windows open until the user did not put his password on the login screen. Hope target is not sleeping.

Here in this evil twin attack we are using the handshake file to check the password is correct or not. If they put the wrong password then it will notice it. Isn’t is amazing?

Airgeddon will detect the wrong password

There are many types of attacks we can perform using airgeddon against a wireless network. Here we discuss about only two type because everything is very easy here. We just need to select the options only, everything will be done by the script automatically.

This is how we can install and use Airgeddon on Kali Linux. This is a very easy but powerful tool for WiFi auditing.

Airgeddon is specially designed for Linux. Airgeddon did not compatible on MacOS/OSX, because Aircrack suite does not support airodump and aireplay for OSX/MacOS, and iwconfig does not exist in OSX/MacOS.

Airgeddon is not working with any Linux distribution run under Windows subsystem (WSL). Airgeddon also didn’t support native OpenBSD and FreeBSD, iwconfig command not working there and ifconfig shows different output.

Warning:- Attacking other’s network or WiFi is not legal. We publish this article for educational purpose and tested things on our own devices. If anyone attacks on others devices then we and the tool creator will not be responsible for that.

Unicornscan — Total Guide for Beginner

CyberSecurity Updates, Kali Linux / By CyberArk

There are lots of scanning tools used by cybersecurity professionals. Not arguably Nmap is the most famous scanning tool, but it is very slow. There are lots of more useful scanners. Masscan is the fastest port scanner in the world, but masscan is not so accurate.

If we need a enough fast scanner that gives us much reliable result we can choose Unicornscan. Unicornscan comes pre-installed with Kali Linux.

Unicornscan is a asynchronous based scanner (unlike nmap is synchronous based). That’s why it is faster.

Unicornscan was designed to provide an engine that is Scalable, Accurate, Flexible, and Efficient. It is released for the community to use under the terms of the GPL license.

Key-Features of Unicornscan

Unicornscan is an attempt at a User-land Distributed TCP/IP stack. It is intended to provide a researcher a superior interface for introducing a stimulus into and measuring a response from a TCP/IP enabled device or network. Although it currently has hundreds of individual features, a main set of abilities include:

Asynchronous stateless TCP scanning with all variations of TCP Flags.
Asynchronous stateless TCP banner grabbing
Asynchronous protocol specific UDP Scanning (sending enough of a signature to elicit a response).
Active and Passive remote OS, application, and component identification by analyzing responses.
PCAP file logging and filtering.
Relational database output.
Custom module support.
Customized data-set views.
Has its TCP/IP stack, a distinguishing feature that sets it apart from other port scannersHas its TCP/IP stack, a distinguishing feature that sets it apart from other port scanners.

Scanning With Unicornscan

While Unicornscan comes built into Kali Linux we don’t need to install it. If if we need to install it we can use following command:

sudo apt-get install unicornscan

First we start with basic scan. To perform a basic scan we can use following command:

sudo unicornscan 192.168.112.57

The output of the command shows in the following screenshot:

Here we have run unicoenscan on a Metspliotable2 machine and we can see that the normal scan has listed all the opened TCP ports of host machine. It’s kind of similar to -Ss scan in NMap.

If we need to run basic scan using unicornscan on multiple hosts then we can run following command:

sudo unicornscan 192.168.112.57 192.168.102.100

In this case we run the scan cammand and put 2 hosts divided with ‘space’.

We also can run it against live websites, here we want that unicornscan send 30 packets per second, so we use -r30 flag. We also look for TCP ports so we can run the scan using -mT scan (T is for TCP). So the command will be following:

sudo unicornscan -r30 -mT adaptercart.com

And we got the result as we want. As we can see in the following screenshot:

In the above screenshot we can see that unicornscan scans the website’s TCP ports.

We have seen that unicornscan scans the TCP ports using -mT flag, but if we want to scan UDP ports then we can try with -mU flag. Mind the similarities then it will be easy to remember. The command will be as following:

sudo unicornscan -r300 -mU 192.168.112.57

The screenshot is following:

In the above screenshot we can see that we got UDP ports only from the hosts.

We can save the scan result in a PCAP file using following command:

sudo unicornscan -r300 -mU 192.168.112.57 -w udpports.pcap

Using the above command (-w flag) we can save the scan result in a PCAP file. We can choose any name, for an example we have chosen “udpports”. The file will be saved on our home/user directory, as we can see in the following screenshot:

This the the basic uses of Unicornscan. If we want to learn more advanced scans then we can see the help menu of Unicornscan by applying following command:

sudo unicornscan -h

This is how we can scan a host or a website using Unicornscan on our Kali Linux system.

Love our super easy articles ? Don’t wanna miss new articles? We post updates of our articles on GitHub and Twitter. Make sure to follow us there to read and learn about cybersecurity.

Have any problem or any question? Please don’t hesitate to ask us in the comment section. We read every comments and we always reply.

How to Install Golang in Linux [New 2023 Method]

CyberSecurity Updates, Kali Linux / By CyberArk

Golang or Go is a new generation programming language many new tools like Modlishka, Gobuster and more comes written in Golang. Now Golang didn’t comes pre-installed with our Kali Linux machine. In this detailed article we learn how to install Golang in Kali Linux in 2020.

There is two ways to install Golang in Linux system.

From the Repository (If Go available in repo).
Manual Install (Works always) .

Installing Golang from repository

Previously we need to install Golang manually but now Golang is on Kali Linux’s repository to install it we need to run following command:

sudo apt-get install -y golang

The installation process will took some time depending on internet speed and processing power of our machine.

Installing Golang from repository

Configure

After the installation process is done we need to configure a little bit in our .bashrc file. We open the .bashrc file by using following command:

sudo mousepad ~/.bashrc

Then we paste these following paths at the end of .bashrc file

# Golang paths in bashrc
export GOROOT=/usr/local/go
export GOPATH=$HOME/go
export PATH=$GOPATH/bin:$GOROOT/bin:$PATH

Then we save and close .bashrc file. Then we reload and update the .bashrc by using following command:

source .bashrc

Checking Installation

Now we are ready to go. To check if it is everything working perfectly or not we should crate a “hello world” file in go language and run it.

sudo mousepad helloworld.go

Then we add the following code into the file:

package main

import "fmt"

func main() {

fmt.Printf("Hello world!n")

Then we save the file and run it by using following command:

go run helloworld.go

If everything is alright then we got a ‘Hello World!’ output.

Installing Golang manually

If there is any problem to install it from the repository we can install it from manually.

First we open a browser and go to the official download page of Golang to download it:

Download Golang from official website

Then we click in the Linux download as shown in above screenshot to start the download process. The download is almost 120 MB.

The compressed file of Golang will be downloaded to our Downloads folder. We open a terminal window, and to navigate to Downloads folder we use following command:

cd Downloads

Then we type following command to extracts the files:

tar -C /usr/local/ -xzf go*.tar.gz

Above command will extract the Golang in our /usr/local directory.

Configuring Golang

We need to add variables for Golang by modifying the ~/.bashrc file.

First we open the file on our mousepad text editor by using following command:

sudo mousepad ~/.bashrc

Then we paste these following paths at the end of .bashrc file

# Golang paths in bashrc
export GOROOT=/usr/local/go
export GOPATH=$HOME/go
export PATH=$GOPATH/bin:$GOROOT/bin:$PATH

Then we save and close .bashrc file. Then we reload and update the .bashrc by using following command:

source ~/.bashrc

Then we can check the installation is correct or not as the process mentioned above (try the same helloworld.go).

In the above described ways we can install Golang manually and from the repository. This now looks so essential because some grate cyber security weapons are available in Golang.

Enjoyed our articles ? Make sure to follow us on Twitter and GitHub, we post article updates there. To join our KaliLinuxInfamily, join our Telegram Group. We are trying to build a community for Linux and Cybersecurity. For anything we always happy to help everyone on the comment section. As we know our comment section is always open to everyone. We read each and every comment and we always reply.

GSM Signal Tapping using RTL-SDR

CyberSecurity Updates, Kali Linux / By CyberArk

In our previous articles we learnt the basics of RTL-SDR and Created our own airplane radar using RTL-SDR using our Kali Linux system. So in this article we are not going to cover the basics again. Please make sure to read our previous articles carefully. One more thing, buying RTL-SDR from our Amazon link will support us, we earn a little commission income.

In our this detailed article we are going to discuss about scanning and analyzing GSM traffic using our RTL-SDR on Kali Linux with the help of kalibrate-rtl tool. This tool can scan for GSM based stations in a frequency band.

Scanning for GSM Signals

As we told we are going to use kalibrate-rtl or kal tool to scan GSM traffic. So we need to install it on our system. We can easily install it on our Kali Linux by applying following command:

sudo apt install kalibrate-rtl -y

In the following screenshot we can see the output:

kalibrate-rtl tool installed on our Kali Linux system

kalibrate-rtl is already installed on our Kali Linux system

Most of the countries use GSM900 band, but in USA it’s GSM850. We are scanning for GSM900 band, our USA friends need to use GSM850 in the place of GSM900.

We need to plugin our RTL-SDR with antenna at first, Then to scan GSM900 traffic we run following command on our terminal:

kal -s GSM900 -g 40

The following screenshot shows the output of the above command:

In the above screenshot we can see that there are many channels, but we need to note the frequencies, in our case we are going to use 953.4MHz.

Now we open GQRX tool and enter the frequency in the Receiver Options window, shown in the following screenshot:

We can see the waterfall that the device is able to catch the signals perfectly.

Analyzing GSM Packets

Now we need to install gr-gsm tool by using following command:

sudo apt install gr-gsm -y

We can see the output in the following screenshot:

This gr-gsm tool will help us to look the data at the packet level. After the installation process is done, we need to run following command to start the monitoring packets:

grgsm_livemon

Here a new window will open, we will change the frequency we are working with (we had noted the 935.4MHz while using kalibrate). As we can see in the following screenshot:

On the gr-gsm livemon window we can see the frequency and in the terminal window we can see the data traffic. Now we need to analyze the data packets using Wireshark. We leave this gr-gsm livemon terminal and window as it is capturing packets and open our Wireshark from application menu or from another terminal using wireshark command.

Here we need to select the interface. Our interface will be Loopback: lo by double clicking over it. Then we can see the packets on the Wireshark, as following screenshot:

We need to apply the display filter now. We need to add the filter gsmtap. Then we need to look on the packet Info tab for System Information Type 3.

Now we need to check the GSM CCCH > Location Area Identification (LAI). There we will get the information about the data packets. Shown in the following screenshot:

captured gsm traffic information using rtl-sdr and wireshark on Kali Linux

In the highlighted line we can see that the mobile network provider is BSNL and this packets are transmitting from West Bengal. This is how we analyze GSM signal and how GSM packets travel on our Kali Linux.

This is how we can analyze GSM packets using RTL-SDR on our Kali Linux system. We can’t say much for our ethical policy. Everything more than above can be misused. There are lots of good tutorials on GSM sniffing on the internet we just need to find out them, we just made an easy start. Our suggestion will be crazydanishhacker, he is far batter than us on this topic. He did well in his website and YouTube channel.

Love our articles? Make sure to follow us on Twitter and GitHub, we post article updates there. To join our KaliLinuxIn family, join our Telegram Group. We are trying to build a community for Linux and Cybersecurity. For anything we always happy to help everyone on the comment section. As we know our comment section is always open to everyone. We read each and every comment and we always reply.

Is your IoT device insecure? 10 most harmful cybersecurity threats to IoT devices

CyberSecurity Updates, Kali Linux / By CyberArk

As businesses globally are growing to meet the most immediate requirements of customers and provide them with best-in-class experiences that form impressions leading to increased brand loyalty.

To increase the accuracy and efficiency of operations and to avoid wastage, they are starting to integrate Internet of Things devices as part of their network infrastructure.

Earlier, IoT was an emerging technology, but today, it has become the most indispensable technology driving change in different industries across sectors. But the catch with these devices is that they are highly vulnerable to cyber attacks due to the low level of security that they come with.

Increased organizations are looking forward to investing in some form of IoT security for the same reason.

Through our blog, we will take a look into some of the most immediate attacks threatening IoT devices today.

But first, let us understand what IoT devices are.

What are IoT devices?

Internet of Things devices are devices used on a day-to-day basis. They comprise sensors, locks, payment kiosks, smart-accessories, and cameras. These devices are connected to external wireless networks or the internet. This external connectivity allows devices to track, monitor, and control assets. A typical IoT system must comprise a CPU, a system software, and in some cases, SIM cards are used to connect IoT devices to the network. IoT devices transmit data using Bluetooth, Wifi, or a data network. They accumulate, process and exchange a lot of data in the interconnected network without much security apart from the default password, making them highly vulnerable to cyber-attacks.

One research found that the growing use of IoT devices would result in a significant rise in the data that is generated. It was found that by 2025, over 73.1 zettabytes will be generated by IoT devices alone. That is a lot of data indeed and protecting all of that data would be a herculean challenge. And the question that remains is whether they are prepared for it.

Why are businesses utilizing IoT devices?

Businesses across multiple sectors are utilizing IoT devices for bolstering their efficiencies and providing new experiences to customers. From the usage of IoT for easy payments at the point of sale to using IoT devices for monitoring assets, IoT devices have become the means of increasing efficiencies across different verticals in businesses. A Forbes research found that over 58% of finance companies have adopted IoT devices for improving productivity and efficiency. It is reasonably clear that businesses today have become highly reliant on IoT devices.

Let us take a look at some of the real-world applications of IoT:

IoT in the industrial sector

IoT devices are used in the industrial sector for smoothening operations. It is used for industrial applications such as monitoring and tracking assets, quality control in production, remote production, and predictive maintenance.

IoT in the transport sector

In the transport sector, IoT devices are used for applications such as tracking goods carriers, measuring weight, and optimizing route plans by keeping track of temperature and conditions.

PoS devices

Retail stores, hotels, and restaurants are using hand-held IoT devices at their Point of Sale as a means to ease payment for providing new experiences to customers and obtaining key data on sales.

IoT in the healthcare sector

IoT is helping healthcare workers be it on the frontline or in the operating theater. IoT devices are made specifically to monitor heart rate, blood sugar, and the functioning of internal organs.

Why do IoT devices pose a major security risk?

After ransomware attacks, IoT attacks are the most threatening to the cybersecurity of organizations worldwide. According to Statista, over 33% of companies have concerns regarding IoT attacks and generally, 99% have concerns regarding IoT security due to reasons such as lack of skilled personnel and the ability to protect their most valuable data. IoT devices are purposely built for carrying out simple functions therefore they lack complex security.

Most IoT devices don’t even have a firewall or antivirus in place, making them highly exploitable by malicious actors. They act as a low-hanging fruit for bad actors due to their lack of complex security compared to advanced computers and systems. IoT devices are connected to wireless networks that are wide with a lot of vulnerable points that could be used as entry doors for bad actors to perpetrate attacks by spreading malware. This points towards the fact that IoT attacks are the most immediate risk to cybersecurity. Let us take a look at some of the most immediate threats to IoT devices.

Top 10 threats to IoT devices

DDoS attack

Times are changing and with it, cybercriminals are changing their ways as well. They are utilizing emerging technologies to maneuver an attack. Distributed Denial of Service is a sophisticated attack that modern-day attackers use where they attack a server with multiple IoT devices using botnet malware.

Brute force attack

Since the only line of defense for many IoT devices are the passwords, cyber attackers use brute force attack. A brute force attack is an attack where attackers use all the possible combinations of usernames, passwords, and email addresses to gain access to an account. They exploit the usage of weak credentials to gain access.

Ransomware attack

It is not wrong to assume that even IoT devices are not safe from the threat of ransomware attacks. Today’s sophisticated attackers block the functionality of IoT devices rendering massive disruptions in industrial operations in exchange for a ransom.

Eavesdropping

Cyber attackers these days bypass the security of IoT devices, corrupt their software with malware, and engage in espionage, eavesdropping through the video and audio servers of owners to steal sensitive data.

Botnets

In this, the attackers install malware into multiple IoT devices and create an army of dead IoT devices to clog the network with high traffic and spam with excess information. It is one of the most modern attacks affecting millions of organizational networks worldwide.

Espionage

Attackers exploit unencrypted telemetry information(data exchange in the form of video or audio) transmission to engage in espionage or hijack. They might steal data, stop the functioning of some devices or manipulate important personal or financial data.

Hardware tampering

IoT devices are also susceptible to being physically tampered by cybercriminals to perpetrate a targeted attack. They might manipulate their circuitry, ports, and chips and place stickers with default passwords, easing their bypass to breach networks without much effort.

Privilege Escalation Attack

If an IoT device’s operating system is not patched and updated regularly then it can be exploited by a malicious actor to gain complete access to admin control to engage in a full-blown attack.

Firmware Hijack

One of the most common cyber threats to IoT devices is the firmware hijack where the cyber attacker sends a malicious link disguised as a firmware update to the users. Once the user clicks on the link, the attacker gains access to the personal information input by the user or spreads malware to the network.

Malicious Node Injection

IoT devices use the FTP protocol to exchange data. Many nodes are connected on a network that exchanges data and in most cases these nodes are left unmonitored by experts. Cyber attackers infuse the nodes connected in a network with malicious scripts that could help them gain access to sensitive information.

Conclusion

Experts must spread increased awareness such that organizations don’t fall victim to IoT-based cyber threats. We have seen how IoT devices have grown from emerging technologies to becoming technologies that businesses have become dependent on. The absence of security measures in IoT devices has made them vulnerable to many threat actors who would exploit them for data theft or engaging in wide-scale attacks.

We have taken a closer look into the various cyber threats that endanger the cyber security of today’s IoT devices.

One way to defend against IoT attacks, is to augment your cybersecurity infrastructure and patch and upgrade the cybersecurity of IoT devices with experts in cybersecurity such as SharkStriker!

They have SOCs across the globe and a team that is online 24/7 for 365 days, you needn’t worry anymore about the cybersecurity posture of your organization’s IoT ecosystem.

Their services encompass the entire IT infrastructure of your organization, including all the IoT devices, cloud ecosystems and endpoints, servers, systems, and applications. They combine our human expertise with AI/ML-driven security solutions to deliver real-time monitoring, identification, and response to threats and vulnerabilities.

About Author :

Anurag Nair is a technical content writer at SharkStriker. He has a master’s degree in business and has authored technical content in multiple facets of cybersecurity & technology across industries. He possesses extensive industry experience in creating content with a specialty in blogs, articles, newsletters, and white paper content. When he is not creating content, you can find him reading books, writing, and playing video games.

Sources:

https://www.statista.com/statistics/993789/worldwide-internet-of-things-security-market-size/

https://www.forbes.com/sites/insights-inteliot/2018/08/24/how-iot-is-impacting-7-key-industries-today/?sh=1a993b561a84

https://www.idc.com/getdoc.jsp?containerId=prUS45213219

https://www.statista.com/statistics/1202640/internet-of-things-security-concerns/