Category Archives: Security

How To Protect Your PC From Hackers?

Computer viruses are rapidly growing in the World Wide Web as numerous hackers unleash them on internet in the hope of stealing private financial information. To protect yourself completely, it is important to have a set of tools hardware and software on your network and pc so that you can safeguard it from any possible virus, malware,worm, trojan threat.

Although hackers are hunting for unprotected networks and systems, the best antivirus software programs provide complete protection so that you don’t become one of the vulnerable…still! There is a lots then can be done…

To prevent your data from being compromised it is important to minimize the damaging effects by taking some compulsory measures to safeguard your system from online viruses. A Few tips to protect your system from viruses and spyware are mentioned below:

Use a Dynamic Firewall Protection: Download antivirus software in conjunction with an effective firewall that can successfully protect against hackers from breaking into your PC. A firewall filters information passed through internet to your network and prevents hackers from attacking your computer.

Best bet is to use a firewall embedded in a router . The best ones are to open source firmware ones on linux base. Constantly updated and full of configurations.

Software ones are ok , but you’ll need a copy on every pc,tablet and phone connected to your network.

Use WPA/ WPA2 Encryption: It is essential to use WPA or WPA2 encryption to protect against hackers from attacking your PC over a wireless network. Encrypted wireless transmissions are not impossible to break, although it takes considerable amount of time and effort for hackers to get information. The weaker your wireless network the less time would it take for a hacker to access your PC.

That mean a strong password.

Additionally set up you wireless router with a guest network , so your visitors are not going to connect on your main network with their , surely , less protected devices.

Open Attachments from Trusted Sources: Attachments that are from trusted and known sources can be opened, and everything else must be deleted immediately. Even though they are many types of file attachments that you may be curious about, it is best that you don’t compromise your PC safety by opening them if they are not from a trusted source.

This is an human thing , use an email service with a strong antivirus detection , do not skimp on that.

Still make sure you never click on weird attachment.

Install a sandbox system on your pc to test and check these attachment.

Maybe a Linux virtual machine!

Active Antivirus Program: Choosing an effective computer virus protection is essential as it gives guaranteed protection against malicious code and other harmful online virus threats. If you accidently download a virus infected file, your antivirus download will provide protection and quarantine the file.

Which antivirus the best…difficult they are all good and bad, even the Windows defender does work fine.

It all about prevention.

Following the above mentioned essential steps will help you to safeguard your PC and keep your private and confidential information safe. Stay vigilant and choose a dynamic antivirus program to safeguard your system.

Again use a crypted DNS server like cloudfare, check before you use them and check if the traffic is spied by them.

Use a VPN service for untrusted or in need of security sites( Northvpn served me well to the current day)

Keep you router password strong and keep your router updated.

With more following articles I’ll show some brands able to help you around.😎

However the weakest link in the chain is you with you curiosity and weakness in clicking on anything!😃

1 second click days of pain!😭

Good luck

How to Hack WiFi (Wireless) Network

Wireless networks are accessible to anyone within the router’s transmission radius. This makes them vulnerable to attacks. Hotspots are available in public places such as airports, restaurants, parks, etc.

In this tutorial, we will introduce you to common techniques used to exploit weaknesses in wireless network security implementations. We will also look at some of the countermeasures you can put in place to protect against such attacks.

Just follow the rabbit…link below

The best VPNs for Linux in 2018 (and the worst)

Ubuntu, Fedora, OpenSUSE, and Mint users often get the short end of the stick when it comes to software, and VPN services are no different. Let’s be honest: Linux users are low on the priority list for most companies and developers. That’s why we set out to find the best VPN providers who have taken the time to give Linux fans some attention.


Credit to

WhatsApp News hidden features

FACEBOOK OPTION (iOS, Android and Windows Phone).
You probably already knew that WhatsApp will add a Facebook option in its application.
The Facebook option was born in the 2.12.14 iOS version as hidden feature and it was available in the 2.12.15 (iOS version) if you reinstalled it (WhatsApp developers did this error), but nobody knew what it meant.
If you never saw this option and you don’t know it, you can see a screenshot here:
As you can read, the Facebook option should improve your Facebook experiences using your WhatsApp data, but chats and number will never shared on Facebook.
If you tried to disable it, you couldn’t enable it again.
WhatsApp developers discovered their error in 2.12.15 and they fixed it in 2.12.16, disabling that option.
Since 2.12.16, WhatsApp improved so much the Facebook option: new Facebook option does more things than old one.
After some investigation, I understood many things about that option:
• This option is very important for WhatsApp, because developers are hiding very well every reference about that.
• The security was a very important feature for WhatsApp, so they wrote a page in their website.
I saw some references and I understand that they will wrote a page for this news too. They usually write an article only for very great features, so the Facebook option should be very important for WhatsApp, probably to solve some users doubts about privacy.
• WhatsApp will update their Terms of Privacy and Service, to add more information.
NOTE: When new Terms will be available, the Facebook option will be available for all users too.
• When you will accept new Terms of Privacy and Service, you will have 30 days of time to change the value of your Facebook option.
You will be able to try how your Facebook experiences works, enabling that feature and you will be able to disable that option, but attention: you will be not able to change that option after the 30 days since you accept new WhatsApp terms, so you will have to do a good choise.
There aren’t references about the ETA of this feature, but it will be available soon, when new Terms of Privacy and Service will be available.
WhatsApp for Android 2.16.31 and WhatsApp for iOS support the NEW Facebook option too.
After many investigations in WhatsApp 2.12.14, 2.12.15 and 2.12.16 versions for iOS, I can affirm that WhatsApp is building a feature that allows users to clear their chats.
When the user will try to delete a chat, he will be able to choose a criteria for the cleaning.
At the moment, seems that the feature can allow to:
• Delete all messages older than 30 days. (iOS, Android, Windows Phone)
• Delete all messages older than 6 months. (iOS, Android, Windows Phone)
• Delete all messages, except starred ones. (iOS, Android, Windows Phone)
• Delete all messages that contain an URL. (iOS)
• Delete all messages, except docs and media files. (iOS)
• Delete all messages, except starred ones, docs and media files. (iOS)
• Delete everything.
• (NEW IN delete all messages of old group participants. (iOS)
Note that actually this feature is still disabled.
ALL HIDDEN FEATURES LIST (iOS, Android and Windows Phone).
WhatsApp developers added some features in their iOS application, but they are keeping them disabled.
These are disabled features:
01) Facebook option (iOS, Android and Windows Phone).
02) Custom deleting mesages feature (iOS, Android and Windows Phone).
03) Replies to specific messages: you will be able to directly reply to specific, like the app Telegram does:
WhatsApp developers added this in, but they are keeping it disabled.
Screenshots of iOS 6 version (thanks to @iMokhles):
Screenshots of iOS 7+ version (thanks to @SUP3RGIU):
Actually this is in iOS versions only, but recent WhatsApp beta for Android builds contain quoted messages feature (DISABLED/INCOMPLETE).
04) File Sharing: you will be able to share any file type. (iOS all, Android docs + zip).
The support is added in 2.12.16 iOS beta versions, but WhatsApp is keeping them disabled at the moment.
Using WhatsApp for Android, you will be able to send files of 100 MB (max), instead using WhatsApp for iOS you will be able to send files of 128 MB (max).
It’s possible that WhatsApp will allow the sharing of bigger files when the feature will be enabled.
I remember you that, thanks to some tests (@iMokhles), if you will share an image as File, WhatsApp will not compress it (GREAT!).
05) Incomplete videos backup: you will able to see if in your actual chat history iCloud Backup which videos aren’t backuped. (iOS)
06) Browser: you will be able to directly view links in WhatsApp thanks to the internal browser. (iOS)
07) iCloud keychain: with the in-app browser, WhatsApp added the iCloud keychain support to use your personal passwords that you saved in iCloud, if you enabled it in iCloud settings. (iOS)
08) FixedSys Font. (iOS) Screenshots:
09) New Profile section! Opening this section, you will see a QR code: this is your personal QR code that identifies your WhatsApp Account! (iOS).
If your friend will scan your QR code in WhatsApp > Settings > Profile > Scan Code, his WhatsApp will recognize your number and the app will add it in your friend’s address book.
Remember: keep private your QR Code and you should not publish it if you don’t want that your number will be public.
You can see screenshots about this feature here:
10) WhatsApp will finally add video calls!
First reports of video calls are in WhatsApp for iOS versions and you can see some screenshots here:
11) WhatsApp will allow you to send invite links to let your friends to join your group.
So, every group will have an invite link.
You will be able to revoke a group’s invite link and WhatsApp will generate another new link.
This feature should be the same that has Messenger app.
Actually the feature is in WhatsApp beta  for Android. When developers will add it in WhatsApp beta for iOS, I will unlock it for publishing screenshots.
But.. Will WhatsApp add usernames too? So this feature will have more sense, because it’s easier to manually add a friend: why should we send the link of a group if we can immediately add the friend into the group?
12) Multiple accounts.
I didn’t personally find this feature in WhatsApp beta for iOS versions, but a good developer (@iMokhles) leaked this news.
Multiple accounts should be available in future.
WhatsApp will allow to Blackberry users to export their chat history in an Android compatible format, so you will be able to import your WhatsApp for Blackberry chat history to Android versions!

WhatsApp will allow this because

  • they will be ending support Blackberry and Symbian platforms and they will give the possibility to users to keep their chat history.


Maybe they will allow this for Symbian users too.
Probably, for WhatsApp for iOS limitations, Blackberry exported chats will be not compatible with iOS if WhatsApp developers doesn’t add other cloud storages in their iOS application (for example Google Drive) because, actually, WhatsApp for iOS supports iCloud only and you cannot import other backups.
Follow this WhatsApp for iOS bot on Twitter: @WhatsAppBetaBot
Follow me on Twitter: @WABetaInfo.
Follow this Twitter account for changelogs of many other apps: @iOSAppChanges.

A lot’s of reasons NOT TO use Windows OS anymore

Microsoft is part of NSA’s mass surveillance program “PRISM”:

Microsoft informs the NSA about bugs before fixing them:

Microsoft openly offeres cloud data to support PRISM:

Microsoft has backdoored its disk encryption: ·

Windows snoops on the users’ files, text input, voice input,
location, contacts, calendar records and web browsing history,
even after related settings are turned off: · ·

A Traffic Analysis of Windows 10:

Keypoints: Windows 10 has a keylogger and uploads all your
keystrokes every 5 minutes. Everything you type in Edge or
Cortana is sent to Microsoft, along with any media files it
finds. When webcam is enabled, 35MB of data goes to Microsoft.
Even with Cortana disabled/uninstalled, Windows 10 sends all
microphone audio to Microsoft, when the computer is idle.

Windows 10 sends desktop screenshots straight to Microsoft:

Windows 10 scans for illegal/pirated software:

Microsoft proudly presents surveillance statistics:

> Over 82 billion photos viewed.
> Gamers spent over 4 billion hours playing PC games.
> 44.5 billion minutes/month spent in Microsoft Edge.
> Over 2.5 billion questions asked of Cortana since launch.
> Windows 10 now active on over 200 million devices.

P.S.: If you want a good, free and safe OS, install a GNU/Linux one. 😉
Look at

Thank you to for the post


SecurityXploded – the community division of XenArmor – is a popular Infosec Research & Development organization offering FREE Security Softwares, latest Research Articles and FREE Training on Reverse Engineering & Malware Analysis.

So far we have released 200+ FREE security softwares that has crossed over 10 Million Downloads worldwide. Most of these softwares have been listed and received top awards from leading download sites including Softpedia, BrotherSoft, Top4Download etc.

The Sword & Shield logo represents both the attack & defense side of ‘Computer Security’ where one has to be always armed to defend and protect against the threats from evil elements.


Founded in 2007, in just span of 8 years it has grown to become one of the unique and inspiring security portals on the net through its knowledge sharing work.


Secure, passwordless authentication using Blockchain technology

This is very interesting check the link above.

Web sites and applications shouldn’t have to rely on problematic identification methods such as usernames and passwords.

  • This is a human problem.
  • This is a customer support problem.
  • This is an industry problem.

Using 1Block for authentication purposes has many benefits.

  • supported by nearly all smart phones and browsers
  • simple registration and login process for end user
  • eliminates keyboard interaction
  • reduces phishing/malware risks
  • reduces need for 2nd factor auth
  • no need to remember, create or change passwords
  • services know only site-specific public addresses
  • no personal or sensitive information supplied with a login
  • each login is unique, no useful information to sniff

Classical password authentication is an insecure process that could be solved with public key cryptography. The problem, however, is that it theoretically offloads a lot of complexity and responsibility on the user. Managing private keys securely is complex. However this complexity is already being addressed in the Blockchain ecosystem. 1Block leverages these efforts and makes authentication a much simpler and safer process for the end user.

Your ID is never exposed outside of your device, and it is stored encrypted. There are no trusted third parties required (ie. DropBox.) Because of this secure design, changing passwords becomes a thing of the past. In the unfortunate event your ID is compromised, ID revoking and replacing is an easy and built-in feature.

1Block boils this technology down to an easy user experience, and also easy and flexible server implementations. 1Block can replace traditional password logins, or act as a secondary factor of authentication, or used for any implementation where secure proof of ownership is required. 1Block is free to use and open-source.

For protocol details see the protocol draft.

10 Worst Internet Security Mistakes



1) “password”

When you are choosing your passwords, what do you normally do? Do you optimize your passwords to the best security you can manage, or do you just type in “password” all of the time and let it be?
You should never pick a simple password, anyone wanting to get at your data will probably try out this list of commonly used passwords before resorting to anything more time-consuming. Even if you use the same password everywhere (which you shouldn’t), you need a strong password to protect your data. Change it now if you need to.

2) Using Public Networks without Protection.

While public networks such as those found in cafés, libraries, and airports might be incredibly convenient for you and help you stay in contact with people better while saving you money on your data plan, they can be incredibly dangerous to your online security and anyone with the right equipment (which isn’t expensive or hard to use) can take a look at what you are uploading or downloading (this includes financial data) if you are not prepared.

To be prepared, you will likely want to use a VPN, which will create a barrier of sorts around your connection and safely connect you to an outside server which will do your browsing for you and send you the data you need over that secure connection. This way no one will able to steal your data or know what you are doing.

3) Using Questionable Websites

This one doesn’t need much explanation. If a website is offering something that looks too good to be true, it is likely too good to be true. Also, make sure the website is as secure as possible, and don’t give your information to anything you aren’t 100% comfortable with.

4) Downloading Unknown Files

Whenever you download any file whatsoever, you should make sure exactly what you are getting. If you allow a file to be downloaded and activate on your computer then you are giving permission for that program to wreak havoc inside of your computer before you can possibly fix it. If you aren’t sure what it is, I can promise you that you don’t need it (or at least from that website).

5) Not Using an Internet Security Suite

This should go without saying, but you need internet security programs on your computer for it to function as a machine that connects to the internet for more than two months. A lot of people still don’t use them, and it usually leads to their ruin.

6) Not Checking and Clearing Cookies

Cookies and small programs or bits of information that are usually saved in your browser when you check a website or do something on it you want saved. Most of the time cookies are a good and useful thing that will save you time re-navigating pages you use often.
That all being said, sometimes cookies can be malicious and they might track your computer or take in data that you don’t want going anywhere. Every once in a while you should go into your browser’s options or settings (depends on the browser) and delete any cookies you don’t feel comfortable having on your computer.

7) Giving Out Too Much Personal Information

Maybe you need a strong public internet presence for one reason or another, but a lot of people don’t need to have everything out there for people to find when they are just using the internet for E-mail and Facebook. Try to figure out your own footprint on the internet and what people can find out about you if they look. Try to get rid of whatever you don’t want.

8) Neglecting to Update Your Computer

As incredibly annoying as those Windows security updates can be, forcing your computer to restart, they are usually there for a reason. If you are not updating often enough, you are vulnerable to whatever breach or loophole in the security that was patched up in the update (and that everyone knows about now that there was an update about it). Try to update any security related programs you have on your computer as soon as an update is available.

9) Failing to Keep Up to Date on Current Events

While this doesn’t mean that you need to have your head in the virtual tech newspapers every morning, you should try to stay abreast about whether any major websites are currently under attack or if there are any reports about a security leak which you might need to respond to. A quick glance over the major news sites and checking your email frequently should be enough to keep you informed.

10) Not Having a Backup Plan

Despite most people’s best efforts, sometimes there will be nothing you can do to prevent a security problem that will require your active attention. For this you should have a plan of what you are going to do and how you are going to quarantine the problem and keep your important information safe.

This means that you should try to have some backup drives in use and perhaps use a safe cloud storage program so you can restore everything you need to. Time will be of the essence, and you will not want to waste your time backing up your possible compromised files.

2016’s Biggest Phishing traps

Something to be aware in 2016.


Put them in your diary.


January – Samsung Galaxy S7 launch

27th Feb – 6 nations, rugby, England vs Ireland at Twickenham

Feb – to March –  6 nations continues

6 march –  Mother’s day

16th march – Chancellor delivers the budget

27th March – Easter

29th March – England vs Holland football friendly, Wembley

March – April – Microsoft Surface Book UK launch

21th April – The Queen 90’s Birthday

23th April – Saint George’s day

24th April – The London Maraton

2nd of May – Princess Charlotte’s 1st birthday

21st May – FA cup final 2016 Wembley

11th June – Trooping the colour London

10th June 10th July – Euro 2016 football tournament

27th June 10th July – Wimbledon Tennis Championship

22nd July – Prince George’s 3rd birthday

28th July – Microsoft ends free upgrade period for Windows 10 (Panic)

5th 21th August – Rio Olympics

7th 18th September – Rio Paraolympics

10th September – Last nights of the Proms , royal Albert Hall

September at some point – Iphone 7 launch (again)

8th November – US presidential election

13th November – Remembrance Sunday


Report Fraud and Cyber Crime here

Stop using difficult-to-guess passwords, UK’s spying agency GCHQ recommends

The British spying agency, found to have been conducting wholesale surveillance on UK citizens, has recommended that the public make their passwords less complex.

In a brand new document called ‘Password guidance: simplifying your approach’, the company gives a range of guidelines to keep consumers safe. That includes rolling back previous guidance “that complex passwords are ‘stronger’” — instead recommending that people simplify their approach.

The agency gives a range of hints to those working in IT as well as normal consumers.

Those include warning people to change their default passwords, to make sure that accounts can be locked out if they’re under attack and avoid storing passwords as plain text files that can be read by anyone.

Read more
GCHQ spying on British citizens was unlawful, secret court rules in shock decision
Privacy watchdog launches ‘Did GCHQ spy on you?’ campaign
UK government rewrites surveillance law to get away with hacking and allow cyber attacks

The agency also warns against the problems of “password overload”. That is what happens when people create too many complex and unmemorable passwords, which leads them to write them down or re-use them and so become unsafe.

Those complicated passwords are often the result of organisations imposing rules about the complexity of passwords — requiring that they are a certain length, for instance, or include special characters. But instead companies should just create more security rules, so that people can use their own, more simple passwords.

Those simple passwords might be made up of just three simple words, for instance. Or users could sign up for password managers — software that generates and then stores the passwords so that are both complex and never have to be remembered.

“Software password managers can help users by generating, storing and even inputting passwords when required,” the report says. “However, like any piece of security software, they are not impregnable and are an attractive target for attackers.”

That second sentence might be of note to people looking to use the password — GCHQ itself has been found to have been attacking security services used by British citizens, in an attempt to make it more easy to conduct its surveillance and spying operations.


What is Penetration Testing?… And Tools

What is Penetration Testing?

It’s the method of testing where the areas of weakness in software systems in terms of security are put to test to determine, if ‘weak-point’ is indeed one, that can be broken into or not.

Performed for: Websites/Servers/Networks

How is it performed?

Step #1. It starts with a list of Vulnerabilities/potential problem areas that would cause a security breach for the systems.
Step #2. If possible, this list of items has to be ranked in the order of priority/criticality
Step #3. Devise penetration tests that would work (attack your system) from both within the network and outside (externally) to determine if you can access data/network/server/website unauthorized.
Step #4. If the unauthorized access is possible, the system has to be corrected and the series of steps need to be re-run until the problem area is fixed.

Who performs Pen-testing?
Testers/ Network specialists/ Security Consultants

Note: it is important to note that pen-testing is not the same as vulnerability testing. The intention of vulnerability testing is just to identify potential problems, whereas pen-testing is to attach those problems.

Good news is, you do not have to start the process by yourself – you have a number of tools already in the market.  Why tools, you ask?

  • Even though you design the test on what to attack and how, you can leverage a lot of tools that are available in the market to hit the problem areas and collect data quickly that enables effective security analysis of the system.

Before we look into the details of the tools, what they do, where can you get them, etc. , I would like to point out that the tools you use for pen-testing can be classified into two kinds – In simple words they are: scanners and attackers. This is because; by definition pen-testing is exploiting the weak spots. So there are some software/tools that will show you the weak spots, some that show and attack. Literally speaking, the ‘show-ers’ are not pen-testing tools but they are inevitable for its success.

Top 20 Penetration Testing Tools

1) Metasploit 

Metasploit pentesting tool

This is the most advanced and popular Framework that can be used to for pen-testing. It is based on the concept of ‘exploit’ which is a code that can surpass the security measures and enter a certain system. If entered, it runs a ‘payload’, a code that performs operations on a target machine, thus creating the perfect framework for penetration testing.

It can be used on web applications, networks, servers etc. It has a command-line and a GUI clickable interface, works on Linux, Apple Mac OS X and Microsoft Windows. This is a commercial product, although there might be free limited trials available.

Download link: Metasploit Download

2) Wireshark

Wireshark logo

This is basically a network protocol analyzer –popular for providing the minutest details about your network protocols, packet information, decryption etc. It can be used on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many other systems. The information that is retrieved via this tool can be viewed through a GUI, or the TTY-mode TShark utility.  You can get your own free version of the tool from here.

Download link: Wireshark download

3) w3af


W3afis a Web Application Attack and Audit Framework.

Some of the features are: fast HTTP requests, integration of web and proxy servers into the code, injecting payloads into various kinds of HTTP requests etc.

It has a command-line interface, works on Linux, Apple Mac OS X and Microsoft Windows.
All versions are free of charge to download.

Download link: w3af download

4) CORE Impact

CORE Impact

CORE Impact Pro can be used to test mobile device penetration, network/network devise penetration, password identification and cracking, etc. It has a command-line and a GUI clickable interface, works Microsoft Windows. This is one of the expensive tools in this line and all the information can be found at below page.

Download link: CORE Impact download

5) Back Track – Now Kali

Back Track

Back Track works only on Linux Machines. The new version is called Kali Linux. This is one of the best tools available for Packet sniffing and injecting. An expertise in TCP/IP protocol and networking are key to succeed using this tool. For information and to download a free copy, visit below page.

Download link: Back Track download

6) Netsparker

Netsparker logo

Netsparker comes with a robust web application scanner that will identify vulnerabilities, suggest remedial action etc. This tool can also help exploit SQL injection and LFI (local file induction). It has a command-line and GUI interface, works only on Microsoft Windows. This is a commercial product, although there might be free limited trials available at below page.

Download link: Netsparker download

7) Nessus

Nessus logo

Nessus also is a scanner and one that needs to be watched out for. It is one of the most robust vulnerability identifier tools available. It specializes in compliance checks, Sensitive data searches, IPs scan, website scanning etc. and aids in finding the ‘weak-spots’. It works on most of the environments.

Download link: Nessus download

8) Burpsuite

Burpsuite logo

Burp suite is also essentially a scanner (with a limited “intruder” tool for attacks), although many security testing specialists swear that pen-testing without this tool is unimaginable. The tool is not free, but very cost effective. Take a look at it on below download page. It mainly works wonders with intercepting proxy, crawling content and functionality, web application scanning etc.  You can use this on Windows, Mac OS X and Linux environments.

Download link: Burp suite download

9) Cain & Abel

If cracking encrypted passwords or network keys is what you need, then Cain& Abel is the tool for you. It uses network sniffing, Dictionary, Brute-Force and Cryptanalysis attacks, cache uncovering and routing protocol analysis methods to achieve this. Check out information about this free to use tool at below page. This is exclusively for Microsoft operating systems.

Download link: Cain & Abel download

10) Zed Attack Proxy (ZAP)

Zed Attack Proxy logo

ZAP is a completely free to use, scanner and security vulnerability finder for web applications. ZAP includes Proxy intercepting aspects, variety of scanners, spiders etc. It works on most platforms and the more information can be obtained from below page.

Download link: ZAP download

11) Acunetix

Acunetix logo

Acunetix is essentially a web vulnerability scanner targeted at web applications. It provides SQL injection, cross site scripting testing, PCI compliance reports etc. along with identifying a multitude of vulnerabilities. While this is among the more ‘pricey’ tools, a limited time free trial version can be obtained at below page.

Download link: Acunetix download

12) John The Ripper

John The Ripper logo

Another password cracker in line is, John the Ripper. This tool works on most of the environments, although it’s primarily for UNIX systems. It is considered one of the fastest tools in this genre. Password hash code and strength-checking code are also made available to be integrated to your own software/code which I think is very unique. This tool comes in a pro and free form. Check out its site to obtain the software on this page.

Download link: John the Ripper download

13) Retina

Retina logo

As opposed to a certain application or a server, Retina targets the entire environment at a particular company/firm. It comes as a package called Retina Community. It is a commercial product and is more of a vulnerability management tool more than a pen-testing tool. It works on having scheduled assessments and presenting results. Check out more about this package at below page.

Download link: Retina download


14) Sqlmap

Sqlmap pen test logo

Sqlmap is again a good open source pen testing tool. This tool is mainly used for detecting and exploiting SQL injection issues in an application and hacking over of database servers. It comes with command-line interface. Platform: Linux, Apple Mac OS X and Microsoft Windows are supported platforms. All versions of this tool are free for download.

Download link: Sqlmap download

15) Canvas

Canvas pen test logo

Immunity’s CANVAS is a widely used tool that contains more than 400 exploits and multiple payload options. It renders itself useful for web applications, wireless systems, networks etc. It has a command-line and GUI interface, works on Linux, Apple Mac OS X and Microsoft Windows. It is not free of charge and can more information can be found at below page.

Download link: Canvas download

16) Social Engineer Toolkit

Social Engineer Toolkit logo

The Social-Engineer Toolkit (SET) is a unique tool in terms that the attacks are targeted at the human element than on the system element. It has features that let you send emails, java applets, etc containing the attack code. It goes without saying that this tool is to be used very carefully and only for ‘white-hat’ reasons.  It has a command-line interface, works on Linux, Apple Mac OS X and Microsoft Windows. It is open source and can be found at below page.

Download link: SET download

17) Sqlninja

Sqlninja penetration testing

Sqlninja, as the name indicates is all about taking over the DB server using SQL injection in any environment. This product by itself claims to be not so stable its popularity indicates how robust it is already with the DB related vulnerability exploitation. It has a command-line interface, works on Linux, Apple Mac OS X and not on Microsoft Windows. It is open source and can be found at this page.

Download link: Sqlninja download

18) Nmap

Nmap logo

“Network Mapper” though not necessarily a pen-testing tool, it is a must-have for the ethical hackers. This is a very popular tool that predominantly aids in understanding the characteristics of any target network. The characteristics can include: host, services, OS, packet filters/firewalls etc.  It works on most of the environments and is open sourced.

Download link: Nmap download

19) BeEF

BeEF pen testing tool

BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser- what this means is that, it takes advantage of the fact that an open web-browser is the window(or crack) into a target system and designs its attacks to go on from this point on . It has a GUI interface, works on Linux, Apple Mac OS X and Microsoft Windows. It is open source and can be found at this page.

Download link: BeEF download

20) Dradis

Dradis pen testing tool

Dradis is an open source framework (a web application) that helps with maintaining the information that can be shared among the participants of a pen-test. The information collected helps understand what is done and what needs to be done. It achieves this purpose by the means of plugins to read and collect data from network scanning tools, like Nmap, w3af, Nessus, Burp Suite, Nikto and many more.  It has a GUI interface, works on Linux, Apple Mac OS X and Microsoft Windows. It is open source and can be found at this page.

Download link: Dradis download


The above is a huge list of many tools but that is not all. There are many more Pen test tools that are gaining momentum in the recent times. They are:

21) Ettercap: A network and host analysis tool that provides sniffing and protocol dissection among other things. More info here.

22) Hydra: A password cracker – more details here.

23) Veracode: Works with the code development process to ensure security and minimize vulnerabilities at the source level. Check here.

24) SATAN: It stands for: Security Administrator Tool for Analyzing Networks. This tool is used on network hosts for collecting and reporting security/vulnerability related statistics. Download here.

25) SHODAN: It is a search engine that lets you search for computers/devices on the internet based on various parameters like city, country hostname, OS etc. Using the Shodan Exploits you can search for known vulnerabilities and exploits. Download here.

26) Aircrack-ng: Captures data packets and uses the same for recovery of 802.11 WEP and WPA-PSK keys. Download here.

27) Arachni: A Ruby framework that helps in analyzing web application security. It performs a meta analysis on the HTTP responses it receives during an audit process and presents various insights into how secure the application is. Download here.

28) PunkSPIDER(scanner powered by PunkSCAN): Security scanners and what is unique is that this tool performs a range of multiple scans at once on web applications thus surpassing the existing tools in the market. You can download the source code directly from Bitbucket at this page.

29) IBM AppScan:  As the name indicates this is a scanner that identifies problem areas and suggests remedial actions. Download here.

30) Nagios:  This is software when used will monitor the entire environment including servers, applications, network – the entire infrastructure and alert when a potential problem is detected. Download here.

31) Nikto:  A scanner that caters to web servers specially to detect outdated software configurations, invalid data and/or CGIs etc. Download here.

32) WebScarabNG: This tool use the http/https requests between the browser and the server to understand, capture and sometimes modify the parameters that are part of the communication between the two parties. Download here.

33) Maltego: This is a unique tool that focuses on showing/highlighting the relationships between people, sites, infrastructure etc. in order to identify inconsistent/incorrect connections. Download here.

34) IronWASP: A customizable scanner creator for web applications using python/ruby scripting. Download here.

35) HconSTF: Using this tool you can create your own web exploits, decoys that you can use to exploit vulnerabilities in the areas of passwords, databases, network etc. Download here.

36) OpenVAS: Stands for open vulnerabilities assessment system. Well, the name says it all. For more info, check here.

37) Secunia PSI: It is a personal software inspector that will keep your system secure when installed. Try it here.

We hope this piques your interest in the pen-testing field and provides you with the necessary information to get started. A word of caution: remember to wear your ‘White-hat’ because with great power comes great responsibility- and we don’t want to be the ones to misuse it.



Five free pen-testing tools

Security assessment and deep testing don’t require a big budget. Some of most effective security tools are free, and are commonly used by professional consultants, private industry and government security practitioners. Here are a few to start with.

For scanning in the first steps of a security assessment or pen test, Nmap and Nessus share the crown. Nmap is a simple, powerful and very well-reviewed scanner that one finds in the toolbox of any serious security consultant. Nmap and its Zenmap graphical interface are free and available at for virtually any platform from Vista and OS X to AmigaOS, and will happily run on low-power systems.

Nessus performs scans and up-to-date vulnerability testing in one interface, through a purchased “feed” of vulnerability modules for the freely downloadable application. A free but delayed noncommercial “home feed” of updates will continue to be available at after Tenable Inc. changes the Nessus license this coming July.

The Metasploit Framework provides more operating system and application exploit information than most analysts would know what to do with. Recently rewritten in Ruby with a graphical interface, it comes with several hundred common exploit modules in the basic download available at For testing Web applications specifically, the well-regarded Nikto has also undergone recent updates and is available at

Wireshark provides top-notch network protocol capture and analysis, and its filtering and search functions make a good noninvasive tool for beginners interested in TCP/IP. This high-quality successor to the long-running Ethereal tool is available for Windows, Linux and Mac. The “Buy” button at leads to a happy reminder that it’s free and open source.

KisMAC’s simple interface belies its powerful wireless assessment and penetration testing features. This OS X application is available at, where one can also find an active support community. Kismet, its more powerful but less friendly progenitor, is available at for Linux and Windows. There are active communities and numerous add-ons for each.

For more information, Fyodor, the author of Nmap, maintains a somewhat dated but good list at of the top hundred open-source and low-cost security tools other than Nmap.

Stop Sharing Folders Without a Password

If there’s one thing you should remember about sharing on the network securely, it is this: never turn off password protected sharing. Force all network users who want to access what you are sharing to use the Homegroup or a username and password. This way, if an unwanted guest has access to your network, your shared data is safe from prying eyes.


Also, when sharing something on the network, using the Sharing Wizard or other tools that were covered in the Windows Networking class, avoid sharing with the user ‘Everyone.’ This user means anyone with or without a user account on your computer. Folders shared with this user account are easily accessed by anyone on your network, including unwanted guests who may have received or obtained access.


If you want to have a secure experience as well as an easy way to share folders on your home network, it is best to use the Homegroup feature. With it, you can quickly share just about anything, and your shared resources are accessed only by computers that know the Homegroup password and that have joined the Homegroup. Unwanted guests are left in the dark, unless they crack the Homegroup password and join it as well.


5 Tips to Reduce Risk from Web Threats

1. Keep your systems patched and up to date.

Keeping systems fully up to date—including the operating system, web browsers, browser plugins, media players, PDF readers and other applications—can be a tedious, annoying and time-consuming ongoing task. Unfortunately, hackers are counting on most people to fall far short of what’s needed to keep their systems up to date.

2. Standardize your web software.

If you’ve just read point number 1, you’re probably still thinking that keeping systems fully patched and up to date is an onerous task. What makes this worse is if you don’t know what software is running on your network or you have a variety of individuals using different browsers, plugins and media players.

3. Secure your browsers.

You must familiarize yourself with the plethora of security, privacy and content settings that all browsers have in order to understand the tradeoffs. Some security settings will merely increase the level of prompting—annoying users without adding any tangible security—while others can be important to limiting exploits and threats.

4. Enforce a strong password policy.

The purpose of a password policy should be obvious: If you don’t want everyone to have access to something, you set up passwords to permit access only to authorized users. The purpose of an effective password policy is to keep passwords from being easily guessed or cracked by hackers. Despite this enormous vulnerability in every system, many organizations fail to take this threat seriously.

5. Use an effective web security solution.

A proper web security solution is a vital component of an overall strategy for safeguarding your organization from modern web threats. It will reduce your threat exposure by limiting users’ surfing activity to website categories relevant to their work, or at least help them avoid the dirty dozen categories (adult, gambling, etc.) that are a breeding ground for malware. It will also protect you from trusted sites that you visit daily that may become hijacked at any time to silently spread malware to unsuspecting visitors. Finally, it will also help protect your internet resources from abuse as a result of the exchange of illegal content or bandwidth-sapping streaming media.

Europeans most at risk from surge in Dyre malware attacks June2015

The Dyre malware campaign returned with nasty new features in the first three months of 2015 causing a spike in infections, Trend Micro has reported.

The company said that infections of the malware on computers rose 125 percent to around 9,000 in in the period from January to March.

Some 39 percent of the infections were in Europe, although North America was only just behind on 38 percent. Infections in Asia-Pacific were lower at 19 percent.

French web users were most at risk. Around 34 percent of all infections in the region were in the country, followed by Germany on 14.5 percent and Spain on nine percent. The UK was fourth with just under nine percent.

Trend Micro said that the malware variant is delivered through spam emails that use scare tactics about taxes, usually relating to VAT, to trick people into opening an attachment that contains the malware.

The new variant, labelled TSPY_DYRE.IK, is particularly nasty as it contains several new functions that allow it to bypass detection, including the ability to disable firewalls and network-related security tools.

Once installed it can carry out a variety of functions, such as man-in-the-middle attacks via browser injections, taking browser screenshots, and stealing personal security certificates and online banking credentials.

Trend Micro also said that the malware switches off Windows’ default anti-malware feature in a bid to make Dyre downloads easier, an example of just how cunning cyber criminals are becoming, according to Bharat Mistry, cyber security consultant at Trend Micro.

“As more users turn to internet banking, cyber criminals are focusing their attention on easy targets for the bigger payout,” he said.

“The quality of the applications and security controls on mobile platforms are still maturing and cyber criminals are seeing these as ‘easy pickings’.

“The criminals carrying out this latest string of attacks are using numerous sophisticated techniques. The resulting banking credentials theft is the focus and is ultimately what is used to illicitly transfer money from victims’ accounts.”

Trend Micro urged internet users to remain on their guard against emails relating to tax and other banking issues and to be wary of clicking on any attachments.

Dyre first hit the headlines last year when Salesforce warned customers that they were being targeted by the malware.

Apple Mac persistent rootkit malware june 2015

Symantec says a critical vulnerability within some Apple Mac models could allow hackers to inject systems with persistent rootkit malware.

The security firm confirmed the existence of the security flaw late on Thursday. The flaw, called the Apple Mac OS X EFI Firmware Security Vulnerability, was originally disclosed last week by security researcher Pedro Vilaca.

The problem lies within Mac sleep mode. After Macs awake from this low-power hibernation, a flawed suspend-resume implementation means that some Mac models’ flash protections are left unlocked.

In short, cyberattackers could, in theory, reflash the computer’s firmware in this time window and install Extensible Firmware Interface (EFI) rootkit malware.

This kind of virulent malware can be used to remotely control a system and potentially steal user data — and may not be eradicated even if a system wipe is set in motion.

While this attack is unlikely to impact on users en masse, it could be exploited in order to spy upon specific, targeted users with valuable data or accounts to share.

Symantec has confirmed the existence of the vulnerability and has rated the flaw as “critical” as it can provide “an attacker with persistent root access to a computer that may survive any disk wipe or operating system reinstallation,” according to the firm.

“The vulnerability could be remotely exploited by an attacker if used in conjunction with another exploit that provided root access,” Symantec says.

“While such vulnerabilities are not widespread, they do emerge from time to time. Once an attacker has root access, the only condition required for successful exploit is that the computer enter sleep mode.”

Vilaca claims the bug can be used with Safari or another remote vector to install an EFI rootkit without physical access, and the only requirement is that the computer is suspended within the session.

To date, Symantec has tested four different Mac computer models. The security firm found that the Mac Mini 5.1 and MacBook Pro 9.2 are vulnerable, whereas the MackBook Pro 11.3 and MacBook Air 6.2 are not affected. Vilaca’s tests verified the MacBook Pro Retina 10.1, MacBook Pro 8.2, MacBook Air 5.1 and Mac Pro 9.1 are vulnerable. All computers tested ran on Apple’s latest firmware versions. Vilaca commented:

“I’m pretty sure Apple is aware of the bug or at least it would be quite irresponsible from them to not test if their BIOS implementation was vulnerable to the Dark Jedi attack. I had no issues doing PoC tests with it but definitely needs other people to test it out (at least to find which other Macs are vulnerable).”

Until such a time when Apple issues a firmware patch to fix the security flaw, concerned users are advised to shut down their computers rather than put them in sleep mode.

Password Establishment Protocol

Network Working Group                                   Thomas Brownback
Request for Comments: xxxx                        Independent Researcher
Category: Experimental                                        Month YYYY
               Password Negotiation for Password Managers
   This document proposes a protocol that would enable a password
   manager (PM) to register or change a password with online
   services. The minimal user involvement would improve the usability of
   PMs, a current hurdle in more widespread adoption. Increased use of
   PMs would improve password management by reducing the frequency of
   common, simple, reused, or rarely changed passwords online,
   significant current vulnerabilities for the web.
Status of this Memo
   This document defines an Experimental Protocol for the Internet
   community. Discussion and suggestions for improvement are requested.
   Distribution of this memo is unlimited.
Copyright Notice
   This memo is public domain by declaration of the author.
Table of Contents
1.  Introduction
   Automated password negotiation between a password manager (PM) and an
   online account provider (OAP) would allow users to rapidly establish
   secure, unique passwords on many websites, improving password
   security on the Internet.
1.1. Password Security
   Password issues are a key source of insecurity on the Internet.
   a. Passwords must be complex to prevent attack. Passwords must also
   be memorable to allow reuse. Complexity and memorability are at odds.
   b. Password reuse also weakens passwords, and allows the compromise
   of one account to enable the compromise of others. Password reuse
   nonetheless remains common.
   c. Password managers tackle these problems by storing several unique
   complex passwords in one encrypted database under a single memorable
   and accompanying links on the explainxkcd page:
   “If you write an article about choosing passwords where password
   managers aren’t mentioned even once, you’re not helping anyone.”
   “Users should not be choosing passwords.”
   d. People are bad at generating unique, complex passwords, especially
   when asked to memorize same for many sites online.
   e. Users rarely change passwords if not required to do so.
   f. Password constraints limit entropy and are often not transparent,
   leading to frustrating user experiences when passwords are rejected
   for containing forbidden characters or failing to contain required
   characters, even when a proposed password is high in entropy.
1.2. Password Manager Security and Usability
   PMs can improve password security.
   a. PMs aid in the generation of passwords. Although the generation
   of highly secure pseudo random strings remains an area of active
   study, machines currently outperform humans at this task by almost
   any measure.
   What Does Randomness Look Like? WIRED
   b. PMs can not only generate, but also serve as a “memory” for
   complex passwords.
   c. PMs generate and store unique passwords for each site, so the
   compromise of any one password does not necessarily provide useful
   information about passwords on other sites.
   d. Usability remains a hurdle to greater PM adoption.
“Now, I’m not going to make the picture rosier than it is. 1Password is
not the easiest software to use. Even more annoyingly, if you currently
have weak passwords, you need to change those to something very
difficult to guess, then store that login in the software. Doing this
over and over is quick, but a hassle. For my 15 key sites, it took 22
minutes of concerted effort to complete. For other semi-important sites,
I’m just dealing with them as I go. I add a couple a day, at most.”
   This password establishment protocol would improve the usability of
2. Specification of PM-PWD-NEG
   The establishment of a password on an online account provider (OAP)
   requires communication of password requirements and restrictions,
   a password to be securely transmitted, and a confirmation that the
   password was correctly set.
   Additional security considerations require that the password be
   communicated only in an encrypted channel, that responses from the
   OAP avoid leaking information about existing accounts or passwords,
   and that the exchange be resistant to replay attacks. Note that these
   considerations also apply to current password establishment
             PM                                               OAP
          ——–                                          ——–
           PM Hello and Authorization
           [username + existing password]
                          OAP Password Requirements and Restrictions
           Password Request
           [proposed new password]
   Unless otherwise noted, the decimal numbers appearing in packet-
   format diagrams represent the length of the corresponding field, in
   octets.  Where a given octet must take on a specific value, the
   syntax X’hhhh hhhh’ is used to denote the value of the octet in that
   field. When the word ‘Variable’ is used, it indicates that the
   corresponding field has a variable length defined either by an
   associated (one or two octet) length field, or by a data type field.
2.1. PM Hello and Authorization
   Transmission of a username and password has been handled before. (See
   RFC 1929 et. al.). Similar conventions are followed here.
           | VER | ULEN | USERNAME    | PLEN | PASSWORD    |
           | 1   |  1   | 1 to 255    |  1   | 1 to 255    |
   The VER field contains the current version of the protocol,
   which is currently X’0000 0001′. The ULEN field contains the length
   of the USERNAME field that follows. The USERNAME field contains the
   username. The PLEN field contains the length of the PASSWORD field
   that follows. The PASSWORD field contains the password associated
   with the given USERNAME.
   The server verifies the supplied UNAME and PASSWD, and if the
   information conforms to an existing account, replies with password
   requirements as indicated in the following section.
2.2. OAP Password Requirements
           | Allowed Character Sets  | FLEN | Forbidden Characters    |
           |           2             |  1   |   0 To 255              |
           |     Min Length          |     Max Length                 |
           |           1             |          1                     |
2.2.1. Allowed Character Sets
   The two octet field specifies sets of characters allowed for
   inclusion in a password by means of bit flags, using the following
   0. ASCII lowercase
   1. ASCII uppercase
   2. Digits [0-9]
   3. All ASCII
   4. Space
   5. Basic special characters (US keyboard layout number row) !@#$%^&*()
   6. Brackets ()[]{}<>
   7. Punctuation ,.?'”;:`~-
   8. Math -+*/=^.
   9. Bars /|_-
   10. High ANSI
   11. All UTF-8
   12-15. Reserved.
   The selection of categories is intended primarily to allow OAPs to
   specify allowed passwords as easily as possible.
   Note that some of these categories overlap. The union of all flagged
   categories should be permitted. X’0000 1001′ (All ASCII + ASCII
   lowercase), X’0000 1010′ (All ASCII + ASCII uppercase), and
   X’0000 1000′ (All ASCII) result in identical specifications.
   Comments are welcome on more useful categories here.
   No provision is provided for OAPs whose password systems fail to
   distinguish between upper and lower cases, because this can encourage
   a false sense of additional security.
2.2.2. FLEN
   This specifies the length of the Forbidden Characters field.
2.2.3. Forbidden Characters
   Forbidden characters are listed in this field using UTF-8 encoding.
   Comments are encouraged on whether or not this field is sufficient,
   or if other encoding schemes should be supported, or if a certain
   order should be recommended or required.
2.2.4. Min Length / Max Length
   The minimum and maximum permitted lengths of the password in
   Comments encouraged on whether or not this field should indicate
   length in characters, or length in bytes.
   Password lengths are most commonly referred to in terms of character
   lengths, despite protocol preference for bytes. Byte restrictions may
   require additional calculations by the PM for certain UTF-8
   passwords, but character-based limits may introduce complexities for
   OAP memory allocation.
   Byte length makes the rest of the protocol easier to standardize, so
   that is currently used, with the suspicion that character counts
   would be more useful.
2.3. Password Request
           | PLEN | PASSWORD    |
           |  1   | 1 to 255    |
   The PLEN field contains the length of the PASSWORD field that
   follows. The PASSWORD field contains the requested new password.
   Comments encouraged on whether it would be helpful to restate
   the associated username. It is currently assumed that repeating the
   username would be redundant, and might even allow confusing a
   poorly configured OAP into changing an account without authorization.
2.4. Success/Failure
           | SUCCESS |
           |    1    |
   Success indicated by X’0000 0000′. All other results indicate failure.
   Comments encouraged on what specific failure codes might be useful
   without leaking information. (ie, there will be no failure code for
   “username not found”. A failure code for insufficient length or use
   of forbidden character might be helpful for troubleshooting.)
3. Special Issues for Discussion:
3.1. Should PMs be allowed to set up new accounts?
   Current assumption is no, as automated account creation is disfavored
   online. OAPs often need to throttle account creation to prevent
   abuse, so an automated solution here would likely be frowned upon.
3.2. Should the PM be allowed to bypass the hello?
   Current assumption is no.
   The protocol could be simplified by having the initial communication
   consist of an authorization and new password request [username + old
   password + new password]. The OAP would simply reply with success or
   The PM could store password requirements, requesting them only if
   needed, or verifying for changes on failure.
   However, a PM that never or rarely verifies requirements would never
   or rarely detect when an OAP increased security by expanding the
   domain of allowed passwords. Lag in the full adoption of OAP security
   improvements, though it would be rare, is judged a more significant
   risk than the additional overhead of two small packets for this
   infrequent communication.
3.3. Should PMs be required to authorize in hello?
   Current assumption is yes.
   Password requirements for OAPs should be publicly available, to allow
   new users and security researchers to evaluate the security of
   existing OAP password systems before account creation. But this
   information can be provided to humans in a separate channel.
   Requiring initial authorization limits opportunities for mischief,
   such as use of this protocol in denial of service attacks.
   OAP should abort the protocol on failed authentication for this to be
   Like any authentication step, this allows an attacker to confirm the
   existence of a username password pair, and allows an opportunity for
   password guessing.
   For this reason, the protocol should be throttled by the OAP.
   Throttling specifics are considered out of scope here, given the
   many unique features of OAPs, but comments are welcomed if there is
   an appropriate way to address this in more detail.
3.3.1. Should authentication fail silently?
   Silent failure would allow the OAP to quickly drop unauthorized
   requests, but risks encouraging well intentioned but misconfigured
   PMs to bash an incorrect username+password pair against the OAP
   while assuming a network error.
3.4. How should encryption requirements be detailed?
   To ensure confidentiality, passwords MUST NOT be transmitted in
   plaintext. This protocol includes the communication of passwords, but
   it is beyond the scope of this protocol to specify underlying
   encryption mechanisms required.
   Comments encouraged on current best practices for binding the RFC of
   a protocol to lower layer encrypted channels.
3.5. Password Length
   Provisions for very long (up to 65535 Byte) passwords were briefly
   considered and fairly promptly rejected.
   A protocol should specify maximum field lengths to prevent overflows.
   Maximum lengths for passwords, however, are generally discouraged.
   This apparent contradiction can be easily resolved.
   When security researchers criticize maximum password lengths, it is
   typically a criticism of OAPs that sharply limit passwords to very
   small lengths. Six or ten character limits on passwords are not
   unheard of, and these lengths are not only easily cracked, but
   usually taken as an indication of other security problems (ie, that
   passwords are stored by the OAP in plaintext).
   Best practices in hashing passwords for storage should prevent the
   OAP from caring too much about password lengths.
   OAPs may reasonably require that authentication will not consume
   terabytes of bandwidth or significant resources for hashing when such
   resources are not providing any additional meaningful security.
   Users may only reasonably require password lengths long enough to
   resist feasible attacks.
   There is a wide field of possible password lengths that accomodate
   both considerations. A 255 Byte password would be impervious to
   cracking by a universe-sized computer before the heat-death of the
   universe. Such a password would also be significantly stronger than
   underlying encryption, making the password no longer the primary
   vector of attack.
   The current protocol assumes a maximum length of 255 bytes for any
   username or password field, a value which is currently assumed to
   err well on the side of caution and considered aggressively future
   proofed while conveniently allowing a one byte field to specify its
   exact length. Comments are encouraged if another value would be
   sufficient or preferable. Please note especially any OAPs that allow
   incredibly long usernames that would be strained by this restriction.
3.6. Password Requirements Specification
   Should the protocol develop a password requirements specification
   mini-language? Should the protocol allow regular expressions to
   describe which passwords are acceptable and unacceptable?
   Current form proposed for simplicity. Regular expressions or the
   development of a novel mini-language here would needlessly
   complicate this task. Comments on feasibility of using regular
   expressions or some specialized mini-language highly encouraged.
3.7. Complexity Requirements
   Some OAPs require passwords to conform to certain complexity
   requirements. These requirements are varied and specific. Some
   include: “must contain at least one character from at least x
   different character sets”, “must not contain a series of
   incremental digits”, or “must not contain common dictionary words”
   (using a dictionary that will never be provided).
   A good PM will automatically generate complex passwords, but may
   occasionally generate passwords violating some arbitrary complexity
   Such requirements are difficult or impossible to represent in a
   simple protocol field because there is no clear limit on what rules
   could be imposed on any given system.
   Therefore, it is probably preferable to simply allow such passwords
   to be rejected, and have the PM try again, rather than attempting to
   communicate complexity requirements in this protocol. Ideal best
   practices would discourage complexity requirements, or at least
   suspend such requirements for interactions with PMs.
   TODO: ref, “Password complexity rules more annoying, less effective
   than lengthy ones”, Casey Johnston, Ars Technica, June 28, 2013,
   (track down underlying 2011 study referenced there)
4. Acknowledgments
5. Normative References
6. Informative References
Cracking 160 character password unlikely before heat death of universe
with universe sized computer:
7. Security Considerations
TODO: TLS (or any future supplanting protocol) as a hard requirement for
PEP communications, see RFC 5246.
TODO: see RFC 3552
8. IANA Considerations
TODO: see RFC 2434. “No IANA Considerations” maybe?
TODO: RFC 793 for inspiration.
Appendix A.
Authors’ Addresses
   See also:
RFC 2629 on writing I-Ds and RFCs in XML. (dead?)

How To Make Your Own Sandbox: An Introduction to Virtualization Techniques

If you happened to write a big system software, you probably had to use some sort of virtual machine – it could be VMWare, Virtual PC or whatever. Have you ever asked yourself how those machines work? I’ve been excited by these wonderful technologies for quite a long time. They looked like a piece of magic to me. And the best approach to uncover the magic, to understand the details is to write a virtualization solution from a scratch. For now, I have my own virtualization solution – a sandboxing tool. It was a challenging task to accomplish. There were a lot of questions you have to answer while writing such a product, and there is a great deficiency of, say, Googlable answers to most of those questions. So, I would like to share my experience with the public. This is going to be a series of articles on virtualization.

Developing a virtual machine – is not a task for a novice programmer, so I assume you have experience in Windows programming and, in particular, have mastered these skills: you are good at C/C++ coding, have experience in Win32 API programming, have read some books on Windows Internals, such as one by Mark Russionovich, have some basic assembly knowledge. It would be a big advantage, if you have programmed kernel mode drivers for Windows, but, despite sandboxing solution requires some kernel mode code, I assume you have no or little experience in this area. I’ll uncover driver development themes in great detail in this tutorial.

Virtual machines could be divided into 2 big classes – a ‘hardcore’ virtual machine, which emulates hardware completely, such as VMWare, and a light-weight virtual machine, which, in contrast, emulates critical operating system actions, such as file system operations, operations on the Registry and some other OS primitives, such as mutexes. Some examples of such light-weight virtual machines include featherweight virtual machine, Sandboxie, and Cybergenic Shade. Featherweight Virtual Machine is an open source project, however it has some cons, such as a way it intercepts kernel mode calls. It uses hooking technique, which means that it modifies OS kernel code – something forbidden on x64 OSes starting from Vista. Such kind of patch causes Patch Guard, a special OS component to bring the OS to BSOD because these patches are now considered by Microsoft as malicious. So, FVM could be a good starting point to get a vision on virtualization as a whole, but not quite compatible with modern OSes. Most of the challenges arise when it comes to preserving compatibility with Patch Guard and we will look at them in detail in further articles. A lot of programmers invent techniques to bypass Patch Guard, but, in fact, such bypassing weakens OS, making it more vulnerable to legacy kernel mode infections which otherwise could not run on Patch Guarded OS. So our goal would be to preserve compatibility with Patch Guard instead of disabling or bypassing it. Our sandbox should add some armor to the OS making it more resistant to malware attacks, so it’s a crime to weaken it down on the other side, by disabling or bypassing Patch Guard. In this tutorial, we are going to focus on development of a light-weight virtualization solution. The main idea is to intercept OS requests to critical system operations and to redirect them to some sort of virtual storage, to dedicated folder, for file system operations, in particular. Say, some application, we want to emulate wants to modify a file named C:Myfile. We must make a copy of this file in virtual folder, say C:SandboxCMyfile, and redirect all the operations, an application performs on C:Myfile to its virtual “sibling” C:SandboxCMyfile. The same is done for registry operations and some other system mechanisms.

Let’s summarize what exactly it means to virtualize an operation. Let’s start with file systems virtualization. As you should already know, when an application wants to access a file, it first opens it. From Windows point of view, it calls a API such as CreateFile(). If a call was successful, it can now read from and write to the file. When work is done, file is to be closed with CloseHandle() API. So, we could intercept CreateFile(), modify its parameters such as a file name the program wants to open. By doing so, we would force an app to open a different file. But, it’s a bad idea to intercept exactly CreateFile() for several reasons: first, there are other ways an app could open the file. For example, it could do so by calling NtCreateFile(), a native API, which in fact is being called by CreateFile(). So, if we intercept NtCreateFile(), we will also intercept an upper CreateFile() because it will eventually call NtCreateFile(), and, will call us. But NtCreateFile() is also not the bottom one. So, where is the ‘lowest’ CreateFile() equivalent to be called by all applications willing to open/create the file? It is inside kernel mode code. All File systems operations are driven by File System Drivers. Windows supports so called file system filters, more specifically, minifilters, which are here for filtering file systems operations. So, by writing a minifilter driver, we could intercept all the file system operations we need. So this our first goal – to intercept file system operations from kernel mode – by writing a minifilter driver. By doing so, we could force an OS to open a completely different file, in our case, it will be a sibling, a copy of the original one. But, an attentive reader would have noticed that copying is a very resource-consuming operation, so there are some optimizations we should apply. First, we may check if a file is being opened for ReadOnly access or not. If so, there is no need to make a copy. As far as there will be no modifications to the file, an access to the original one could be provided. But, if there were some modifications to the file, since an app was virtualized, there could be a sandboxed copy of the file, created as a result of such modifications. So, in general, we should first check an existence of a sandboxed sibling of the file. And if it exists, an access to it should be provided. And only if there is no virtual sibling, we may disable virtualization for this particular create/open request, thus, giving access to the original file.

As you can see, we don’t to intercept reading or writing request – it is fairly enough to just intercept CreateFile() (OpenFile()) kernel mode equivalent to redirect all the work with the file to our virtual mode folder. But, virtualizing File System is not enough. We also should virtualize registry and some other OS primitives. But, for now, let’s just focus on File System virtualization. Possible SCAM

They send email asking to put advert on your blog, like a freelancer called John.


Now the company looks  american , without any history behind.


The email is sent from an adsl connection as below


IP:   [DNS] – [Tracert]
Name:  [Whois]
Country: HR – Croatia  Flag

They are using Windows 7 64bit with Mozilla firefox v 36



descr: Amis Telekom d.o.o.
descr: ADSL infrastructure subnets
country: HR
admin-c: AMHR-RIPE
tech-c: AMHR-RIPE
mnt-by: AMISHR-MNT
mnt-lower: AMISHR-MNT
mnt-routes: AMISHR-MNT
remarks: INFRA-AW
source: RIPE # Filtered

role: Amis Hrvatska RIPE Team
address: Amis Telekom d.o.o.
address: Bani 75
address: 10010 Zagreb
admin-c: MARI10-RIPE
tech-c: MARI10-RIPE
tech-c: MS34425-RIPE
tech-c: DM5228-RIPE
mnt-by: AMISHR-MNT
nic-hdl: AMHR-RIPE
source: RIPE # Filtered

% Information related to ‘’

descr: Amis Telekom d.o.o.
origin: AS29485
mnt-by: AMISHR-MNT
source: RIPE # Filtered

the location it’s as below and clearly isn’t legit.


LLT Consulting company – Possible SCAM!

Be careful on this ones.

You probally will receive an email like that:


My name is Josephine Bergson representing the advertising department of the LLT Consulting company. We are interested to place ads (banners), of your choice, on your websites.

Design and sizes can be seen on our website at
Depending on the banner size you choose we can pay up to $950.00/month.

If you are interested to become an advertising partner please let me hear from you.

Kind Regards,
Josephine Bergson

A scan will reveal the following

They use Java in a very strange way.


Trace route
Hop 06:
Hop 07:
Hop 08:
Hop 09:
Hop 10: —-standard broadband service — ergo a personal server
Hop 11: [Unknown] ———-ip dns transfer
Hop 12:
HTTP/1.1 200 OK
Server: nginx
Service TCP ports: 179
Service UDP ports: 88
Packet delay: 10
Discovery passes: 1
ICMP pinging for host discovery: Yes
Host discovery ICMP timeout: 2000
TCP banner grabbing timeout: 8000
UDP banner grabbing timeout: 8000
Service scan passes: 1
Hostname resolving passes: 1
Full connect TCP scanning for service scanning: No
Service scanning TCP timeout: 4000
Service scanning UDP timeout: 2000
TCP source port: 0
UDP source port: 0
Enable hostname lookup: Yes
Enable banner grabbing: Yes
Registrar: ENOM, INC. (why an american registrar?)
Sponsoring Registrar IANA ID: 48…?
Whois Server:
Referral URL:
Status: ok
Updated Date: 15-may-2014
Creation Date: 05-apr-2013
Expiration Date: 05-apr-2015….?

7 seven Worse stealth attacks in IT

Today’s most ingenious malware and hackers are just as stealthy and conniving. Here are some of the latest techniques of note that have piqued my interest as a security researcher and the lessons learned. Some stand on the shoulders of past malicious innovators, but all are very much in vogue today as ways to rip off even the savviest users.

Stealth attack No. 1: Fake wireless access points

No hack is easier to accomplish than a fake WAP (wireless access point). Anyone using a bit of software and a wireless network card can advertise their computer as an available WAP that is then connected to the real, legitimate WAP in a public location.

Think of all the times you — or your users — have gone to the local coffee shop, airport, or public gathering place and connected to the “free wireless” network. Hackers at Starbucks who call their fake WAP “Starbucks Wireless Network” or at the Atlanta airport call it “Atlanta Airport Free Wireless” have all sorts of people connecting to their computer in minutes. The hackers can then sniff unprotected data from the data streams sent between the unwitting victims and their intended remote hosts. You’d be surprised how much data, even passwords, are still sent in clear text.

The more nefarious hackers will ask their victims to create a new access account to use their WAP. These users will more than likely use a common log-on name or one of their email addresses, along with a password they use elsewhere. The WAP hacker can then try using the same log-on credentials on popular websites — Facebook, Twitter, Amazon, iTunes, and so on — and the victims will never know how it happened.

Lesson: You can’t trust public wireless access points. Always protect confidential information sent over a wireless network. Consider using a VPN connection, which protects all your communications, and don’t recycle passwords between public and private sites.

Stealth attack No. 2: Cookie theft

Browser cookies are a wonderful invention that preserves “state” when a user navigates a website. These little text files, sent to our machines by a website, help the website or service track us across our visit, or over multiple visits, enabling us to more easily purchase jeans, for example. What’s not to like?

Answer: When a hacker steals our cookies, and by virtue of doing so, becomes us — an increasingly frequent occurrence these days. Rather, they become authenticated to our websites as if they were us and had supplied a valid log-on name and password.

Sure, cookie theft has been around since the invention of the Web, but these days tools make the process as easy as click, click, click. Firesheep, for example, is a Firefox browser add-on that allows people to steal unprotected cookies from others. When used with a fake WAP or on a shared public network, cookie hijacking can be quite successful. Firesheep will show all the names and locations of the cookies it is finding, and with a simple click of the mouse, the hacker can take over the session (see the Codebutler blog for an example of how easy it is to use Firesheep).


Worse, hackers can now steal even SSL/TLS-protected cookies and sniff them out of thin air. In September 2011, an attack labeled “BEAST” by its creators proved that even SSL/TLS-protected cookies can be obtained. Further improvements and refinements this year, including the well-named CRIME, have made stealing and reusing encrypted cookies even easier.

With each released cookie attack, websites and application developers are told how to protect their users. Sometimes the answer is to use the latest crypto cipher; other times it is to disable some obscure feature that most people don’t use. The key is that all Web developers must use secure development techniques to reduce cookie theft. If your website hasn’t updated its encryption protection in a few years, you’re probably at risk.

Lessons: Even encrypted cookies can be stolen. Connect to websites that utilize secure development techniques and the latest crypto. Your HTTPS websites should be using the latest crypto, including TLS Version 1.2.

Stealth attack No. 3: File name tricks

Hackers have been using file name tricks to get us to execute malicious code since the beginning of malware. Early examples included naming the file something that would encourage unsuspecting victims to click on it (like AnnaKournikovaNudePics) and using multiple file extensions (such as AnnaKournikovaNudePics.Zip.exe). Until this day, Microsoft Windows and other operating systems readily hide “well known” file extensions, which will make AnnaKournikovaNudePics.Gif.Exe look like AnnaKournikovaNudePics.Gif.

Years ago, malware virus programs known as “twins,” “spawners,” or “companion viruses” relied on a little-known feature of Microsoft Windows/DOS, where even if you typed in the file name Start.exe, Windows would look for and, if found, execute instead. Companion viruses would look for all the .exe files on your hard drive, and create a virus with the same name as the EXE, but with the file extension .com. This has long since been fixed by Microsoft, but its discovery and exploitation by early hackers laid the groundwork for inventive ways to hide viruses that continue to evolve today.
Similar Articles

Critical Java updates fix 19 vulnerabilities, disable SSL 3.0
Oracle to fix 167 vulnerabilities, including serious backdoor-like flaw in…
software patch stock image
Gap between perception and reality of cyber threats widened in 2015

Among the more sophisticated file-renaming tricks currently employed is the use of Unicode characters that affect the output of the file name users are presented. For example, the Unicode character (U+202E), called the Right to Left Override, can fool many systems into displaying a file actually named AnnaKournikovaNudeavi.exe as AnnaKournikovaNudexe.avi.

Lesson: Whenever possible, make sure you know the real, complete name of any file before executing it.

Stealth attack No. 4: Location, location, location

Another interesting stealth trick that uses an operating system against itself is a file location trick known as “relative versus absolute.” In legacy versions of Windows (Windows XP, 2003, and earlier) and other early operating systems, if you typed in a file name and hit Enter, or if the operating system went looking for a file on your behalf, it would always start with your current folder or directory location first, before looking elsewhere. This behavior might seem efficient and harmless enough, but hackers and malware used it to their advantage.

For example, suppose you wanted to run the built-in, harmless Windows calculator (calc.exe). It’s easy enough (and often faster than using several mouse clicks) to open up a command prompt, type in calc.exe and hit Enter. But malware could create a malicious file called calc.exe and hide it in the current directory or your home folder; when you tried to execute calc.exe, it would run the bogus copy instead.

I loved this fault as a penetration tester. Often times, after I had broken into a computer and needed to elevate my privileges to Administrator, I would take an unpatched version of a known, previously vulnerable piece of software and place it in a temporary folder. Most of the time all I had to do was place a single vulnerable executable or DLL, while leaving the entire, previously installed patched program alone. I would type in the program executable’s filename in my temporary folder, and Windows would load my vulnerable, Trojan executable from my temporary folder instead of the more recently patched version. I loved it — I could exploit a fully patched system with a single bad file.

Linux, Unix, and BSD systems have had this problem fixed for more than a decade. Microsoft fixed the problem in 2006 with the releases of Windows Vista/2008, although the problem remains in legacy versions because of backward-compatibility issues. Microsoft has also been warning and teaching developers to use absolute (rather than relative) file/path names within their own programs for many years. Still, tens of thousands of legacy programs are vulnerable to location tricks. Hackers know this better than anyone.

Lesson: Use operating systems that enforce absolute directory and folder paths, and look for files in default system areas first.

Stealth attack No. 5: Hosts file redirect

Unbeknownst to most of today’s computer users is the existence of a DNS-related file named Hosts. Located under C:WindowsSystem32DriversEtc in Windows, the Hosts file can contain entries that link typed-in domain names to their corresponding IP addresses. The Hosts file was originally used by DNS as a way for hosts to locally resolve name-to-IP address lookups without having to contact DNS servers and perform recursive name resolution. For the most part, DNS functions just fine, and most people never interact with their Hosts file, though it’s there.

Hackers and malware love to write their own malicious entries to Hosts, so that when someone types in a popular domain name — say, — they are redirected to somewhere else more malicious. The malicious redirection often contains a near-perfect copy of the original desired website, so that the affected user is unaware of the switch.

This exploit is still in wide use today.

Lesson: If you can’t figure out why you’re being maliciously redirected, check out your Hosts file.

Stealth attack No. 6: Waterhole attacks

Waterhole attacks received their name from their ingenious methodology. In these attacks, hackers take advantage of the fact that their targeted victims often meet or work at a particular physical or virtual location. Then they “poison” that location to achieve malicious objectives.

For instance, most large companies have a local coffee shop, bar, or restaurant that is popular with company employees. Attackers will create fake WAPs in an attempt to get as many company credentials as possible. Or the attackers will maliciously modify a frequently visited website to do the same. Victims are often more relaxed and unsuspecting because the targeted location is a public or social portal.

Waterhole attacks became big news this year when several high-profile tech companies, including Apple, Facebook, and Microsoft, among others, were compromised because of popular application development websites their developers visited. The websites had been poisoned with malicious JavaScript redirects that installed malware (sometimes zero days) on the developers’ computers. The compromised developer workstations were then used to access the internal networks of the victim companies.

Lesson: Make sure your employees realize that popular “watering holes” are common hacker targets.

Stealth attack No. 7: Bait and switch

One of the most interesting ongoing hacker techniques is called bait and switch. Victims are told they are downloading or running one thing, and temporarily they are, but it is then switched out with a malicious item. Examples abound.

It is common for malware spreaders to buy advertising space on popular websites. The websites, when confirming the order, are shown a nonmalicious link or content. The website approves the advertisement and takes the money. The bad guy then switches the link or content with something more malicious. Often they will code the new malicious website to redirect viewers back to the original link or content if viewed by someone from an IP address belonging to the original approver. This complicates quick detection and take-down.

The most interesting bait-and-switch attacks I’ve seen as of late involve bad guys who create “free” content that can be downloaded and used by anyone. (Think administrative console or a visitor counter for the bottom of a Web page.) Often these free applets and elements contain a licensing clause that says to the effect, “May be freely reused as long as original link remains.” Unsuspecting users employ the content in good faith, leaving the original link untouched. Usually the original link will contain nothing but a graphics file emblem or something else trivial and small. Later, after the bogus element has been included in thousands of websites, the original malicious developer changes the harmless content for something more malicious (like a harmful JavaScript redirect).


Stealth fallout: Total loss of control
Hackers have been using stealth methods to hide their maliciousness since the beginning days of malware. Heck, the first IBM-compatible PC virus, Pakistani Brain, from 1986, redirected inquiring eyes to a copy of the unmodified boot sector when viewed by disk editors.

When a hacker modifies your system in a stealthy way, it isn’t your system anymore — it belongs to the hackers. The only defenses against stealth attacks are the same defenses recommended for everything (good patching, don’t run untrusted executables, and so on), but it helps to know that if you suspect you’ve been compromised, your initial forensic investigations may be circumvented and fought against by the more innovative malware out there. What you think is a clean system and what really is a clean system may all be controlled by the wily hacker.

Splash Data report on Bad Passwords

While a lot of attention is given to high profile account breaches, the truth is many passwords are next to useless because of their simplicity.

Each year, SplashData releases its list of the worst passwords. Many atop the latest list are repeat offenders, such as the top two, “123456” and “password,” which were also atop the prior year’s list.

Two new passwords in the top 10 are “696969” and “batman.” Evidently those looking for an easy-to-remember password were feeling less affectionate in 2014, as “iloveyou” fell off the list.

Sports teams, popular children’s names and curse words are all well represented in the list of the 100 most common passwords, as are sequential keys on the keyboard.

“The bad news from my research is that this year’s most commonly used passwords are pretty consistent with prior years,” said Mark Burnett, an online security expert and author of “Perfect Passwords,” who collaborated with SplashData on the list. “The good news is that it appears that more people are moving away from using these passwords. In 2014, the top 25 passwords represented about 2.2 percent of passwords exposed. While still frightening, that’s the lowest percentage of people using the most common passwords I have seen in recent studies.”

For those who need a little help, Microsoft has this tool to help create better passwords. Of course, the more important breakthrough will be when the tech industry finally does away with this flawed security approach.

Personally, I take my inspiration from this scene from “Spaceballs.”

Here are SplashData’s top 10 worst passwords:


SQL injection is a technique often used to attack data driven applications.

This is done by including portions of SQL statements in an entry field in an attempt to get the website to pass a newly formed rogue SQL command to the database (e.g., dump the database contents to the attacker).

SQL injection is a code injection technique that exploits a security vulnerability in an application’s software.

The vulnerability happens when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed.

SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.

‘ or 0=0 —

” or 0=0 —

or 0=0 —

‘ or ‘x’=’x

” or “x”=”x

‘) or (‘x’=’x

‘ or 1=1–

” or 1=1–

or 1=1–

‘ or a=a–

‘ or ‘a’=’a

” or “a”=”a

‘ or 0=0 #

” or 0=0 #

or 0=0 #


‘) or (‘a’=’a

“) or (“a”=”a

hi” or “a”=”a

hi” or 1=1 —

hi’ or 1=1 —

hi’ or ‘a’=’a

hi’) or (‘a’=’a

hi”) or (“a”=”a

(For Education Purpose Only).