Sunday, January 28, 2024

WHAT IS ETHICAL HACKING

What is ethical hacking?

Ethical hacking is identifying weakness in computer system and/or computer networks and coming with countermeasures that protect the weakness.

Ethical hackers must abide by the following rules-
1-Get written permission from the owner of the computer system and/or computer network before  hacking.
2-Protect the privacy of the organisation been hacked etc.

Ethical Hacking and Ethical Hacker are terms used to describe hacking performed by a company or individual to help identity potential threats on a computer or network.
 

An Ethical Hacker attempts to byepass system security and search for any weak point that could be exploited by Malicious Hackers.
Related news

How Do I Get Started With Bug Bounty ?

How do I get started with bug bounty hunting? How do I improve my skills?



These are some simple steps that every bug bounty hunter can use to get started and improve their skills:

Learn to make it; then break it!
A major chunk of the hacker's mindset consists of wanting to learn more. In order to really exploit issues and discover further potential vulnerabilities, hackers are encouraged to learn to build what they are targeting. By doing this, there is a greater likelihood that hacker will understand the component being targeted and where most issues appear. For example, when people ask me how to take over a sub-domain, I make sure they understand the Domain Name System (DNS) first and let them set up their own website to play around attempting to "claim" that domain.

Read books. Lots of books.
One way to get better is by reading fellow hunters' and hackers' write-ups. Follow /r/netsec and Twitter for fantastic write-ups ranging from a variety of security-related topics that will not only motivate you but help you improve. For a list of good books to read, please refer to "What books should I read?".

Join discussions and ask questions.
As you may be aware, the information security community is full of interesting discussions ranging from breaches to surveillance, and further. The bug bounty community consists of hunters, security analysts, and platform staff helping one and another get better at what they do. There are two very popular bug bounty forums: Bug Bounty Forum and Bug Bounty World.

Participate in open source projects; learn to code.
Go to https://github.com/explore or https://gitlab.com/explore/projects and pick a project to contribute to. By doing so you will improve your general coding and communication skills. On top of that, read https://learnpythonthehardway.org/ and https://linuxjourney.com/.

Help others. If you can teach it, you have mastered it.
Once you discover something new and believe others would benefit from learning about your discovery, publish a write-up about it. Not only will you help others, you will learn to really master the topic because you can actually explain it properly.

Smile when you get feedback and use it to your advantage.
The bug bounty community is full of people wanting to help others so do not be surprised if someone gives you some constructive feedback about your work. Learn from your mistakes and in doing so use it to your advantage. I have a little physical notebook where I keep track of the little things that I learnt during the day and the feedback that people gave me.


Learn to approach a target.
The first step when approaching a target is always going to be reconnaissance — preliminary gathering of information about the target. If the target is a web application, start by browsing around like a normal user and get to know the website's purpose. Then you can start enumerating endpoints such as sub-domains, ports and web paths.

A woodsman was once asked, "What would you do if you had just five minutes to chop down a tree?" He answered, "I would spend the first two and a half minutes sharpening my axe."
As you progress, you will start to notice patterns and find yourself refining your hunting methodology. You will probably also start automating a lot of the repetitive tasks.

More articles

Stop Using MD-5, Now!

TL;DR: Don't use MD-5 to identify malware samples. Believe me, it is a bad idea. Use SHA-256 or a stronger hash function.

This post is dedicated to all malware researchers, still using MD-5 to identify malware samples.

Before deep-diving into the details, let me explain my view on this topic. Whenever you want to identify a malware, it is only OK to publish the MD-5 hash of the malware if you post at least the SHA-256 hash of the malware as well. Publishing only the MD-5 hash is unprofessional. If you want to understand why, please continue reading. If you know about the problem, but want to help me spread the word, please link to my site www.stopusingmd5now.com.

By writing articles/posts/etc. and publishing the MD-5 hash only, it is the lesser problem that you show people your incompetency about hash functions, but you also teach other people to use MD-5. And it spreads like a disease... Last but not least, if I find a sample on your blog post, and you use MD-5 only, I can't be sure we have the same sample.

Here is a list to name a few bad examples (order is in Google search rank order):


Introduction to (cryptographic) hash functions

A long time ago (according to some sources since 1970) people started designing hash functions, for an awful lot of different reasons. It can be used for file integrity verification, password verification, pseudo-random generation, etc. But one of the most important properties of a cryptographic hash function is that it can "uniquely" identify a block of data with a small, fixed bit string. E.g., malware can be identified by using only the hash itself, so everybody who has the same malware sample will have the same hash; thus they can refer to the malware by the hash itself.

It is easy to conclude that there will always be collisions, where a different block of data has the same result hashes. The domain (block of data) is infinite, while the codomain (possible hash values) is finite. The question is how easy it is to find two different blocks of data, having the same hash. Mathematicians call this property "collision resistance." Proper cryptographic hash functions are collision-resistant, meaning it is impractical or impossible to find two different blocks of data, which have the same hash.

In 1989 Ronald Rivest (the first letter in the abbreviation of the RSA algorithm) designed the MD-2 hashing algorithm. Since 1997 there are publications about that this hashing algorithm is far from perfect.

In 1990 Ronald Rivest designed the MD-4 algorithm, which is considered as broken at least from 1991. But MD-4 is still in use from Windows XP until Windows 8 in the password protocol (NTLM). Unfortunately, there are more significant problems with NTLM besides using MD-4, but this can be the topic of a different blog post.

In 1991 (you might guess who) designed yet another hashing algorithm called MD-5, to replace MD-4  (because of the known weaknesses). But again, in from 1993 it has been shown many times that MD-5 is broken as well. According to Wikipedia, "On 18 March 2006, Klima published an algorithm [17] that can find a collision within one minute on a single notebook computer, using a method he calls tunneling". This means, that with the 8 years old computing power of a single notebook one can create two different files having the same MD-5 hash. But the algorithms to generate collisions have been improved since, and "a 2013 attack by Xie Tao, Fanbao Liu, and Dengguo Feng breaks MD-5 collision resistance in 2^18 time. This attack runs in less than a second on a regular computer." The key takeaway here is that it is pretty damn hard to design a secure cryptographic hash function, which is fast, but still safe. I bet that if I would develop a hash function, Ron would be able to hack it in minutes.

Now, dear malware researcher, consider the following scenario. You as, a malware analyst, find a new binary sample. You calculate the MD-5 hash of the malware, and Google for that hash. You see this hash value on other malware researchers or on a sandbox/vendor's site. This site concludes that this sample does this or that, and is either malicious or not. Either because the site is also relying solely on MD-5 or because you have only checked the MD-5 and the researcher or sandbox has a good reputation, you move on and forget this binary. But in reality, it is possible that your binary is totally different than the one analyzed by others. The results of this mistake can scale from nothing to catastrophic.

If you don't believe me, just check the hello.exe and erase.exe on this site from Peter Sellinger. Same MD-5, different binaries; a harmless and a (fake) malicious one... And you can do the same easily at home. No supercomputers,  no NSA magic needed.

On a side-note, it is important to mention that even today it can be hard to find a block of data (in generic), if only the MD-5 hash is known ("pre image resistance"). I have heard people arguing this when I told them using MD-5 as a password hash function is a bad idea. The main problem with MD-5 as a password hash is not the weaknesses in MD-5 itself, but the lack of salt, lack of iterations, and lack of memory hardness. But still, I don't see any reason why you should use MD-5 as a building block for anything, which has anything to do with security. Would you use a car to drive your children to the school, which car has not been maintained in the last 23 year? If your answer is yes, you should neither have children nor a job in IT SEC.

Conclusion

If you are a malware researcher, and used MD-5 only to identify malware samples in the past, I suggest to write it down 1000 times: "I promise I won't use MD-5 to identify malware in the future."

I even made a website dedicated to this problem, www.stopusingmd5now.com . The next time you see a post/article/whatever where malware is identified by the MD-5 hash only, please link to this blog post or website, and the world will be a better and more professional place.


PS: If you are a forensics investigator, or software developer developing software used in forensics, the same applies to you.
PS 2: If you find this post too provocative and harsh, there is a reason for this ...

Update: I have modified two malware (Citadel, Atrax) with the help of HashClash, and now those have the same MD-5. Many thanks for Marc Stevens for his research, publishing his code, and help given during the collision finding.Related word
  1. Hacking Tools Software
  2. Game Hacking
  3. Tools 4 Hack
  4. Best Hacking Tools 2019
  5. Hacker Search Tools
  6. Ethical Hacker Tools
  7. Nsa Hacker Tools
  8. Hack Rom Tools
  9. Pentest Tools Website
  10. Hacking Tools Windows 10
  11. Pentest Tools For Ubuntu
  12. Hacker Tools Mac
  13. Hacker Techniques Tools And Incident Handling
  14. Pentest Tools Apk
  15. Hack And Tools
  16. Hacker Tools Online
  17. Hacker Hardware Tools
  18. Github Hacking Tools
  19. Pentest Tools Linux
  20. Hacker Search Tools
  21. Hacker Tools 2019
  22. Hacking Tools Mac
  23. Underground Hacker Sites
  24. Easy Hack Tools
  25. Nsa Hack Tools Download
  26. Hacker Tools List
  27. Hack Tools Mac
  28. Hacker
  29. Nsa Hacker Tools
  30. Hacker Tools Online
  31. Github Hacking Tools
  32. Pentest Tools Windows
  33. Pentest Tools Github
  34. Hacker Tools Online
  35. Hackers Toolbox
  36. Hack Tools 2019
  37. Hacker Tools Software
  38. Pentest Tools Github
  39. Hacker Tools Mac
  40. Hacker Tools For Mac
  41. Pentest Tools Kali Linux
  42. Hacking Tools For Mac
  43. Tools For Hacker
  44. How To Install Pentest Tools In Ubuntu
  45. Android Hack Tools Github
  46. Hacker Tools Free Download
  47. Hack Tool Apk No Root
  48. Pentest Tools Website
  49. Hacker Tools For Windows
  50. Hacker Tools Apk Download
  51. World No 1 Hacker Software
  52. Hack Tools For Ubuntu
  53. Pentest Automation Tools
  54. Github Hacking Tools
  55. Hack Apps
  56. Hack Tools For Games
  57. Easy Hack Tools
  58. Pentest Tools List
  59. Hacks And Tools
  60. Pentest Tools Bluekeep
  61. Hack Tools For Pc
  62. Nsa Hack Tools Download
  63. Hack Tools For Mac
  64. Hack Tools Pc
  65. Kik Hack Tools
  66. Hack Website Online Tool
  67. What Is Hacking Tools
  68. New Hacker Tools
  69. Pentest Tools For Mac
  70. Pentest Tools Free
  71. Pentest Tools Android
  72. Hack Tools Mac
  73. Best Pentesting Tools 2018
  74. Pentest Tools List
  75. Hacking Tools Download
  76. Hacking Tools 2019
  77. Pentest Tools Framework
  78. Pentest Tools For Windows
  79. Nsa Hack Tools Download
  80. Hacker Tools Windows
  81. Hack Tools For Mac
  82. Hack App
  83. Hacking Tools 2019
  84. Pentest Tools Website Vulnerability
  85. Hacking Tools 2019
  86. Pentest Box Tools Download
  87. Nsa Hacker Tools
  88. Pentest Tools Linux
  89. Hacking Tools Windows
  90. Hacking Tools 2020
  91. Hacking Tools Windows
  92. How To Install Pentest Tools In Ubuntu
  93. Hacker Tools Windows
  94. Hacking Tools For Mac
  95. Hack Tools For Games
  96. Hacker Tools Linux
  97. Hacking Tools Hardware
  98. Hacking Tools Free Download
  99. Hacking Tools Download
  100. Hacking Tools For Mac
  101. Hacker Tools Apk
  102. Tools Used For Hacking
  103. Nsa Hack Tools Download
  104. Hack Tools For Windows
  105. Hacker Tools Software
  106. Hacking Tools Windows 10
  107. Hak5 Tools
  108. Computer Hacker
  109. Hacking Tools For Windows
  110. Hacking Tools Pc
  111. Nsa Hack Tools Download
  112. Pentest Tools Windows
  113. Hacker Tools For Pc
  114. Pentest Tools Port Scanner
  115. Hacking Tools 2019
  116. Best Pentesting Tools 2018
  117. Pentest Tools
  118. Hacking Tools Hardware
  119. Pentest Tools Website Vulnerability
  120. Hack Tools
  121. Hacking Tools For Pc
  122. Hack Tools For Mac
  123. Hacking Tools Github
  124. Best Pentesting Tools 2018
  125. Hacker Tools Apk
  126. Physical Pentest Tools
  127. Hack Website Online Tool
  128. Pentest Tools Online
  129. Hacker Tools For Ios
  130. Blackhat Hacker Tools
  131. Hacker Tools Linux
  132. Pentest Tools Subdomain
  133. Pentest Tools Free
  134. Black Hat Hacker Tools
  135. Blackhat Hacker Tools
  136. Kik Hack Tools
  137. What Is Hacking Tools
  138. Hacker Search Tools
  139. Install Pentest Tools Ubuntu
  140. Hacking App
  141. Ethical Hacker Tools
  142. Hacking Tools For Windows Free Download
  143. Pentest Tools Kali Linux
  144. Pentest Recon Tools
  145. Pentest Tools For Android
  146. Hacker Tools Hardware
  147. Hack Tools Pc
  148. Hak5 Tools
  149. Hacker Tools For Pc
  150. Hack Tool Apk No Root
  151. Hak5 Tools
  152. Hack Tools Online
  153. Hacker Tools For Windows
  154. Pentest Tools For Ubuntu
  155. New Hacker Tools
  156. Hacking Tools Free Download
  157. Pentest Tools Website Vulnerability
  158. Pentest Reporting Tools
  159. Pentest Tools Website
  160. Pentest Tools Android
  161. Hacker Tools Mac

Saturday, January 27, 2024

OpenVAS


"OpenVAS stands for Open Vulnerability Assessment System and is a network security scanner with associated tools like a graphical user front-end. The core is a server component with a set of network vulnerability tests (NVTs) to detect security problems in remote systems and applications." read more...

Read more