As long as humans are involved in a company, its security will remain as foolproof as their behaviour. It's rightly said that there is no patch for human stupidity. All the members of an organisation have some kind of access to information that is valuable enough to facilitate an attack. But simply due to lack of diligence and awareness, people end up doing more harm than good to their companies.
Social engineering is a process, or rather a skill used by attackers to deceive people and make them give away confidential information. If you are a part of a company or you run a company yourself, keep on reading to know what could put you at risk of data breach.

1. Impersonating: How much should you believe people?

Attackers use this social engineering technique to extract important data by pretending to be someone else. They usually target employees who are unlikely to question authorities or who are not careful enough to cross check people's identity, especially in time of an emergency. They could be receptionists, low level employees, or even general helpers who have keys to important rooms.

2. Phishing: How much you should believe the internet?

The trust we put on the internet sometimes puts us at a disadvantage. Through emails, messages or popups, attackers may lead us to fake or malicious webpages where we are prompted to enter critical data. The messages are either excessively tempting or reeking of urgency so that the viewer is tricked into taking quick action without verifying the source. Individuals and organisations could easily fall prey to giving away their confidential information like bank passwords via phishing.

3. Fake apps: How much you should trust apps?

Everyday we download a number of applications on our devices to make our lives a little bit easier which is why mobile applications are a fertile ground for dispensing harmful attacks. Hackers use this social engineering technique to create fake or malicious apps that could compromise your device. They even alter legit apps into their own malicious versions and upload them for users to download.

4. Other human based ways: How aware are you of your environment?

The rest of the highly common techniques used by attackers to steal data are:

Individuals/employees tend to ignore such behaviour easily and end up putting their or their company's security at stake.

If only everybody was conditioned to be more aware of such behaviours, these data stealing incidents would be substantially reduced. As an employer, educating and training the employees is the best way to mitigate cyber attacks. Do you have any ideas on how to protect your data? Say it in a comment below! And if this helped you, share it with others and spread the awareness!

Read more. Know more. Grow more.

Learn cybersecurity inside out

If all the people moved to the city, what would the thieves do in village?
With increasing digitisation, cyber attacks have seen a rise in the graph too. Studies show that every 14 seconds, one ransomware attack happens in the world. Digital crimes devour anyone and everyone, from Fortune 500 companies to your clueless neighbours. It is high time that you know what these attacks are made of and how they are carried out.

1. Denial of service:

How would you feel if someone denied you entry into your own house? This is what DoS looks like. It can be of 3 types:

• Ping of Death
  A web server can be â€کpinged' by sending an ICMP packet that would generate a response. But your web server can only handle so much. If someone overloads it by sending oversized packets then it will crash, freeze or be rendered useless.

• TCP SYN attack
  It is similar to ping of death. The only difference: attacker sends continuous TCP (not ICMP) requests to overwhelm and time out the server.

• Smurf attack
  Imagine getting bombarded with parcels you didn't ask for. Soon, you'll run out of space in your living room. Similarly, the attacker sends a large number of ICMP requests to your server and tricks it into thinking that YOU are the one who requested them. So guess who is gonna get bombarded with the responses now?

• Botnet (Distributed Denial of Service attack)
  A DoS attack could be used to prepare you for another attack like turning you into a robot for the attacker. Now a group of these victims-turned-puppets make up the botnet which could be used for carrying out other DoS attacks.

2. Man in the middle:

How would you feel if someone eavesdrops on you and your friend talking about your anxiety for desserts? Well, this is how MITM works. Computers communicate like this:

You: Hey, I want to access my account.
Facebook server: Give me your credentials, will you?
You: Ofcourse, it is ****
Getting the gist? MITM attack is of two types:

• Session hijacking
  Imagine the attacker eavesdrops on this communication and then has the guts to disconnect YOU from the equation (using DoS etc.). And the poor Facebook server is tricked into believing that it is still talking to you because the attacker is now wearing your mask (using your IP address).

• Session replay
  It is similar to hijacking. The difference is that here the attacker eavesdrop and gets your authentication tokens and then later uses those to start a conversation with the server.

3. Phishing:

Phishing is simple. You get lured by a bait. And end up sharing your sensitive data.

4. Drive by attack:

Ah, the drive by! Have you ever opened a website or a mail which either led you to another website or downloaded something without your permission?
That's how drive by attacks take place. Attackers take advantage of faulty websites or outdated OS and use them to download a malware on your device.

5. Password attack:

Not gonna waste your time explaining this. It is of two types:

6. SQL injection:

Let's continue the previous conversation:

You: Hey, I want to access my account.
Facebook server: Give me your credentials, will you?
You: Ofcourse, it is admin and password is admin.
Facebook server: Thanks. I'll get back to you in a second.

Facebook server: Hey DB, can you pull out the data for user= â€کadmin' whose password is also= â€کadmin?
Facebook DataBase: Sure can!

This is an SQL query. Only when these two conditions are fulfilled, the DB will return with the data (*).
An attacker can insert a command here that fulfils the conditions for example, 1=1 and retrieve data about you from the database.

Authentication Bypass example:

SQL injection can be union based, error based or blind based(time and boolean).

7. Cross site scripting (XSS):

This is best explained step by step.

1. An attacker finds a vulnerable web page.
2. (S)he injects the payload (part of malware) in the webpage's Java script.
3. You open the webpage.
4. You receive the payload with it.
5. Your browser executes the script.
6. It sends your cookies to the attacker.
7. He uses your cookies to session hijack you.

It is of three types:

• Reflected
  When the injection is entered in the user's request to get a response from the server.

• Stored
  When the injection is permanently stored in the website's database and makes its way to the victim's system.

• DOM based
  DOM is a special case of Reflected XSS where the injection is stored in the Document Object Model of victim's browser.

8. Malware:

Malicious+software that gets downloaded to damage your system. Duh!
Malware can be of following types:

9. Eavesdropping:

When someone is listening to you transferring information over the network, like your credit card details or your passwords, it is called eavesdropping attack. Two types of this are:

Now that you have a working understanding of all the major cyber attacks, you can go one step further and try ethically hacking your system to find out loopholes.

Tell us if you would like us to cover any other attacks in the comments below. We will get back to you ASAP!

Read more. Know more. Grow more.

Learn cybersecurity inside out

Hackers, aspiring hackers, techies, curious people, Mr. Robot fans, all of you! Pay attention. This is your where you park your searching fingers, sit back and read how to setup the fabulous Kali Linux.

PART ONE: MEET KALI

Kali Linux (developed by Offensive Security) is a member of the Linux family of operating systems based on the Linux kernel. As a hacker, Kali Linux is going to be your entire world.
You must have seen Rami Malek use it in the series, Mr. Robot.

Well, it is indeed the most popular OS used by hackers worldwide. And here's why:

• Could IT HAVE anymore tools? (That's sarcasm BTW) It has more than six hundred tools that are designed for security tasks (offensive as well as forensic)
• You can customise it anyway you want!
• Many wireless devices are supported.
• Free and open source. Will always be!
• Offers multilingual support.
• Is securely developed by a small trustworthy team.
• We can keep on going but that's not why you are here.
  So, moving on to..

PART TWO: GETTING THE INGREDIENTS

To run Kali OS, you need a virtualisation software which will create a virtual environment on your device in order to run two operating systems. We prefer VMware. So, take these 3 steps before you move to the next section.

1. Download VMware

https://www.vmware.com/in/products/workstation-pro/workstation-pro-evaluation.html

2. Download Kali

https://www.offensive-sec uh uh..before you get too excited: Remember to copy the SHA256 value next to the version you download and paste it in a notepad file. You will need it later.
Here you go. https://www.offensive-security.com/kali-linux-vm-vmware-virtualbox-image-download/

3. Download HashCalc

https://download.cnet.com/HashCalc/3000-2250_4-10130770.html

PART THREE: INSTALLATION BABY!

Follow each step carefully.

STEP 1: Install VMware.

STEP 2: Check Kali Image integrity:

• Open HashCalc
• Select the downloaded ISO file of Kali image
• Press CALCULATE. You will get the SHA256 Hash

Check if the hash matches the one you copied in notepad. If yes, breathe out! The file has not been tampered with.

STEP 3: On VMware homepage,
Select Create a new virtual machine > Kali Linux iso file > Guest Operating System .
Configure machine details like name, disk capacity, CPU etc and you will be ready.
Now, select Kali Linux VM and excitedly click â€کPower on this virtual machine' !

STEP 4: You will be welcomed by a Boot menu. Choose the Graphical Install option.

STEP 5: Choose language, location and keyboard configuration.
You will then move on to network configuration, setting up hostname, password, time zone, blah blah. (Remember the password though)
Now comes the disk partitioning. Follow these steps carefully.
Select Guided- use entire disk > Select the default disk (SCSI33) > Select All files in one partition > Select Finish partitioning and write changes to disk >Select Yes .

And Installation begins!

STEP 6: You will be asked if you want to use a network mirror. We prefer Yes (because we want to use the repositories, hello!).

STEP 7: Configure the package manager and install GRUB boot loader (choose the default device for this). And now people, Kali is here!

PART FOUR: FIRING IT UP!

But but but, before you do that, take a minute and setup the network drivers in VMWare, alright?

• On VMware Workstation, select the Kali Image > Click Edit Virtual Machines Setting
• Select Network > Choose the Bridged Option
• Click on Advanced settings and setup the MAC address of the machine

Okay, now you can go ahead! Enter username as root .

And the password you chose previously.

You did it!

Now, let's take 2 minutes to get to know the home page. Just 2 minutes, promise! On top left is the Applications Menu (all pre installed tools), and on the left side, there is the dock (important tools).

Can you see the terminal option on the third place in the Tools bar?
Fire that up too!

The Terminal is going to be your life for your hacking career. You can do basically everything in this.
Note: Terminal is CaSe sEnSiTiVe .
It takes your command and passes it to the Operating System, so you can read contents of a file to execute programs and do crazy sh**.
(It's like CMD on Windows, just on Streroids!)

And one last thing. If you click the â€کwindows' button on your keyboard, you'll see a search bar on top and a multiple desktop panel on the right. To shift to another desktop, you can either click on it from here or you can simply press Ctrl+Alt+Up/Down arrow keys from wherever you are.

Okay, hackers-to-be, that's all. You are all set to use Kali Linux. Read this to know some basic terminal commands. Ask away if you have any question or tell us if we missed anything in the comments below. Cool?

Read more. Know more. Grow more.

Learn cybersecurity inside out

Presenting to you the most basic and the most useful terminal commands in Kali Linux. May you learn them, use them and do great things with them.

PART ONE: General Commands

1. uname : View information about the current system

Get to know your Linux environment with this command.

2. pwd : آ Know where you are

This prints the name of the working directory (Print Working Directory)

3. ls : آ View contents of files and directories

One of the most useful commands to conveniently list all the hidden files of a directory.
Use -l attribute for more detailed output, otherwise use -a attribute.

4. history : آ Ah! The history command

It lists all the previous commands you entered (stored in bash shell), in case you need to repeat any of them. How convenient!

5. whoami : آ Who are you, really?

It prints the effective user, ID as in you.
Note: It is different from â€کwho' command which shows information about all users who are currently logged in to the server.

6. macchanger : آ Become someone else

Change your MAC address (aka your unique traceable identity that links your device to you) through this command to be anonymous.

7. ifconfig : آ Interface configuration anyone?

View or configure network interface on your system with this command.

8. echo : آ An utterly basic command

It prints stuff anywhere you want (whether in a file or in a program or on the terminal).

• Use echo [text] > [file name] to print the text in a new file.
• Use echo [text] >> [file name] to print the text in an existing file.
• Using echo [text] without a â€ک>' will automatically create a new file for the text.

9. cat : آ Short for â€کConcatenate' (fancy word for linking things together)

View one file (or many), view what's inside a file, link files together, or copy contents of one file to another. No wonder it is a widely used command in Linux.

10. Clear :آ Do we even need to explain this? It clears the terminal screen.

Quick quiz : Do you remember what the â€کls' command was for?

PART TWO: Manipulation Commands

11. mkdir : Create directory

If you want to create a directory under Desktop called folder1, open a terminal and type this:

12. cd : آ Change directory

It is used to change or switch the current working directory. Such a basic one man.

13. cp : Do you copy?

Use this to copy a file (or more). You can also copy a whole directory using this basic command.

14. mv : Move it! Move files from one location to another using mv command.

15. rm : آ Want to remove something?

PART THREE: Reading Commands

16. more :آ Displaying stuff one page at a time!

F** scrolling through endless number of lines. Use this command to view the content of a file in a convenient manner. One screen at a time. (Think of Powerpoint versus Word doc).

Test this using the following command:
more /usr/share/wordlists/dirb/small.txt

17. less : Similar to more, but better.

Other that showing the file contents one screen at a time, the less command also uses its brain by not opening the entire file at once.

Test this using the following command:
less /usr/share/wordlists/dirb/big.txt

18. sort : آ View information in an arranged manner

Confused? Use sort command to view the content in a specific order.
Use -r switch, to sort the contents in reverse order.

PART FOUR: Editing Commands

19. vi : Short for visual editor

Use this text editor by tying vi filename . This editor has two modes (command and insert)

• Enter insert mode by typing â€کi' and exit by pressing Esc.
• Exit vi by typing â€ک :wq'

20. nano : آ Quite a simple editor.

A command line text editor, GNU Nano comes with most Linux distributions. You can compare it with GUI editors. Try it if you are not a fan of vi or emac.

21. leafpad : Simple, lightweight, easy-to-use editor

A GTK+ text editor, Leafpad is easily compiled, does not depend on many libraries, and is pretty quick to start up.
Command : leafpad /etc/passwd

PART FIVE: Permission Commands

Approaching the end of this blog post, let's play with some permissions, shall we?

22. chmod : آ Control who can access your files.

There are flags (permissions) associated with files that decide who can access them and to what extent.
Use the chmod (change mode) command to change the modes of access as you wish. You can either restrict or open access to a file. Makes you feel powerful, doesn't it?

r = Permission to read the file.
w = Permission to write (or delete) the file.
x = Permission to execute the file or search a directory.

23. chown : آ Like chmod, like chown.

Files in Linux have 3 major types of access permissions: User , group and other permissions. By default, when a file is created, the owner(user) is the user who created it and the owner(group) is that user's current group.
With chown (change owner) you can control who can access a file and to what extent.

That's it for now. Hope you make good use of these commands. Now that you have learnt a lot about how to operate the terminal, don't be a hoarder and share this information with your friends. What are your top 5 used commands? Tell us in the comment section.

Read more. Know more. Grow more.

Learn cybersecurity inside out

The world wide web is a deep space overflowing with data and a lot of it is public and freely available to use. All you need to know is where to look.

In the cyberworld of hacking, OSINT is like doing your homework about the target.

OSINT or Open Source Intelligence is the process of collecting information that is freely available for public use. It's what do you when you had to research a topic for a school project. You find out all the sources (online and offline) from where you could dig up information and make some sense out of it.

In hacking, OSINT is one of the most important and basic aspects of intelligence gathering. You can use websites, search engines, social networks, blogs, videos, podcasts, or even newspapers to gather crucial information.

The wonderful part about this technique is that it is so common and obvious that everyone already uses it, they just don't know it yet. Don't we all search for information online, all the damn time?

At the slightest doubt, we Google whether Tom Hanks was in that movie, or Wikipedia about when that company was founded or watch a Youtube video about how to fix that issue in our computer.

We are constantly using free and public information on the internet for our personal use. Even right now, when you searched about â€کOSINT' and got to this article, you used OSINT!

But for the purpose of hacking, it would be impractical and stupid to sift through the internet for bits of information that you can obviously expect to not be so easily found. It would be like searching for a needle in a haystack. That's where these tools come in handy.

1. Google Dorks

Aim: Searching Web Pages
Did you know that if you asked Google the right questions, you will be surprised what it can tell you.
Use Google dork query to conduct smart and advanced search operations and find:

• Information that would be otherwise hard to find
• Information that was not meant for public viewing, but wasn't well protected
• Sensitive information like usernames and passwords, email lists, personally identifiable financial information (PIFI)
• Vulnerable websites/systems

Understanding naming scheme of a website:

List of advanced search operators:

[cache:]
See web pages stored in Google cache

[link:]
See web pages linked to a specific web page

[related:]
See web pages related to a specific web page

[info:]
See what Google knows about a specific web page

[site:]
See web pages in a specific web domain

[intitle:]
Restrict results to those with specific keywords in the title

[allintitle:]
Restrict results to those having all the mentioned keywords in the title

[inurl:]
Restrict search results to those with specific keyword in the URL

[allinurl:]
Restrict results to those having all mentioned keywords in their URL

[location:]
See information about a specific location

[filetype:]
Search for a specific type of file on a website

Example,
To see login pages of Indian websites, use
inurl:.in intitle:login

Pro tip: Use Google Hacking Database (GHDB) – for massive database of Google Dorks

2. LinkedIn

Aim: Searching Employee information
Get an inside view of a company using LinkedIn. It has enough information about employees (full names, job roles, software used) that could be used to carry out social engineering attacks like impersonation.
You can even see the technologies being used by that company by deep diving into the employee's profile.

3. Wappalyser Plugin

Aim: Finding Technologies used on a website
Many companies use vulnerable technologies that provide an easy entry for hackers. While targeting companies or institutions, you can use this tool, to understand their website framework and look for vulnerabilities in the technologies used by them.

4. CT and Sublist3r

Aim: Enumerating Subdomains
A website has many subdomains. For example, blog.website.com and shop.wesbsite.com are subdomains for website.com. These subdomains could be vulnerable to many cyberattacks. Using these two tools, you can see all the subdomains for your target website.

a. Certificate Transparency (CT)

All SSL/TLS certificates issued for domains are released for public viewing by a Certificate Authority. This is known as Certificate Transparency (CT).
Using CT logs , you can search for all such certificates issued for your target company and thus, find vulnerable domains.

Example: type %.stackoverflow.com on https://crt.sh to find out all their subdomains.

b. Sublist3r:
A python tool specially designed for this OSINT technique is Sublist3r . It uses a number of search engines and other websites like Google, Yahoo, Bing, Virustotal, DNSdumpster etc, to churn out subdomains of websites. Hackers can use this to find vulnerable domains. Subbrute and sublist3r were integrated to combine their domain enumerating capabilities and create a powerful tool.

5. theHarvester

Aim: Finding employees emails
One of the most used methods to target an organisation via social engineering is phishing. You can find out the emails of all the employees using this OSINT tool- theHarvester . It comes pre installed in Kali Linux and uses multiple data sources (public obviously) to gather emails, subdomains, URLs, IPs, etc.

6. WHOIS

Aim: Getting domain information
If you know how to use it, any information about a company could be valuable. Every domain has its registration record that contains particulars like date of creation, expiration date, updated date, name servers, admin contact, registrant email, organisation name, addresses, phone number and other technical information. Use WHOIS tool to get domain information about your target.

You can use this information to create a structure and try to find a way inside the target. For example, you could use the registrant email (which is usually the developer's) to break in to the website server using something like 12345678 as the password. Can you guess why this could work? Comment below and we'll tell you if you are right.

7. DNSRecon

Aim: Finding DNS information
DNS information gathering is no wonder a basic requirement for pentesting due to the amount of assistance it provides in mapping a network infrastructure. A useful tool for this OSINT technique is DNSRecon (a python script) that can enumerate general DNS records like MX, SOA, SRV, DNSSec, SPF, TXT, etc.
It can also do Google lookup, check for zone transfers, brute force subdomain, do reverse lookup, and cache snooping.

Try brute forcing subdomains, with the following command:
dnsrecon -D /usr/share/wordlists/subdomains-top1mil-5000.txt -d website.in -t brt

8. WayBack Machine

Aim: Finding old webpages
Websites keep on updating but they might still have their old webpages running on the backend. If you could see all the webpages ever, of your target websites, you might find some of them using outdated technologies which renders them vulnerable.
So, how do you go back in time and access the old webpages?

We know what you are thinking. But no, you don't need a time machine for this (although it would come in quite handy). The Wayback Machine has a huge database of web pages saved over time. Check it out!

9. Pipl

AIM: Digging up a person
It would require painstaking effort to dig up all the information about one person on the internet. Thanks to people search engines, you can collect every bit of data you legally can about someone to sketch out a profile of them, which could further be used to create a potential password list against their email account.

Pipl.com is one such tool (paid but worth every penny) that lets you get your hands on the entire online presence of a person. Their phone numbers, usernames, emails, deep web results..basically everything.

10. Shodan

Aim: Accessing every device (feel like God)
Forget websites, you could dig up intelligence from all the things that are connected to the internet like webcams, smart TVs, buildings, power plants, refrigerators, security systems and we could keep on going but you got the point.

Use Shodan.io to search the Internet of things. Go!

That's it peeps! Go start getting some leads and come back and tell us what worked the best for you. If there is any tool or hacking technique you would like us to cover next, let us know (with a â€کwhy', ofcourse!).

Read more. Know more. Grow more.

Learn cybersecurity inside out

By the end of this article, you will walk out with a working understanding of Metasploit. Your hands will be dying to try the tool and your head will be buried in your computer. We suggest you pause reading and grab a paper and a pen to jot down the important bits, pun not intended, and also write any questions that you have, which you can later comment below for us to answer.

KNOW THY BEAST

The Metasploit Project is a pentest project that you can use to find and exploit vulnerabilities. That's about it. Oh and it's Ruby based and is quite a favourite among pentesters and security analysts.
Oh and it also comes with pre-built scripts which make hacking so so simple.

And, and, and, it also has more than 1900 different kinds of exploits that don't really care which operating system is at target, which means that you could exploit literally anything. Websites, IoT, networks, hosts, hardware, software, you name it!

WHAT CAN IT DO?

More like what can't it do?
Metasploit can:

• Enumerate networks
• Execute attacks
• Identify security bugs
• Mitigate vulnerabilities
• Manage security assessments
• Evade detection

DO YOU HAVE WHAT IT TAKES?

Minimum System Requirements:

• 2 GHz Processor
• 4 GB RAM
• 1 GB Disk space

Supported Operating Systems:

• Windows Server 2008 and later
• Windows 8 and later
• Red Hat Enterprise Linux 5.10 and later
• Ubuntu Linux 14.04 and later

1, 2, 3, DOWNLOAD

Oh wait. No need to download. Kali has it pre-installed!

(If you want to know how to get started with Kali, go here .)

LET'S OPEN IT, THEN!

Okay. This is how it should look now:

Now, write these 3 commands:

1. Start the postgresql service: service postgresql start
2. And check its status: systemctl status postgresql.service

3. Create and initialise msf database: msfdb init

CONGRATULATIONS!

You are ready to use it. ًں™'

Wait, what are these numbers at the bottom. Let's look at them, shall we?

• Metasploit v5.0.37-dev : is obviously the version of Metasploit (didn't need to tell this but too late now)
• 1915 exploits : Are you fu**ing kidding me? No. We warned you earlier. It has a lot of exploits. It's Metasploit, man!
• 545 payloads : After you use the exploit to get in, you drop the payload. Payloads are the malicious executable code that are sent to infect the system.
• 1074 auxiliary : Apart from 1915 exploit modules, you have 1074 auxiliary modules (which don't have payloads cause they are not used for exploitation). Use them to a variety of other things like making port scanners, vulnerability scanners etc.
• 329 post : Once you breach into your target, you could escalate your privileges, get your hands on some evidence or do other shady stuff using these post exploitation modules.
• 44 encoders : These encoders ensure that your payloads sneak into the target without getting caught, by encoding them.
• 10 nops : Made to maintain the consistency of your payload size.
• 2 evasion : Use these to create payloads that can't be detected and laugh at the target's anti-virus.

Okay, last but not the least. Type help to see the endless things (along with the commands) you can do on this beast.

OK, LET'S BEGIN!
1. Check the database status to make sure you are connected and everything is in place. Command: db_status

a. For new workspace: workspace -a name_of_workspace

b. For deleting a workspace: workspace -d name_of_workspace
c. To get help about other workspace commands: workspace -h

3. Start enumeration:
In this post, you'll be hacking into a Linux Virtual Machine.

Step 1: Command for nmap scan: db_nmap -A ip_to_scan
(Metasploit supports nmap scan, thanks to database!)
You'll now see that the host is added to the database.
Command to see all hosts: hosts

Step 2: Command to see all services: services

Can you seeآ vsftpd 2.3.4 ?

Step 3: Command to see the exploits you have for this: search exploit_name
You can also see ALL exploits you have through: show exploits

Voila! We found one!

SHALL WE EXPLOIT?

Step 1: Select the exploit: use exploit_name

Step 2: See what YOU need to input (also called options here).
Command: Figure this one out yourself from the image below.

You'll see that RHOSTS (i.e. Remote Hosts) are needed.
Note:
RHOSTS mean Remote Hosts: The IP of your target
RPORT mean Remote Port: The port of your target
Do you know what LHOST and LPORT mean? Comment below to take a guess.

Step 3: Set RHOSTS

Command: set RHOSTS ip_of_target
In case you want to get them from the database, you can use the command: hosts -S Linux -R
The above command has two parts:
-S : S as in Operating System. We have used -S Linux to find all the devices that are Linux based.
-R : We use this to attach the above found devices in the RSHOSTS.
Keeping up?

STEP 4: Check your targets: show targets

In case you see multiple targets, set them using this command: set target 0/1/2

Step 5: An exploit has to have a payload.
To see payloads for this exploit: show payloads

Set this payload using the command in the image below. And once again, check your options.

Can you see the payload options now?
Note: You could even be prompted to set LHOST and LPORT (but it varies from payload to payload).

ALMOST THERE
1. Command to exploit: exploit

If all goes well, your payload will reach where it's meant to and do it's work and present you with a shell.

2. To put the shell in the background: background

You can carry out post exploits on the shell later. Can you recall how many post exploits Metasploit has?

Did you know : There are payloads in Metasploit that lead you to an awesome shell- meterpreter. Why is it awesome? It includes some savage commands (for webcam access, keylogger and other supercool stuff)
You could use this payload for instance: windows/meterpreter/reverse_tcp
Fun task for you : Try this on a target and and use all the commands. And tell us in the comments below which one's your favourite.

3. To see all active sessions: sessions

Last but not the least,
Use this command to interact with a session: sessions -i session_id

Pro tip: Keep your beast updated!
Command: root:/# apt update; apt install metasploit-framework

We are confident that now you can use this ultimate hacking tool at your disposal to break into vulnerabilities and drop payloads and also do some other awesome stuff. We encourage you to ask questions in the comments below. You can also join our forum to connect with people and get your hacking queries cleared.

Read more. Know more. Grow more.

Learn cybersecurity inside out

Earlier this year in February, a shocking, but not uncommon cyber crime incident was unveiled to public, about a hacker named fallensky519 breaching an undisclosed major Indian healthcare website to steal around 6.8 million healthcare records.

The stolen data was noticed to be on sale in underground web markets for around seventeen hundred dollars. The operation was discovered by the US based agency, Fireye, and was linked to China based advanced persistent threat groups who are suspected to have been frequently targeting healthcare institutions, especially those that are involved in cancer research and treatment.

Research and reports indicate that the motive behind such an attack could be twofold.

1. China's desperate need for quick innovation due to its severing concern of cancer related deaths
2. A plan to stay ahead of western competition owing to China's booming pharmaceutical industry

Even though, the cyberattack stole personally identifiable information (PII) and credentials of doctors and patients, and leveraged it for monetary benefits, signalling that it did not lead to high severity implications, there is no question of it being taken lightly by the healthcare industry. If anything, these attacks signal to a bleak future in terms of health privacy which will form a critical aspect of our digitally driven lives in the coming years.

A bigger picture

While peeking into this attack incident and several other related ones, let's find important insights to paint a bigger picture of what this means and where this could be headed.

A brief overview of the details

• Over the last decade, more than a thousand attacks have been aimed at exploiting the not so cyber secure healthcare industry.
• Affected organisations include those hailing from biomedical, healthcare and pharmaceutical industries.
• More than a hundred million patients have been exposed to data and security theft as a result.
• Countries like US, UK, India and Japan have been at the gunpoint of Chinese and Russian APT groups.
• Most of the stolen records are available for sale in dark web markets at prices between 200 and 2000 dollars or for bitcoins that go up to 300 units.
• Attacker are mostly after Personally Identifiable Information and Protected Health Information that they could monetise or use for other intelligence purposes.

Leakage at a glance:
From patient data to medical equipment data, a lot is at stake due to these threats. Till now, attacks have been targeted to collect various types of sensitive information on a massive scale. Some of these are:

• Patient medical record files
• Doctors' records
• Credentials of users
• Clinical trial data
• Research and development data
• Funding related information
• Employee and staff details
• Personal addresses of patients
• Data related to innovation and technology
• Medical equipment data, including imagery
• Tax and other finance related information

Exposure to threats:
Healthcare organisations are a central part of a nation's infrastructure and they are now suffering millions in losses due to data breaches. Some of the most common cyberthreats in this field point to:

• Employees becoming vulnerable to phishing attacks
• Systems getting used for cryptomining
• Doctors and other staff being subjected to keylogger and other privacy threats
• Hospitals and organisations becoming victims of extortion due to ransomware
• Backdoors and malware being installed in infected systems
• Servers being attacked to access massive databases
• Domain and IP addresses being stolen
• Complete takeover of computers and networks being exercised

Reasoning it out:
The motives behind these attacks have been diverse, depending on different cases. Most of them are, but not limited to:

• Launching further attacks of higher intensity
• Collecting and selling intelligence information on dark web
• Targeting specific high profile individuals
• Gaining an unfair advantage over other nations in terms of healthcare innovation with the purpose of boosting one's economy

How worse could be the future

The world is getting digitally integrated every second, and healthcare industry is not a stranger to it. In fact, improvement in healthcare is one of the key reasons why the digital revolution is so rampantly maturing all over the world. Various groundbreaking innovation and technological leaps have been made in the past years, like artificial intelligence and Internet of Things, which have been quickly applied to the health sector. Not to mention that these life saving yet risky inventions have countless humans already using them across the globe.

1. Risk to remote patient monitoring devices
Think about pacemakers and other implants that come with remote access and control for better efficiency. Now, imagine the nature and proportions of risks these technologies could inflict on humans if they are not secured with responsible diligence. Attackers with nefarious intentions could leverage the lack of strict cyber security in public and private entities to compromise such devices and threaten a person's life in a matter of seconds.

2. Risk to medical equipment and health procedures
Medical equipment and systems in institutions could be caused to shutdown, either intentionally through DDoS and other attacks, or unintentionally due to lousy incident response and handling by the target. It is not difficult to imagine that these shutdowns could have a life threatening impact on patients in critical medical situations.

3. Financial risk
The financial risk that is calculated (or fairly predicted) is only supposed to multiply in the coming years. The cost of breaches faced by healthcare sector is expected to hit trillions in the next year, not to mention other implied losses, like legal and reputational.

Fighting for security

It is time that healthcare organisations get their security priorities in line while other sectors take this as a warning note. here are some ways, you can minimise your security breaches:

1. Employee training: It is vital that your staff is not just aware but capable of basic cyber security know-how as most of the attacks start in the form of social engineering like phishing .
2. Encryption: Rigorous encryption of data is necessary to keep sensitive information safe from unauthorised access.
3. Recruitment of cybersecurity specialists: Organisations need to drop the attitude of hiring security experts in case of emergencies and need to actively hire experts to assume cybersecurity positions on a permanent or recurring basis. A separate department should be set up, headed by a Chief Security Officer.
4. Investing in tech: Investing in cybersecurity technologies and mechanisms that can keep your networks and critical systems secure is profitable for those who want to sustain in the long run.
5. Employee education: Unlike employee training which is a once in a while, basic safety measure, organisations could sponsor employees' cybersecurity education to enable internal hiring and create a win-win scenario. This is an effective method since cyber security professionals are in a stark shortage of supply as compared to their humongous demand all over the world. (It is also one of the main reasons of rising cyber crimes and resulting losses)

Cybersecurity is the need of the hour and an industry like healthcare needs to either evolve and fix the gaps immediately or prepare to face the grave consequences and slowly fade away.

Tell us what you think about this whole study and know more about how you can grow your security.

Read more. Know more. Grow more.

Learn cybersecurity inside out

I don't know if cybersecurity is the right thing for me.
I don't know if this field has enough scope to explore.
I don't know I will be able to secure a job for the long term.
I don't know if I'll regret 10 years down the line going down this path.

Hold on..we are here to answer all your questions and make your head a bit more clear when you finish reading this post.

Chances are that you are here because you are still dicey about whether you are making the right decision choosing cybersecurity as a career or not. Well, we don't know about whether you should, but we definitely know why you shouldn't choose a career in cybersecurity at all.

Who's gonna need you?

No one. With so many digital stores going brick and mortar every second, nobody is going to need a cybersecurity professional. Duh! Who needs to stay safe online when they spend most of their time offline right? It's clearly the wrong direction to go in.

You won't get hired

No doubt about that. I mean, even if you went ahead with the course, you would struggle for a job. Which companies you will apply to? Forget about startups, even MNCs and government agencies don't give a flying f*ck about cybersecurity professionals.They got nothing to lose. It's better to go after a career that will actually be in demand.

The world is already full of cyber security professionals

Yeah exactly! Even if you found a company to apply to, you'll be so far at the bottom of the candidates list, that your chance of making to the selection is practically next to null. The supply of talent in cyber security is already flooding above the normal level, so we suggest you turn your career ship in another direction. Draw up a Google search and find out for yourself.

All the hackers are sleeping

Since everything is recorded in paper and ink and there is hardly anything worthwhile for hackers to find online, they have been really inactive for decades now. According to a study, there is only one attack every 39 seconds. Deploying ransomware, spying on people, intelligence gathering, cryptocurrency mining , none of these are enough to entice hackers from attacking the cyber world. You can also look at our hacking news section. So empty.

Hardly any career growth

Even if you decided to learn cyber security, what kind of career growth will you be looking at..huh? You'll probably reach the pinnacle of advancement in a few years. There will be nothing new to learn and no opportunity to upgrade your skills. And we have a perfectly valid reason for this.

Since no new technologies are being developed, there are no new threats being concocted by the bad guys. What are smart home device hacks? What is fleeceware? Seriously, we don't know anything about them.

Career choices- Error 404: Scope not found

And there is literally no career options available if you choose cybersecurity. Ethical hacking, cyber forensic investigator, incident handler, network defender, licensed penetration tester, security specialist and more. These are hardly enough choices to choose from. Right?

How will you even train yourself?

Let's assume that you go against all these glaring odds and roll up your sleeves to become a cyber security professional. Do you have any prior knowledge of technical computer stuff? Didn't you know that this field of training requires a high amount of expertise and experience? Beginners and people from different fields never pursue this career. Choose some other line please and don't check out this Introductory course for sure.

Is the money good?

Ah! The money. Well the average salary of cyber security professionals is a sad affair. Talk about good packages, cybersecurity professionals only get around 20% hikes as compared to other IT professionals. And can you believe the annual salary for a Cybersecurity Analyst is between $90,000 and $185,000 in the US? Shouldn't you be going after a better paying career option?

The most important part- Will you be happy?

This is probably the most important reasons of not pursuing cyber security. Finding out new ways to legally break into company networks, tracking footprints of a world class hacker, learning new hacking skills while on the job, working in a dynamic environment, being demanded and valued by both public and private companies, knowing your way inside out of complex machines. Who finds all this interesting? Seriously.. please look for some better career option.

We hope you have got some clarity about your idea of building a career in cybersecurity. And we definitely believe that you are going to make the right career choice now.

Comment with more reasons to pursue cybersecurity. Only sarcasm accepted! And share this to help friends who you think are also contemplating their career choices.

Read more. Know more. Grow more.

Learn cybersecurity inside out

Have you ever heard someone throw words like botnet, shell, zero day exploit, metadata in a conversation and simple nodded your head because you didn't want to sound like a noob and still be a part of the conversation?

The cybersecurity world is full of technical jargon that you might have no time to sit and dig about but these words continue to gnaw on your soul because they are so commonly used that it's not feasible to overlook them anymore.

The question, now, is that are you okay getting by, knowing vaguely what they mean? Or do you really want to know what they stand for?

Here is your guide to the 50 most used cybersecurity terms and their dreaded meanings. Read this to know more about the world of hacking or just use them to impress your friends the next time you are gossiping about a breaking news near the water cooler.

1. Packet:
A packet is a small unit of data that is transferred via a network. After reaching the destination, the packets are put together to form a file.

2. Plaintext:
It is text that can be read and understood.

3. Ciphertext:
It is text that has been encrypted for security and cannot be understood.

4. Vulnerability:
Vulnerability is a flaw/bug/weakness in a computer system that can be exploited by someone.

5. Exploit:
Taking advantage of a vulnerability found in a system by sending a payload.

6. Payload:
It is what contains the harmful code that plays with the security of a system.

7. Patch or bugfixes:
A code that is patched into a computer program with the purpose of updating it or fixing a vulnerability.

8. Zero day vulnerability:
A vulnerability that is present but unknown or unaddressed by those who could fix it via a patch.

9. CVE:
Common Vulnerabilities and Exposure is a list of all vulnerabilities (that have been publicly disclosed) with an ID, description and a reference attached to them. https://cve.mitre.org/

10. Zero day exploit:
An exploit or attack that takes place the same day when a vulnerability is discovered making it difficult to shield oneself (because no patch is available yet).

11. IoT:
The internet of things is a network of devices (of any kind) that are connected to each other and can exchange data among one another without the need of an external interaction.

12. C&C server:
The command and control server that hackers use to communicate with their victims by sending them commands and receiving sensitive data in return.

13. Bot:
A robot like software, mainly consisting of a malware that carries out a repeated task of infecting a computer and connecting it to the C&C server of the attacker.

14. Botnet:
A network of infected computers or bots that are controlled by a hacker for various malicious purposes. They are all connected to the C&C server and can be thought of as puppets or zombies in the hands of an attacker who could use them to launch further attacks.

15. Rootkit:
A kit or a group of software that lets an attacker gain root access or administrator access to a computer.

16. Kernel:
The innermost component of an operating system, that connects the hardware to the software. It exercises absolute central control over the system.

17. Metadata:
It is that data which describes another data, for example metadata of a file consists of the type, size, and its creation date.

18. Privilege escalation:
It refers to gaining such unauthorised access to a target system that is usually restricted and could lead to complete loss of security.

19. Session cookies:
Recall how you jump from one page to another on Facebook without having to enter your login information every time. This is because of session cookies which temporarily store your authentication data until you exit the web browser. If stolen, they could be misused by an attacker to access your session.

20. End to end encryption:
Also known as E2EE, it is one of the safest ways to communicate online. It means that data sent by a user will be encrypted and only decrypted by the receiver, thus preventing it to be misused by a third party.

21. Hashing:
The converting of a data (image, text, video, audio) to a fixed number of characters using a mathematical formula in order to ensure its privacy.

22. Script:
A set of instructions or commands that execute specified tasks. PHP, Python and Ruby are some popular scripting languages.

23. Shell:
A shell is a program that you use to interact with your operating system. You input commands and the shell executes them, for example, deleting a file. It could either have a Command Line Interface (text based) or a Graphical User Interface (graphics based). Attackers obtain a target's shell to access their device.

24. Pentest:
A part of ethical hacking and short for penetration testing, it means looking for vulnerabilities in a system by trying to hack into it.

25. Black hat:
Hackers who hack into systems with the intent of harming or misusing them. Also known as the criminals of the cyber world.

26. White hat:
Hackers who hack into systems with the intention of protecting them by identifying and fixing possible vulnerabilities. Also known as the police of the cyber world.

27. Brute force:
An attack in which the hacker uses a systematic trial and error method to guess the password of a system or user.

28. Backdoor:
A medium used by hackers to gain entry into a computer system by going around the authentication without getting detected.

29. Keylogger:
A software that logs/records the keystrokes (keys that are pressed) on a device to steal sensitive information like passwords.

30. Cryptocurrency Mining:
A process of verifying a cryptocurrency transaction and adding it to the blockchain ledger. It is painstaking and requires enormous computing power.

31. Phishing:
Luring someone with a bait by sending a deceptive email that appears to be from a reputed company but is actually intended to make you enter your sensitive information for hacking purposes.

32. Firewall:
It is a software that acts as a filter to control what data could enter or leave the computer to maximise security.

33. Red team:
A team of penetration testers that act as fake attackers in order to help a company detect vulnreabilties.

34. Blue team:
A team of security defenders that ensure the safety of the computer networks by regularly fixing vulnerabilities. They also act opposite to the red team by fending off mock attacks in order to determine the cybersecurity status of the company.

35. Two factor authentication:
2FA is an extended form of authentication required from the user on top of the primary login details like a password. They are usually in the form of security questions or one time passwords.

36. Exfiltration:
Unauthorised transfer of data from one device to another by an attacker.

37. Virtual Machine:
A virtual machine mimics a computer and creates a virtual environment on a computer in order to contain an operating system and other software in it. VMware is type of Virtual Machine.

38. Spoofing:
Deceiving a network/server/device by pretending to be a trusted or genuine user with the intention of harming security. Hackers can spoof networks by stealing and using the IP address of their target.

39. Doxing:
Publishing private information about someone on the internet with a malicious intent. Hackers research and trace individuals or companies and then dox (document) their sensitive information online.

40. Black box:
Black box hacking/testing is done to determine the vulnerability status of a computer system by letting someone deliberately attack the system from outside without giving any details about the target system.

41. Social engineering:
A common technique used to manipulate people to reveal vital information in order to carry out a cyber attack. Typical targets include low and medium level employees of companies. Read all about social engineering here .

42. Malware:
Malware is any type of malicious software that is intended to harm the security or privacy of a computer.

43. Adware:
A form of malware that drops undesired advertisements on a device without the user's permission and is designed to forcibly take the user to unwanted advertising or malicious websites. The aim behind adware is either to compromise the safety of the target or to drive revenues for the hacker.

44. Spyware:
A type of malware that sends sensitive information about the target from his device to the hacker's device.

45. IP address:
A unique numerical address of a device that is connected to the internet. (Short of Internet Protocol address)

46. MAC address:
A 12 digit unique ID for every machine that is connected on a network. Short for Media Access Control address, it is attached to the network adapter of your device like Ethernet or WiFi card.

47. VPN:
A virtual private network is meant to keep a user anonymous while communicating over the internet. It encrypts the location as well as the data transferred by the computer.

48. Worm:
A piece of malware that can spread or crawl like a worm within a network spread the infection from one computer to another.

49. DDoS:
A distributed denial of service is a cyber attack that floods a target system with traffic from multiple systems or botnets. The intent behind a DDoS attack is to launch a bigger cyber attack by making the target system unusable for a while.

50. Ransomware:
Last but not the least, ransomware is a very common cyber attack (one happening every 14 seconds) that encrypts the files on a system and asks for a ransom, usually cryptocurrency, to be paid in return for the decryption key.

On that note, we hope you are now a little bit more familiar with the cybersecurity world. Tell us in the comments if you want to know about a particular hacking term. We'll get back to you ASAP! And while you are here, check out the different types of cyberattacks in detail.

Read more. Know more. Grow more.

Learn cybersecurity inside out

The internet is a hot commodity in the 21st century. Everyone wants to get on the online bandwagon and pluck the sweet fruits that the world wide web has to offer. But rarely does anybody think of safety when browsing the web.

It is important to understand that while the internet has given us access to the whole world, it has also given the whole world access to us. (Inspired from a Ted Talk). With so many cyberattacks being reported every day and with so many cybercriminals lurking around to find their way into machines, you would assume that internet users would have security on the top of their list. But sadly, that doesn't even cut the top 5 (like comfort, speed and variety).

From a common man to a nuclear power plant , everyone is at the target of black hat hackers today. And while everyone can not afford to hire a cybersecurity team, they can at least do the bare minimum to mitigate a disaster.

We give you 15 easy and critical online security tips (some of them lesser-known) that would help you not throw your safety out of the window.

1. Use Str0ng_Pa55w0rds! for Critical Accounts

When it comes to setting passwords, safety should be above comfort. Stop using lame login keys (Name1234 and NameDOB) for your critical accounts like your personal Gmail account (that is connected to everything) and LastPass account etc.! And don't even get us started on people who keep their admin password as admin .
The amount of thought you put into keeping such passwords is the amount of time that hackers will take in breaking them.
Pro tip: Use a mix of characters in your passwords and change them immediately after you use them on a public computer.

2. Install system updates ASAP

Installing updates may take some time out of your work or movie that you are so intently watching on your laptop. But hello? These updates may have some serious bug fixes that could protect you from an cyberattack. Would you want to be hit by a ransomware or a become a botnet for some North Korean hacker?
Then stop hitting Remind me Later and download that update now!

3. Cross-check those apps you are downloading

Would you eat from a shady restaurant without reading the reviews? Then how can you download any app on your device without thinking twice? If you are downloading an app from an unknown developer, from the App Store, Google Play store or from any other source, you must go online and check for reviews and info about the developer. For all you know, it could be adware , malware or a sneaky theft attempt .

4. Clear cookies and cache

Attackers are just around the corner to steal your cookies (that contain your login details) and hijack your sessions. Why give them a chance to eat your cookies at all? Find cookie settings in your browser and smartly choose who to share your cookies with.

5. Don't open strange emails

One of the most common and successful cyberattacks used by hackers to target individuals and government officials alike, is phishing. People can't tell a fake email from a genuine one. We suggest you familiarise yourself with some clues to spot fake emails. If you are still in doubt, do not open the mail or the attachment or any link mentioned in there. That should be your new safety mantra.

6. Enable 2FA

Please do not depend on just a password or fingerprint when it comes to important accounts like social media, banking and sensitive files. If the service is providing you with a two-factor authentication, take it! OTPs, pairing keys and security questions are an extra security blanket. Even multi-factor authentication is not 100% guaranteed, but it is much safer than just a username and password.

7. Don't go after pirated stuff

There have been so many cases where people have downloaded a malware while they were going after free versions of paid things. Hackers are always on the lookout of vulnerable people who would download free apps or WordPress plugins . Please refrain from such stuff that could put your safety at risk.

8. Look for the S in HTTPS

HTTPS sites are safer than HTTP ones, especially over public Wi-Fi connections. Google Chrome is slowly ending support for HTTP content. But it's time you also start watching out for HTTP sites and if you open any of them, use your wisdom and do not enter any private or financial information there.

9. Don't save passwords

It's so much better to not have to fill in passwords every time you use the web, but it's how people get hacked as well. Your browser is not strong enough to hide your passwords from a malware in case you get infected. So chuck that laziness and start filling your own damn passwords.

10. Read news

Raise your hand if you read cybersecurity news even twice a week. We thought so! The news is what keeps you updated about recent bugs being found, patches being released and other updates. Plenty of cyberattacks could be avoided if only one wasn't ignorant. Care to stay on top of online security ?

11. Choose encryption

Encrypted communication is more difficult to hack. When you are using messaging services or anything for that matter, opt for those that support encryption. WhatsApp has been supporting end-to-end encryption for a while now to keep private conversations private.

12. Beware of strange Wi-Fis

Everyone loves a high-speed, free of cost Wi-Fi. But what good is that if your safety is compromised. Some Wi-Fi connections are not secure and are prone to hackers intercepting, eavesdropping and stealing your information. Kindly do yourself a favour and look for WPA or WPA2 security protocols while using a public Wi-Fi.

13. Strengthen your account recovery methods

â€کForgotten password' is a boon for people with low memory. But it is also an advantage for hackers. Last month, hackers attempted to break into government officials' accounts using this feature. Keep your account recovery methods up to date. From the verification list, remove the mobile number that was stolen or you no longer use. And also make sure that your recovery email has a strong password.

14. Use a VPN

Virtual Private Networks are not only meant to access geographically restricted websites, they are also a strong security mechanism to encrypt your data while you are on a public Wi-Fi. If you use a VPN, attackers will find it difficult to snoop on your data and will probably target someone else.

15. Grant app permissions consciously

Why does a keyboard app need access to your photos? Why does a gaming app (not PubG) need access to your microphone? After downloading a new app, our impatience gets the better of us, and we tap â€کAllow', â€کAllow', â€کAllow' in a frenzy, not realising that we could be inviting malicious apps to misuse our data. If you are already guilty of this behaviour, go check your app permission settings right now!

For those who stayed put to read the whole article, we have a bonus for you!

16. Backup your data

God forbid, but in case you are hit by a ransomware, you would lose your data to attackers. If only you keep a backup of all your important stuff, you would not be forced to pay the attacker for decrypting your files. Moreover, it is a general security measure to always have a backup of your data to mitigate the losses of any cyberattack.

That's all for now. These basic yet critical safety measures will do the primary part in keeping cyberattacks at bay. Online security is vital for a good online experience. Make sure you implement all that you learnt here from now on!

Let us know how you liked the tips. Comment with more safety tips to prevent cyberattacks. And help your friends stay safe online by sharing this post. ًں™'

Read more. Know more. Grow more.

Learn cybersecurity inside out