The phishing campaign was discovered by cybersecurity researchers who found that the malware was being distributed via malicious emails. The emails were designed to look like legitimate messages from popular companies such as Microsoft and Adobe, and they contained a link to a fake login page. Once the victim entered their login details on the fake page, the Evil Extractor malware would be downloaded onto their device.

The malware is designed to remain hidden on the victim’s computer and silently steal sensitive information. It is capable of stealing data from popular browsers such as Chrome, Firefox, and Edge, as well as other applications such as Microsoft Outlook.

The Evil Extractor malware is also capable of taking screenshots of the victim’s desktop and recording keystrokes, which allows it to capture even more sensitive information such as online banking credentials.

To protect yourself from this type of phishing attack, it is important to be cautious when clicking on links in emails. Always check the sender’s email address and make sure it is legitimate. It is also important to ensure that any login pages you enter your credentials on are legitimate and secure.

In addition, it is recommended to have a robust cybersecurity solution installed on your computer. This can help to detect and remove any malware that may be present on your device, as well as provide additional protection against phishing attacks.

In conclusion, the Evil Extractor infostealer malware is a serious threat to Windows users, and it is important to take steps to protect yourself against it. By being cautious when clicking on links in emails, ensuring the legitimacy of login pages, and having a robust cybersecurity solution in place, you can help to minimize the risk of falling victim to this type of attack.

The post Infostealer Targets Windows in Recent Phishing Campaign appeared first on Vednam.

BurpSuite hacking tools:

1. Burp Suite: Burp Suite is the best hacking app that is used to check web vulnerabilities and it is a java based platform. It is mainly used for penetration testing and information security professionals.
2. ActiveScan++: ActiveScan++ suite used for active and passive scanning which is designed to add minimal network overhead. It also identifies the application behavior that may be the interest to advance tester.
3. BurpSentinel: A hacking software that is used for the Burp Intercepting Proxy to aid and ease the identification of vulnerabilities in web applications. The main task is searching for vulnerabilities in web applications. The penetration tester quickly and easily sends a lot of malicious requests to the parameter of an HTTP request. A lot of information on the HTTP response, corresponding to the attack request.
4. Auto repeater Sentinel: Thus SurpSuiteis used for automated HTTP requests.
5. Authorize Burp: This the Burp extension which is used to help penetration testers to detect authorization vulnerabilities-Consuming tasks in a web application penetration test.
6. Burp beautifier: It is a burp suite extension that is used to beautify the request/response body supporting JS, JSON, HTML, XML format, writing in python 2.7.
7. Flow: This extension is also the part of the burp tools which provide a proxy history-like view along with search filter capabilities for all burp tools.
8. Headless Burp: This extension allows the use of the command line that is used as a headless mode and runs a burp suite’s spider and scanner tools.
9. Logger ++: Logger++ is the multi-threaded logging extension for burp suite which has additional features for logging requests and responses from all burp suite tools. The extension allows advanced filters to be defined to overview the entries or the filter logs.
10. WSDL Wizard: WSDL is the extension of BurpSuite which targets server for the WSDL files.After completing the normal mapping of an application’s content where you can right-click on the relevant target in the site map and choose “Scan for WSDL files” from the context menu. The extension will have already discovered contents of URLs which is .wsdl file extension and guess that location of any additional WSDL files based on the file names known to be used. The results for the scanning appear within the extension’s output tab in the Burp Extender tools.
11. JSON_Beautifier: This Plugin provides a JSON tab with the beautified representation of the request/response

Above all the tools are related to the burp suite family. You can find any response for the article please respond to us in the comment section and let us know.

The post 11 Best Hacking software of Burp Suite family appeared first on Vednam.

The people mainly think that the hacker only victimizes the people and steals the data, they are criminals and international terrorists. They thought that certain people were victims of hacking but that may sometimes be wrong in those discussions.

Who is a Hacker?

If you asked, hackers are skilled in computers and have a deep knowledge of technology to fix the issues. The hacker is referred to someone who has skilled computer programming knowledge who has the idea of a security hacker and finds the bugs, fix them before exploitation.

The main definition of a hacker is the person who is able to secure the system security but some people are using this as a different motive and create issues also.

There are some main motives of the hacker to be in this line and basically what they do when they attempt hacking breaks your system security and takes administrative power.

1. Some hackers are egoistic and they try to increase the reputation of the hacker community leaving their signature on the system or network after a breach.
2. Few hackers target the financial system of the systems they steal user credit card numbers and compromise the banking system.
3. Some people have patriotic reasons to do cyber attacks when two countries are conflicting between any reasons.
4. The last one is involved with corporate files where the organization confidential information, services, products, and maybe stolen and sold in the marketplace.

Different Types of Hacker

The hackers are divided into different types of categories to make out what they basically do and what are the main motives.

1. White Hat Hacker
   This group has good guys, the main purpose of these people is to check the loopholes in the network, server, and application. If they found them then they suggest companies for the patches.
2. Black Hat Hacker
   This group of people is just the opposite and they can access the user machine without the authentication. They also steal sensitive data and sell it on the dark web or any organization.
3. Grey Hat Hacker
   These types of hacker are a mixture of both the hacker but their intentions are not similar to the Back Hat hacker but these hackers exploit the internet networks and make it public and share the data which would benefit everyone.
4. Blue Hat Hacker
   This type of hacker is amateurs who are in revenge mode and they use the technique to execute the ill mentality.
5. Red Hat hacker
   Red hat hackers have different motives to find the black hat hacker and find the person behind the hacking. They also find a way to the next step and stop the attack.
6. Script Kiddies
   This keyword used for the New people in hacking they don’t do excessive damage and they just use the hacking software and other people’s written script to bombard the traffic sites and disrupt the regular work of a website.
7. Green Hat Hacker
   This type of hacker is eco hacking experts who just want to learn and observe the world of hacking. They basically watch videos and tutorials for hacking.
8. Hacktivists
   This type of hacker who breaks into systems and networks just to draw attention towards social causes.
9. Cyber Terrorist
   These types of cyber attackers mainly harm the politicians who basically create violence and peace breaks in other countries
10. Elite hacker
    This hacker is the main hacker who has deep knowledge of experts and the innovators in the field of hacking.

The post Types of Hacker | Know what does hacker do ? Read the article appeared first on Vednam.

This tool is helpful in penetration testing in the early stages. The tools used to understand the customer footprint on the internet. It also helps organizations to now pre attacker plans what exactly they found from the server.

The feature of the Tools :

• Search all sources
• Verify the virtual host
• File saved in form of HTML and XML
• Graphic and stats options
• New Sources
• Active enumeration(DNS enumeration,Reverse lookups,TLD expansion)
• New sources
• Check the open ports and banner with the integration of the SHODAN computer database.

Passive work :

• Linkedin: specific search for LinkedIn user
• Google Search Engine- www.google.com
• Google-specific profiles and search engines.
•  Bing: Microsoft search engine –www.bing.com
• PGP key server
• Shodan- this app will search for ports and banner of discovered hosts(www.shodanhq.com)

Active discovery:

• DNS brute force: This option helps to run a directory brute force action.
• DNS reverse lookup: The Reverse lookup is found and discovered in order to find hostnames.
• DNS TDL expansion: TLD dictionary brute force.

For more information visit: Google Code – The harvester

Download harvester from Source link

The post The Harvester 2.2a-Tool for data gathering appeared first on Vednam.

When we talk about the wireless network the one thing strikes in my mind is the vulnerable side of the network. The wireless network is targeted everywhere easily because it is available everywhere. The main part of the router contains vulnerabilities that can be exploited easily with the best technique and software that are included in Kali Linux.

Most of the wireless network users don’t know the security concern, the myth of the user is you set up the password and your wireless device gets secured. The whole scenario ends up on when your router WPS button default ON. This is the backdoor for the cyber attacker to enter your network without any acknowledgment of the user.

After all, you are here to know the best tools you can use while wireless security and penetration testing. Lot’s of the tutorial you got on the wireless hacking tools or Wifi hacking tools.

Let’s know the best WiFi hacking tool in kali Linux:

1. Aircrack -ng

This is the most popular tool for cracking the wireless device which uses security like WEP/WPA/WPA2. Aircrack -ng tool used to capture and handshake, get authentication with any issues, and connect with clients and generate traffic.This tool use brute force and dictionaries. Below a list of tools you can find in Aircrack -ng :

• Aircrack-ng crack the wireless password 
• Airplay-ng to generate traffic and access the client with their acknowledgment.
• Airbase -ng to create a fake access point.
• airodump-ng used for packet capturing.

While using the Aircrack -ng suite is available for Linux and it better with Kali Linux. If you planned for the action for using this tool make sure your Wi-fi card is capable of packet Injection.

Website: https://www.aircrack-ng.org/

 2.Wireshark

The best network protocol analyzing tools available When you use the Wireshark then you come to analyze the deep details about what’s happening on the network. Wireshark can capture the live packet and helps in the deep inspection of hundreds of protocol, browse and filter packets.

Software is available for Windows, Mac, and Kali Linux. For some certain feature, you need a Wi-Fi adapter which can support monitoring and promiscuous mode. 

Website:  https://www.wireshark.org

3.  Macchanger

Macchanger has little utility which is used to spoof your MAC address to some random MAC address or you can personally set the MAC address. Spoofing the MAC address for the wifi hacking might be necessary because it avoids MAC filters or to make the masked identity on a wireless network.

Website:https://github.com/alobbs/macchanger

4.Reaver 

Reaver targets those routers which have WPS vulnerabilities and it’s popular in between cyber attackers. Reavers do brute force attack against the Wifi protected setup(WPS) register PIn and generate the passphrase of WPA/WPA2.Lots of companies that let the WPS button On by default even the ISP provider don’t point this issue for network attack.

If you want to run the Reaver and do the job perfectly you just need a good signal strength with the right configuration. There are some factors for instant recovery for access but it takes a minimum of 4-5 hours. The factors we discuss are the dependencies of instant access on the access point, signal strength, and the PIN itself. You can access the WPS pin in half of the time.

Website: https://code.google.com/p/reaver-wps/

5.PixieWps

This is the new tool with Kali Linux and it also has a character to target WPS Vulnerability.

This program is written in C language and specially used to brute force the WPS PIN offline and exploiting the low or nonexisting entropy of vulnerable access points. This what called and pixie dust attack. This software does not work alone it needs a reaver and wifite to work with. This tool gained popularity in such a small time.

Website:https://github.com/wiire/pixiewps/

Modified Reaver: https://github.com/t6x/reaver-wps-fork-t6x

The post Best Wifi hacking tool in Kali Linux | Finding the Path appeared first on Vednam.

These security tools used for auditing the Unix based systems, the main aims to achieve automated security auditing compliance testing for the standards such as PCI_DSS, ISO27001, and HIPAA. It detects the vulnerability to areas of the system that could be facing the issues.

These tools can run security scans on the system itself or even you can operate and manage through remotely. The First thing that, the tool can do is to test the configuration of the system and provide tips to secure the system and make stronger security systems.

The tools can also check the configuration and Vulnerable software flaws after that it generates general information.

Lynis is commonly used by the company system administrator and security penetration tester to security audits and the system security strength.

Let’s watch How it look in action Mode :

When you run this tool on your machine you found that there are numbers display for the recommendations in making stronger your system security.

How can You Install it?

You can download Here

If you are ready to secure your machine you have the need to clone the GitHub repo of tools

code:

git clone https://github.com/CISOfy/lynis

Once the clone is done from your side you need to execute the command to run the tool and start the work.

code:

cd lynis; ./lynis audit system

The stable release of the software is available for Debian, CentOS, OpenSUSE, Ubuntu, OEL, Fedora, and macOS.

If you want to add more features to the tools and customize then you just follow the guidelines of the Lynis Software Development kit.

You can Download Here 

The post How to find Linux and Mac OS vulnerabilities ? Discuss Lynis Tool appeared first on Vednam.

A computer program and script that helps you to find the weakness of your machine, website, server, and your Network system. There in the market you got several tools some of them are paid and some of them are open source.

Watch out the 10 Most demanding and used hacking Tool:

 1.NetSparker

It is an easy to use web application security scanner that automatically finds SQL injection and other vulnerabilities in your web server and application. It was also available as SAAS and on-premises solutions.

Specifications :

• Scan 1,000 web applications in a day(24 hours).
• Bug tracking system and smart feature of Reset API for seamless integration with the SDLC.
• This application checks the custom 404 error pages and detects URL rewrite rules.
• Minimum configuration required.
• Detect accurate vulnerability and have proof-based scanning Technology.

Download here

 2. SaferVPN

This tool is indispensable in an ethical hacker bag. With this tool you can check the target in different geographic, non-personalized browning behavior and anonymous file transfer or more.

Specifications :

• Having fast speeds with 2000+ servers across continents.
• It doesn’t store data from companies based in Hongkong.
• Five simultaneous login systems and Split tunneling.
• The company provides a 24/7 Support system.
• Support every operating system like Windows, Mac, Android, Linux,iPhone, etc.
• More than 300,000+ IPs available.
• P2P protection and Dedicated IO and Port Forwarding facilities.
• Money-back Guarantee within 31 Days.

Download Here

3.Burp Suite

This is a useful platform for security test and analysis test of any web applications. This software helps in doing pen testing process. It can make a whole analysis of web application attack surface and create mapping which basically clear all the issue top protect the web application.

Specifications : 

• It has the capability of detecting over 3000 web application vulnerabilities.
• For manual tester software there is an inbuilt option of advanced scanning.
• Crawl and scan processes are done automatically.
• 100% Accuracy to detect Vulnerabilities as companies claim.
• The best part is that it provides technical and compliance reports.
• You can find open source and you can custom-built applications.
• Automatic scanning.

Download here

 4.Luminati  

This is a proxy service provider that mainly provides more than 40 Million residential and other IPs all around the world. The software uses common coding languages and their own API which helps the website to use integrate proxy IPs.

Specifications:

• The best part is the software needs no coding to manage which means the software is user friendly.
• You can use the web using a proxy and you don’t need coding or complex integration.
• Powerful and configurable tools.

Download here

 5.Aircrack

This treacle ethical hacking tool. It can rack vulnerable wireless connections It is mainly integrated with WEP, WPA, and WPA2 encryption keys.

Specifications :

• Tracking Speed has been improved.
• Fragmentation attack support.
• WEP dictionary attack support.
• New WEP attack: PTW
• All Types of OS and Platforms Support.
• Support more cards and drives.

Download here

The post Top 5 Tools used for Ethical hacking in 2020 appeared first on Vednam.

What are the Functions of this tool?

These tools have multiple methodologies for hacking WiFi, Let’s see:

• WEP all-in-one attack (Combining different methods: Caffe Latte, Chop-Chop, ARP Reply, Hirte, Fake association, Fragmentation, etc)
• Multiple WPS cracking modes-Pixie Dust, Bully and Reaver
• Evil Twin attacks(Rogue AP) with Hostapd+DoS+DHCP+Ettercap+Sslstrip and also BEEF support.
• Offline password decrypting for WPA/WPA2 captured handshakes (Dictionary, brute force, and rule-based) based on aircraft, crunch, and hashcat tools.

Other features :

The other best feature 

• Support for 2.45GHZ band to 5GHZ
• Handshake file capturing feature.
• Easy drag and drop options for windows operating system for entering file paths.
• Cleaning task and temp files. restore the iptables after attack.option to keep monitor mode if the desired exit.

Platforms need to run :

The tools are much more compatible with any Linux OS that may need tools installed needed to run. If you use Kali Linux that would be the best candidate for running it. If you want some challenges just use Arch Operating System.

How Does it Look Like : 

As your expectation with any bash script related tool, if the tool provides the best menu and options that could allow even the best part and it will be easy to perform a wide range of Wifi attacks.

Conclusions :

This tool provides a wide range of options for perfosWiFi hacking. The best part is it is so simple and easy to manage. You can get by here.

The post Airgeddon-Swiss Army WiFi Hacking Tool appeared first on Vednam.

If you are interested in pen testing tools to defend your own network, we have some of the great tools where some of the tools you find in Kali Linux.

Wireshark

 Wireshark is much popular than other tools used for network analysis. It was designed to scan for packets passing through a network and it is most favorite analysis tools for many sockets exploit writers for finding and ensuring that their code is working as they expected or for pen-testing looking to troubleshoot their tools.

WpScan

WPScan especially to find the issues or vulnerabilities within WordPress websites. It helps to find out the WordPress versions, which plugins are running, and whether there are associated vulnerabilities. This can also help in searching usernames, brute force the admin panel password, and if successful upload a backdoor to enable shell access to the victim website.

Nmap

Nmap is called a powerful assessment tool that is used to scan your network. This application allows us to find the open ports and running services along with that associated version number. The Nmap also has the addition of fantastic scripting engines which are usually used for a powerful addition to a network pentest.

Nessus

Nessus is designed to scan vulnerabilities that have cool graphic user interfaces and capable of scanning multiple networks for open ports and vulnerabilities.

Burp Suite

Burp Suite is a paid version if you are working with industry. This application is the go-to-tool for nearly every web application penetration user. The Community Edition of this application provides the proxy as well as a few other handy tools like the comparer, repeater, and sequencer. This is a time-saving application.

Note:

Before using the above application please ensure that you have read the Cyberlaw well and don’t try to go without permission and scan other network penetration. Unauthorized or illegal activities may put you in trouble.

The post The 5 Most Popular Penetration Testing Tools which you Found in Kali Linux. appeared first on Vednam.