What is Steganography?

What is Steganography? – Steganography is a technique of hiding a secret message within an ordinary message and extracting it at the destination to maintain confidentiality of data. Utilizing a graphic image as a cover is the most popular method to conceal the data in files. Attacker can use steganography to hide message such as list of the compromised servers, source code for the hacking tool, plans for future attacks, etc. What is Steganography? One of the shortcomings of various detection programs is their primary focus on streaming text data.…

Read More

How RootKits Works & How To Detect Rootkits?

How RootKits Works & How To Detect Rootkits? – System hooking is a process of changing and replacing the original function pointer with the pointer provided by the rootkit in stealth mode. Inline function hooking is a technique where a rootkit changes some of the bytes of a function inside the core system DLLs (kernel32.dll and ntdll.dll) placing an instruction so that any process calls hit the rootkit first. Direct Kernel Object Manipulation (DKOM) rootkits are able to locate and manipulate the “system” process in kernel memory structures and patch…

Read More

Working of Vulnerability Scanning?

Working of Vulnerability Scanning? – Any organization needs to handle and process large volumes of data in order to carry out business. These large volumes of data contain the information of that particular organization for which access is denied to the unauthorized users. Attackers try to find certain vulnerabilities that they can exploit and use those to gain access to the critical data for illegal purposes. Vulnerability analysis performs a study on the risk-prone area of the organizational network. This analysis is done various tools. the vulnerabilitiy analysis reports on…

Read More

Classification of Vulnerability?

Classification of Vulnerability? – In a network there are generally two main causes for systems being vulnerable, software or hardware misconfiguration and poor programming practices. Attackers exploit these vulnerabilities to perform various types of attacks on organizational resource. Classification of Vulnerability? Vulnerability present in a system or network are classified into the following categories: Misconfiguration Misconfiguration is the most common vulnerability that is mainly caused by human error, which allows attackers to gain unauthorized access to the system. This may happen intentionally or unintentionally affecting web servers, application platform, database…

Read More

What is NTP Enumeration?

What is NTP Enumeration? – Network Time Protocol (NTP) is designed to synchronize clocks of networked computers. It uses UDP port 123 as its primary means of communication, NTP can maintain time to within 10 milliseconds(1/100 seconds) over the public Internet. It can achieve accuracies of 200 microseconds or better in local area networks under ideal conditions. Arracker queries NTP server to gather valuable information such as: List of host connected to NTP server Clients IP addresses in a network, their system names and OSs Internal IPs can also be…

Read More

Competitive Intelligence Gathering

Competitive Intelligence Gathering – Competitive Intelligence gathering is the process of identifying, gathering, analyzing, verifying and using information about your competitores from resources such as the Internet. Competitive Intelligence is non-interfering and subtle in nature. Competitive Intelligence Gathering It is non-interfering and subtle in nature compared to the direct intellectual property theft carried out through hacking or industrial espionage. It cocentrates on the external business enviorment. In this method, professionals gather information ethically and legally instead of gathering it secretly. Competitive intelligence helps in determining: What the competitors are doing.…

Read More

DoS Attack Classification

DoS Attack Classification – There are two main kinds of attacks: denial-of-service attacks and distributed denial-of-service attacks. In distributed denial-of-service attacks, multiple compromised systems are coordinated in an attack against one target. DoS Attack Classification There are different ways to carry out denial-of-service attacks. Although there are many exploits used by attackers, the basic objectives remain the same: bandwidth consumption, network connectivity, or the destruction of configuration information. The following are representative types of denial-of-service attacks: • Smurf• Buffer overflow attack• Ping of death• Teardrop• SYN flood DoS Attack Classification…

Read More

Hacker Code of Ethics?

Hacker Code of Ethics? – if you do an Internet search for “hacker ethics,” you are more likely to find a glamorized version of so-called “hacker rules” that embrace the idea that hackers can do anything they want, even perhaps without limits, in the pursuit of whatever they want. Best-selling author Steven Levy’s 1984 book, Hackers: Heroes of the Computer Revolution (https://www.amazon.com/Hackers-Computer-Revolution-Steven-Levy/dp/1449388396/ ), introduced the world to one of the earliest versions of hacker ethics ( https://en.wikipedia.org/wiki/Hacker_ethic ). In a nutshell, almost word for word, it said the following: 1.…

Read More

The Different Forms of Penetration Tests

The Different Forms of Penetration Tests – The form of penetration test that you’ll conduct depends on the needs of your client. In this part of the book, you’ll learn about the different kinds of “pen tests”. The Different Forms of Penetration Tests Black Box Tests In a black box test, you don’t have any information regarding your target. Your first task is to research about your client’s network. Your client will define the results they need, but they won’t give you other pieces of data. The Advantages Black box…

Read More

What is Key Server in Cryptography?

What is Key Server in Cryptography? – At last we turn to key management. This is, without a doubt, the most difficult issue in cryptographic systems, which is why we left it to near the end. We’ve discussed how to encrypt and authenticate data, and how to negotiate a shared secret key between two participants. Now we need to find a way for Alice and Bob to recognize each other over the Internet. As you will see, this gets very complex very quickly. Key management is especially difficult because it…

Read More