Attacks against databases have become one of the most popular and lucrative activities for hackers recently. New data breaches seem to be popping up every week, but even with all of that attention, databases continue to be a prime target. All of these attacks have to start somewhere, and we'll be exploring a variety of methods to gather information on PostgreSQL databases with Metasploit.
Google Images, TinEye, and other reverse image search engines can help you find where images appear on the internet. You can discover what TV show or movie an image comes from, who took a photo, and if the profile picture of someone you're talking to online is really them, among many other uses. And there's a shortcut for iOS that makes running a reverse image search easy.
For anyone interested in using cheap, Wi-Fi-connected microcontrollers like the ESP8266, the Arduino programming language can be a barrier to entry. Based on C++, Arduino requires knowledge of more computer science than languages like Python. Fortunately for beginners, setting up MicroPython on an ESP8266 allows anyone to write Python on affordable microcontrollers in a matter of minutes.
One of the first steps when pentesting a website should be scanning for hidden directories. It is essential for finding valuable information or potential attack vectors that might otherwise be unseen on the public-facing site. There are many tools out there that will perform the brute-forcing process, but not all are created equally.
After exiting the mobile market, Microsoft has redirected its efforts to better integrating their services with Android. Thanks to a partnership with Samsung, that Windows integration is even better if you have a Galaxy phone.
So you've managed to get a shell on the target, but you only have measly low-level privileges. Now what? Privilege escalation is a vast field and can be one of the most rewarding yet frustrating phases of an attack. We could go the manual route, but like always, Metasploit makes it easy to perform local privilege escalation and get root with its exploit suggester module.
On iPhones, the share sheet is a powerful yet largely underestimated tool. For the uninitiated, the share sheet is the menu that opens whenever you tap the share button (the box with the up-arrow). This menu features sharing options to first and third-party apps, as well as extra functions like saving, copying, duplicating, and more. Best of all? It's surprisingly customizable.
Burst mode on iPhone is a great way to ensure you capture the photo you truly want, especially when your subject is moving too fast. You'd be forgiven for thinking that Apple ditched the feature entirely on iPhone 11, 11 Pro, and 11 Pro Max, since a long-press of the shutter button now records video instead. However, burst mode is alive and well on your new iPhone — it's just hidden.
The Google Assistant is a core part of Android — Google even made it possible to launch the Assistant by long-pressing the home button. But with Android 10's new gesture controls, there isn't a home button to long-press, so Google created a new gesture to replace it.
At long last, the magical world of Harry Potter has received a mobile game worthy of its name. Harry Potter: Wizards Unite is the game in question, and is set to touch down worldwide on June 21, 2019. For the longest time, however, the game has been available as a soft launched game for testing, and with a little tinkering, you can actually try it out right now before its official release stateside.
A hacker with privileged access to a Windows 10 computer can configure it to act as a web proxy, which allows the attacker to target devices and services on the network through the compromised computer. The probes and attacks appear to originate from the Windows 10 computer, making it difficult to detect the attacker's actual location.
Apple had its Worldwide Developers Conference on June 3, 2019, which showcased big software announcements for all of Apple's hardware, and anyone can watch the keynote as it happened.
While hackers know and love the Raspberry Pi, many don't know of its cheaper cousin, the microcontroller. Unlike a Pi, which can be used more or less like a regular computer, microcontrollers like the Wi-Fi connected ESP8266 require some necessary programming skill to master. In this guide, we'll build an Arduino program from scratch and explain the code structure in a way anyone can understand.
Gathering information on an online target can be a time-consuming activity, especially if you only need specific pieces of information about a target with a lot of subdomains. We can use a web crawler designed for OSINT called Photon to do the heavy lifting, sifting through URLs on our behalf to retrieve information of value to a hacker.
Users are often the weakest link when probing for vulnerabilities, and it's no surprise they can be easily fooled. One way to do this is called clickjacking. This type of attack tricks the victim into clicking something they didn't mean to click, something under the attacker's control. Burp Suite contains a useful tool called Clickbandit to generate a clickjacking attack automatically.
If you've ever wanted to download YouTube videos directly to your iPhone, there's an easy solution — just update to iOS 12 and install Apple's new Shortcuts app. With the Workflow-replacement app, you can add a shortcut that lets you download any YouTube video you want, without needing to jailbreak or use shady third-party tools.
Xiaomi made a new phone with their sights set on picking up some ex OnePlus users. As a result, the Pocophone F1, or just Poco in some markets, is quite unlike most other Xiaomi phones. While you can't buy the F1 in stores in the US, you can get its home screen app on almost any phone right now.
With all Android updates, there's a considerable wait before most phones get the new version, and Android Pie is no different. Until then, most of us are stuck just looking at videos of the newest update. Well thanks to developer Trey Dev, we can enjoy the new notification shade and Quick Settings menu while we wait.
Kali Linux is established as the go-to operating system for penetration testing, but in its default configuration, it's less than ideal for regular desktop use. While in many scenarios, a live boot or virtual environment can resolve these issues, in some situations, a full installation is better. A few simple changes can be made to a Kali Linux desktop to make it safer to use in this environment.
Soon, you'll be able to buy your OnePlus 6, but you can experience some of its apps today thanks to XDA user erayrafet, who ripped a few OxygenOS apps like Weather and this Gallery app. While Google Photos is a great service, this Gallery app should be your go-to app for locally-stored photos.
While the security behind WEP networks was broken in 2005, modern tools have made cracking them incredibly simple. In densely populated areas, WEP networks can be found in surprising and important places to this day, and they can be cracked in a matter of minutes. We'll show you how a hacker would do so and explain why they should be careful to avoid hacking into a honeypot.
One of the more exciting features in Android Oreo is the Autofill API. With this tool, third-party password managers can autofill login information into other apps. LastPass added this feature to their beta app a while back, but now, Autofill is finally available in the official stable version of LastPass.
For parents that have an iPhone X, things are about to get a lot easier for you in iOS 11.3, which finally lets you approve app and media downloads on your child's iPhone using Face ID instead of typing in a password.
Android's Quick Settings menu gives you easy access to certain actions from any screen, but the tiles available are largely dependent on your phone's OEM skin. For instance, the Google Cast button that can cast your entire screen has been exclusive to Nexus and Pixel devices, even though other phones have the requisite software to use it. Fortunately, there's a way to add it on any device running Nougat or higher.
Regardless of what you're trying to accomplish with Tasker, there's a good chance that someone else has already walked through the same steps. If you're unfamiliar with creating tasks and working with profiles, simply importing someone else's work would be a great shortcut. After all, there are 2 billion Android devices out there, so someone must've created a setup that suits your needs, right?
If thieves, hackers, law enforcement, or other would-be enemies should ever gain entry to your smartphone, they could also access conversations you've had in Signal Private Messenger. To better secure your encrypted communications, you can password-protect the whole app and its contents — but only on Android. Even then, it's necessary to perform data deletion on a periodic basis, if not immediately.
Life is all about spending time together with loved ones, experiencing new places together to enjoy and create memorable moments. Luckily, Google has made it easier for us to rendezvous with friends and family at specific places by letting us broadcast our locations using Google Maps.
Bubbles serve as extra lives to help you get through both Tour and Toad Rally modes in Super Mario Run. Even better, they let you rewind back to pick up any items that were missed. But unbeknownst to many, you can activate a bubble even if you haven't gotten knocked out yet.
If you are an NYC commuter like me, then I'm sure you know how bad the city's transportation has gotten.
When people work out, they want to get the absolute most out of their routine. Going on a run is great exercise, but finding an optimal route that works best for you can be difficult. Luckily, Apple's ARKit has the capability to make it much easier to get the most out of your workout.
To hack a Wi-Fi network using Kali Linux, you need your wireless card to support monitor mode and packet injection. Not all wireless cards can do this, so I've rounded up this list of 2019's best wireless network adapters for hacking on Kali Linux to get you started hacking both WEP and WPA Wi-Fi networks.
Fans of Titanfall now have a great alternative to play on their iPhones whenever they're out and about. Titanfall: Assault has arrived as a soft launch for iOS devices. A hybrid between card-based and real-time strategy genres, the game will pit you against other players with some mech-on-mech action to dominate the battlefield. Taking some cues from Clash Royale, each unit that's deployed in Titanfall: Assault will automatically fight its way through opposing forces to accomplish its objecti...
Oh, Mario. The guy that's been a part of our lives since as long as we can all remember. Well, Adam Ringwood and his friends did something pretty cool with one of Mario's most exciting games at the HackIllinois event in February 2016—they hacked a Chevrolet Volt's steering wheel into one big Nintendo 64 controller for Mario Kart.
One of our favorite features on the Pixel Launcher is its App Shortcuts, which work a lot like Apple's 3D Touch for iOS or Huawei's Force Touch. Instead of using pressure sensitivity to call up static and dynamic shortcut menus for apps, Launcher Shortcuts relied on a simple long-press. Now, in the Android 7.1 update for Pixels, there's an update to App Shortcuts that let's you pin shortcut options directly to your home screen for even quicker access.
Copying files from a computer to your Android device has always been pretty straightforward—just connect the two devices with a USB cable, open your desktop file explorer, then move the files over. But what if you didn't need any wires at all?
In the past, some of Google's Nexus devices have had root methods even before the phones hit shelves. The Google Pixel and Pixel XL are basically Nexus devices from a software standpoint, so why have we gone more than a week since release without a working root method or custom recovery?
Google's new Pixel and Pixel XL smartphones are available for pre-order right now, but the general public won't start to get their hands on these devices for another week or two. Tech reporters got some hands-on time at Google's launch event on October 4th, but camera testing wasn't allowed, and the Wi-Fi coverage at the event was too flooded for real-world performance reviews.
When was the last time you restarted or shutdown your Mac? In the post-iPhone era, most devices are now powered on almost constantly. For better or for worse, the computing landscape has accommodated this "always on" trend, but you still need to periodically restart your devices—especially your Mac.
We haven't had a working jailbreak method since October of last year, and that only worked for about a month until iOS 9.2 came out and shut down the loophole it was using. So all of those cool Cydia tweaks have been out of the question for quite a while now, unless you downgraded your firmware to keep jailbreak compatibility.
Considering how much smartphones cost in the first place, we're understandably reluctant to throw them out when we've bought a newer model. And this is probably the best practice, too, as there are many great uses for an old Android device.