How To: BeEF+Ettercap:Pwning Marriage
This is the best how-to's website that I've ever seen, and I wanted to join it. It taught me a lot, but, because I'm here to learn too, please correct me if I'm wrong.
Soviet Attack Search Results
Hack Like a Pro: How to Find Exploits Using the Exploit Database in Kali
Welcome back, my budding hackers! When we are looking for ways to hack a system, we need a specific exploit to take advantage of a certain vulnerability in the operating system, service, or application. Although I have shown you multiple ways to exploit systems here in Null Byte, there are still many more exploits available that I have not yet shown you.
Hack Like a Pro: Creating a Virtually Undetectable Covert Channel with RECUB
Welcome back, my budding hackers! We've spent a lot of time learning to compromise Windows systems, and we've successfully compromised them with Metasploit, cracked their passwords, and hacked their Wi-Fi. However, very little time was spent developing ways to extract the information from the system once inside.
How To: Defend Yourself Against an Attacker Choking You from the Front
Would you want to be able to defend yourself and your loved ones if someone were to physically attack you? This video will show you how to defend yourself against an attacker choking you from the front. It' the best MMA for self-defense, especially for a teenager.
Hack Like a Pro: How to Grab & Crack Encrypted Windows Passwords
Welcome back, my neophyte hackers! Several of you have written me asking how to crack passwords. The answer, in part, depends upon whether you have physical access to the computer, what operating system you are running, and how strong the passwords are.
Hack Like a Pro: How to Crash Your Roommate's Windows 7 PC with a Link
In my first few articles, we focused on operating system hacks. These hacks have been primarily on older operating systems such as Windows XP, Windows Vista, and Windows Server 2003.
How To: Do sabre fencing attacks
In this series of video clips, you’ll learn more about these different weapons. An important component of fencing is the footwork and balance. Get informative tips on the choreography of a sword fight from our expert. Learn more about the modern scoring apparatus and other fencing equipment. If you are a novice fencer, you can get more advanced tips and ideas for fencing foil techniques and vaulting and linear footwork.
How To: Play the Comets and Craters iPhone tower defense game
Need a new iPhone app? Check out Comets and Craters, a new iPhone tower defense strategy game. These ten video tutorials cover all of the gameplay troubles you may have. Steve explains the features and gameplay to help you get the most out of playing Comets and Craters on your Apple iPhone. For those more seasoned Tower Defense players, the video's also provide some insight regarding scoring, upgrades, plus Tower and Enemy capabilities.
How To: Defeat Cassandra in Shank for the Xbox 360
Cassandra, your old lover in Shank, and she's not exactly happy to see you. Alright, so you cut her up a little bit, I mean, she was over reacting, right? She can be a tough enemy if you don't know her pattern of attacks and counter attacks. In this video you will get a chance to see what the best startegy to use against her is, as well as her points of counter attack.
How To: This $1,300 Ethical Hacking Bundle Is on Sale for $40 Today
There are countless ways in which you can turn your love of tech and coding into a full-fledged career — from developing apps and websites as a freelancer to working in the IT departments of small startups or major tech companies. But one of the best ways that you can put your programming skills to good use is to join the increasingly important world of cybersecurity.
How To: Learn the Ins & Outs, Infrastructure & Vulnerabilities of Amazon's AWS Cloud Computing Platform
While we haven't covered Amazon Web Services, or AWS, on Null Byte before, Amazon's cloud computing platform is ripe for attack by hackers, pentesters, and cybersecurity researchers. It's also an excellent cloud hosting service to build or use vulnerable-by-design AWS setups and frameworks.
Hacking Windows 10: How to Hack uTorrent Clients & Backdoor the Operating System
Compromised uTorrent clients can be abused to download a malicious torrent file. The malicious file is designed to embed a persistent backdoor and execute when Windows 10 reboots, granting the attacker remote access to the operating system at will.
How To: Quickly Gather Target Information with Metasploit Post Modules
Post-exploitation information gathering can be a long and drawn-out process, but it is an essential step when trying to pivot or establish advanced persistence. Every hacker should know how to enumerate a target manually, but sometimes it is worth it to automate the process. Metasploit contains post modules that can quickly gather valuable information about a target, saving both time and effort.
News: Startup Illumix Brings Mobile Horror Franchise Five Nights at Freddy's into Augmented Reality Gaming
A little over a year after emerging from stealth, augmented reality gaming startup Illumix has launched its first title using a familiar formula, but with a new twist.
How To: Use Microsoft.com Domains to Bypass Firewalls & Execute Payloads
Microsoft.com is one of the most extensive domains on the internet with thousands of registered subdomains. Windows 10 will ping these subdomains hundreds of times an hour, making it challenging to firewall and monitor all of the requests made by the operating system. An attacker can use these subdomains to serve payloads to evade network firewalls.
How To: Discover XSS Security Flaws by Fuzzing with Burp Suite, Wfuzz & XSStrike
Cross-site scripting is one of the most common vulnerabilities found on the web today, with repercussions of this type of flaw ranging from harmless defacement to sensitive data exposure. Probing for XSS can be tedious and time-consuming for an attacker, but luckily there are tools available to make things a little easier, including Burp Suite, Wfuzz, and XSStrike.
How To: Conduct OSINT Recon on a Target Domain with Raccoon Scanner
Reconnaissance is the phase of an attack where a red team or hacker designs a strategy based on the information they can learn about the target, as well as what the available attack surface looks like. These scans can take time to discover relationships, but Raccoon OSINT scanner coordinates multiple automated scans to produce invasively detailed reports on a target with a single command.
SQL Injection 101: Common Defense Methods Hackers Should Be Aware Of
Database technology has vastly improved the way we handle vast amounts of data, and almost every modern application utilizes it in one way or another. But the widespread use of databases naturally invites a slew of vulnerabilities and attacks to occur. SQL injection has been around for awhile, and as such, there are many defense methods in place to safeguard against these types of attacks.
Hacking macOS: How to Dump Passwords Stored in Firefox Browsers Remotely
Passwords and data stored in web browsers are extremely valuable to hackers. If not for financial gain, black hat hackers may still leak your passwords and personal information for amusement. Never undervalue what you're worth to a hacker.
Hacking macOS: How to Remotely Eavesdrop in Real Time Using Anyone's MacBook Microphone
Google, Amazon, and Facebook are always listening. But what's worse? Hackers are listening, too. Windows PCs are particularly vulnerable, but with a few simple commands, a remote attacker can even take over the microphone on someone's Mac computer, streaming audio and listening to private conversations in real time without the victim's knowledge, abusing an overlooked security consideration.
Hacking macOS: How to Create a Fake PDF Trojan with AppleScript, Part 1 (Creating the Stager)
While hackers have taken advantage of numerous vulnerabilities in Adobe's products to deliver payloads to Windows users via PDF files, a malicious PDF file can also wreak havoc on a Mac that's using the default Preview app. So think twice before double-clicking a PDF open on your MacBook — it might just be a Trojan with a rootkit inside.
SQL Injection 101: Advanced Techniques for Maximum Exploitation
For SQL injection, the next step after performing reconnaissance and gathering information about a database is launching an attack. But something seems off .. in the real world, it's usually not quite as simple as passing in a few fragments of SQL code to an input field and seeing all that glorious data displayed right in the browser. This is when more advanced techniques are needed.
Hacking macOS: How to Configure a Backdoor on Anyone's MacBook
The conversation of which operating system is most secure, macOS vs. Windows, is an ongoing debate. Most will say macOS is more secure, but I'd like to weigh in by showing how to backdoor a MacBook in less than two minutes and maintain a persistent shell using tools already built into macOS.
Advanced Phishing: How to Inject Meetings into Anyone's Google Calendar
Google Calendar is a cornerstone of the Google Suite, perhaps second only to Gmail itself. Whereas email is constantly plagued by phishing attacks, as of yet, the calendar is a relatively untapped social engineering attack vector. But it's relatively easy for an attacker to inject a meeting or event into a target's Google Calendar and use it to exploit them.
How To: Easily Generate Hundreds of Phishing Domains
A convincing domain name is critical to the success of any phishing attack. With a single Python script, it's possible to find hundreds of available phishing domains and even identify phishing websites deployed by other hackers for purposes such as stealing user credentials.
How To: Hack Your Neighbor with a Post-It Note, Part 2 (Setting Up the Attack)
In the previous article in this short series, we learned how to find our neighbor's name using publicly accessible information and how to monitor device activity on their home network. With this information at our disposal, it's time to get into installing and configuring the necessary tools to begin our attack on John Smith's computer.
How To: Use SSH Local Port Forwarding to Pivot into Restricted Networks
SSH is a powerful tool with more uses than simply logging into a server. This protocol, which stands for Secure Shell, provides X11 forwarding, port forwarding, secure file transfer, and more. Using SSH port forwarding on a compromised host with access to a restricted network can allow an attacker to access hosts within the restricted network or pivot into the network.
How To: Use SHA-256 Hash to Verify Your Downloads Haven't Been Modified
Any internet user will need to download files eventually, and most simply have faith that what they are downloading is trustworthy. This doesn't give much clarity into the contents of the file, but if the file's author published the original checksum, comparing it to the SHA-256 hash of the downloaded file can ensure nothing was tampered with.
How to Hack Wi-Fi: Automating Wi-Fi Hacking with Besside-ng
Besside-ng is the hidden gem of the Aircrack-ng suite of Wi-Fi hacking tools. When run with a wireless network adapter capable of packet injection, Besside-ng can harvest WPA handshakes from any network with an active user — and crack WEP passwords outright. Unlike many tools, it requires no special dependencies and can be run via SSH, making it easy to deploy remotely.
How To: Modify the USB Rubber Ducky with Custom Firmware
The USB Rubber Ducky comes with two software components, the payload script to be deployed and the firmware which controls how the Ducky behaves and what kind of device it pretends to be. This firmware can be reflashed to allow for custom Ducky behaviors, such as mounting USB mass storage to copy files from any system the Duck is plugged into.
News: Samsung Preinstalls McAfee Bloatware on Your S8 & It's Neither Great nor Free
Malware attacks on mobile phones are reaching an all-time high and it looks like companies like Samsung are doing all that they can to prevent any unwanted hackers from accessing its sensitive user data.
News: It's Now Safe to Open Links in iPhone Apps Again After iOS 10.3 Security Fix
While clicking random links on the internet probably isn't the best idea to begin with, now you can rest easy knowing that your iPhone won't repeatedly dial 911 after tapping a malicious link in Twitter, Facebook, or other apps that use iOS's WebView.
News: Use ProtonMail More Securely Through the Tor Network
ProtonMail has long been the favorite of journalists and security-conscious professionals, with Edward Snowden the most famous example. But these days, everyone cares about anonymity, so it's no surprise that ProtonMail currently has over 2 million users. And now the service is even better.
News: Hello to the Null Byte Community!
Hello, Null Byters. I'm Barrow, and I'm excited to introduce myself as the new admin here on Null Byte. Just like previous admins have done before me, I will be writing new guides, updating older guides if they need it, and responding to some of your issues in the forum. Before I get started with any of that, though, I wanted to talk a little bit about myself and the future of Null Byte.
News: 'Metaphor' Exploit Threatens Millions of Android Devices—Here's How to Stay Safe
The Stagefright exploit, which allowed for malicious code to be embedded in files on your device, is now very real in the form of Metaphor. Developed by software research company NorthBit, Metaphor is their implementation of exploits to the Stagefright library, and when executed, can access and control data on your device.
How To: Perform an Attack Over WAN (Internet)
So, you want to perform an exploit on a victim, but you're not on the same network as their machine. In this tutorial, I'll be showing you how to set up a meterpreter reverse_tcp attack to work over the internet.
How To: Do a Simple NMAP Scan on Armatige
How to do an NMAP scan on Armitage to find IPs within a certain range. Armitage is a gui interface of Metasploit, and advanced hacking/exploiting program. It can be downloaded from http://metasploit.com/ and http://fastandeasyhacking.com/ and you will need NMAP. http://www.nmap.org/
How To: Make a Reverse HTTPS Payload and Send It with CobaltStrike
Hello everyone Today I will show a different way to exploit a windows machine with a reverse https payload..."wait...why https? Isn't tcp good anymore?"
Real Scenarios #2: The Creepy Teacher [Part 1]
Your English teacher is a creep. The way he looks at your girlfriend, the way he always spends ages with the girls in the class going over their work but not the boys, just the way he is.
How To: Steal Form Data from Your Fake Website
Though you can use the Social Engineering Toolkit to clone websites, this way is much more customisable.