All posts by geniusclub

TheFatRat hacking tool to create undetectable backdoors

What is TheFatRat?

TheFatRat is an exploiting tool that compiles malware with a famous payload, and then the compiled malware can be executed on Linux, Windows, Mac, and Android. Also, it Provides An Easy way to create Backdoors and Payload which can bypass most anti-virus.

What is a backdoor

A backdoor is a malware type that negates normal authentication procedures to access a system. As a result, remote access is granted to resources within an application, such as databases and file servers, giving perpetrators the ability to remotely issue system commands and update malware.

TheFatRat features

TheFatRat is a powerful tool and it also has many features which can impress you and convince you to use it.

  • Fully Automating MSFvenom & Metasploit.
  • Local or remote listener Generation.
  • Easily Make Backdoor by category Operating System.
  • Generate payloads in Various formats.
  • Bypass anti-virus backdoors.
  • File pumper that you can use for increasing the size of your files.
  • The ability to detect external IP & Interface address.
  • Automatically creates AutoRun files for USB / CDROM exploitation

Uses of TheFatRat

  • FatRat is used for exploitation.
  • Is used to create malware
  • TheFatRat is used to combine payload with malware.
  • Also, TheFatrat is used for creating Backdoors for Post Exploitation.
  • TheFatRat is used for browser attacks.
  • FatRat is used to get DDL files from Linux.
  • FatRat can create malware in different extensions.

You may also like how to use John The Ripper password cracker

Installation

Then, let us see how we can get and install TheFatRat. Before you install make sure you have kali Linux installed on the pc.

NB: In this article, we are going to use Kali Linux. But if you don’t have Kali Linux installed just have a look at how to start with Kali Linux. best way to follow. It may work also with other Linux distribution like Parrot.

Also, in this article we will be using some Linux basic commands, if you are not familiar with linux don’t continue this article. But read Basic Linux commands for beginners to advance and then continue after .

Installation procedures

log into the Kali Linux machine and open the terminal windows. type git clone https://github.com/Screetsec/TheFatRat

After cloning is completed, type cd TheFatrat, and then hit enter.

We can see the setup.sh file. To execute this file we need to give executable permission, to do that we run the following command in the terminal. Then, type chmod +x setup.sh and hit enter.

Type sudo ./setup.sh and hit enter the start the installation it will ask you your root password. Then, an updating Kali repo popup appears. Then, the tool starts the installation process. It will check for all the necessary tools are installed in the system to run FatRat. If some tools are missing in the system FatRat will auto-install them.

After the update windows close, TheFatRat asks to create a shortcut in the system type y, and hit enter. Take a cup of coffee and relax

Then. after the installation is complete, in the terminal type fatrat and hit enter.

You must know that TheFatRat work together with Metasploit Framework (MSF) is far more than just a collection of exploits–it is also a solid foundation that you can build upon and easily customize to meet your needs. This allows you to concentrate on your unique target environment and not have to reinvent the wheel.

How to troubleshoot TheFatRat

chk_tools script to use in case of problems in setup.sh of fatrat this script will check if everything is in the right version to run fatrat and will also provide you a solution for the problem

cd TheFatRat
chmod +x chk_tools 
./chk_tools

Warning

This article is for educational purposes only, usage of TheFatRat for attacking targets without prior mutual consent is illegal. We assume no liability and are not responsible for any misuse or damage caused by this program.

get into the penetration testing field

Do you want to get into the penetration testing field?. if yes, we are going to discuss how you can stop being a script-kiddies and become a good penetration tester. If you are reading this article, you are on a good way to become an expert in penetration testing.

The way has never been easy but you can reach it if others reached it. But depend on the energy and effort you are going to put into it.

Then, before we continue with this article, let us see first what penetration testing really is. because some are having confusion about penetration testing and Ethical hacking.

Also you should read this article, how to become an ethical hacker

What is penetration testing?

Penetration testing is a type of security testing that is used to test the security of an application. It is conducted to find a security risk that might be present in a system.

When a system is not secure, then it’s easy for an attacker to get into it. Security is normally an accidental error that occurs while developing a system.

why is penetration testing important?

You must understand that penetration testing is very important to assured the system or network security. Also, penetration testing normally must evaluate the system’s ability in order to be protected.

Also, penetration testing must assure that only external or internal authorized users can access the system.

Then, penetration testing is important because:

  • It provides evidence to suggest why it is important to increase investment in security aspect of technology
  • also, it estimates the volume of the attack
  • It supports avoid black hat attack and also protects the original data.
  • helps also to detect the weakness of the system

Attention: penetration testing is not only to know the list of tools used to test and to know how to use them. But a real penetration tester must be able to proceed rigorously and detect the weaknesses of a system. They must be able to identify the technology behind them and test every single door that might be open to attackers.

Also, this is important to inform yourself about the law and what you are allowed to do or not. According to your country, the computer laws are not the same. First, check laws about privacy and surveillance: Nine eyes countries, Five eyes, and Fourteen Eyes. Always check if what you’re doing is legal. Even when it’s not offensive, information gathering can also be illegal!

The penetration tester not only discovers vulnerabilities that could be used by attackers. But also must be able to exploit those vulnerabilities, to assess what attackers might gain after a successful exploitation

How is penetration testing Beneficial?

While the practice of penetration testing is growing in popularity, it comes with the benefit.

Identify and resolve system vulnerabilities: penetration testing is that penetration testers put themselves in a hacker’s position. By staying on the pulse of the cybersecurity world and regularly approaching IT systems from a cybercriminal’s perspective, penetration testers can identify a wide range of vulnerabilities and weaknesses in the system.

Gain valuable insights into digital systems: Reports from penetration testing can provide a valuable details about the network or system, its weak points, and how to strengthen it.

Establish trust with your clientele: A cyberattack or data breach negatively affects the confidence and loyalty of your customers, vendors, and partners.

Protection from financial damage: A simple breach of security system may cause millions of dollars of damage. Penetration testing can protect the organization from such damages.

some vocabulary related to penetration testing

Penetration tester: Is an ethical hacker who practices security, tests applications and systems to prevent intrusions or find vulnerabilities.

Reverse engineering: Reverse engineering, also called back engineering, is the process by which a man-made object is deconstructed to reveal its designs, architecture, or to extract knowledge from the object. Similar to scientific research, the only difference being that scientific research is about a natural phenomenon.

Social engineering: In the context of information security, it refers to psychological manipulation of people into performing actions or divulging confidential information.

Security researcher: Someone who practices pen testing and browses the web to find phishing/fake websites, infected servers, bugs, or vulnerabilities. They can work for a company as a security consultant and are most like a Blue team.

Penetration tester skills required

A penetration tester need to know how to modify existing exploits to get them to work in specific networks for testing purposes. But no single tester can possibly be an expert across all domains, but they need to be active learners and develop real-world experiences.

Understanding of secure web communications and technologies

You need an understanding of web technologies. Web applications are a well-accepted portion of just about every assessment we do these days, and everybody needs to understand them. Our assessors need to know how web applications are built, how to identify input fields, and how to gather the information that can lead to exploiting the functionality of the web application.

You might like also Top 6 best OS for penetration testing

Ability to Script or Programming

Learning programming is the very first way to start learning about security. There’s a lot of languages, most people start with Python, which’s the easiest and the most popular one. PHP and Go are the less popular to write security-related stuff, but any of these can still be used in such context. Bash and PowerShell are mostly about scripting and writing simple CLI applications.

Programming language

You might like also 6 most common mistake that every beginner should avoid for the best result

Content Management Systems

First, a CMS is computer software used to manage the creation and modification of digital content. Digging into the functionalities and security of CMS’s will open your door to a better understanding of how you can manage when in front of one below:

  • WordPress
  • Joomla
  • Drupal
  • SPIP

Steps of Penetration Testing

Before the tester starts the vulnerability analysis of a system there are some crucial steps that he must follow. each step is important in order to elaborate a good report after finish the work.

  • Planning and preparation
  • Reconnaissance
  • Discovery
  • Analyzing information and risks
  • Active Intrusion Attempts
  • Final Analysis
  • Report Preparation

You can also read more about penetration method

Penetration testing tools

The Kali Linux penetration testing platform contains a vast array of tools and utilities. From information gathering to final reporting, Kali Linux enables security and IT professionals to assess the security of their systems.

Also, check this for more information about kali linux tools

Additional resources

Also, here are some of other additional resources’ that will help you in your jorney of becoming a pentester.

Notice: These resources are not only that you can use. But know that there are many resources over the internet and also books that can help you.

How to install kali Linux on termux

Kali Linux is an open-source, Debian-based Linux distribution geared towards various information security tasks, such as Penetration Testing. Also, in Security Research, Computer Forensics, and Reverse Engineering.

with the definition of Kali Linux, you can understand what it is, and if not don’t worry we have a complete guide about it. How to start with Kali Linux. Then, in this article, we are going to discuss Kalimux on termux.

Requirements to install Kali Linux on termux

On termux it’s possible to run Kali Linux , the spelling on termux is KALIMUX. Now before we continue let discuss what are requirements in order to run KALIMUX.

Kali Linux or Kalimux features

Also, before we dig into this guide let discuss Kalimux features. Then, you will see that kalimux has some good features that will impress you.

  • [+] Stable and latest!
  • [+] Gui in android!
  • [+] Real-time Kali Linux!
  • [+] Easy for Beginners!

KALIMUX installation

Let start the installation of Kali Linux on termux. First we are going to update and upgrade termux.

Then, open your termux terminal and type this command:

apt-get update -y 
apt-get upgrade -y

Next step is to install python if not yet installed otherwise it will not install kalimux.

pkg install python -y
pkg install python2 -y

Then, having git installed is required or you can install it with the command: pkg install git -y

Now it’s time to clone kalimux from GitHub by using this command:

git clone https://github.com/noob-hackers/kalimux

Then, navigate in the kalimux folder in order to install it.

cd kalimux
sh kalimux.sh

So after installation completes the text files will occur just copy it by long click on the text.

./start-kali.sh

Using kali Linux as GUI using VNC viewer

Then, after we have done to install Kali Linux or KALIMUX in termux. Also, we need to download the VNC viewer from the play store. and for more details read Graphical Environment on Termux

Termux command to hide a phishing link in url

In our previous article, we discussed Maskphish best termux tool for hiding phishing link under trusted link. But now we are going to discuss how you can hide a phishing link under trusted link using termux command.

Also, know that in this article we are going to talk about maskphish. Then, you have not yet read the previous post about maskphish I suggest you to read it because in this article I won’t discuss about the installation.

Maskphish is a simple bash script that helps to hide a phishing URL under a normal URL. This amazing help you to hide phishing link under URL like Facebook.com. Also, to generate a phishing link you can read Zphisher best termux tool for phishing

Termux command to install Maskphish

First, before to continue with this article, let first remind about some installation commands.

git clone https://github.com/jaykali/maskphish

Then, I consider you have already clone Maskphish, Now open your termux terminal then navigate into maskphish folder by using commands.

cd maskphish
bash maskphish.sh

Then, after running the command maskphish will open and ready to go. This is the main menu of maskphish.

After executing the maskphish command the process is quiet easy then copy your phishing link that you want to hide. also, know that can be whatever generated by tool like Zphisher.

Then, we have to put the trusted URL that you know can attract your victim to click on. You can choose any link like https://facebook.com or https://youtube.com

Now this is a sweetest part where you have to use your social engineering words depending on what the victim can be. Also, if you are not good in social engineering attack you can use this guide.

Eg: sometimes your victim might be a football player or a fun of football. Now you can use words like “hey this is new best football skills for CR7 “.

Then, as you see the tool has already generate a link . you can now copy your phishing link generated by maskphish and send it to your victim.

You might like also Instahack best termux hacking tool for Instagram

Warning: this article is only for education purpose any usage of MaskPhish for attacking targets without prior mutual consent is illegal. We won’t be responsible for your damage.

Maskphish best termux tool to hide phishing link

Maskphish is a simple bash script that helps to hide a phishing URL under a normal URL. This amazing help you to hide phishing link under URL like Facebook.com.

Nowadays people are smart enough than in past years. It seems like phishing links became common for them and not easy to get them trapped again. Then, if you are reading this article it’s because you want to know how you can hide your phishing URL. Now you are on a good way to continue reading and hope after reading this article you will get what you need.

Then, I consider you to be familiar with termux and know how you can generate a phishing link. But if not don’t worry we thought about and prepare for you what can help you.

Now in our previous article, we discussed Zphisher best termux hacking tool for phishing. Also, don’t hesitate to check this article about onex best hacking tools on termux.

Then, why you should use Maskphish, and who can install it. we are going to discuss all these questions in this article.

Why you should use Maskphish

As I mentioned people are smart enough and it’s hard to trap them with a phishing link. Because phishing links look suspect most internet users are scared to open untrusted links. But the good news is that let us thanks to the contributor (https://github.com/jaykali) of this amazing tool who thought about that problem and resolves it.

Then, with Maskphish you can hide your phishing link under a trusted link like google.com and with that technic, you can easily get the trust of your victim.

  • Maskphish is easy to use
  • Also, is available on many platforms
  • You can have a discussion Maskphisher tool with contributors
  • it’s also free

Who can install Maskphish

Then, as you are aware of why you should use Maskphish, let us discuss who can install it. Maskphish is available on many platforms such as:

  • Kali Linux
  • Termux
  • Ubuntu

Installation process

Now, this is the time to get Maskphish and install it. consider using one of the platforms discussed above. Also, if you don’t have termux or don’t know how to start with it you might read How to hack with your smartphone using termux.

Also, we have a complete guide on How to install kali Linux OS properly you should check it. Then, if you want more information about ubuntu we suggest you read the official docs for Ubuntu.

NB: in this article we are discussing about Termux installation even if it can be the same with other platforms.

Then, the first step you have to update termux repository

apt-get update -y
apt-get upgrade -y

Also, if you don’t have git installed on your termux you should install it with the command

pkg install git -y

Then, the last step is to clone Maskfish from GitHub. You can just copy this link in your terminal and press enter.

git clone https://github.com/jaykali/maskphish

Now, navigate into the Maskphish folder in order to install it.

cd maskphish
bash maskphish.sh

Also, if you want to discuss about Maskphish or having issue with the tool follow the discussion now.

Conclusion and Legal Disclainer

This tool is for education purpose only. Usage of MaskPhish for attacking targets without prior mutual consent is illegal. It’s the end user’s responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this tool. Use Responsibly!

Instahack best Termux Instagram hacking tool

You may be in need of testing your Instagram password strength or something else. The good news is that now you are going to discover the power full Instahack a best termux Instagram hacking tool.

Instahack gives you the opportunity of testing your password. Also, in our previous article, we discussed Zphisher best termux hacking tool for phishing. Also, don’t hesitate to check this article about onex best hacking tools on termux.

What is Instahack best termux Instagram hacking tool?

Instahack is a bash-based script that is officially made to test the password strength of Instagram account from termux with brute-force attack and. Also, This tool works on both rooted Android devices and Non-rooted Android devices.

who can install Instahack best termux instagram hacking tool

Then, as you know already what Instahack is, why not know who can install it. If you want to install Instahack you must have Termux installed on your android device. But if you don’t have it installed or don’t know how to install Termux don’t worry we prepared for you How to hack with your smartphone using termux.

what are the requirements?

Before to install Instahack let us first see what are the requirements.

  • Internet
  • Root Device or not
  • Php
  • storage 400 MB
  • Ngrok Token

what are the features of Instahack?

Then, as we now know the requirements in order to install Intahack, let now discuss features.

  • [+] Instagram stable API
  • [+] Updated maintenance
  • [+] tor usage
  • [+] Easy for Beginners

How to install Instahack best termux Instagram hacking tool?

Then, the time of installation is now, and i will require you to follow all steps to install Instahack properly.

The first step is to update Termux repository.

apt-get update -y
apt-get upgrade -y

Then, the second step is to install python if you didn’t install it before.

pkg install python -y
pkg install python2 -y

Also, the next step is to install git and lolcat if not yet install

pkg install git -y
pip install lolcat

Then, the following step is to clone Instahack in termux

git clone https://github.com/evildevill/instahack

Also, navigate into Instahack folder.

cd instahack
ls

Then, the last step you install instahack

bash setup
bash instahack.sh

Instahack usage options

Then, as you have done the installation let us see what are some options that you can find in Instahack.

  • Auto attack: from this option you can start an attack
  • Manual attack: you can select manual pass list ad try attack
  • About: also, this option help you know more about the author
  • Update: from this option you can update Instahack tool if updates are available.

Warning

Also, know that this tool only for education purpose, if you use it for other purposes except education we will be not be responsible in such case.

Zphisher best termux hacking tool for phishing

Zphisher is an advanced phishing toolkit it is an upgraded version of Shellphish. It also has the main source code from Shellphish but ZPhisher is upgraded. Also, has removed some unnecessary codes from Shellphish.

Also, it is a beginner’s friendly, automated phishing tool with 30+ templates.

What are the features of Zphisher?

Then, it’s time to see Zphisher features.

  • Latest and updated login pages.
  • Mask URL Support
  • Beginners friendly
  • Docker support
  • Multiple tunneling options (Localhost, Ngrok )

What are Zphisher dependencies?

Notice: All the dependencies will be installed automatically when you run Zphisher for the first time.

  • Php
  • Wget
  • Curl
  • Git

You may also like to know how to install Tool-X best termux hacking tool

Zphisher supported Platforms

You may want also to know Zphiser is supported by which platforms. the good news is that it’s available on many platforms. Then, know that in this article we are talking about Zphisher on termux.

You may like also how to install onex best termux hacking tool

How to install Zphisher on Termux?

Then, if you are reading this article I’m sure that you have Termux installed on your device, and if not don’t worry. Because we wrote a starter guide on how to hack with your smartphone using Termux.

Also, if you are among those who think Termux is the same as Linux don’t hesitate to read this guide what is the difference between Termux to Linux.

Then, let us continue you may find that installing Zphisher can be done in few minutes.

apt update 
apt install git php curl openssh -y 
git clone https://github.com/htr-tech/zphisher
cd zphisher  
chmod +x zphisher.sh 
bash zphisher.sh

Then, after you finish to install Zphishing you are ready to use that amazing termux tool.

What can you do to be safe from phishing attacks?

Also, as now you know that it’s possible to hack using Zphisher let us see how to prevent phishing attacks.

  • Avoid clicking on any suspicious link.
  • Make sure you check the link if is driving to original website.

Also, for more information about this attack, I suggest reading how hackers hack Facebook and how to prevent them.

Legal disclaimer

Usage of Zphisher for attacking targets without prior mutual consent is illegal. Also, It’s the end user’s responsibility to obey all applicable local, state, and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

Man in the middle attack & how to prevent it

What is Man in the middle attack

A man in the middle (MITM) attack is a general term for when a perpetrator positions himself in a conversation between a user and an application, either to eavesdrop or to impersonate one of the parties, making it appear as if a normal exchange of information is underway.

The goal of an attack is to steal personal information, such as login credentials, account details, and credit card numbers. Targets are typically the users of financial applications, SaaS businesses, e-commerce sites, and other websites where logging in is required.

Information obtained during an attack could be used for many purposes, including identity theft, unapproved fund transfers, or an illicit password change.

Additionally, a man in the middle attack requires three players. There’s the victim is trying to communicate, and the man-in-the-middle, who is intercepting the victim’s communications. Critical to the scenario is that the victim isn’t aware of the MITM.

How does a Man In The Middle Attack work?

Let’s say you received an email that appeared to be from your bank, asking you to log in to your account to confirm your contact information. Then, you click on a link in the email received and are taken to what appears to be your bank’s website, where you log in and perform the requested task.

In such a scenario, the man in the middle (MITM) sent you the email, making it appear to be legitimate.

This attack also involves phishing, getting you to click on the email appearing to come from your bank.

Also, he created a website that looks just like your bank’s website, so you wouldn’t hesitate to enter your login credentials after clicking the link in the email. And the time you log in, you are not logging into your bank account, but you are handing over your credentials to the attacker.

Man In The Middle attack progression

Man In The Middle attacks come in two forms, one that involves physical proximity to the intended target, and another that involves malicious software, or malware.

Successful MITM execution has two distinct phases: interception and decryption.

Interception

The first step intercepts user traffic through the attacker’s network before it reaches its intended destination.

The most common (and simplest) way of doing this is a passive attack in which an attacker makes free, malicious WiFi hotspots available to the public. Typically named in a way that corresponds to their location, they aren’t password protected. Once a victim connects to such a hotspot, the attacker gains full visibility to any online data exchange.

When an attacker wishing to take a more active approach to interception, he may launch one of the following attacks:

You may also like How to use john the ripper password cracker

  • IP spoofing involves an attacker disguising himself as an application by altering packet headers in an IP address. As a result, users attempting to access a URL connected to the application are sent to the attacker’s website.
  • ARP spoofing is the process of linking an attacker’s MAC address with the IP address of a legitimate user on a local area network using fake ARP messages. As a result, data sent by the user to the host IP address is instead transmitted to the attacker.
  • DNS spoofing, also known as DNS cache poisoning, involves infiltrating a DNS server and altering a website’s address record. As a result, users attempting to access the site are sent by the altered DNS record to the attacker’s site.

Decryption

After an interception, any two-way SSL traffic needs to be decrypted without alerting the user or application. A number of methods exist to achieve this:

  • HTTPS spoofing sends a phony certificate to the victim’s browser once the initial connection request to a secure site is made. It holds a digital thumbprint associated with the compromised application, which the browser verifies according to an existing list of trusted sites. The attacker is then able to access any data entered by the victim before it’s passed to the application.
  • SSL BEAST (browser exploit against SSL/TLS) targets a TLS version 1.0 vulnerability in SSL. Here, the victim’s computer is infected with malicious JavaScript that intercepts encrypted cookies sent by a web application. Then the app’s cipher block chaining (CBC) is compromised so as to decrypt its cookies and authentication tokens.
  • SSL hijacking occurs when an attacker passes forged authentication keys to both the user and the application during a TCP handshake. This sets up what appears to be a secure connection when, in fact, the man in the middle controls the entire session.
  • SSL stripping downgrades an HTTPS connection to HTTP by intercepting the TLS authentication sent from the application to the user. The attacker sends an unencrypted version of the application’s site to the user while maintaining the secured session with the application. Meanwhile, the user’s entire session is visible to the attacker.

You may also like How hackers hack Facebook Accounts, and How to prevent them

Man in the middle attack prevention

Blocking MITM attacks requires several practical steps on the part of users, as well as a combination of encryption and verification methods for applications.

Also, with the amount of tools readily available to cybercriminals for carrying out Man In The Middle attacks, it makes sense to take steps to help protect your devices, your data.

  • make sure you always visit website with the HTTPS
  • Be wary of potential phishing emails from attackers asking you to update your password or any other login credentials. Instead of clicking on the link provided in the email, manually type the website address into your browser.
  • Never connect to public WIFI routers directly, if possible a VPN encrypts your internet connection on public hotspots to protect the private data you send and receive while using public WIFI, like passwords or credit card information.
  • Avoiding WIFI connections that aren’t password protected.

For website operators, secure communication protocols, including TLS and HTTPS, help mitigate spoofing attacks by robustly encrypting and authenticating transmitted data. Doing so prevents the interception of site traffic and blocks the decryption of sensitive data, such as authentication tokens.

How hackers hack Facebook Accounts & How to prevent them?

Facebook is, undoubtedly, the most popular social networking website with more than 500 million active users. Due to its popularity, many bad guys (black hackers) are actively involved in hacking Facebook accounts of unsuspecting users. Most people may ask why hackers hack Facebook accounts.

This article outlines strategies that hackers use to gain access to the Facebook accounts of hundreds of users each day. Also, you will see how you can prevent some attacks from hacking your account. In the previous article, we discussed how to protect the Facebook account from hackers

Why do bad guys try to hack Facebook accounts?

As I mentioned above Facebook is a popular social networking website, this brings many people to try to access someone’s Facebook account without his consent.

You must also know that hackers can try to access your account for modifying your information, exposing your information, or maybe for fun. Some of the beginners in hacking (script kiddies) try to use some hacking tools developed by professional hackers to hack Facebook account. Also, they can try to hack Facebook account because of:

  • Exposing your information.
  • Modifying your data
  • Because of love reasons
  • For joking or celebrity.
  • For money

How do they do to hack Facebook accounts? and which technics do they use?

Although Facebook is more secure there are some technics hackers use to hack Facebook account like phishing, keylogging, Trojans/backdoors, Sniffing, Social Engineering, and Sessions Hijacking …

Phishing – hack Facebook accounts

Phishing is one of the easiest ways to trick users into giving out their login credentials. All a hacker does is set up a webpage similar in design to that of the Facebook homepage, attach a server-side script to track the username and password entered, and store it in a log.

 A new trend amongst phishers is creating Facebook look-a-like widgets for stealing user’s login credentials. The hacker sends you the link by using some attractive words or other technics like:

Hey, do you know that Facebook has a new update? Install the new update by following this link. 

And after the hacker has sent you the link and attractive message he will be waiting for you just to log in and get your information and your account will be hacked. But nowadays Facebook blocks phishing links. Then, know that it can’t block phishing links only if the hacker used another method to send the link.

How to prevent yourself from being phished?

At all costs, avoid clicking on suspicious links. Moreover, always check the URL in the address bar before signing in. Avoid logging in through various “Facebook widgets” offered by websites and blogs. Instead, use Facebook’s homepage to sign in.

Always try to use Safe Search while searching. If you do manage to get phished, report the website so that others may get a warning before visiting it. You can also read our article how to secure Facebook account from hackers to prevent against attacks.

Keylogging – hack Facebook accounts

Keylogger is a type of computer virus that tracks key strokes. Keyloggers can be installed remotely on a computer system by a cracker to record all the activity that is going on the victim’s computer. Also, it can get easier if the hacker has physical access to the victim’s computer.

Also, know that with this technic a hacker can record all your activities; he can get you username, password and more other information.

How to stop keyloggers?

If you want stop to be keylogging install a good antivirus and update it frequently. Do not click on suspicious links and avoid downloading illegal software. Also, avoid installing free toolbars and other such spam software. Always scan third-person’s flash and pen drives before using them on your computer.

Social Engineering

Social engineering is the art or better yet, science, of skillfully maneuvering human beings to take action in some aspect of their lives.

Also, social engineering involves using any trick to fool the user into making himself vulnerable to exploits. This could involve anything from sending spoof emails, pretending to be from Facebook, telling you to change your password to 123456 to a hacker maliciously getting out the answer to your Security Question in a friendly chat or discussion.

How to prevent yourself from being socially engineered?

The only true way to reduce the effect of these attacks is to know that they exist, to know how they are done, and to understand the thinking process and mentality of the people who would do such things. Also, stay aware during chats and discussions.

Also, use a tough security question, preferably one whose answer you would never disclose to anyone. Moreover, Facebook, or any other company for that matter, will never ask you to change your password or do something as silly as asking you to send out your login details to prove that you are an active user.

Always think before taking action and your e-life on Facebook will be safe from hackers looking to hack Facebook accounts.

Conclusion

Also, hackers try to hack your email address to get into your account. It can be easy for a hacker to access your account if he knows your email account used on your Facebook account.

I know you may ask yourself how can it be possible, but know that a hacker can use brute force attack to get your password and access your account reason why avoid making public your email account. I will recommend you to read our article on how to protect the Facebook account from hackers.   

How to become an Ethical Hacker

This guide is all about how to become an ethical hacker. Then, before we continue we have first to know who are ethical hackers and what they can do. Becoming an ethical hacker may seem easy in theory. But to become a good hacker you have to follow some steps.

Who is a hacker?

The word hacker originally defined a skilled programmer proficient in machine code and computer operating systems. Also, a hacker is a person who breaks into a computer system. The reason for hacking can be many: installing malware, stealing, or destroying data.

Hackers can be also there to find software vulnerabilities in order to fix them.

How does hacking work?

Hackers breach defenses to gain unauthorized access into computers, phones, tablets, IoT devices, networks, or entire computing systems. Hackers also take advantage of weaknesses in network security to gain access. The weaknesses can be technical or social in nature. Let also see some types of hackers.

  • Cybercriminals
  • Hacktivists
  • Ethical hackers
  • Script kiddies

Now as you already know who is a hacker let us see also what is ethical hacking.

what is ethical hacking?

Ethical hacking involves the legal use of hacking techniques for benevolent versus malicious purposes. Ethical hackers use penetration testing and other tactics to find software vulnerabilities and other security weaknesses so they can be promptly addressed.

Who is a penetration tester?

Many people think that a Penetration Tester is just a White Hat Hacker but this is wrong… White Hat Hacker is anyone who works or fight to protect the cyber security…

Penetration Testers are essentially Gray Hat Hackers. They are between the two worlds… this makes Penetration Testers be the most Advanced Hackers because they know how to attack and how to protect!

who is an ethical hacker?

The term ethical hacker includes all security professionals that provide offensive services, whether red team, pentester, or freelance offensive consultant. Also, an ethical hacker’s primary purpose is to view security from the adversary’s perspective in an effort to find vulnerabilities that could be exploited by bad actors.

Role of an ethical hacker

Ethical hackers can be independent freelance consultants, employed by a firm that specializes in simulated offensive cybersecurity services, or they can be an in-house employee protecting a company’s website or apps.

Possessing ethical hacker skills and knowledge is helpful for many other security roles

Now can see then how to become an ethical hacker as you already who he is and what he can do.

The skills required to become an ethical hacker

While there are plenty of anecdotal stories of blackhat hackers being converted to be whitehats in a bygone era, the most important requirement for becoming a successful ethical hacker today is to have, as is found in the name, high ethical standards.

Ethics are what separates the good guys from the bad guys. There are plenty of blackhat hackers that have adequate technical skills to be ethical hackers, but they lack the discipline of character to do the right thing regardless of the perceived benefits of doing otherwise.

A candidate for an ethical hacker job must be able to demonstrate advanced cybersecurity technical skills. The ability to recommend mitigation and remediation strategies is a part of the desired experience.

To become an ethical hacker you have to understand the networks.

A hacker should be able to gather information about a network with the intent to secure the network system. He can also use various tools like Telnet, NS lookup, Ping, Tracert, etc.

Also an ethical hacker must know about the networking and how a network work. He must know about fundamentals of network such as: network models, IP address and network protocols etc. Networking skills is very important in ethical hacking field. Almost all devices are connected to the network.

An ethical hacker must be proficient with operating systems, especially Windows and Linux

Linux System hacking

Linux is an operating system that acts as an intermediary as a bridge between the physical device and the instruction code of the program. in our previous article, we discussed the Linux tutorial for beginners.

hacking a Linux-based computer system and get access to a password-protected Linux system, you must know Linux’s basic file structure. Also you can have a look on these top 6 Best operating system linux for hacking and penetration testing.

windows hacking

Microsoft Windows, commonly referred to as Windows, is a group of several proprietary graphical operating system families, all of which are developed and marketed by Microsoft.

An ethical hacker must have strong coding skills.

You may find that many people on the internet say that you don’t need to know how to program to be a hacker, I don’t judge them but programming is more important in hacking. Sure you may perform some attacks without programming skills by using other script, but at a given point it will require you to have skills in programming.

Programming languages that an ethical hacker need to know

  • Assembly
  • C Lang
  • C++
  • Go Lang
  • python

How to get experience as an ethical hacker

Experience with vulnerability testing tools, such as Metasploit, Netsparker,  and OpenVAS, is very helpful for ethical hackers. These tools and there are many more of them, are designed to save time when searching for known vulnerabilities. These or similar tools may provide a useful framework for vulnerability scanning and management but should represent only the starting point for an experienced ethical hacker. Also, get in hands with kali linux operating system.

What is the Outlook for Ethical Hackers?

Cyberwarfare is extremely common, and many high-profile enterprises have been subject to major hacking issues. In this day and age, spending on IT security on a global scale is reaching the trillion-dollar mark. What better way to combat the threat of black-hat hacking than by making use of an army of white-hat hackers?

The demand for ethical hackers is at an all-time high and rising. Many experienced, ethical hackers can expect to earn in excess of $120,000 per year, especially if they are running their own consultancies or penetration testing companies.