B L A C K J A C K S

Securing your data and infrastructure has been a top priority for many companies and one of the greatest challenges is to deploy a solution that is easy to use, secure and cost effective. Recently, a client came to us with the need to consolidate their firewall application with minimal downtime and overall expense. They had three different firewall products installed from varying manufacturers, three different subscriptions, management platforms, and support agreements and sales teams. This was becoming a very large headache for the client. If a device or application had a problem it took hours of downtime to debug the problem due to the inherent complexity of their solution and they were frustrated because they had deadlines for other projects that were not being met. Below are some key considerations to keep in mind when assessing your security practice. 1) Understanding Next Generation Firewall (NGFW) vs. Unified Threat Management (UTM) vs. Intrusion Prevention system (IPS...

Sometimes the best thing to say about a wireless router in your house is that once it's set, you forget it exists.As long as the devices that need the Wi-Fi connection can get on and function, that's all that matters, right? Maybe, but we also live in the age of leaks, wiki and otherwise. If you're worried about the security of your home and by extension your personal data especially from hackers who could casually sit in a car outside and get access to your systems then you need to put a padlock on that wireless. You may also want to prevent others from using your network, and freeloaders alike. Change Your Router Admin Username and Password Every router comes with a generic username and password if they come with a password at all. You need it the first time you access the router. After that, change them both. Immediately. The generic usernames are a matter of public record for just about every router in existence; not changing them makes it incredibly easy for ...

What is a wordlist? A wordlist is a text file that contains all the key combinations of all the possible passwords.Wordlists are used for breaking pin codes,passwords, and even phone numbers.There are some inbuilt worldlists available in Kali Linux.Want to check type this command.  ls /usr/share/wordlists But in this article, we will create our own custom wordlists with a program called crunch. Crunch comes pre-installed in Kali Linux. Crunh is very stable and works flawlessly. Open your terminal and type the following command.It tells a little about crunch. root@hacktivism:~# crunch crunch version 3.6 Crunch can create a wordlist based on criteria you specify. The output from crunch can be sent to the screen, file, or to another program. The general syntax to use crunch is : You have to specify minimum and the maximum number of words. You have to specify the specific pattern.It depends on you how you want it to be. Let's do it practically with real world exa...

Smartphones have come to define us by being the portal to our online identity and as such should be treated with care and secured against any wrongdoing online(hacking) or offline (stolen).If you are not careful, losing your smartphone may mean more than just a loss in contacts and phone numbers. All of your information is traceable and downloadable and may be shared on the internet if you do not pay enough attention. There is no one better protecting your own data than you. I hope these hints and tricks will help you in that effort. Let's move! 1. Do Not Save All Of Your Passwords Many users tend to save their passwords to online services and sites on their device, never once thinking about what it would mean to a person who got their hands on the phone.Avoid having all important passwords saved in your device particularly when it comes to banking or payment apps. 2. Use Android Inbuilt Security If you are running on Android, you can have a sc...

Email Harvesting is the process of stealing e-mail addresses from the web and placing them into a text file. The purpose of harvesting email addresses is for use in bulk emailing, spamming and social engineering.There are many techniques to do that but I'm gonna show you one of the best and effective way. Let's start it.... 1. Open the terminal and start postgresql service. root@kali:~# service postgresql start 2. Start metasploit framework. 3. Then enter the following command to display the various collector options: there are plenty, but we are gonna use email search collector. It will look like the figure below. msf > search collector 4. Then use the auxiliary email collector. 5. Now type show options and it will display the options that are needed to exploit. 6. Set the DOMAIN that you prefer to harvest. you can set it like gmail.com, yahoo.com etc. 7. Then, if you like to write the output into a file, you can set OUTFILE with a...

Vulnix is not a vulnerable software version, it is a vulnerable Linux host with configuration weaknesses. You can use this guide to solve the Vulnix challenge. You can get the Vulnix from here: https://www.vulnhub.com/entry/hacklab-vulnix,48/ Finding victim machine’s (Vulnix VM) IP address. root@hacktivism:~# netdiscover -r 192.168.1.0/24 ** If you are not familiar with netdiscover , just follow this guide:   http://hacktivismbycs.blogspot.com/2017/07/scan-live-hosts-on-network.html A port scan on the victim host. root@ hacktivism :~# nmap -sT -p- -Pn -n -v 192.168.10.96 -T5 Finding users of the victim host. root@ hacktivism :~# smtp-user-enum -M VRFY -U /usr/share/metasploit-framework/data/wordlists/unix_users.txt -t 192.168.10.96 Running finger against the usernames we found. Since we have NFS service running on port 2049, we may be able to mount a share and find some data. The m...