Alor Setar - New Horizon: June 2020

Top 18 Hacking Websites

Exploit DB: An archive of exploits and vulnerable software by Offensive Security. The site collects exploits from submissions and mailing lists and concentrates them in a single database.
Makezine: Magazine that celebrates your right to tweak, hack, and bend any technology to your own will.
Offensive Security Training: Developers of Kali Linux and Exploit DB, and the creators of the Metasploit Unleashed and Penetration Testing with Kali Linux course.
Hacked Gadgets: A resource for DIY project documentation as well as general gadget and technology news.
HackRead: HackRead is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance, and Hacking News with full-scale reviews on Social Media Platforms.
Hakin9: E-magazine offering in-depth looks at both attack and defense techniques and concentrates on difficult technical issues.
SecTools.Org: List of 75 security tools based on a 2003 vote by hackers.
Packet Storm: Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers.
Phrack Magazine: Digital hacking magazine.
Hackaday: A hardware hack every day.
Metasploit: Find security issues, verify vulnerability mitigations & manage security assessments with Metasploit. Get the worlds best penetration testing software now.
KitPloit: Leading source of Security Tools, Hacking Tools, CyberSecurity and Network Security.
NFOHump: Offers up-to-date .NFO files and reviews on the latest pirate software releases.
Black Hat: The Black Hat Briefings have become the biggest and the most important security conference series in the world by sticking to our core value: serving the information security community by delivering timely, actionable security information in a friendly, vendor-neutral environment.
DEFCON: Information about the largest annual hacker convention in the US, including past speeches, video, archives, and updates on the next upcoming show as well as links and other details.
SecurityFocus: Provides security information to all members of the security community, from end users, security hobbyists and network administrators to security consultants, IT Managers, CIOs and CSOs.
Hack Forums: Emphasis on white hat, with categories for hacking, coding and computer security.
The Hacker News: The Hacker News — most trusted and widely-acknowledged online cyber security news magazine with in-depth technical coverage for cybersecurity.

Intel CPUs Vulnerable To New 'SGAxe' And 'CrossTalk' Side-Channel Attacks

Cybersecurity researchers have discovered two distinct attacks that could be exploited against modern Intel processors to leak sensitive information from the CPU's trusted execution environments (TEE). Called SGAxe, the first of the flaws is an evolution of the previously uncovered CacheOut attack (CVE-2020-0549) earlier this year that allows an attacker to retrieve the contents from the CPU's

via The Hacker News

Continue reading

BeEF: Browser Exploitation Framework

"BeEF is the browser exploitation framework. A professional tool to demonstrate the real-time impact of XSS browser vulnerabilities. Development has focused on creating a modular structure making new module development a trivial process with the intelligence residing within BeEF. Current modules include the first public Inter-protocol Exploit, a traditional browser overflow exploit, port scanning, keylogging, clipboard theft and more." read more...

Website: http://www.bindshell.net/tools/beef

More information

Black Hat Python Free PDF

More information

Takeover - SubDomain TakeOver Vulnerability Scanner

Sub-domain takeover vulnerability occur when a sub-domain (subdomain.example.com) is pointing to a service (e.g: GitHub, AWS/S3,..) that has been removed or deleted. This allows an attacker to set up a page on the service that was being used and point their page to that sub-domain. For example, if subdomain.example.com was pointing to a GitHub page and the user decided to delete their GitHub page, an attacker can now create a GitHub page, add a CNAME file containing subdomain.example.com, and claim subdomain.example.com. For more information: here

Installation:

# git clone https://github.com/m4ll0k/takeover.git
# cd takeover
# python takeover.py

or:

wget -q https://raw.githubusercontent.com/m4ll0k/takeover/master/takeover.py && python takeover.py

Download Takeover

More information

Setting Up A Burp Development Environment

This quick blog post will document getting started with developing Burp extensions using java. Burp provides interfaces for developers to hook into the Burp application and extend the application or integrate with other tools, this interface is documented on the following site - http://portswigger.net/burp/extender/

For this guide you will need the following items:

After downloading and opening up Eclipse you will need to create a new java project. This can be done by clicking "File->New Java Project". Fill in a project name and click finish.

Once the project has been created you will need to create a new package called "burp". This can be done by right clicking the "src" folder under your new project and selecting "New->Package". When the dialog comes up set the "Name" as "burp":

You should now have a package named "burp" under the source folder in the right pane. Now you will need to import the Burp extender classes into your project. Download all of the extender classes to a local folder, once this is done right click on the "burp" package in your project and select "Import". On the dialog window that comes up select "General->File System" and hit "next":

On the next dialog you will need to navigate to where you downloaded the Burp extender classes to. Once you have done this you should see the classes, click on the folder to select all items and click "Finish":

Next we can add the Burp application into the project. To do this click on "Project->Properties" on the top toolbar. When the dialog opens select "Java Build Path" and then the "Libraries" tab. On this dialog click "Add External JARs..."

Navigate to where ever you have Burp downloaded to and select it. After you have done this click "OK" to dismiss the dialog. You are now ready to build your own Burp extensions. You can test your environment by creating a new class in the burp package named "BurpExtender". Right click the "burp" package and click "New->Class". On the dialog that comes up enter "BurpExtender" and click "Finish":

In the "BurpExtender" class you can enter the following:

package burp;

public class BurpExtender
{
public void registerExtenderCallbacks(IBurpExtenderCallbacks callbacks)
{
callbacks.registerMenuItem("Hello World.", new CustomMenuItem());
}
}

class CustomMenuItem implements IMenuItemHandler
{
public void menuItemClicked(String menuItemCaption, IHttpRequestResponse[] messageInfo)
{
try
{
System.out.println("Hello From Burp!");
System.out.println("Request Item Details");
System.out.println("Host: " + messageInfo[0].getHost());
System.out.println("URL: " + messageInfo[0].getUrl());

}
catch (Exception e)
{
e.printStackTrace();
}
}
}

After adding the content to your "BurpExtender" class you are ready to run the project for the first time. Click on "Run->Run" from the menu. You should see the following dialog asking how it should run your project:

Select "Java Application" and click "Ok". Next you should receive a dialog asking which application you want to run. Select "StartBurp - burp" and click "Ok":

You should now see the burp application running. Intercept a request in the application and right click on the request, you should now see an item in the menu named "Hello World."

When you click the "Hello World." menu button you should see some information about the request in your eclipse console window:

That's it, you now have setup your working development environment for building your own Burp extensions. The javadocs for the Burp Extender interfaces are available on the Extender web page:

More information

The Live HTML Editor

Download Now

The Live HTML Editor program lets you write your HTML pages while viewing dynamically what changes are happening to your HTML page. The main purpose of this tool is to help HTML learners learn HTML quickly and easily while keeping an eye on what they are doing with their HTML page. It also helps developers in writing quick HTML lines to see how it will affect their HTML page.

This program can also help you visualize your inline and embedded CSS styles on fly. You can apply CSS styles and see them dynamically change the look and feel of your HTML page. Developers can test different inline and embedded CSS styles to make sure what will look good on their website.

Some of the features of this program are:

Live HTML preview of whatever HTML you type.
Supports HTML Syntax Highlighting.
Supports opening an HTML file and Live Preview editing of that file.
Supports Saving files.
Support for inline and embedded CSS.

However this program does not support Javascript and it also doesn't support separate CSS files. This program is still in development phase and we might see support for Javascript and separate CSS files in the future.

If you are a student and want to learn HTML without having to install a bulky software that takes a lot of time to open and function, then this is a good option.

The Live HTML Editor is Free and Opensource project and has been written in Python with QT interface you can check out source from sourceforge.

SQL Injection Attacks And Defense | By Justin Clarke | Pdf Free

Continue reading

Networking | Switching And Routing | Tutorial 3 | 2018

Welcome to my 3rd new tutorial of networking (Routing and Switching). In this blog you will able to watch an interesting video about basic device navigation such as changing device (router or switch) name, configuration of login password, configuring a device information, router IP addresses and many more.

What is router?

Router is a network layer device which is the 3rd layer in the OSI model which is used to communicate different networks. It is an intelligent device fixed at the boundary of network that connects to other networks and responsible for end to end delivery of the packet that requires an IP address which is known as the logical address which is the basic identity of the device just like our identity card number or roll number and so on, for the identification of source and destination devices. Router is the gateway of the network having two interfaces such as inbound and the outbound interface through which the traffic comes in from different networks and comes out traffic to the different networks.

What is an IP address?

Internet protocol (IP) address is a numeric label given to each and every device in the network for the identification of the device just like our roll numbers in collages, universities which identity each and every student uniquely everywhere. So same concept here, it is a logical address which is used whenever the device want to communicate outside the network that means to another network.

What is Switch?

Switch is basically layer 2 device, which is used to connect two or more than two devices with each other in the same network. It is an intelligent device which doesn't allow the broadcast. It requires Media access control (MAC) address to communicate within the network. Now let's move to the video for further.

Continue reading

More information

More information

More information

More articles

Continue reading

What is router?

What is an IP address?

What is Switch?