adsense hpk: June 2020

Tuesday, June 30, 2020

3 Razones Para Ver La Serie Chernobyl

Me gusta, y mucho, cuando una serie me impacta al punto de dejarme casi sin palabras. Personalmente me cuesta encontrar series de esas que me atrapen desde el primer capítulo y no pueda dejar de verlas. No son muchas las que logran ese objetivo casi imprescindible para el éxito.

Las maneras de lograrlo pueden ser resultado de excelentes actuaciones, una música que sin ser impactante sea perfecta para lo que se cuenta, excelente escenografía, y otras cosas más. Bueno, el caso es que la serie Chernobyl, de HBO, tiene todo eso y mucho más. Y por eso hoy, en el blog, la quiero recomendar y les quiero contar tres razones que para mi son suficientes para ver esta serie. Una que está catalogada como las mejores del 2019 y, me atrevo a decir, de las mejores de los últimos tiempos.

Así que, si tenés pensado ver Chernobyl, si te llama tan solo un poco la atención o te genera cierta curiosidad pero todavía no te decidís; te digo porqué deberías verla ya mismo.

Chernobyl - Miniserie

Chernobyl es una miniserie de televisión de drama histórico creada por Craig Mazin. La serie es una coproducción entre los canales HBO de Estados Unidos y Sky de Reino Unido, se estrenó en Estados Unidos el 6 de mayo de 2019 y en Reino Unido el 7 de mayo de 2019. La emisión de la miniserie de cinco capítulos finalizó el 3 de junio de 2019.

- Wikipedia -

¿De qué se trata Chernobyl?

Esta miniserie nos cuenta en tan solo 5 capítulos lo sucedido la nota del 26 de abril de 1986 en la planta nuclear Chernóbil en la Unión Soviética (actual Ucrania). Desde el primer al último capítulo la trama se centra en contar cómo sucedió el desastre nuclear, porqué sucedió y cómo las partes involucradas sufrieron cada una las consecuencias de este suceso. Historias de hombres, historias de familias, historias de secretos, mentiras y poder. Mucho y todo de una manera muy intensa y fuerte.

3 razones para ver Chernobyl

1. Está contada de una manera impecable

A veces vemos series que nos dejan cabos sueltos, que nos "hacen ruido" por cosas que no nos terminan de convencer. En fin, series que si las analizamos en detalles no terminan de ser perfectas aún habiendo podido serlas. Porque tenían los materiales para serlo. Chernobyl usa todo el armamento que tiene: un desastre terrible, un accidente con consecuencias impresionantes a nivel mundial, un sufrimiento mundial, un secreto envuelto en mentiras que colapsó al igual que ese núcleo. Toma todo eso y muchas cosas más y crea una serie impecable.

Por eso la primera razón para ver la serie Chernobyl es que no hay nada que criticarle. Al menos en mi opinión es una producción tan limpia, cuidada y profesional que al terminarla te deja con ganas de aplaudir y decir a todo el mundo: "mirá esta serie por favor". Porque destila precisión, porque tiene secuencias perfectas, porque logra ponerte la piel de gallina sin necesidad de agregar un sonido abrumador (ese sonido de fondo y el que corresponde al medidor de radiación lo dicen todo).

Desde los colores ambientes, hasta los colores en la vestimenta, tan propios de esa sociedad y esa época; hasta las expresiones, el miedo que traspasa la pantalla y tantas cosas más que no quiero desvelar... todas juntas hacen de esta serie algo realmente pulido, trabajado e imperdible.

2. Es cruda y emociona pero sin buscarlo

Algo que me gustó de la serie es que su objetivo principal no es emocionar. No busca hacerte llorar desde el primer capítulo con historias desgarradoras, que las hay. El fin de esta serie, para mi, no es contarte la parte dramática. El fin es ser totalmente realista, verdadera. Porque apunta a la verdad, te cuenta las cosas como son y no lo adorna, no lo endulza, no lo disfraza de dramatismo innecesario. Te dice las cosas como son en el sentido más real de la expresión. Y lo mejor de todo es que sin buscar emocionar o hacerte llorar lo hace.

Tenemos algunas situaciones de drama humano, por supuesto. Pero la trama se centra, más que nada, en la parte política, científica e incluso hasta técnica. ¿Eso la hace aburrida? Para nada. Eso mismo es lo que hace que destaque, que se vuelva tan real y fuerte. Y de esa manera logra calarte hondo, te toca las emociones sin buscarlo. Porque te hacer ver la mentira en su máxima expresión, te hace ver de qué cosas es capaz un gobierno, un político y hasta un científico.

A mi me hizo estremecer, no me hizo llorar de tristeza. Me hizo emocionar de compresión, de dolor compartido, de duda, de impotencia ante algo que aunque pasó hace más de 30 años aún hoy tiene consecuencias.

3. Está basada en un hecho real

Para mi una serie o película que cuenta un hecho real tiene que ser vista. Después uno decide si es buena o no, si le gustó o no. Pero merece tener una oportunidad. Porque más allá de que hay ficciones impresionantes que fascinan y te roban el tiempo dulcemente; hay otras historias, aquellas que nos hablan de nuestro mundo, de nuestra sociedad, que hablan, en definitiva, de nosotros. Y las cosas que pasan en este mundo tenemos que conocerlas. Tenemos que saber qué pasa, así sea en Ucrania, Argentina o una isla en medio del océano.

Y lo que pasó en Chernobyl fue más que real, es real y aún hoy hay personas que sufren sus consecuencias. Aun hoy hay quienes sufren la pérdida ocasionada por ese suceso. Personalmente me fascina el tema, me genera mucho interés aunque yo no haya tenido nada que ver con eso. Lo que cuenta pasó, lo que cuenta es real, muy real y eso solo es razón más que suficiente para verla.

Las razones para ver Chernobyl son más que 3 y lo mejor es que las descubras vos mismo mirándola. Creeme que vale la pena y se te va a pasar el tiempo volando. E incluso, en el mejor de los casos, vas a querer volver a verla.

Continue reading

Top 7 Best Websites To Learn Hacking 2018

Metasploit: Find security issues, verify vulnerability mitigations & manage security assessments with Metasploit. Get the worlds best penetration testing software now.
Packet Storm: Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers.
Exploit DB: An archive of exploits and vulnerable software by Offensive Security. The site collects exploits from submissions and mailing lists and concentrates them in a single database.
HackRead: HackRead is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance, and Hacking News with full-scale reviews on Social Media Platforms.
The Hacker News: The Hacker News — most trusted and widely-acknowledged online cyber security news magazine with in-depth technical coverage for cybersecurity.
Hacked Gadgets: A resource for DIY project documentation as well as general gadget and technology news.
KitPloit: Leading source of Security Tools, Hacking Tools, CyberSecurity and Network Security.

Thursday, June 11, 2020

BASICS OF METASPLOIT – BASIC COMMANDS OF METASPLOIT

Metasploit is an advanced hacking tool that comes itself with a complete lack of advanced penetration testing tools. Penetration testers and hackers are taking so much advantage of this tool. It's a complete hack pack for a hacker that he can play almost any attack with it. Here I am going to discuss the basics of Metasploit. I am not covering attacks in this article, as I am just making sure to share the basics of Metasploit and basic commands of Metasploit. So, we can get back to cover attacks of Metasploit in the next articles.

BASICS OF METASPLOIT

The Metasploit framework has three types of working environments.

msfconsole
msfcli interface
msfweb interface

However, the most preferred and used is the 'msfconsole'. It's a very efficient command-line interface that has its own set of commands and system's working environment.

First of all, it's most important to know and understand all the useful commands of Metasploit that are going to be used.

BASIC COMMANDS OF METASPLOIT

Metasploit have a huge number of command that we can use in different type of attacks, but I am just going to share the most used and useful commands here that a beginner can easily understand and follow 'em.

help (It will give the basic commands you need to launch an exploit.
search (Finds out the keywords in the selected attack method).
show exploits (Shows list of an available exploit in the selected option).
show payloads (It lists all the payloads available).
show options (It helps you to know all the options if you might have forgotten one).
info (This is used to get information about any exploit or payload).
use (It tells Metasploit to use the exploit with the specified name).
set RHOST (Sets the address of specified remote host).
set RPORT (Sets up a port that connects to on the remote host).
set PAYLOAD (It sets the payload that gives you a shell when a service is exploited).
set LPORT (Sets the port number that the payload will open on the server when an exploit is exploited).
exploit (It actually exploits the service).
rexploit (Reloads your exploit code and then executes the exploit without restarting the console).

These are the most used Metasploit commands which come in handy in most of the situations during any sort of attack. You must give all the commands a try and understand 'em how it works and then move to the next part of designing an attack.

More info

Difference Between Hacker, Programmer, And Developer

There are numerous sprite debates and discussions on the differences between hackers, developers, and programmers. With most descriptions, however, there is usually a slight flaw in at least one or two serious ways. These terms are all traditionally misused and misunderstood, with many of us frequently mixing them up as an all-encompassing definition of anyone working on the Software realm.

However, if you are looking to clarify your project goals and business needs adequately, it is essential that you understand that all these terms do not all represent the same thing (although a person with the ability to program a computer can use different skills to accomplish various outcomes).

What's more, it is also quite important for you to differentiate between these three terms if you are working with software development groups and the fact that they cannot be interchanged. This excerpt seeks to break it all down for you mainly-the vital difference between hackers, developers, and programmers, their actual tasks, as well as their relationship.

The Hacker

A hacker is a computer expert who uses his knowledge of computer networking, programming, cryptography, and databases to overcome a problem in the system. Hackers are more concerned with availing the concept as opposed to minding about the long-term quality. And although a hacker can conceptualize about how will ultimately be created while frantically writing code, the role is primarily about speed.

A hacker, as well as hacking,' are most useful in dealing with emergency circumstances or when prototyping an item. Hackers and the profession of hacking, in general, is not concerned with the ultimate effect of the code.

Hackers make things. They typically alter the things programmers create and transform them to function differently as well as also writing codes. While "hacker" can refer to any skilled technical person, the term has become associated with computer security, someone who, with their technical knowledge, uses bugs or exploits to break into computer systems.

The Programmer

A programmer is an individual equipped with the expertise to write codes. Programmers usually master in a single or multiple programming languages and boast vast knowledge on related areas also. Their roles are relatively procedural and mandate for total concentration not to mention refined skills.

A programmer is solely focused both in writing codes as well as getting features appropriately performed so that these features are accessible for integration and later use. Programming is merely the process of swinging the hammer and adequately creating the software.

Usually, it is easy to identify that an individual is in programming mode since they often have a concentrated gaze and are deep in the zone.' Programmers are normally internalizing the system they are operating as well as editing and writing pieces of something that can only best be described as a long algebra problem.'

The Developer

Developers are typically creators. However, not anyone that is an expert at writing codes can be a developer. Developers are experts at identifying ways around various problems as well as plugging together components to fulfill some requirements. These professionals solve problems or create things by adhering to a specific set of principles (design and implementation).

This set of principles includes attributes such as maintainability, performance, robustness, security, and scale among others. They solve problems in a systematic manner. Ideally, this is what distinguishes programmers, developers, and hackers.

In A Nutshell:

In all simplicity, these three professionals solve various problems using code. A programmer is an encompassing term that means a problem solver, a developer is a trained programmer (formal) who besides resolving issues achieves it in an organized and methodical manner likely instilled in the course of their formal education, and a hacker is a tinkerer/creator.

Despite their differences in individual meaning and professional capacities, these terms, however, can interrelate with each other quite effectively. In fact, it is possible for you to combine the skills to your benefit. In reality, all developers and hackers are programmers. However, despite their expertise, not many developers and programmers are creative enough to warrant an identity as hackers.

Finally, although hackers and programmers are quite impressive, they are however not experienced or educated enough to warrant consideration as developers. The similarity, however, is that all work to create code, each in their specified manner.

Ideally, anyone would work to be all the above-as creative as a hacker, though, somewhat better experienced and formally trained to design software as opposed to only hacking.

Nonetheless, even if you lack the creativity, experience, or education, or either to necessarily create a broad application, it is still worth noting that you are still ideally a programmer. And in case you did not know, solving a problem through code is by itself, a superpower!

@£√£RYTHING NT

PKCE: What Can(Not) Be Protected

This post is about PKCE [RFC7636], a protection mechanism for OAuth and OpenIDConnect designed for public clients to detect the authorization code interception attack.

At the beginning of our research, we wrongly believed that PKCE protects mobile and native apps from the so called „App Impersonation" attacks. Considering our ideas and after a short discussion with the authors of the PKCE specification, we found out that PKCE does not address this issue.

In other words, the protection of PKCE can be bypassed on public clients (mobile and native apps) by using a maliciously acting app.

OAuth Code Flow

In Figure 1, we briefly introduce how the OAuth flow works on mobile apps and show show the reason why we do need PKCE.
In our example the user has two apps installed on the mobile phone: an Honest App and an Evil App. We assume that the Evil App is able to register the same handler as the Honest App and thus intercept messages sent to the Honest App. If you are more interested in this issue, you can find more information here [1].

Figure 1: An example of the "authorization code interception" attack on mobile devices.

Step 1: A user starts the Honest App and initiates the authentication via OpenID Connect or the authorization via OAuth. Consequentially, the Honest App generates an Auth Request containing the OpenID Connect/OAuth parameters: client_id, state, redirect_uri, scope, authorization_grant, nonce, ….

Step 2: The Browser is called and the Auth Request is sent to the Authorization Server (usually Facebook, Google, …).

The Honest App could use a Web View browser. However, the current specification clearly advice to use the operating system's default browser and avoid the usage of Web Views [2]. In addition, Google does not allow the usage of Web View browser since August 2016 [3].

Step 3: We asume that the user is authenticated and he authorizes the access to the requested resources. As a result, the Auth Response containing the code is sent back to the browser.

Step 4: Now, the browser calls the Honest App registered handler. However, the Evil App is registered on this handler too and receives the code.

Step 5: The Evil App sends the stolen code to the Authorization Server and receives the corresponding access_token in step 6. Now, the Evil App can access the authorized ressources.

Optionally, in step 5 the App can authenticate on the Authorization Server via client_id, client_secret. Since, Apps are public clients they do not have any protection mechanisms regarding the storage of this information. Thus, an attacker can easy get this information and add it to the Evil App.

Proof Key for Code Exchange - PKCE (RFC 7636)

Now, let's see how PKCE does prevent the attack. The basic idea of PKCE is to bind the Auth Request in Step 1 to the code redemption in Step 5. In other words, only the app generated the Auth Request is able to redeem the generated code.

Figure 2: PKCE - RFC 7636

Step 1: The Auth Request is generated as previosly described. Additionally, two parameters are added:

The Honest App generates a random string called code_verifier
The Honest App computes the code_challenge=SHA-256(code_verifier)
The Honest App specifies the challenge_method=SHA256

Step 2: The Authorization Server receives the Auth Request and binds the code to the received code_challenge and challenge_method.

Later in Step 5, the Authorzation Server expects to receive the code_verifier. By comparing the SHA-256(code_verifier) value with the recieved code_challenge, the Authorization Server verifies that the sender of the Auth Request ist the same as the sender of the code.

Step 3-4: The code leaks again to the Evil App.

Step 5: Now, Evil App must send the code_verifier together with the code. Unfortunatelly, the App does not have it and is not able to compute it. Thus, it cannot redeem the code.

PKCE Bypass via App Impersonation

Again, PKCE binds the Auth Request to the coderedemption.

The question rises, if an Evil App can build its own Auth Request with its own code_verifier, code_challenge and challenge_method.The short answer is – yes, it can.

Figure 3: Bypassing PKCE via the App Impersonation attack

Step 1: The Evil App generates an Auth Request. The Auth Request contains the client_id and redirect_uri of the Honest App. Thus, the User and the Authorization Server cannot recognize that the Evil App initiates this request.

Step 2-4: These steps do not deviate from the previous description in Figure 2.

Step 5: In Step 5 the Evil App sends the code_verifier used for the computation of the code_challenge. Thus, the stolen code can be successfully redeemed and the Evil App receives the access_token and id_token.

OAuth 2.0 for Native Apps

The attack cannot be prevented by PKCE. However, the IETF working group is currently working on a Draft describing recommendations for using OAuth 2.0 for native apps.

References

[1] http://mews.sv.cmu.edu/papers/ccs-14.pdf

[2] https://tools.ietf.org/html/draft-ietf-oauth-native-apps-06#section-8.1

[3] https://developers.googleblog.com/2016/08/modernizing-oauth-interactions-in-native-apps.html

Authors

Vladislav Mladenov
Christian Mainka (@CheariX)

More information

HOW TO BECOME A CERTIFIED ETHICAL HACKER

7 Tips to become a hacker?

It is very important for a hacker to learn different types of programming language such as C,C++,Python,Java,PHP etc and it is also necessary to learn hardware and networking for a good hacker because these skill are very useful to become a successful hacker.

1-Programming Language are essential to becoming a good hacker

2-Networking skills is important to becoming an effective hacker.

3-SQL language are essential to becoming an effective hacker

4-Internet surfing is also essential for becoming a hacker for gathering information.

5-Cryptography is essential to becoming a certified hacker from which a hacker can share his/her readable data to other person in a nonreadable form with the help of Cryptography.

6-Penetration testing is also important for a hacker.

7-experiment a lot is also very useful to becoming a ethical hacker.

Follow me on insta_anoymous_adi

Related news

DarkFly Tool V4.0 | 500 Tools | Termux

Related word

TERMINOLOGIES OF ETHICAL HACKING

What is the terminologies in ethical hacking?

Here are a few key terms that you will hear in discussion about hackers and what they do:

1-Backdoor-A secret pathway a hacker uses to gain entry to a computer system.

2-Adware-It is the softw-are designed to force pre-chosen ads to display on your system.

3-Attack-That action performs by a attacker on a system to gain unauthorized access.

4-Buffer Overflow-It is the process of attack where the hacker delivers malicious commands to a system by overrunning an application buffer.

5-Denial-of-Service attack (DOS)-A attack designed to cripple the victim's system by preventing it from handling its normal traffic,usally by flooding it with false traffic.

6-Email Warm-A virus-laden script or mini-program sent to an unsuspecting victim through a normal-looking email message.

7-Bruteforce Attack-It is an automated and simplest kind of method to gain access to a system or website. It tries different combination of usernames and passwords,again & again until it gets in from bruteforce dictionary.

8-Root Access-The highest level of access to a computer system,which can give them complete control over the system.

9-Root Kit-A set of tools used by an intruder to expand and disguise his control of the system.It is the stealthy type of software used for gain access to a computer system.

10-Session Hijacking- When a hacker is able to insert malicious data packets right into an actual data transmission over the internet connection.

11-Phreaker-Phreakers are considered the original computer hackers who break into the telephone network illegally, typically to make free longdistance phone calls or to tap lines.

12-Trojan Horse-It is a malicious program that tricks the computer user into opening it.There designed with an intention to destroy files,alter information,steal password or other information.

13-Virus-It is piece of code or malicious program which is capable of copying itself has a detrimental effect such as corrupting the system od destroying data. Antivirus is used to protect the system from viruses.

14-Worms-It is a self reflicating virus that does not alter files but resides in the active memory and duplicate itself.

15-Vulnerability-It is a weakness which allows a hacker to compromise the security of a computer or network system to gain unauthorized access.

16-Threat-A threat is a possible danger that can exploit an existing bug or vulnerability to comprise the security of a computer or network system. Threat is of two types-physical & non physical.

17-Cross-site Scripting-(XSS) It is a type of computer security vulnerability found in web application.It enables attacker to inject client side script into web pages viwed by other users.

18-Botnet-It is also known as Zombie Army is a group of computers controlled without their owner's knowledge.It is used to send spam or make denial of service attacks.

19-Bot- A bot is a program that automates an action so that it can be done repeatedly at a much higher rate for a period than a human operator could do it.Example-Sending HTTP, FTP oe Telnet at a higer rate or calling script to creat objects at a higher rate.

20-Firewall-It is a designed to keep unwanted intruder outside a computer system or network for safe communication b/w system and users on the inside of the firewall.

21-Spam-A spam is unsolicited email or junk email sent to a large numbers of receipients without their consent.

22-Zombie Drone-It is defined as a hi-jacked computer that is being used anonymously as a soldier or drone for malicious activity.ExDistributing Unwanted Spam Emails.

23-Logic Bomb-It is a type of virus upload in to a system that triggers a malicious action when certain conditions are met.The most common version is Time Bomb.

24-Shrink Wrap code-The process of attack for exploiting the holes in unpatched or poorly configured software.

25-Malware-It is an umbrella term used to refer a variety of intrusive software, including computer viruses,worms,Trojan Horses,Ransomeware,spyware,adware, scareware and other malicious program.