How to Protect Yourself while Hacking || Mukesh Joon

First of all lemme tell you all , that while hacking many of hackers don’t protect their privacy. By your this silly mistake. You can be put  behind the bars or Pay fine. When you login into any site , you think that you have hacked and deface it But when you logged in your IP address was stored in the logs. By the logs the admin can able to catch your ip address and give to any Cyber Security team. They will trace your location via IP address and you are BUSTED .

How to prevent your self from being Caught or How to protect yourself while hacking sites

You know that you have to be anonymous while hacking or trying to access any high profile sites. I suggest you to use TOR web browser. It’s same as fire fox but it is connected to TOR network. Which help to surf anonymously in the Internet.

It’s protects your privacy all the time when you are using it. Its is free software to protect your privacy. It has about 60+ countries ip address to choose. Very easy to use. You can choose settings like you wanted.

So here my article ended and I hope it was useful. 

Download TOR :- Click here

SO STAY PROTECTED  AND SURF ANONYMOUSLY.

If you like the article then don’t forget to share it 

 

Read more ...

Simple 5 Steps The Police Will Find "Anonymous" on FACEBOOK And Get him/her || Mukesh Joon

We All Know Most Of You Have Fake Accounts Pretending To Be This Weird Guy

I often see these kind of messages, Someone calling you/your friends “fat” and “racist”? huh!

It’s the Internet, the most public of public places. It’s completely your fault for adding some “random dude” that you don’t know.

This is how they will get you.

1. First you got to find out the IP address of that User. So we will be using “netstat” command in windows (its been the simplest like forever). If you want to know the IP address of a specific person on facebook or orkut or any chat service, there is only one way: Just invite or ping him for a chat and while chat is ON open ‘Command Prompt‘ on your PC (Start >Run>cmd).

[note: Before trying this make sure you close all the other tabs in your browser and only facebook is open. also if possible delete all the history and cache from your browser]

2. Type the following command and hit Enter after opening the cmd

netstat -an

3.After typing this command above, you will get all established connections IP addresses there. Note down all the suspicious IP’s

(The police are closer)

4. The Next Step is to Trace that user using his IP address. To do so we will be using IP tracer service. Go to the below address and paste the IP address in the box that says “lookup this ip or website”. and it will show you the location of the user.

http://www.ip-adress.com/ip_tracer/ :)

5. It will show you all the information about that user along with his ISP and a Location in the MAP. Now in the MAP Just click on “click for big ip address location” in the big picture you can actually zoom in. and try to recognize the area. If any serious matter just note down the ISP details in that page and contact them about the IP. they will respond you. :)

>>>The police will be at your door within no time<<<

Solution: Always use private browsing option on your browser but you can still be traced when using powerful ip port scan softwares on Linux.

Read more ...

Sixteen Ways How To Secure Your E-mail ID || Mukesh Joon

Hello Friends Now We Can Discuss About How To Secure Our E-mail account.........

1------ Apply Double Verification Method on your gmail account.

2------ Chose a secure security question .

3------ Choose an strong password like as Ranbir@Kapoor now we can say dat type of passwordis known as a strong password .

4------ Prevent yourcomputer from trozon and virus... trozan and virus are the malysious activity which transfer your system information to the attacker.

5------In your computer we can use idps (intrusion detection &prevention  system)& firewall &update anti-virus.

6------Prevent your yahoo account from cookie grabbing .....basically some people create FACEBOOK account from yahoo account ...&due to cookie grabbing .

7------Basically use an secure operating system like as linux is the most secure operating system so frenz use only trusted and secure operating system .for example some-times we use window addition .... the xp-addition has many big vulnerability so use only trusted computer .

8------Convert password in the encrypted form ......which provide us more security .

9------ Safe your public ip address .........&prevent your system from metasploit .

10----- Use only trusted Application :) :D

Simple to implement, these tips can be a good start to making sure your e-mail communication becomes more secure.

11.------ Understand that no e-mail communication is 100% secure. We can do our best to make the percentage close to that, but sometimes - if the information is extremely important - you should consider ditching the e-mail option and deliver it in person (if possible). Avoid sending credit card or social security numbers via e-mail. It's also a good idea not to send user names and passwords for accounts you don't want to see compromised.

12.------ The more your e-mail is present in the confines of the cyberworld, the more spam you'll be likely to receive. Unfortunately, even if you're careful with disclosing your e-mail, chances are people will include you in mass mailings and you eventually your e-mail will be out there. To counteract this, you should definitely set up filters and rules. They will not catch every unwanted e-mail, but they will reduce their number. This is not just a matter of annoyance - basic users and novices are more susceptible to spam and scams. So why give the bad guys the possibility of trying out their angle?

 

 13.------ Tied to the previous advice is this one: choose plain text over full HTML or XHTML rendition to reduce the risk of being targeted by a phishing attack.

14.----- Don't open attachments unless you know who it's coming from and you trust them.15. Use encryption. Check with your ISP to see if they encrypt the authentication process. Encrypt your email message if possible. Are you familiar with the concept of steganography? You can hide messages in images, articles, shopping lists... Ideally, you can use both - first encrypt the message, then use a steganography software to embed it in a recent photograph. There are simple tools out there.

15.------ Don't access your e-mail from an unsecured network or potentially compromised computers. Yes, that particularly includes access from an Internet cafe. There be keyloggers.

16.----- Teach everybody who wants to know about it, especially your children (AND especially if you're using the same computer). 

Be aware of both your virtual and physical surroundings when communicating via e-mail. Be careful. Trust no one that you do not absolutely have to trust, and recognize the dangers and potential consequences of that trust.


Your e-mail security does not just affect you; it affects others, as well, if your e-mail account is compromised. Even if the e-mail account itself is not compromised, your computer may be if you do not take reasonable care with how you deal with e-mails — and that, in turn, can lead to affecting both you and others adversely as well.
Don’t be a victim.

 

 

Read more ...

Mukesh Joon | Intrusion Detection FAQ: What Are The Top Selling IDS/IPS and What Differentiates Them from Each Other?

-------&&&&&****Intrusion Detection FAQ: What Are The Top Selling IDS/IPS and What Differentiates Them from Each Other?  :) :D :P ****-------&&&&&

Selecting an Intrusion Prevention System (IPS) can be a daunting task. While an independent assessment of available solutions is strongly recommended as a best practice before procurement and deployment, a good place to start a research effort is to look at the market leaders and to compare their offerings.
According to Infonetics Research, Cisco ranked highest among six top selling IPS solution providers -- the other five suppliers being McAfee, Juniper, IBM, Sourcefire and TippingPoint -- based on assessments performed by large organizations on eight selection criteria, ranging from value and pricing to technology and the product's roadmap for the future. These same six providers also rank highest in terms of their effectiveness on the latest Gartner report, although CIsco and IBM are considered to be challengers to the market led by the other four vendors.
As IPS systems have evolved in time and grown in maturity, several traits are shared by the various offerings, the primary one being the successful migration from passive IDS monitoring systems to active in-line/in-band IPS choke points. This type of "pre-patch shield" provided by modern IPS systems is a feature made possible from its perimeter location; the vendor's frequent database updates gives their clients network-level protection while they work out a patching and hardening strategy on their internal production nodes. Other improvements generally found in today's IPS systems include attack recognition beyond simple signature matching, dropping of malicious sessions as opposed to simple resetting of connections, and the deployment of dedicated hardware that can operate at "wire speeds".
Cisco has several IPS solution offerings, which can be implemented via its IPS Sensor Software as well as through hardware (with physical add-on modules). A component of the Cisco Self-Defending Network, the Cisco IPS 4200 Series Sensors provide protection against worms, Trojans and exploits against application & operating system vulnerabilities. The IPS 4200 series filters for over 300 signatures and has 30 detection engines, providing protection for over 30,000 known threats. On top of standard signature-base matching capabilities, a globally-managed "reputation analysis" feature can push updates to client systems in a matter of minutes. Adopting a Cisco solution would certainly be attractive to those organizations that exclusively deploy and maintain Cisco network equipment; Cisco IPS solutions can be integrated and managed using existing Cisco network management systems.
IBM, through its acquisition of IDS pioneer Internet Security Systems, inherits a robust inspection engine and deploys their Proventia IPS solution in a variety of deliverables including dedicated hardware. At the core is a "security convergence" strategy that is engineered to provide protection for the wide range of threats that exist today, from web-based attacks to insider threats to standard malware protection, through a single consolidated solution. A key feature is the IBM Protocol Analysis Module (PAM) that supports a deep packet inspection capability. A scaleable solution through its modular product architecture, additional protection modules can be introduced as new threats emerge. Their X-Force research and development team provides 24/7 monitoring of ongoing threat levels in order to provide their customers with prompt updates to their IPS solutions.
Juniper Networks also maintains a portfolio of IPS solutions, ranging from standalone systems to integrated all-in-one security solutions. The Juniper IPS is Implemented as an application that can run collocated with other perimeter functions such as firewalls and rate limiters. Strengths in this solution include a highly-granular Role Based Access Control implementation for administration, a communications protocol validation capability performed against published RFCs, and selective contextual screening of network traffic. Its evolution from Netscreen acquirer to the developer of their next-generation JUNOS platform has helped them maintain their market share in the IDS/IPS market.
McAfee's acquisition of IntruShield makes them a player in the IPS marketplace with the rebranded McAfee Network Security Platform (NSP), also offered in various packages from all-in-one to dedicated solutions. NSP is the only IPS appliance that has the NSS Group's Multi-Gigabit IPS certification, and it supports integration to the McAfee Vulnerability Manager and ePolicy Orchestrator, a management platform that pushes down policy to managed nodes and systems. Centralized management of IPS nodes and policies is implemented through the McAfee Network Security Manager system, a separate appliance that implements a scaleable and intuitive management system that can support up to 1000 sensors.
Sourcefire is perhaps best known as the commercial arm of the Snort IDS project. The product's intrusion detection and protection engine is well-known in the security community due to its maturity and its open-source accessibility to students, although the learning curve associated with this type of offering is considered to be high. The Sourcefire RNA feature recommends which rules to implement based on the type of network being protected. The Sourcefire Vulnerability Research Team (VRT) is complemented by the open source community to provide and maintain updates to the configurations of their product line, which includes hardware and software solutions built on the Snort core. Snort is a highly configurable and expandable IDS/IPS solution, with its rule set built from a library of 14,000 rules that can be readily adapted and expanded by individual security administrators.
TippingPoint, acquired by 3Com in 2005, is a major player in the IPS market, and enjoys a significant market share. Also provided in a variety of flavours, it is able to provide zero-day protection capabilities due to its relationship with an army of independent researchers. Built upon their Threat Suppression Engine (TSE) with custom ASICs at the core, the TippingPoint IPS provides a high-performance solution that can efficiently scan packets at Layers 2-7 of the OSI model. Their research team pushes out emergency updates on top of standard updates twice a week; their Digital Vaccine service delivers filters that are designed to block multiple attack types that can be associated with new exploits. The product line's default settings provide a ready-to-use policy set to greatly facilitate initial commissioning.

Resources:

NIST Special Publication 800-94: Guide to Intrusion Detection and Prevention Systems (IDPS) http://csrc.nist.gov/publications/nistpubs/800-94/SP800-94.pdf
Cisco, McAfee, Juniper top IPS vendors http://www.ciol.com/Technology/Security/News-Reports/Cisco,-McAfee,-Juniper-top-IPS-vendors/16909125093/0/
Cisco, McAfee, and Juniper top intrusion prevention vendor ratings by enterprise IPS users http://www.infonetics.com/pr/2009/User-Plans-Intrusion-Prevention-Systems-Study-Highlights.asp
Magic Quadrant for Network Intrusion Prevention System Appliances http://www.sourcefire.com/products/sfsem/gartnerMQ?semg=USGTR1
Cisco Intrusion Prevention System http://www.cisco.com/en/US/products/sw/secursw/ps2113/index.html
Cisco IPS 4200 Series Sensors http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/index.html
IBM - Proventia Network Intrusion Protection Systems (IPS) http://www-935.ibm.com/services/us/index.wss/offerfamily/iss/a1030570
IBM Proventia Network Intrusion Protection System ftp://ftp.software.ibm.com/common/ssi/pm/sp/n/sed03056usen/SED03056USEN.PDF
Juniper Networks: Intrusion Prevention System (IPS) http://www.juniper.net/us/en/products-services/software/ise-applications/ips/
McAfee Network Security Platform http://www.mcafee.com/us/enterprise/products/network_security/network_security_platform.html
Snort
Sourcefire Intrusion Prevention Systems (IPS)
Sourcefire Vulnerability Research Team (VRT)
TippingPoint Intrusion Prevention Systems

Read more ...

IDS&IPS | Mukesh Joon

IDS & IPS An intrusion detection system (IDS) is software and/or hardware based system that monitors network traffic and monitors for suspicious activity and alerts the system or network administrator. In some cases the IDS may also respond to anomalous or malicious traffic by taking action such as blocking the user or source IP address from accessing the network. Typical locations for an intrusion detection system is as shown in the following figure - Following are the types of intrusion detection systems :- 1) Host-Based Intrusion Detection System (HIDS) :- Host-based intrusion detection systems or HIDS are installed as agents on a host. These intrusion detection systems can look into system and application log files to detect any intruder activity. 2) Network-Based Intrusion Detection System (NIDS) :- These IDSs detect attacks by capturing and analyzing network packets. Listening on a network segment or switch, one network-based IDS can monitor the network traffic affecting multiple hosts that are connected to the network segment, thereby protecting those hosts. Network-based IDSs often consist of a set of single-purpose sensors or hosts placed at various points in a network. These units monitor network traffic, performing local analysis of that traffic and reporting attacks to a central management console. Some important topics comes under intrusion detection are as follows :- 1) Signatures - Signature is the pattern that you look for inside a data packet. A signature is used to detect one or multiple types of attacks. For example, the presence of “scripts/iisadmin” in a packet going to your web server may indicate an intruder activity. Signatures may be present in different parts of a data packet depending upon the nature of the attack. 2) Alerts - Alerts are any sort of user notification of an intruder activity. When an IDS detects an intruder, it has to inform security administrator about this using alerts. Alerts may be in the form of pop-up windows, logging to a console, sending e-mail and so on. Alerts are also stored in log files or databases where they can be viewed later on by security experts. 3) Logs - The log messages are usually saved in file.Log messages can be saved either in text or binary format. 4) False Alarms - False alarms are alerts generated due to an indication that is not an intruder activity. For example, misconfigured internal hosts may sometimes broadcast messages that trigger a rule resulting in generation of a false alert. Some routers, like Linksys home routers, generate lots of UPnP related alerts. To avoid false alarms, you have to modify and tune different default rules. In some cases you may need to disable some of the rules to avoid false alarms. 5) Sensor - The machine on which an intrusion detection system is running is also called the sensor in the literature because it is used to “sense” the network. Snort :- Snort is a very flexible network intrusion detection system that has a large set of pre-configured rules. Snort also allows you to write your own rule set. There are several mailing lists on the internet where people share new snort rules that can counter the latest attacks. Snort is a modern security application that can perform the following three functions : * It can serve as a packet sniffer. * It can work as a packet logger. * It can work as a Network-Based Intrusion Detection System (NIDS). Further details and downloads can be obtained from it's home- http://www.snort.org

Read more ...

DOS(Deniel Of Services) Attack | Mukesh Joon

-: Denial Of Service (DoS) Attacks :- A denial of service (DoS) attack is an attack that clogs up so much memory on the target system that it can not serve it's users, or it causes the target system to crash, reboot, or otherwise deny services to legitimate users.There are several different kinds of dos attacks as discussed below:- 1) Ping Of Death :- The ping of death attack sends oversized ICMP datagrams (encapsulated in IP packets) to the victim.The Ping command makes use of the ICMP echo request and echo reply messages and it's commonly used to determine whether the remote host is alive. In a ping of death attack, however, ping causes the remote system to hang, reboot or crash. To do so the attacker uses, the ping command in conjuction with -l argument (used to specify the size of the packet sent) to ping the target system that exceeds the maximum bytes allowed by TCP/IP (65,536). example:- c:/>ping -l 65540 hostname Fortunately, nearly all operating systems these days are not vulnerable to the ping of death attack. 2) Teardrop Attack :- Whenever data is sent over the internet, it is broken into fragments at the source system and reassembled at the destination system. For example you need to send 3,000 bytes of data from one system to another. Rather than sending the entire chunk in asingle packet, the data is broken down into smaller packets as given below: * packet 1 will carry bytes 1-1000. * packet 2 will carry bytes 1001-2000. * packet 3 will carry bytes 2001-3000. In teardrop attack, however, the data packets sent to the target computer contais bytes that overlaps with each other. (bytes 1-1500) (bytes 1001-2000) (bytes 1500-2500) When the target system receives such a series of packets, it can not reassemble the data and therefore will crash, hang, or reboot. Old Linux systems, Windows NT/95 are vulnerable. 3) SYN - Flood Attack :- In SYN flooding attack, several SYN packets are sent to the target host, all with an invalid source IP address. When the target system receives these SYN packets, it tries to respond to each one with a SYN/ACK packet but as all the source IP addresses are invalid the target system goes into wait state for ACK message to receive from source. Eventually, due to large number of connection requests, the target systems' memory is consumed. In order to actually affect the target system, a large number of SYN packets with invalid IP addresses must be sent. 4) Land Attack :- A land attack is similar to SYN attack, the only difference being that instead of including an invalid IP address, the SYN packet include the IP address of the target sysetm itself. As a result an infinite loop is created within the target system, which ultimately hangs and crashes.Windows NT before Service Pack 4 are vulnerable to this attack. 5) Smurf Attack :- There are 3 players in the smurf attack–the attacker,the intermediary (which can also be a victim) and the victim. In most scenarios the attacker spoofs the IP source address as the IP of the intended victim to the intermediary network broadcast address. Every host on the intermediary network replies, flooding the victim and the intermediary network with network traffic. Result:- Performance may be degraded such that the victim, the victim and intermediary networks become congested and unusable, i.e. clogging the network and preventing legitimate users from obtaining network services. 6) UDP - Flood Attack :- Two UDP services: echo (which echos back any character received) and chargen (which generates character) were used in the past for network testing and are enabled by default on most systems. These services can be used to launch a DOS by connecting the chargen to echo ports on the same or another machine and generating large amounts of network traffic.

Read more ...

XSS(Cross Site Scripting) || Mukesh Joon

Basic XSS Cross Site Scripting

Allot of you guys aren't clear with xss aka cross site scripting and for that many of you were sending me mails on how to do xss attack , etc and that's why i got this video which explains some basic concepts of the Xss attack and how it can be practiced and how can we use it to hack anybody.

This video is controversial by Brial Contos, CISSP from a company named IMPERVA. it takes through each and every step involved to find a xss vulnerability in a webpage . and showcases some of the basic steps that you need to know.

What is XSS

Cross-site scripting ('XSS' or 'CSS') is an attack that takes advantage of a Web site vulnerability in which the site displays content that includes un-sanitized user-provided data. For example, an attacker might place a hyperlink with an embedded malicious script into an online discussion forum….

That purpose of the malicious script is to attack other forum users who happen to select the hyperlink. For example it could copy user cookies and then send those cookies to the attacker. The Script Injection video should be watched before this video for greater understanding.

Conclusion

Now you might be clear with xss attacks it is easy and can be used in man terms to hack anybody or anything else for fun also. Now lets take a look at some of the commonly used xss scripts and code snippets -

Assuming you can only fit in a few characters and it filters against ".js" you can rename your JavaScript file to an image as an XSS vector:

This is most simplest snippet used to find a Xss vulnerability in a webpage.

This is a normal XSS JavaScript injection, and most likely to get caught but I suggest trying it first (the quotes are not required in any modern browser so they are omitted here):

There are many more xss vulnerabilities you can use to bypass the security but they are most useful to find a xss vulnerability in webpage.

Read more ...

ThE HaCkEr NeWs || MuKeSh JoOn

2011 has been labeled the "Year of the Hack” or “Epic #Fail 2011”. Hacking has become much easier over the years, which is why 2011 had a lot of hacking for good and for bad. Hackers are coming up with tools as well as finding new methods for hacking faster then companies can increase their security.  Every year there are always forward advancements in the tools and programs that can be used by the hackers.

At the end of year 2011 we decided to give "The Hacker News Awards 2011". The Hacker News Awards will be an annual awards ceremony celebrating the achievements and failures of security researchers and the Hacking community. The THN Award is judged by a panel of respected security researchers and Editors at The Hacker News.

Year 2011 came to an end following Operation Payback and Antisec, which targeted companies refusing to accept payments to WikiLeak's, such as, Visa and Amazon. Those attacks were carried out by Anonymous & Lulzsec. This year corporations, international agencies, and governments are now experiencing a flood of what is called Advanced Persistent Threats. APTs refer to a group of well-funded, highly capable hackers pursuing a specific agenda, often organized by a nation or State. Sony somehow pissed off the hacking group LulzSec, which downloaded information for millions of users, while posting to Sony's system: "LulzSec was here you sexy bastards! Stupid Sony, so very stupid."

The Hacker News Awards Categories & Winners

1.) Person of the Year : Julian Paul Assange

He is, of course, the lean, tall, and pale 39-year-old Australian master hacker at the white-hot center of the whistle-blowing website WikiLeaks and, after revealing thousands of secret Afghan battlefield reports this week, the subject of investigation by U.S. authorities. 2011 could also be called the “Age of WikiLeaks”. Assange described himself in a private conversation as "the heart and soul of this organisation, its founder, philosopher, spokesperson, original coder, organizer, financier, and all the rest". Wikileaks celebrate its 5th Birthday on 4th October 2011, for being only 5 years old they have done a remarkable and outstanding job of serving the people. The one thing most governments in the world have left off their agenda’s. Keep up the good work Wikileaks and we stand in support and behind you.

2.) Best Hacking Group of the Year 2011 : ANONYMOUS

DECK THE HALLS AND BATTON DOWN THE SECURITY SYSTEMS…..THEY AIN’T GOIN AWAY!

Anonymous hackers have gained world wide attention because of their hacktivism. Anonymous is not an organization. Anonymous has no leaders, no gurus, no ideologists. Anonymous has performed many operations like Attack on HBGary Federal, 2011 Bank of America document release, Operation Sony, Operation Anti-Security and lots more. Complete Coverage on all Anonymous related news is here.

3.) Best Whitehat hacker of the Year 2011 : CHARLIE MILLER

CHARLIE SHOWS TUNA ISN’T THE ONLY THING TO PROFIT FROM!

Charlie Miller is a former hacker who has become an information security consultant now working with the Department of Defense (DOD) and helping out with cyber security. He spent five years working for the National Security Agency. Miller demonstrated his hacks publicly on products manufactured by Apple. In 2008 he won a $10,000 cash prize at the hacker conference Pwn2Own in Vancouver Canada for being the first to find a critical bug in the ultrathin MacBook Air. The next year, he won $5,000 for cracking Safari. In 2009 he also demonstrated an SMS processing vulnerability that allowed for complete compromise of the Apple iPhone and denial-of-service attacks on other phones. In 2011 he found a security hole in an iPhone's or iPad's security. Charlie Miller gets a kick of out defeating Apple’s security mechanisms, using his hacking skills to break into Macbooks and iPhones.

4.) Best Leak of the year 2011 : HBGARY FEDERAL EMAILS LEAKED BY ANONYMOUS

GEE GREG, YOU THOUGHT WE JUST PLAYED WITH MATEL COMPUTERS!  NOT!!!!!

HBGary Federal who was helping the federal government track down cyber activists was itself hacked by the very same activists!  Gotta love these guys.  Through an elegant but by the numbers social engineering effort those fun fellas at Anonymous,  hacked and publicly shamed poor little HBGary Federal. Massive reputation damage and tons of turn-over in executive leadership resulted. Anonymous released 27,000 emails from the server of Greg Hoglund, chief executive of the software security firm HBGary. They posted 50,000 emails of Aaron Barr from the CEO of its sister organization, HBGary Federal. They obtained the emails by hacking into Hoglund’s email.

5.) Best Defacement of the Year 2011 : DNS HIJACKING OF HIGH PROFILE SITES BY TURKGUVENLIGI

TURKGUVENLIGI……..THE GIFT THAT KEEPS ON GIVING!!

Turkguvenligi also known by the name "TG Hacker' hacked some very high profile sites using DNS Hijacking.  Sites included, Theregister.co.uk , Vodafone, Telegraph, Acer, National Geographic. He diverted visitors to a page declaring it was “World Hackers Day”. TurkGuvenligi has claimed credit for dozens of similar defacement attacks since late 2008. 

6.) Craziest Hack of the year: INMOTION HOSTING (Over 700,000 Websites Hacked)

BEWARE OF TIGER’S IN MOTION…….COMING TO YOUR WEBSITE SOON!

InMotion's data center got hit by the hacker that calls himself TiGER-M@TE, leaving a few hundred thousand website owners with nonfunctional pages and 700,000 web Pages defaced . He is also the one responsible for the attack carried out on Google Bangladesh.  In our humble opinion, this is the craziest hack of the year. 

7.) Malware of Year 2011 : DuQu

ALAH CAN’T HELP IRAN…….NOT WITH DuQu ON THE LOOSE!

This year was really hot on malware discovery and analysis. DuQu  became the first known network modular rootkit.   DuQu has flexibility for hackers to help remove and add new features quickly and without special effort. Some experts have doubts on relation between the Stuxnet and DuQu creators as they both aim for stealing and collecting data related to Iranian agencies activities.

8.) Best Hacking Tool of the Year 2011 - ANTI (Android Network Toolkit)

HEY CYBER WORLD, STICK THIS IN YOUR TOOL BELT!

ANTI is the smallest but most powerful hacking tool developed by the company Zimperium. Anti-Android Network Toolkit is an app that uses WiFi scanning tools to scan networks. You can scan a network that you have the phone connected to or you can scan any other nearby open networks. Security admins can use Anti to test network host vulnerabilities for DoS attacks and other threats. Features : OS detection, traceroute, port connect, Wi-Fi monitor, HTTP server, man-in-the-middle threats, remote exploits, Password Cracker and DoS attack and plugins.

9.) High Profile Hacker of the Year 2011 : LULZSEC

LULZSEC KEEPS US LAUGHING ALL THROUGH 2011!

Lulz Security, commonly abbreviated as LulzSec, is a computer hacker group that claims responsibility for several high profile attacks, including the compromise of user accounts from Sony Pictures in 2011. The group also claimed responsibility for taking the CIA website offline. It has gained attention due to its high profile targets and the sarcastic messages it has posted in the aftermath of its attacks. The group's first recorded attack was against Fox.com's website. LulzSec does not appear to hack for financial profit. The group's claimed main motivation is to have fun by causing mayhem. They do things "for the lulz" and focus on the possible comedic and entertainment value of attacking targets.

10.) Biggest Victim of the Year 2011 : SONY

SONY SHINES AS THE BIGGEST VICTIM OF ALL!

Sony gets the Most Epic fail award so we want to give the Best Victim of the year award to Sony. Almost all Sony’s websites including Indonesia, Japan, Thailand, Greece, Canada, Netherlands, Europe, Russia, Portugal & Sony PlayStation Network were Hacked. Defacement of various domains of Sony and Personal information of 77 million people, including customer names, addresses, e-mail addresses, birthdays, PlayStation Network and Qriocity passwords, user names, online handles and possibly credit cards were exposed. Sony expects the hack of the PlayStation Network and cost at ¥14 billion (US$170 million) .

11.) Most Spamy Social Network : FACEBOOK

FACEBOOK OUTTA FACE IT……..IT’S A RIPE TARGET FOR 2012

Social network sites such as Facebook, Google+ or Twitter are gaining popularity. But the 'Web 2.0' presents new dangers. The wave of pornographic and violent images, Spam messages, Virus and various Worms that flooded Facebook over the past year, make it the Most Spamy Social Network of the Year. Social media is the new frontier for all of this spam. The attack tricked users into clicking on a story they thought would bring them a related video or picture. Instead, Facebook members were taken to websites that attacked their browsers with malicious software and posted violent and disturbing images to their news feeds. 

12.) Most Vulnerable Mobile OS of Year 2011 : ANDROIDS

MALWARE GETS A FREE RIDE ON MOBILE DEVICES!

Mobile devices are seeing a record number of Malware attacks, with Androids leading the way as the mobile operating systems are the  most likely to be targeted. Android’s vulnerability to malicious content including third-party apps, SMS Trojan viruses and unexpected bugs distributed through free Wi-Fi connections has risen by 45% in 2011. This year we have seen record-breaking numbers of Malware, especially on mobile devices, where the uptake is in direct correlation to popularity. 

13.) Best Hacking Book of the Year: BACKTRACK 5 WIRELESS PENETRATION TESTING

ATTENTION CLASS, VIVEK RAMACHANDRAN HAS ENTERED THE ROOM!

Vivek Ramachandran is a world renowned security researcher and evangelist, who is well known for his discovery of the Wireless Caffe Latte attack, and author of the most amazing book “BackTrack 5 Wireless Penetration Testing. This book is written completely from a practical perspective. The book wastes no time in delving into a hands-on session with wireless networking. All the way through there are lots of screengrabs, so you can see what should be happening on your screen.

14.) Most Innovative Hack : DIGITAL CERTIFICATES SPOOFING BY COMODO HACKER

COMODOHACKER BRINGS OUT THE DRAGON IN CYBER SECURITY CONCERNS

The name "Comodohacker" gets the most Innovative Hacker award from THN for the breach of the Internet's trust system arising from an outmoded method for assuring that a Web site is authentic.  A breach that let a hacker spoof digital certificates for Google.com, Yahoo.com, and other Web sites is prompting browser makers to rethink security. A 21-year-old Iranian patriot took credit saying he was protesting US policy and retaliating against the US for its alleged involvement with last year’s Stuxnet, which experts say was designed to target Iran’s nuclear program.

15.) Biggest hack of the Year 2011 : SONY PLAYSTATION

SONY, SONY, WE PLAY YOUR LEAKS ON OUR OWN STATIONS!

The PlayStation Network is an online multiplayer gaming and digital media delivery service owned and run by Sony Computer Entertainment .On April 26, 2011 Sony Playstation announced its network and Qriocity had both been compromised by hackers between April 17 and April 19 allowing access to 70 million user accounts. 

“TRUTH IS THE MOST POWERFUL WEAPON AGAINST INJUSTICE”

For additional information, please contact us at: mukesh.joon@gmail.com

Download Hacking Tools

• Sendrawpdu : iPhone SMS spoofing tool Released
• OllyDbg 2.01 Beta 2 Released
• ESSPEE - Penetration Testing & Forensics
• Nishang - Use PowerShell for Penetration Testing
• Uniscan 6.2 released
• WiFite v2.0 r85 - WPS hacking support Added
• Phemail.py: Phishing EMail Social Engineering Tool
• jNetPort ? Active monitoring tool
• Pentoo - Security focused livecd
• BBQSQL - A Rapid Blind SQL Injection Exploitation Tool
• Etherwall v1.0 Beta 3 - Prevents Man in The Middle (MITM) Attack
• Smartphone Pentest Framework v0.1.1 Released
• NmapSi4 v 0.3.2 - Easy Gui version of Nmap
• Anehta V-0.6 - Web Application Security Audit Tool
• NetworkMiner 1.4 Released
• Wireshark 1.8.2 Released
• Junkie The network sniffer v 2.2.0
• ASEF : Android Security Evaluation Framework
• WATOBO version 0.9.10 0 - Transparent Proxy Mode and SQLMap plugin Added
• Backtrack 5 R3 Released

Read more ...

Chat with Friends through Command Prompt

Hello friends Now U Can Chat With Command Prompt THrough So Here IS A Trick.....

---

1) All you need is your friend's IP Address and your Command Prompt.

2) Open Notepad and write this code as it is.....!

@echo off
:A
Cls
echo MESSENGER
set /p n=User:
set /p m=Message:
net send %n% %m%
Pause
Goto A


3) Now save this as "Messenger.Bat".

4) Open Command Prompt.

5) Drag this file (.bat file) over to Command Prompt and press Enter.

6) You would then see something like this:

 
7) Now, type the IP Address of the computer you want to contact and press enter
You will see something like this:
 

8) Now all you need to do is type your message and press Enter.
Start Chatting.......!

DONE....ENJOY.~!! :)

Read more ...

Computer Forensic Tools And Tricks

To Find The USB Logs

Go to Run Then Enter Code _|
For window 7 -->
C:\Windows\inf\setupapi.dev.log

For window Xp -->
C:\Windows\inf\setupapi.log

For Ram Analysis

Open Source Tools from ForensicZone

Download Link

Read more ...

Proxy Server

Proxy servers:-

Its allow for you to configure your browser to route your browser traffic through that machine, which then makes a request for a page on your behalf, and then sends you the results. These are usually used at no cost to the user. Since they are accessible to the public these are often quite slow. Please see instructions for using a proxy server.

There are a variety of types of these proxy servers:

* Transparent Proxy - This type of proxy server identifies itself as a proxy server and also makes the original IP address available through the http headers. These are generally used for their ability to cache websites and do not effectively provide any anonymity to those who use them. However, the use of a transparent proxy will get you around simple IP bans. They are transparent in the terms that your IP address is exposed, not transparent in the terms that you do not know that you are using it (your system is not specifically configured to use it.) This type of proxy server does not hide your IP address.

* Anonymous Proxy - This type of proxy server identifies itself as a proxy server, but does not make the original IP address available. This type of proxy server is detectable, but provides reasonable anonymity for most users. This type of proxy server will hide your IP address.

* Distorting Proxy - This type of proxy server identifies itself as a proxy server, but make an incorrect original IP address available through the http headers. This type of proxy server will hide your IP address.

* High Anonymity Proxy - This type of proxy server does not identify itself as a proxy server and does not make available the original IP address. This type of proxy server will hide your IP address.

 Proxy browser:-

A proxy server acts as a security barrier between your internal network and the Internet, keeping others on the Internet from being able to obtain access to information that is located on your internal network.........and your browser is become like invible........its hide your ip. like you use china country proxy den open google.com now google will open in china language form............!~

How to change proxy settings in Browsers

@ Mozilla Firefox

1. Open Mozilla Firefox.

2. Click on Tools then click on Options….

3. Click on the Advance tab, then click on the Network sub-tab and finally on the Settings… button.

4. Tick the Manual Proxy Configuration: radio button.

5. In the HTTP Proxy: box, type the IP address of the proxy server.

6. In the Port: box, type the in the port number that is used by the proxy server.

7. Click OK to close the Connection Settings window.

8. Click OK to close the Options window.

9. DONE

@ Internet Explorer
1. On the Tools menu in Internet Explorer, click Internet Options, click the Connections tab, and then click LAN Settings.
2. Under Proxy server, click to select the Use a proxy server for your LAN check box.
3. In the Address box, type the IP address of the proxy server.
4. In the Port box, type the port number that is used by the proxy server for client connections (by default, 8080).
5. You can click to select the Bypass proxy server for local addresses check box if you do not want the proxy server computer to be used when you connect to a computer on the local network (this may speed up performance).
6. Click OK to close the LAN Settings dialog box.
7. Click OK again to close the Internet Options dialog box.

@ proxy settings In Google Chrome.

* To change proxy settings: Click "Customize and control Google Chrome" icon right under the "window close" button.
* A popup menu will be dipslayed. Click "Options".
* Select the "Under the Hood" tab.
* Scroll down and Click "change proxy settings" button.
* A popup dialog will be display. Select the Connections tab on this dialg.
* If you are using LAN, click "LAN Settings" button. If you are using Dial-up or Virtual Private Network connection, select necessary connection and click "Settings" button.
* Make sure the "automatically detect proxy settings" and "use a proxy automatic configuration script" options are not checked.
* In the "Proxy Server" area, click the check box next to Use a proxy server for this connection.
* If nessesary, enable "bypass proxy server for local addresses".
* Click the "Advanced" button and set Proxy Server address (proxy IP), proxy server port.
* Click OK.

*done

@ proxy settings in Safari.
* To change proxy settings: Open Safari
* Click Safari on top of the screen.
* Click "Preferences".
* In the menu bar at the top of the window, Click "Advanced".
* Click on the "Change Settings" button next to the Proxies label
* Click on the check box button next to Web Proxy (HTTP)
* Enter proxy server and port information
* Select "Apply Now" to save settings.
* Done.

                                        Anti-Spam SMTP Proxy Server

The Anti-Spam SMTP Proxy (ASSP) Server project aims to create an open source platform-independent SMTP Proxy server which implements auto-whitelists, self learning Bayesian, Greylisting, DNSBL, DNSWL, URIBL, SPF, SRS, Backscatter, Virus scanning, attachment blocking, Senderbase and multiple other filter methods. Click 'Browse all files' to download the professional version 2.2.1 build 12221.

• Multiple Weighted DNSBLs
• Multiple Weighted URIBLs
• Greylisting
• Weighted Regular Expression Filtering
• Bayesian
• Penalty Box
• SenderBase
• SSL/TLS
• SPF/SRS
• Attachment Blocking
• ClamAV and FileScan
• Blocking Reporting
• LDAP support
• Backscatter Detection

Download

                                                       WEB PROXY SITES:

www.meebo.com/   www.freeproxyserver.ca/   www.ninjacloak.com/   www.anonymizer.ru/  

www.kproxy.com/

www.iloveim.com/

www.the-cloak.com/

  

www.cantblock.me

www.mb35.info

www.cloaking.me

www.proxybrowsing.com

www.behidden.com

www.yourfreedom.net

www.hujiko.com

www.anonymizer.ru

www.schoolproxylists.cn/

www.xysurfing.com/

www.googlefaker.com/

www.internetoxy.com/Facebook Proxy

---

If Facebook are block in your offices, college and home then don't worry Click at below link

and access your FB Account.

EnjoY..!!

http://www.f1.proxymice.com/
http://www.f2.proxymice.com/
http://www.f3.proxymice.com/   standalone proxyserver ultrasurf DOWNLOAD http://ultrasurf.us/download/u.zip   hotspotsecurityshild   super hide ip   VPN Securitykiss VPN Tool

Secure your Internet connection with SecurityKISS Tunnel.
We are a leading VPN provider to protect privacy, ensure anonymity and bypass Internet restrictions.

 DOWNLOAD http://www.securitykiss.com/resources/download/windows/    PROXPN  DOWNLOAD  http://www.proxypn.com
ULTRAVPN  DOWNLOAD http://www.ultravpnsoftonic.com   CYBER GHOST DOWNLOAD  http://www.cyberghostvpn.com/files/download.php   MACROVPN  DOWNLOAD http://www.macrovpn.com 

To Protect Your Privacy..!!

---

JonDo

JonDos publishes a new version of the JonDo-Software, an IP changer and IP anonymization program, that you can use for anonymous surfing in the Internet with high security anonymous proxy servers.

What is JonDo?
JonDo is an open source and free-of-charge program for Windows, Linux and MacOS X.
It hides the user's IP adress behind an anonymous IP address. In contrast to other anonymizers (VPNs, anonymous proxy servers), the user's anonymity stays protected even against the providers (operators) of the anonymous IP address.

Download

---

TOR

Tor is very useful for online anonymity, its protect your privacy, defend against a form
 of network traffic analysis. Traffic analysis can be used to infer who is talking to whom over a public network. Knowing the source and destination of your Internet traffic
allows others to track your behavior and interests.

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create
new communication tools with built-in privacy features.

Tor to keep websites from tracking them and their family members, or to connect to
news sites, instant messaging services, or the like when these are blocked by their
local Internet providers. Tor's hidden services let users publish web sites and other services without needing to reveal the location of the site.

Video Tutorial: http://youtu.be/azSaqhdQ7Uo

Download    

ProXPN helps to upgrades your internet connection with VPN encryption secures all types of connections from DSL and cable to 3G gives you 100% private access to the internet get an IP address in the USA, UK, or NL.
It Protects websites you visit, hijack your passwords, credit cards, or banking details intercept and spy on your email, IMs, calls, or anything else, record your web,history, run traces to find out where you live.

Video Tutorial: http://youtu.be/Qh43CkVH9Qg

Download

---

UltraVPN - A Free VPN

UltraVPN is a simple user interface to connect or disconnect to our VPN servers.

To use UltraVPN, you need to right click on a traybar icon (on the bottom right of your screen) that looks like a computer with a red screen. After right clicking on it, choose "connect".

It can be used by any individual who simply wants to protect his privacy, either on a LAN or a public hotspot.

Features:
You can connect or log in into MSN if it's blocked.
For use VoIP software like Skype if it's blocked.
UltraVPN protect your email and browsing privacy.

How can you download UltraVPN?
Download the software client and create account. You are now able to connect to the VPN.

Video Tutorial:
http://youtu.be/3_zXns8xbgU  

Read more ...