Welcome back, my greenhorn hackers, and happy New Year!
Now that your heads have recovered from your New Year's Eve regaling, I'd like to grab your attention for just a moment to preview 2015 here at Null Byte. I hope you will add your comments as to what you would like to see, and I'll try to honor as many requests as I can.
Advanced vs. Beginner
This year, I will attempt to balance advanced and beginner tutorials. In that way, I hope that those of you who have been faithful readers and contributors here will stay to learn more, and that those of you who are new will have new beginner material and something to work towards. I will continue to expand the Linux series for the novices and work our way through exploit development for the more advanced.
Questions
In the last year, Null Byte has grown dramatically! At one time, I could answer all your personal messages. If I did that now, I would never have time to get any work done. I'd like to request that you ask your questions in the comment section of an appropriate article and I, or someone else in our community, will try to help. In that way, everyone gets involved in the diagnostic process and the solutions are available to everyone in our community, rather than just a single person.
Members of our community such as ghost_, CyberHitchhiker, Ciuffy, and others offer significant insights and wisdom into the hacking process. Utilize them, they love the questions and the challenge of helping you solve you hacking problems.
Now...Let's Look at What's Coming Soon...
Exploit Development
Exploit development will probably be the most important addition to Null Byte in 2015. The idea here is that we will develop our own exploits through numerous steps. I began this new series with my an introduction to buffer overflows.
To develop an new exploit requires significant background and knowledge in coding, operating systems, vulnerabilities, memory structures, and more. I will try to impart that knowledge in byte-sized pieces over the course of this year. This should be an exciting new endeavor for Null Byte!
Python Scripting
I just published the first article in my series on Python scripting. As Python is the most popular scripting language for hacking, I'll spend a lot more time with it than I have with the other scripting languages such as Perl, BASH, and PowerShell.
Denial of Service
I want to begin a whole new series in 2015 on the multiple ways to execute a denial of service (DoS). Although in many ways this is the simplest type of attack to execute, there are innumerable ways to do it. In addition, we look at the various methods that are unique to each operating system and application.
Facebook Hacking
So many of you have been asking for Facebook hacking that I am finally going to concede and start a new series on this subject. Expect the first entry in this series within the next week or so.
Mobile Hacking
Last year at this time, I promised a series on mobile hacking, but unfortunately, I never got to it 2014. I promise you that this year we will start on series on mobile hacking—including Bluetooth. Since Android is the most widely used mobile platform, we will start with it and then progress to iOS as time allows.
VOIP Hacking
Surprisingly, no one has requested articles on hacking VoIP. I'm not sure what to make of that as VoIP is rather easy to hack and is growing dramatically. The possibilities are nearly endless for eavesdropping on conversations for cyber espionage and other things. I will start a series on VoIP hacking in 2015.
THC Hydra
I did a single tutorial on using THC Hydra with Tamper Data and it proved wildly popular. We really need to really explore further this powerful application to effectively hack the multiple types of online accounts.
Metasploit
I've written many articles using my favorite hacking tool, Metasploit, to hack systems for a variety of purposes.
I'll be expanding those tutorials this year, showing you some new exploits and explore some of Metasploit's other modules such as post-exploitation and auxiliary modules.
Web Application Hacking
We began with some web app hacking in 2014, including using Nikto and Wikto for recon, using Dirbuster to find directories behind websites, how to clone websites, and how to extract metadata from websites using Foca.
This year we will look at more ways to hack web applications including using Metasploit, Burp Suite, Paros Proxy, Beef, and others to do so.
Linux Basics for the Aspiring Hacker
One of my most popular series has been the "Linux Basics for the Aspiring Hacker." The more you know about Linux the better hacker you will be as Linux is really the only hacking platform. In addition, since nearly two-thirds of all web servers run Linux, it is essential to understanding this operating system to enable your hacking those servers.
I will expand this series with tutorials on Linux email clients and servers, Apache, and SQUID, among many others.
Wi-Fi Hacking
I've written a number of tutorials on Wi-Fi hacking and they have been among the most popular articles here on Null Byte. I'll add a few more guides this year including using Airsnarf to harvest Wi-Fi credentials and using a Yagi antenna to crack Wi-Fi access points (APs) miles away.
SQL Injection
We looked at the basic principles of SQL injection in 2014 and used sqlmap to hack a simple web-based database. This year we will use more advanced SQL injection tools, such as Havij, that will help us get behind the websites to the database, the hacker's pot of gold.
Rootkits
I'd like to do a few tutorials on building a rootkit. This is pretty advanced material and I'm not sure how far we can get this year, but I'll give it a try to give the more advanced hackers here something to look forward to.
Forensics
I've developed a number of tutorials on digital forensics and I hope to expand your knowledge in this area. I believe that digital forensics complements hacking. If you want to be a good (and free) hacker, you had better know what the forensic investigator knows and can do and, if you want to be a forensic investigator, you better know what the hacker knows and can do.
IDA Pro
IDA Pro is an amazing tool that every advanced hacker and forensic analyst should be conversant in. It allows us to disasemble code for forensic analysis or disassemble code to build a better piece of malware. Either way, it is indispensable.
Evading Antivirus
I have a couple of tutorials here on evading AV software. Like everything in our discipline, it is rapidly becoming outdated. As soon as we develop a method to evade the AV, the AV developers find ways to detect it, as the arms race continues.
I'll be offering some new tools to alter exploits and payload to evade AV and intrusion detection systems. Ultimately, the way to evade all of these—including law enforcement—is to develop your own exploits, and that will be our key task for 2015.
Evading Detection by NSA
Sometimes all we want is privacy. Part of my intention and goals here at Null Byte is to help people maintain their privacy from the overarching and overreaching hand of Big Brother. We all know that NSA is watching everything we say and do on the Internet, even the most trivial communication. (You know that pic or text your girlfriend or boyfriend sent you that you like so much? Someone at NSA may be "enjoying" it right now.)
We know from Edward Snowden's leaked documents what the NSA can crack and what they can't. (I have to confess here that I do have inside knowledge on this subject as I have trained many at NSA. That's one of the reasons I must maintain my anonymity.)
I'll start a series in 2015 on how you can keep your communication private from NSA. I'll warn you now, its not easy.
Windows Registry
I find that many newbie hackers are unfamiliar with the Windows registry. They know it exists, but are unfamiliar with what it does and how they can manipulate it as a hacker.
I'll do a few tutorials giving our community the basics on the Windows registry and how to manipulate it.
Apache
Apache is the most widely used web server in the world. Roughly, two out of every three web servers on this planet are using Apache. Although I introduced Apache in the Linux series, I'll go into greater depth in the inner workings of Apache that will help you understand its weaknesses and vulnerabilities.
Password Cracking
I started a series on password cracking to explore the multitude of ways to crack passwords and some of the fundamental concepts of doing the same. I will continue this series with new tools and new technologies in 2015. Two of the areas I would like to cover are using a multi-machine (botnet and others) configuration and GPUs to crack passwords.
Spying
I started a new series in 2014 titled "How to Hack a Computer & Spy on Anyone." This year, I'd like to add a few more tutorials to this series especially on how to spy using a webcam, grabbing screenshots, and keylogging. I'll also try to do at least one tutorial on hacking phones to gain root and use it as a spying device.
Reverse Engineering
Like any software developer, hackers are reluctant to reinvent the wheel. Why not simply use existing malware and re-engineer it for a new purpose? That's exactly what most malware is, reverse-engineered and re-purposed software.
We will look at ways to reverse-engineer some malware and then edit it for a new purpose and getting past security devices such as an IDS or piece of AV software.
Stay Tuned...
I'm excited about what we will be covering in 2015, so stick around and invite your friends and neighbors as we are in for an incredible ride this year!
Just updated your iPhone? You'll find new emoji, enhanced security, podcast transcripts, Apple Cash virtual numbers, and other useful features. There are even new additions hidden within Safari. Find out what's new and changed on your iPhone with the iOS 17.4 update.
26 Comments
That's huge! I don't even remember all of them and the topics you listed are all awesome, some of which I was coincidentally thinking about yesterday. It's a kind of magic...
Also, there's something special in Null Byte that other communities (as far as I know) don't have: this categorization of the topics that has been done makes everyone happy (although someone said that is a little bit hidden!), and the new topics you introduced with this article will contribute even more to have variety here. In fact, the mole of documentation here is mind blowing, and it is growing! When I first started getting into hacking Null Byte would always pop up at a certain point, and I'm happy to be part of it as an user.
I can't wait for each one of these, I wish you and all the Null Byte users the best to be able to keep Null Byte up.
Very excited for what we have in store for the new year; it's like a late Christmas gift.
Thanks OTW.
ghost_
This is going to be fun !!!!!!
Ready to Learn ...
#Sky
This is going to be one hell of a ride..
Words can't express how glad I am that I signed up...
I'm really looking forward to Python scripting and Exploit development. Thou the other topics are great, theres really nothing no the list that's not appealing.
Thanks OTW!!
Really looking forwards too all of those tutorials, great plan!
And that's a lot of content for 52 weeks.
Thanks for sharing your knowledge OTW!
Though, I will admit. I'm not too keen on the Facebook hacks coming in.
I mean, I'm really excited for all of this. I am. I just, dunno. I'm on the fence about that. I feel like it will attract the wrong types of people we want here that ask the questions like "how to facebook hack pls?".
Still, I feel like it will be a great year for us in 2015. Can't wait.
ghost_
OTW,
I'm new to this site, but I real enjoy the content and the tone in which it's presented.
Any self respecting hacker needs to be able to defend themselves. With these tutorial it would be nice to have counter-measures to defend yourself.
Some suggested topics:
1) Evading NSA detection is HUGE. Tutorials on TOR, Pre-Internet Encryption, TrueCrypt 7.1a, etc.
2) Concerning VOIP, please cover Zimmerman Real-Time Protocol (ZRTP) used to encrypt communications by VOIP service providers like Silent Circle.
3) Cloud hacking.
4) How about locking down the Window and Linux kernels to avoid rootkit installation on our own system? Rootkits like recent news breakers Regit for Windows and Turla for Linux which is based on a 14-year old open source Linux malware, cd00r, which was then extended and modified.
5) How about precision WiFi hacking, meaning using a directional antennae that you can adjust the lobe shape to say a particular individual at an Internet cafe (10-100ft away) and deauth just that one person? Could come in handy for us geeks wanting to come to the rescue of a lovely damsel in distress.
6) I'm in the market for a new laptop. I don't trust Lenovo (made in China), then again who can we really trust Intel, AMD, Asus, etc? What about a tutorial on building a Raspberry Pi microboard, or alternative like BeagleBone?
7) BadUSB - How to determine if it has a hidden partition and payload, and an if a storage device (thumb drive) is acting like a keyboard or network interface. Remember, most USB devices are manufactured overseas. On the offensive side, how to program the EEPROM on the controller chip to do just this.
8) How to hide numerous file on a target PC and then transfer via DNS packets to a location for later retrieval. No one none the wiser.
9) Issues discuss at DefCON, BlackHat, etc. conferences.
Just to name a few.
This sounds amazing!! I will be reviewing these as i take my cyber security classes in school too. This is a big help in addition to my schooling!
Hey OTW - I have been following this community on the sidelines for about a month now, and iv been reading alot of your tutorials including tons of comments to get more knowledge! I started coding in my computer science class, about a half year ago, and iam just as much into internet security and hacking as coding. But I kind of feel stuck with practising my hacking skills! I am reading different blogs everyday, and i just finished the book "Syngress - TheBasicsofHackingandPenTesting". I think there is so many tools/books/tutorials/blogs to learn from, that i always jump back and forth without getting in-depth! I am not sure where to go from here, i have alot of basic knowledge, but sometimes i just feel lost or i just dont know enough about what i am doing! Do you have any tips or tricks to practise my skills, so i really get a in-depth understanding about the software/hardware? (Sry for my bad english, english is not my native language)
Floki:
First, build yourself a small lab with a hacking system and some victims. These can be all virtual machines.
Second, make certain that you have the necessary Linux skills by going through my "Linux Basics for the Aspiring Hacker" series.
Third, read my article "Hacking for Newbies" and go through each of the tutorials mentioned there.
OTW
Thanks Cracker Hacker and OTW for the quick respond! Its kind of a weird problem/habbit i have, because when I'v been researching and practising on one subject for a few days, and I find a new post by one of you guys, i get too excited and jump right into learning that! I guess i just have to stay focued and dont leave the one subject before I fully master it!
Another little dilemme I have is my OS, Iam currently using Windows as my main OS, only because there is different applications that is't working fully with Kali Linux that i need for my education. I really hate Windows, and would like to learn Linux and use it as my main OS. But what OS do you recommend using for daily usage, like Ubuntu,debian, Linux Mint, and dual booting with Windows. And Iam not a big fan of VirtualBox/VMware for other than labtesting. So basically iam looking for a OS that i can practise my Linux skills and use as my daily OS?
Thanks in advance!
Floki
Floki:
Install Kali Linux as a dual boot system. Its based upon Debian and you can practice your Linux and hacking skills.
OTW
I will definitely try that, thanks!
Can't wait to read and practise, some of your upcoming tutorials! I really like your way of teaching, Iam very thankful for all your work!
Btw if you have any good suggestions, for a good book to read about hacking/security concepts when iam not at the PC, i would appreciate your advice?
I hope that you teach us something about XSS, Full Path Disclosure and Defacement in the Web Application Hacking series, and I would like to know your recommendation about books that are essential in the hacking topic.
Thank you for sharing your knowledge OTW!!!
On the Kali instal I booted off a usb then shut down Mac restarted held down the Option key, clicked the USB Kali started and I clicked instal, picked language/country and now thishttp://imgur.com/ZWlp82O
First thanks for a good selection on how-tos.
they are vey well written so that a novice like me can follow them.
Im quite new to the actual hacking but are working for a company that focus on prevention so if I could add a wish it would be 'flying under the radar'
As an example i'm trying out some scanning how-tos and our firewalls lit up like a christmas tree.
I do know that im not subtle by using uniscan so a deeper article on evading tripping the wires on prevention systems would be very appreciative.
Thanks
/J
Love your style, presentation of your tutorials, and your honesty. Thank you very much for your efforts.
Hello Master OTW .
Facebook Hacking ------------- for 2015
So many of you have been asking for Facebook hacking that I am finally going to concede and start a new series on this subject. Expect the first entry in this series within the next week or so.
This is interesting subject as most of the hacks provided for Fb does not work long ago.Some say this is the most secure and difficult site to be hacked. I mean some profile-not the site. In the tutoril : https://null-byte.wonderhowto.com/how-to/4-ways-crack-facebook-password-and-protect-yourself-from-them-0139532/
Method 1: Reset the Password- 90% people do not have trusted contacts.
Method 2: Use a Keylogger Getting more and more hard to pass keylogger as treated as viruses (except we dont use rootkit/disable antivirus and own all the system).
Hardware Keylogger -Very less people have phisycal access to the victims pc .
Method 3: Phishing - 99% of the host siteses detect it and you get baned.
Method 4: Stealing Cookies- Hard with HTTPS as firesheep not work anymore and greysmonkey and some other stuffs do not work with HTTPS.
The post of Th3 skY f0x -: https://null-byte.wonderhowto.com/how-to/become-elite-hacker-part-2-spoofing-cookies-hack-facebook-sessions-0147057/ not very usefull again because of HTTPS .
So i am eagurly waiting for this tutorial.
When we gonna have it :)
After Being here in Null-byte for more than a year, I just noticed that you(OTW) are having a hard time updating the series of each of your tutorials.
I just have an opinion if you don't mind. Why don't you divide your tasks by letting ghost_,Ciuffy, and CyberHitchhiker continue some of your series so that there will be a faster progress in each topics of your tutorials. ^_^
Anyone can contribute to Null Byte any time they want, including you.
While I find that rather flattering; I just feel that with my relatively limited experience compared to OTW it is rather unnecessary.
I did, however, begin my own small series and while it hasn't been updated in a while; I do plan on continuing it. Apologies to people who I have left hanging, I had a lot going on in my life.
I do help out with queries where I can and that is one major part of Null Byte that we can all contribute to.
With that said, I feel the pacing of each article that OTW puts out is appropriate as it does give people time to get through the content.
ghost_
Yeah Greeny after a year you should have one on the table by now, yes?
Also I don't want to invade any series and sit here blank on what to create new since it's all framed already.
So I ASSume Tech support, Antagonist, Grill master, Backup Tape Changer, Coffee Gopher role.. I don't ride on the back of the bike tho.
I agree with what ghost and cyber said, and my reasons are practcally the same. I'm very dispersive and I like standalone topics.
Because I'm no way experienced, I just contribute with what i know and I experienced.
Ok. That was just my opinion. It's like you're killing me through comments haha. Ok I got that now.
I can't post any contributions just yet. Because everything I know are also those things I learned here, from you guys. But soon I will. And I'll credit them to all of you. As of now I'm still exploring.
I love this community, I haven't find any sites like this.
Anyway, can't wait for those listed upcoming series!
Oh, didn't mean to kill you!
We are waiting for you to join creators. I agree about how special this community is.
Looking to work in the IT "privacy" security trade. And have been very impressed with the everything. Keep up the good work!
Share Your Thoughts