Now that a new year is here, I thought it would be a good time to give all my novice hackers a heads-up on what to expect in 2014 on Null Byte. We just began to scratch the surface of the art and science of hacking in 2013, and now we will delve a bit deeper this year to advance your hacking skills toward your ultimate goal of becoming a professional hacker!
In 2014, you can expect all of the following.
In 2013, we looked at the basics of how to use Metasploit for remote hacking, but in 2014 we will look at remote hacking Windows 2008, Windows 7, and Windows 8. In addition, we will look at pivoting from one system to another and we will work with the many auxiliary modules in Metasploit, including the many post-exploitation modules, some of which are great for digital forensics. We will also work on developing some scripts for Metasploit and our own Metasploit exploits.
In 2013, we began to develop some BASH scripting skills and we will continue that process toward advanced BASH scripting, but we will also script with Perl, Ruby, and Python, working toward developing our own zero day exploits.
Botnets are one of the most important and lucrative hacks on the web today. I will help you develop your own bot and then suggest strategies to distribute it to create your own botnet that can be used for password cracking, bitcoin mining, spam, DDoS, etc.
Reconnaissance is one of the most important, albeit least appreciated, aspects of hacking. We looked at nmap, xprobe2, hping, netcraft and some other tools for doing reconnaissance, but we will look at more tools for doing SNMP recon, DNS recon, and others. We also explore Nikto, Wikto, Ettercap, and Maltego for recon.
I'll be starting a series soon on hacking the Android OS, the world's most popular mobile operating system. As so much computing is going mobile, Android and all its vulnerabilities will become a critical vector for hacking individual and corporate networks.
Although we examined multiple ways to hack Wi-Fi, we need to still look at ways to hack Bluetooth, the ubiquitous short-range Wi-Fi technology used on multiple devices, but most importantly on cell phones and other mobile devices.
In 2013, we began a new series on digital forensics to educate hackers on what a good forensic investigator can learn about them after the intrusion/hack. We will be delving deeper into network forensics, as well as registry and file forensics.
Having completed 13 modules on the basics of Linux for hackers, we will continue to develop your Linux skills with some intermediate level tutorials, including building your own router and firewall with Linux. We will look at some key text manipulation tools and delve deeper into the open source Apache web server and MySQL database.
We will look at some simple shellcode development for a zero day. Before we can do that, I'll do some tutorials on how memory systems work on Windows and Linux as well as a bit of Assembly language (machine language).
Buffer overflows are at the heart of so many remote exploits (nearly all our remote Metasploit hacks make use of a buffer overflow). We will look at the basics of a buffer overflow, how we can make buffer overflows happen, and how to test for buffer overflows.
In 2013, we never got around to web application hacking, but it will be a key focus in 2014. We'll look especially at SQL injection and Cross-Site Scripting (XSS).
A good hacker must know how to evade detection or else expect to spend some unpleasant years behind bars. We looked at some basic detection evasion in 2013, but we will delve into more advanced techniques for evading firewalls and IDSs in 2014.
Its critical for the survival of a hacker to cover their tracks after an intrusion. In 2013, we looked at ways to erase log files in Linux and Windows, as well as delete our command history. In 2014, we will look to overwrite the deleted log files so as to leave no gap in the log files for the sysadmin to notice as well how to completely wipe our deleted files, so that forensic investigator will be left without a clue we were ever there.
In 2013, we covered some database hacking concepts, and looked at how to hack Microsoft's SQL Server and we will expand upon that subject in 2014, but we also examine how to hack Oracle, the world's most popular enterprise database and MySQL, the world's most popular web application database, as well.
Finally, we will do some hacking from your tablet or other mobile device. Now you take your hacking platform wherever you go and wreak havoc!
We have a lot coming in 2014 my aspiring hackers, so have a Happy New Year and I look forward to seeing and hearing from you around Null Byte this coming year!
Take a minute here and let me know which of these topics are most important to you, and if I missed something that you really want to see in 2014.