Kali Linux Hacking Tutorials

15/03/2023

04/04/2021

https://raidforums.com/Thread-SELLING-533-Million-Facebook-Database-100-Countries

Detailed info with Name, Mobile number, Few Emails, Gender, Occupation, City, Country, Marital Status ETC are in lists 1 Afghanistan 558,393 2 Africa 14,32...

28/12/2020

🔥 WE ARE OFFICIALLY ONLINE 🔥

Make IT done! It’s NOW or never.

Let’s take it really serious this time. Hakerin is unique platform where you can:
✅ learn about programming, hacking, cyber security
✅ take a courses from IT professionals with personal experience
✅ find out really cool stuffs and secrets 🤫
✅ all tricks and tips will be served to you, just take it!

Check out: https://bit.ly/hakerin

23/12/2020

🔥🔥🔥 Let's have some serius talk. 🔥🔥🔥

💥 We're thrilled to inform you that we're alreadya celebrating this week, because we can finally announce out loud that we're opening our plarform.

All good things must come to an end..and be replaced with some way better.

✅ You really do not want to miss this!
✅ Visit: https://bit.ly/hakerin

05/10/2020

Hello everyone. 💥💥💥
We’ve all been inactive for a long time, but now it’s time to wake up. The platform that will be your main station will soon be out of our lab. Keep up to date.
We are still not allowed to reveal everything but we will be online soon.

How many of you are interested? Write to us in a comment.

11/08/2019

iOS URL Scheme Could Let App-in-the-Middle Attackers Hijack Your Accounts

Security researchers have illustrated a new app-in-the-middle attack that could allow a malicious app installed on your iOS device to steal sensitive information from other apps by exploiting certain implementations of Custom URL Scheme.
For example, when you click "Sign in with Facebook" within an e-commerce app, it directly launches the Facebook app installed on your device and automatically process the authentication.
In the background, that e-commerce app actually triggers the URL Scheme for the Facebook app (fb://) and passes some context information required to process your login.
In Short, when the Suning app users choose to access their e-commerce account using WeChat, it generates a login-request and sends it to the WeChat app installed on the same device using the iOS URL Scheme for the messaging app. WeChat app then requests a secret login token from its server and sends it back to the Suning app for authentication.

10/08/2019

Researchers Discover New Ways to Hack WPA3 Protected WiFi Passwords

The same team of cybersecurity researchers who discovered several severe vulnerabilities, collectively dubbed as Dragonblood, in the newly launched WPA3 WiFi security standard few months ago has now uncovered two more flaws that could allow attackers to hack WiFi passwords.
WPA, or WiFi Protected Access, is a WiFi security standard that has been designed to authenticate wireless devices using the Advanced Encryption Standard (AES) protocol and intended to prevent hackers from eavesdropping on your wireless data.

The first vulnerability, identified as CVE-2019-13377, is a timing-based side-channel attack against WPA3's Dragonfly handshake when using Brainpool curves, which the WiFi Alliance recommended vendors to use as one of the security recommendations to add another layer of security.

The second vulnerability, identified as CVE-2019-13456, is an information leak bug which resides the implementation of EAP-pwd (Extensible Authentication Protocol-Password) in FreeRADIUS—one of the most widely used open-source RADIUS server that companies utilizes as a central database to authenticate remote users.

09/08/2019

KDE Linux Desktops Could Get Hacked Without Even Opening Malicious Files

If you are running a KDE desktop environment on your Linux operating system, you need to be extra careful and avoid downloading any ".desktop" or ".directory" file for a while.
KDE Plasma is one of the most popular open-source widget-based desktop environment for Linux users and comes as a default desktop environment on many Linux distributions, such as Manjaro, openSUSE, Kubuntu, and PCLinuxOS.
"When a .desktop or .directory file is instantiated, it unsafely evaluates environment variables and shell expansions using KConfigPrivate::expandString() via the KConfigGroup::readEntry() function,"
Exploiting this flaw, which affects KDE Frameworks package 5.60.0 and below, is simple and involves some social engineering as an attacker would need to trick KDE user into downloading an archive containing a malicious .desktop or .directory file.

08/08/2019

Bank Servers Hacked to Trick ATMs into Spitting Out Millions in Cash

The investigators analyzed 10 malware samples associated with FASTCash cyber attacks and found that attackers remotely compromise payment "switch application servers" within the targeted banks to facilitate fraudulent transactions.
Switch application server is an essential component of ATMs and Point-of-Sale infrastructures that communicates with the core banking system to validate user's bank account details for a requested transaction.
Whenever you use your payment card in an ATM or a PoS machine in a retailer shop, the software asks (in ISO 8583 messages formats) the bank's switch application server to validate the transaction—accept or decline, depending upon the available amount in your bank account.
In May 2018, the US-CERT also published an advisory alerting users of two different malware—Remote Access Trojan (RAT) known as Joanap and Server Message Block (SMB) worm called Brambul—linked to Hidden Cobra.
Last year, the DHS and the FBI also issued an alert describing Hidden Cobra malware Delta Charlie—a DDoS tool that they believed North Korea uses to launch distributed denial-of-service attacks against its targets.
Other malware linked to Hidden Cobra in the past includes Destover, Wild Positron or Duuzer, and Hangman with sophisticated capabilities, like DDoS botnets, keyloggers, remote access tools (RATs), and wiper malware

07/08/2019

First Hacker Convicted of 'SIM Swapping' Attack Gets 10 Years in Prison

In SIM swapping, attackers social engineer a victim's mobile phone provider by making a phony call posing as their target and claiming that their SIM card has been lost and that they would like to request a SIM swap.
The attackers attempt to convince the target's telecommunications company that they are the actual owner of the phone number they want to swap by providing required personal information on the target, like their SSNs and addresses, eventually tricking the telecoms to port the target's phone number over to a SIM card belonging to the attackers.
Once successful, the attackers essentially gained access to their target's mobile phone number using which they can obtain one-time passwords, verification codes, and two-factor authentication in order to reset passwords for and gain access to target's social media, email, bank, and cryptocurrency accounts.
SIM swapping has grown increasingly popular among cybercriminals over the past year and Joel Ortiz, a California man, is the first person to receive jail time for this crime, after pleading guilty to stealing more than $5 million in cryptocurrency from 40 victims, according to Motherboard.