A hacker is a new word for an old mindset. It is based on the old belief that everything that has a form has a weakness.
A hacker could be a martial artist using the simplest techniques on the right spots of your body with all the speed and strength they can muster to bring you down. They can be a stranger in the park who can use your absent-mindedness and your gullibility to relieve you of your wallet and your ATM while you tell them your pin number yourself. It can be anyone with a deeper understanding of any social, economic, physical or electronic system, to use their flaws for their own ends.
The purpose of this post is to inform and educate people about the tools that can be used against them or in some cases by them to gain a subtle supremacy in an increasingly tech-dependent world. No many people will have the time or energy to invest in learning or obtaining these skill and tool sets. But I still urge everyone to see this post as an observation. If not to do something dangerous, then just to defend oneself from such attacks.
It is a free and open source (license) utility for network discovery and security auditing. Nmap runs on all major computer operating systems, and official binary packages are available for Linux, Windows, and Mac OS X. In addition to the classic command-line Nmap executable, the Nmap suite includes an advanced GUI and
Nmap runs on all major computer operating systems, and official binary packages are available for Linux, Windows, and Mac OS X. In addition to the classic command-line Nmap executable, the Nmap suite includes an advanced GUI and results viewer (Zenmap), a flexible data transfer, redirection, and debugging tool (Ncat), a utility for comparing scan results (Ndiff), and a packet generation and response analysis tool (Nping).
DeepSound, an audio converter tool, is used to hide all of the files—as well as one’s own personal details—within WAV and FLAC audio files. And yes, the real files are encrypted and password protected. DeepSound is a modern example of steganography, the art of concealing information within plain sight. It can be used as a part of industrial espionage or just personal safekeeping.
Flexispy is mobile monitoring software that can be used on any Android phone. After gaining root privilege by using SuperSU, they install FlexiSPY, a tool that lets you monitor other people’s device activities with an online portal. FlexiSPY doesn’t recover past data but can show you anything still stored on their phone’s memory or SIM card, as well as any future. It also hides SuperSU as part of its installation. For this installation, however, the victim needs to trust the hacker enough to leave their phone near them unattended for a few minutes at least.
One of the benefits of ProtonMail is that it is an end-to-end encryption, and it’s in a way that even the owners of ProtonMail can’t see your content, and there’s no IP logging. It even lets you set expiration dates for your emails, after which they’ll self-destruct (provided the recipient hasn’t made a copy of them, that is).
ProtonMail is a browser-based email service incorporated in Switzerland created by researchers who met at a CERN research facility. (Where the internet was born.)
TrustedSec’s Social-Engineer Toolkit is an open-source pen testing framework designed specifically for simulating social engineering attacks, such as phishing, spear phishing, credential harvesting, and more. It’s possible for users to add an SMS hacker package back in within the new version.
A Raspberry Pi is that tiny and delightfully inexpensive computer that helps you learn to program and build your own software, codes, malware, Trojan horse, and virus. Turns out, it can also be used to gain remote access to HVAC systems (computer controlled factory components).
Rumour has it that CIA agents used this hack to overheat Iran’s plutonium enrichment drills, pushing Iran’s nuclear agenda backward by 30 years.
Metasploit and Meterpreter
Rapid7’s Metasploit Framework is an exploit development and delivery system that allows users to create and execute exploits, typically for penetration testing. It saves hackers time because they don’t have to learn a new tool each time they want to run an exploit.
Meterpreter is just one of several hundred payloads that can be used within Metasploit. It resides entirely in memory and writes nothing to disk, but can give an attacker control of their target’s system and parts of the network.
It’s often used within Kali Linux on a virtual machine in Windows, or on Windows itself.
Tastic RFID Thief
Bishop Fox’s Tastic RFID Thief is a long-range radio frequency identification (RFID) reader that saves your score on a microSD card as a text file so you can clone the badge later. It’s completely portable and fits neatly into a messenger bag or a briefcase.
It can be used alongside electronic locks or card readers to obtain your credentials, or it can be used as a bug alongside Ethernet wires to gain control of every piece of information going through your connection.
John the Ripper
John the Ripper is a tool whose purpose is to detect weak Unix passwords, but it can crack harder ones, several thousand (or even several million) attempts per second. The use of all possible combinations with a high-speed software to crack a password is called a brute-force attack. There are safeguards against such attacks but they are few and far in between.
John the Ripper is available within the Kali Linux platform.
Two-factor authentication can definitely foil your average fraudster’s plans. RSA SecurID’s two-factor authentication adds a layer of security to a company’s protected resources by requiring users to not only enter their RSA SecurID pin, but a one-time password generated within the app—which lasts only 60 seconds.
Bluetooth Scanner (btscanner) and Bluesniff
It is used here to probe the targets phones for Bluetooth capabilities. The tool attempts to extract as much information as possible from a Bluetooth device without having to pair.With keyboard access, the next move is to drop a Meterpreter shell onto the system for access to the target network.
Wget is a terminal program to make HTTP requests, a popular use case is to simply download the source of a web page or grab a file from a web server in a terminal.
Car hacking has really hit the big time recently after computer security researchers remotely hacked into and took control of a Jeep as it was driving down the freeway. Candump is the gift Linux has for us.
Canbus hacking has been around for a number of years and both car enthusiasts and security researchers have been poking around to gain access to the computers that control the modern car.
It’s free, open source, and pre-installed with hundreds of pen testing programs, so it’s perfect for cracking Wi-Fi passwords, bypassing anti-virus software, and testing security vulnerabilities on your network. Many of the tools in this list are built-in within Kali.
Windows 95 and Netscape Navigator are the hackers browser of choice.The humble web browser is actually a very useful tool for an attacker whether they are launching web application attacks or researching LinkedIn for social engineering attacks.
Rogue USB or Disk drives
Random USB or disk drives can be purchased from untrustworthy salesmen or be found lying around for no reason at all. Do not use them on your system without a proper precautionary measure involved. Malware’s, viruses and host access are transferred through this mistake. AVAST antivirus PC protection is the best till date to help against such attacks. However, the hacker toolkit is evolving. So should our precautionary measures.