TechRepublic’s “The hacking toolkit: 13 essential network security utilities”

I won’t speak for every hacker, but this hacker loves tools. Especially tools that tell me interesting things, even small, incremental things that lead me to larger discoveries. So I’m quick to leap on articles like this one:

http://www.techrepublic.com/pictures/the-hacking-toolkit-13-essential-network-security-utilities/

Here’s the list:

  1. The Social-Engineer Toolkit: Hacking Layer 8 (http://www.social-engineer.org)
  2. Metasploit: Packaging up all those handy exploits (https://www.metasploit.com/)
  3. Nmap: For network mapping, of course (http://Nmap.org)
  4. Cain and Abel: These brothers are password capture and cracking experts (http://www.oxid.it/)
  5. John the Ripper: A password cracker also useful as a password-complexity-enforcer on Linux/Unix systems (http://www.openwall.com/)
  6. Hash Suite: Free and Premium versions of this famous password cracker can break more kinds of hashes than you ever imagined exist (http://openwall.net)
  7. Wireshark: De facto and de jure standard for packet capture (https://www.wireshark.org/)
  8. Ettercap: Session hijacking and Man in the Middle attacks made to order (https://ettercap.github.io)
  9. Burp Suite: Oh so much fun with web hacking (https://portswigger.net)
  10. GnuPG: PGP/GPG email encryption for when you absolutely, positively better have it (https://www.gnupg.org/)
  11. PuTTY: The Windows terminal emulator that makes Linux command-line access simple (http://www.putty.org/)
  12. Maltego: Network miner, link visualizer, and forensics all in one (https://www.paterva.com)
  13. Kali Linux: Hmm, not so much a tool as an OS that includes most of the tools above (https://www.kali.org/)

I like the list, but of course it’s not comprehensive. (Where is hping3 or Scapy?) What tools would you add to the list?

Opening a Discussion of Cyberbullying

Backlit keyboard

One major Hacker Highschool lesson we projected was Lesson 22, Cyberbullying. At SchoolforHackers.com we’ll move forward at a much faster pace on this issue, particularly if we keep getting good submissions.

Material dealing with cyberbullying is available by the ton on the Internet, but as with all subjects, separating the wheat from the chaff is difficult.

Some authorities suggest reporting bullying immediately; here in New Mexico, that will get you branded as a snitch, which will not be good for your future health. Others suggest turning the tables and finding ways to turn the brutality back on the bully. While this may be satisfying, it also simply perpetuates bullying.

How about one of the popular trends in training, “game-ification?” WiredSafety.org is trying this approach,  as Hope Gillette reports on Voxxi.com:

Alex Wonder Kid Cyberdetective is a new game introduced by WiredSafety.org designed to help children safely navigate the Internet. Children follow the adventures of Alex Wonder as he helps children learn to identify the warning signs of cyberbullying and learn how to responsibly use the Internet.
http://www.voxxi.com/alex-wonder-game-cyberbullying/

The basic technique is “stop, block and tell.” I personally become immediately skeptical, for the reason I mention above. But the game-based learning style may be effective. You can download the game from StopCyberbullying.org; it requires that Adobe Air be installed.
http://www.stopcyberbullying.org/index2.html

If you give it a try please drop me a line and tell me what you think.

The people at CallerSmart.com have an interesting piece, “What is Cyberbullying and How to Stop It” (https://www.callersmart.com/articles/49/What-Is-Cyberbullying-and-How-to-Stop-It). There are some excellent charts about the laws on bullying and sexting in the different US states, and my particular interest, some discussion of tactics for dealing with bullying

My question to my readers is: Will these methods work? Do you know of any, or of better ones? Register to comment on SchoolforHackers.com and tell us what you think.

Pete Herzog removed my name as contributor on every lesson on Hacker Highschool

Glenn Norman
Just amazing. Pete Herzong of ISECOM has removed my name from the list on contributors on every lesson of Hacker Highschool – even though I was a volunteer, contributor and eventually Project Manager over the course of six years and produced the first 11 lessons.
Now that’s the way to treat a contributor to an open-source project. Wipe their name from it.
Thanks, Pete Herzog. ISECOM and Hacker Highschool.
[Updated 2016-08-10]

Want to be a pro hacker? Check out this site…

http://www.cybersecurityeducation.org/

Hacking is ridiculously cool. Building your first laser rifle, for instance, is likely to give you a thrill you haven’t experienced before, particularly if you mis-use it.

But don’t forget that there’s a practical side to this: Hackers are in demand. Got skillz? Then you’re going to have people wanting them. (Contact me personally if you’re curious about pay rates.) Often, the gateway to the serious bucks is a decent certification. Get the Security+, or the CEH, or any of the SANS/GIAC certs, or any of a dozen more. This is how you hack your career! Learn stuff, have fun, make money. It’s not a stupid idea.

Here’s a very cool site that can fill you in on schools, certs and programs:
http://www.cybersecurityeducation.org/

We’d like to read about your experiences below. Tell us what’s worked for you. There’s nothing better than being rich, famous and appreciated. Or at least any two of the three?

Encoding to and Decoding from Base64 Format

Glenn Norman

There’s a form of hiding data that isn’t exactly encryption; it’s just simple encoding into another format that most people won’t be able to read. FTP passwords, for example, are encoded in FileZilla using Base 64 format.

You can get fancy and learn to encode/decode manually, but if you run into a encoded password, here’s a website that makes the process easy:

https://www.base64decode.org/

Is hacking eventually going to be your job (you hope)? Know the job search aggregators.

Social Networking

Everyone here knows I invite contributor articles on several topics, including finding jobs and work. What Vanessa Fardi has to say below is useful on several levels. One, the service she reps is Nuevoo, a job search aggregator that’s pretty big around the world, particularly for non-English speakers, and it’s certainly worth looking at.

On a second level, I want all my hacker friends and especially all potential contributors to look at her article: how she opens up her idea, develops it and provides tips; the graphics she includes; the contact information. You might not want to be so up-front about your identity, depending on what you’re writing about on SchoolForHackers.com, but generally, revealing who you are is smart and encourages trust.

For either reason, check it out:

Business Networking 101

Social Networking
Social Networking

We have seen the word a million times in articles, magazines, blogs, even Facebook, but it is very likely we do not have the slightest idea of what “Networking” actually means. We might relate it directly to Facebook and we definitely know it is an important tool when it comes to doing business. But, do we know its actual objective? Networking can be defined as the exchange of information or services among individuals, groups, or institutions, and it specifically refers to the cultivation of productive relationships for employment or business. Now that we finally know what it means, how do we get it done? Should we just go to parties, meetings, benefits and events, talk to people about our company or business, exchange business cards and be sociable? Yes, that is exactly what a networker does. The main idea is to make new contacts with the objective of forming mutually beneficial business relationships. That is it! Now you are an expert on the subject.

Human Networking
Human Networking

There is another aspect we have to consider, why go ahead and do business networking? Some entrepreneurs and business owners actually think business networking is a more cost-effective method of getting new clients than advertising or public relations. Business networking can be conducted in a local business community, or on a larger scale on the Internet. Social networks play a very important role for companies nowadays. Even law firms and oil companies have Facebook and Twitter in order to attract more clients and be able to get the word out there about what they do. Social networks make companies more approachable to the general public and potential future clients. That is the reason why the position of Community Manager has boomed over the last five years. If it is not on Facebook, Twitter, Instagram or LinkedIn, your company literally does not exist.

To be the greatest networker known to man, just follow these simple, yet life changing, tips:

  • Always be honest. No one likes a liar.
  • Carry your business cards with you at all times.
  • Try to meet at least five or more new people at an event.
  • Be friendly.
  • You will need to give to be able to receive. The business relationship works both ways.
  • Go get them!

Your job search starts here: ArgentinaAustralia | AustriaBahrain| Belgium | Brazil | Canada | Chile | China | Colombia | Costa Rica | Czech RepublicDenmark | Ecuador | Egypt | Finland | France | Germany | Greece | Hong Kong |  Hungary | IndiaIndonesia | Ireland | Italy| Israel | Japan | KazakhstanKuwait  | LuxembourgMalaysia| MexicoMorocco  | Netherlands | New Zealand| NigeriaNorway | Oman | Panama | Peru | Philippines | Poland| Portugal | Puerto Rico | Qatar | Romania | Russia | Saudi ArabiaSingapore| South AfricaSouth Korea| Spain | Sweden| SwitzerlandTaiwan| Thailand | Turkey | UK| Ukraine | United Arab EmiratesUruguay| USA | VenezuelaVietnam

Vanessa Fardi / NEUVOO

Team Leader US/CA/LATAM

Email: vanessa@neuvoo.com