Kickout Devices Out of Your Network and Enjoy all the Bandwidth

By

-

May 18, 2018

Kickout Devices Out of Your Network and Enjoy all the Bandwidth

Are you fed up of your annoying roommate or flatmates because they are using all the bandwidth of your wifi connection?

Here is the solution for you people to kick out that annoying friend of yours from wifi without letting them know.

This process needs the aircrack-ng tool. if you are using any penetration testing Linux distro then you don’t have to install it. other users have to install this tool.

First, open a new terminal and type in ifconfig to find the name of your wireless card.( In my case the name is wlan0)

Wireless Card Down

Don’t worry at the end of this tutorial I will tell you how to get it back up. Now take down your wireless card type this command.

ifconfig wlan0 down

Also read MITM attack over HTTPS connection with SSLStrip

Scanning for BSSID

Now we will scan for available networks with initial scanning we will get network BSSID and channel). Use this command to scan for networks.

aireplay-ng -9 wlan0

Connected devices on the network

Now we just wait a few seconds and the devices connected to the network after some time connected devices will show up here with their MAC address.

airodump-ng -c 6 –bssid xx:xx:xx:xx:xx:xx -w psk wlan0

C is for the channel that the network is broadcasting on and bssid is for the network mac address.

Also ReadCracking WPA/WPA2 passwords with Fluxion

Disconnect Wireless Clients

Write down the mac address of the device you want to kick out from your network.To do that type this command

aireplay-ng -0 15 -a xx:xx:xx:xx:xx:xx -c yy:yy:yy:yy:yy:yy wlan0

–0 means that we will send deAuth packets to the device.15 is the amount of deAuth packets (if you want to send deAuth packets continuously then replace 15 with 0)

–a is to set the networks BSSID which we wrote down earlier.

–c is to set the device’s MAC address that you would like to kick off the network.

Great! Now we are sending the deAuth packets! The devices should now be disconnected from the network.It’s time to back up your wireless card. Type this command ifconfig wlan0 up.

Disclaimer

This article is only for an Educational purpose. Any actions and or activities related to the material contained within this Website is solely your responsibility.The misuse of the information in this website can result in criminal charges brought against the persons in question. The authors and www.gbhackers.com will not be held responsible in the event any criminal charges be brought against any individuals misusing the information in this website to break the law.

Why Using a VPS to Host your Own VPN is Safer than Using a VPN Service

By

Priya James

-

May 18, 2018

Why Using a VPS to Host your Own VPN is Safer than Using a VPN Service

VPN is basically a private network through which you can connect to the Internet. It makes your web traffic pass through encrypted connections to servers which are under the control of providers.

The Virtual Private Server (VPS) are isolated virtual machines created with Virtualization technique. It runs with its own copy of the operating system and the users will have privileged access to the operating system instance. Also you can check the top-rated VPNs in Finland if you’re looking for this specific location.

VPN on VPS is Safer

All the network traffic between your computer and the VPS goes through an encrypted VPN tunnel, also the VPN on VPS also protects against hackers when using public WiFi hotspots. It is cheaper VPN when compare to the commercial Antidetect browser as a VPN alternative and easy to use.

An attacker with devices like “WiFi Pineapple” can create a spoofed WiFi network, and launch sophisticated network attacks to get all your passwords even though you have entered credentials in an HTTPS page.

With VPN server you won’t share the resources, so you get maximum performance. With the commercial VPN, there is always a question whether the VPN provider is spying on you. But that’s never a concern when you use your own VPN. Cloud Service providers like skysilk offer custom Free Cloud Linux VPS.

One of the most important reasons to install your own VPN is to be sure that your provider is not selling your browsing history to others. This is permissible under law and you cannot be sure of the integrity of all providers.

Besides, many providers offer limited bandwidth to their users and having your own will eliminate this problem. Low latency can be a practical problem, so hopefully, the VPS is either close to your client machine an internet PoP so it has low latency access to the major bandwidth providers.

Also Read Virtual Private Network: What is it and Why is it So Important To Protect Your Privacy?

All you need is to get the VPS from the hosting company, and then install a VPN server on the server they’ve provided to you. Be sure to configure your VPN server securely. You’ll want strong security so no one else can connect to your VPN.

Annabelle & MBRLock Ransomware New Evolution that Directly Infecting Master Boot Record In Compromised Computers

By

Balaji

-

May 18, 2018

Annabelle & MBRLock Ransomware New Evolution that Directly Infecting Master Boot Record In Compromised Computers

Annabelle & MBRLock ransomware new evolution that directly infecting the Windows computers Master Boot Record (MBR) which Prevent Operating system to loading and avoid the security scan.

None of the ransomware tool work Since the Operating system stop booting and this technique is kept increasing nowadays and this technique also used by PETYA ransomware last year.

Ransomware evolution is dramatically increasing nowadays and the authors are using various new tactics to bypass the security control and maintain its persistence.

MBR infection is an indication of deep infection in terms of controlling the infected computers and maintains more persistence to do its further encryption operation.

A master boot record (often shortened as MBR) is a kind of boot sector stored on a hard disk drive or other storage devices that contain the necessary computer code to start the boot process.

MBR based Ransomware infection takes place when the user restarts the system once the ransomware copies the original MBR and overwrites it with its own malicious code.

Since the MBR executes every time a computer is started, an MBR infection can be extremely dangerous.

Annabelle & MBRLock Ransomware

Annabelle Infection with Master Boot Record

Annabelle ransomware is capable of destroying all the hard disk that connected with the computers by infecting the Master Boot Record.

After the infection, it attempts to disable the firewall and it is capable of terminates the list of processes including the security-related programs.

Initially, it spreading via spam email and connected USB drives and overwrites the MBR with its own code.

It calls a DLL CreateFileA to take over the infected systems physical drive where it will write 0x800 bytes on each physical drive.

According to QuickHeal Researchers, termination of this process will result in a termination of Windows as well. Calling RtlSetProcessIsCritical (1, 0, 0) will set the process as critical.Later it calls RtlSetProcessIs function.

Eventually, it calls shutdown.exe with parameter -r -f -t 0(r-shutdown& restart) to restart the system and -t to force running applications.

Finally, once the system restarted then the Malware gets executed and encrypt the desk file and displays the ransom notes.

This Annabelle ransomware demand 0.1 Bitcoin as a ransom amount also it displays the countdown to pay the ransom amount and if it exceeds then the new screen will be displayed that is an indication of completely infection system unusable ever and it destroys all hard disk data.

MBRLock Infection with Master Boot Record

MBRLock initially discovered on Feb 2018 which is another ransomware that abuses the Master Boot Record of the victim’s computer.

It using createfile API to read the physical drive Then it calls SetFilePointer and sets the offset to zero of the physical drive to access MBR.

It reads 0x200 bytes of the physical drive in memory and writes on another sector for restoring in future and replaces the original MBR with the malicious code.

Later malware writes the malicious code in zero offsets so malicious code executes every time when system reboot then malware calls ExitWindowEx API to restart the system.

Finally, it displays the ransom notes that says send 30 yuan to the 2055965068 qq address in order to get access to their computer again”.

Mexican central bank Says that Hackers Stole Millions of Dollars from Mexico Banks

By

Gurubaran

-

May 18, 2018

Mexican central bank Says that Hackers Stole Millions of Dollars from Mexico Banks

Mexican central bank confirms that hackers transferred more than $15 million from their domestic banks. The attack was detected in April and the central bank declines to reveal the banks hit with the cyber attack and how much cybercriminals money attackers pulled out in cash.

Governor of Mexican central bank Alejandro Diaz de Leon says “the electronic payments system SPEI was not directly targeted and the depositors’ money is safe. He also added it is impossible to say that all vulnerabilities had been closed”

The SPEI is a domestic payment system operated in Mexico to make electronic fund transfers, it is similar to the Society for Worldwide Interbank Financial Telecommunication(SWIFT).

Also Read City Union Bank Cyber Attack – Nearly $2 Million Transferred Illegally via SWIFT system

Diaz de Leon said Reuters that preliminary estimates pointed to around 300 million pesos in “irregular transactions,” but he said some of that had not been withdrawn and could still be recovered.

It still remain’s unclear on how much cash was withdrawn, but some trusted sources reported Reuters that there had been a number of withdrawals from the bank after the fraudulent transfers.

Diaz de Leon said, “We are very conscious that this has affected users, and we are sorry about that and we are taking immediate actions to recover the speed of the system with full security”.

Also, he added the Mexico central bank had a cybersecurity unit starting from 2013 and it strengthened after the 2016 Bangladesh attack.

Google to Remove Green Secure Indicator for HTTPS Pages

By

Gurubaran

-

May 18, 2018

Google made an announcement earlier today that they are to remove the security indicators for HTTPS pages starting from the Chrome version 69 that is to be released in September 2018.

Emily Schechter, Chrome Security Product Manager says since the HTTPS traffic evolved it is not required to draw user attention with security indicators, the default unmarked state is the secured one.

Instead, they are to mark the HTTP pages as not secure with a strong red warning and from the version Chrome 70 they are to flag as “not secure” when the user enters data into HTTP pages.

A secure web is here to stay! Chrome will mark all HTTP sites as "Not secure" in July 2018. https://t.co/hcIqQvYHUM

— Chrome (@googlechrome) February 8, 2018

Chrome says the progress of moving with encrypted traffic is incredible.

Over 68% of Chrome traffic on both Android and Windows is now protected.
Over 78% of Chrome traffic on both Chrome OS and Mac is now protected.
81 of the top 100 sites on the web use HTTPS by default.

Another massive change is with the certificate that was issued by Symantec, all the Symantec SSL/TLS certificates will stop working will stop working from Chrome 70 that to be released on Aug 30th, 2018.

Google treatment of HTTP pages cames to effect starting from Chrome version 56, with the chrome 56 the HTTP pages with password field & credit card field marked as not secure.

Starting from version Chrome 62, browsing HTTP page in Chrome incognito mode, password field and any input field marked as Not Secure.

From Chrome 68(July 2018) all the HTTP pages will be marked as Not Secure and they are intended to mark all HTTP pages as affirmatively non-secure in the long term.

According to transparency report, encrypted traffic across Google is 93% and it varies by the country and the top sites running default with HTTPS.

“We hope these changes continue to pave the way for a web that’s easy to use safely, by default. HTTPS is cheaper and easier than ever before, and unlocks powerful capabilities — so don’t wait to migrate to HTTPS!.”

Law Enforcement Agencies Shutdown a Marketplace that Renting out servers for Hackers

By

Gurubaran

-

May 17, 2018

Law Enforcement Agencies Shutdown a Marketplace that Renting out servers for Hackers

MaxiDed the marketplace that provides servers for child pornography sites, Command-and-control servers, sending spam messages and for DOS attacks was takedown in conjunction with joint operations from Royal Thai Police and Dutch National Police.

Police seized more than 10 servers from MaxiDed also known as bulletproof hosting company, according to the archived version of the website the company hosts nearly 2,500 servers at 30 hosting providers in 82 countries.

Over the years bulletproof hosting company preferred by the number of cybercrime group, it was used in Carbanak Hacker Group who attacks against various banks, financial institutions, the e-payment gateways. Also, their servers used in Mirai DDoS botnet and with a number of spam campaigns.

MaxiDed takedown

Thai police arrested 29-year-old Moldavian man in Thailand at a holiday resort, according to investigators he also owns file sharing service that shares child pornography.

The Bulgarian police arrested the second man a 37-year-old Moldavian who suppose to be server administrator of MaxiDed.

Dutch police said that the data seized from ten MaxiDed servers will be handed over to Europol, so it can be distributed to other foreign law enforcement agencies.

Now the company’s site has been redirected to the Dutch police with the notice

“The police investigation focuses on the criminal activities of MaxiDed and the people behind MaxiDed.

MaxiDed uses the Dutch (digital) infrastructure to provide services to criminals by renting out servers from which criminal activities can be deployed such as sending spam messages and causing DDOS attacks. The takedown of MaxiDed is a coordinated effort by law enforcement agencies from Thailand and The Netherlands.”

U.S Identified the Suspect Who Behind the major CIA Hacking Tools Leak and Provide to WikiLeaks

By

Balaji

-

May 17, 2018

U.S Identified the Suspect Who Behind the major CIA Hacking Tools Leak and Provide to WikiLeaks

The U.S Finally identified the suspect who involved the CIA Vault 7 Hacking Tool leaks that contains the Powerful cyber weapons that developed by CIA group to spy foreign adversaries.

Federal investigators believe Joshua Adam Schulte, a man who leaked the CIA’s computer hacking arsenal related top secret information to Wiki-leaks.

Leaked Tools are Frequently Published by WikiLeaks, an international non-profit organization that publishes secret information, news leaks, and classified media that gathered from anonymous sources.

U.S. identifies suspect in major leak of CIA hacking tools https://t.co/iyrIBPHYKr

— The Washington Post (@washingtonpost) May 15, 2018

WikiLeaks Published all the Top Secret document under Vault 7 Leaks which is related to CIA Powerful cyber weapons which is used for various spying operation around the world.

Joshua Adam Schulte hired to develop the spy software for CIA’s top secret Projects and he was working for CIA from 2010 to 2016.

Leaked top-secret hacking tools are one of the most significant leaks in the CIA’s history which could damage and reveal the top-secret intelligence regarding the cyberweapons and spying techniques that might be used against the United States.

According to washingtonpost, Vault 7 disclosures could cause more damage to American intelligence efforts than those by former National Security Agency contractor Edward Snowden.

Government authorities looked through Schulte’s condo in New York a year ago and acquired PC hardware, notebooks and transcribed notes.

He revealed extraordinary details about the capabilities of the United States to spy on computers and phones around the world, but the Vault 7 leaks showed how such spying is actually done, Officials said.

Part of that investigation, Laroche an assistant U.S. attorney in the Southern District of New York, said, “was analyzing whether a technology is known as Tor, which allows Internet users to hide their location, “was used in transmitting classified information.”

Allegation says, he utilized Tor at his New York flat, however, they have given no confirmation that he did as such to reveal classified data.

According to Schulte’s LinkedIn page, he was working for the US National Security Agency as a system engineer, prior to his time at the CIA as a Software Engineer.

3 Million Facebook Users Highly Sensitive Data Leaked by Personality App, called myPersonality in Last 4 Years

By

Balaji

-

May 17, 2018

3 Million Facebook Users Highly Sensitive Data Leaked by Personality App, called myPersonality in Last 4 Years

Sensitive data that collected from Facebook by personality app, called myPersonality Exposed 3 million Facebook users data online that can be accessed by anyone on the Internet.

Few weeks before Cambridge Analytica scandal revealed almost 87 Million Facebook Users Sensitive data has bee revealed before this incident.

Researchers at the University of Cambridge uploaded user data from 3 million Facebook users onto a poorly protected website that contains millions of Facebook users answers to a personality trait test.

Exposed Data was highly sensitive that can reveal the sensitive information of Facebook users that have been collected over 4 Years.

myPersonality App conducted various psychological tests around 3 million Facebook users and it stored the result that has been marked as highly sensitive data.

EXCLUSIVE: Huge new Facebook data leak exposed intimate details of 3m users https://t.co/evqt7wr7cf pic.twitter.com/kEWuNvi5c6

— New Scientist (@newscientist) May 14, 2018

The researchers who created the app are based at the Psychometrics Centre at the University of Cambridge.

Researchers collected user information with consent through a personality app and then later they made it available to access for other researchers through a Poorly designed web portal.

In this case, more than 6 million people completed the tests on the myPersonality app and nearly half agreed to share data from their Facebook profiles with the project.

According to newscientist, All of this data was then scooped up and the names removed before it was put on a website to share with other researchers.

The terms allow the myPersonality team to use and distribute the data “in an anonymous manner such that the information cannot be traced back to the individual user”.

Peoples have to register as a collaborator to the project to access the full data and more than 280 peoples did this from nearly 150 institutions.

Registered researchers are from universities and at companies like Facebook, Google, Microsoft, and Yahoo.

Personal Information Leaked

Credentials which is available in online to access the app data will provide the “Big Five” personality scores of 3.1 million users.

According to the source, These scores are used in psychology to assess people’s characteristics, such as conscientiousness, agreeableness and neuroticism.

Exposed Credentials allows accessing 22 million status updates from over 150,000 users, alongside details such as age, gender and relationship status from 4.3 million people.

“If at any time a username and password for any files that were supposed to be restricted were made public, it would be a consequential and serious issue,” says Pam Dixon at the World Privacy Forum.

Easily Access the Sensitive Data

The Whole set of data can be accessed by any encluding those who were not entitled to access the data since a working username and password has been available online which can be found bt simple Google search.

“myPersonality wasn’t merely an academic project; researchers from commercial companies were also entitled to access the data so long as they agreed to abide by strict data protection procedures and didn’t directly earn money from it”

According to Researchers, The publicly available username and password were sitting on the code-sharing website GitHub. They had been passed from a university lecturer to some students for a course project on creating a tool for processing Facebook data.

myPersonality specifically used to read the peoples mind by asking a different set of questions that was operating under the company called Cambridge Personality Research, eventually, it can be used to access to a tool for targeting adverts based on personality types, built on the back of the myPersonality data sets.

According to Stillwell,”Cambridge Analytica had approached the myPersonality app team in 2013 to get access to the data, but was turned down because of its political ambitions”.

Facebook suspended myPersonality from its platform on 7 April saying the app may have violated its policies due to the language used in the app and on its website to describe how data is shared, said newscientist.

Hackers Use Old UPnP Protocol Exploit to Launch Heavy Bandwidth DDoS Attacks

By

Gurubaran

-

May 17, 2018

Hackers Use Old UPnP Protocol Exploit to Launch Heavy Bandwidth DDoS Attacks

Attackers could use the UPnP protocol exploit to bypass the DDoS mitigation solutions and to perform a heavy DDoS amplification attack. Imperva published a proof of concept (PoC) and the mitigations to be carried out for DDoS amplification attacks.

UPnP(Universal Plug and Play) works over UDP port 1900 that enabled by default on many IoT devices and it is always recommended to disabling UPnP due to a number of security concern over years. Business can estimate the cost and Probability of a DDoS Attack with DDoS downtime cost calculator.

During the attack, researchers noticed the packet was from unexpected source rather than UDP/1900 and after working with a number of possibilities they reproduced the attack by creating a PoC for a UPnP-integrated attack method that obfuscates the source details of the amplification payload.

Attackers can locate an open UPnP router with SSDP(Simple Service Discovery Protocol) through shodan scans, according to researchers the wide scan for “rootDesc.xml” yielded 1.3 million results. Which mean’s all the devices are not vulnerable, but attackers can locate the vulnerable routers easily.

Then in the next step attackers try accessing the XML file “rootDesc.xml” and modify the port forwarding rules to mask the source port of DDoS attack to be from random ports.

The PoC provided by Imperva shows attackers can use the UPnP devices to obfuscate the data from the source port of amplification payloads and it is not limited with DNS amplification also with SDP, DNS, and NTP attacks.

Researchers said, “With source IP and port information no longer serving as reliable filtering factors, the most likely answer is to perform deep packet inspection (DPI) to identify amplification payloads.”

Github Hits with a record-breaking DDoS attack, the Memcached amplification attack peaked up to 1.35Tbps via 126.9 million packets per second.

Business can find and implement the best DDoS attack protection tools to away from cybercriminals and keep safe and secure your organizations.

Educational Institutions Admit To Spending Little Cash On Cyber Security

By

Balaji

-

May 16, 2018

Educational Institutions Admit To Spending Little Cash On Cyber Security

Cybercrime is affecting the personal, educational and financial lives of millions of students each year, yet 66% of Indian educational institutions spend just 5 to 15% of their IT budget on securing their systems.

With students under significant pressure to hit tight deadlines, many forgo following the cybersecurity advice they know they should be following, but, with ransomware attacks in schools, it’s essential you remember to adhere to these tips when online.

WI-FI Safety

With your project date looming who can blame you for utilizing an open WI-FI connection when you see one. However, you could be risking all your hard work by hopping online like this.

As open WI-FI connections don’t require a password, anyone can access them, meaning hackers could track every login, password and any other sensitive and private information that you type on your screen.

They’ll be on the lookout for ways to obtain your personal information and will be especially interested in gaining access to your financial details in a bid to access any cash you have, such as your student loan.

Therefore, avoid open WI-FI connections at all costs and opt for secure connections only.

Protect your student loan & finances

Each year, millions of individuals take out a student loan to see them through their further education, so, of course, if you’re one of the ones borrowing to cement your future, you want to protect it.

Always ensure you keep your personal information in a secure place to protect your personal finances, never write down or share your online bank account login details or your pin number with anyone else and be cautious of emails made to look like they’ve been sent from a trustworthy source.

Be security conscious

A security breach can cost both students and the educational institution substantially. In India, this figure amounts to Rs 25,000 Crore, so, it’s essential that whenever you leave your laptop or PC, that you lock the screen so that no one else is able to access your data.

You should ensure that your device requires a login and password too and it’s worth adding a password to all your files as this will mean only authorized users can gain access to your work, so there’s no need to worry about plagiarism or your work being deleted or moved.

Be mindful when using public devices, such as a computer in the university’s library and avoid logging into any systems and accounts that you really don’t need to, particularly those that contain your bank account information, as there could always be someone watching what you’re doing.

Backup your work

These days it’s not enough to simply save your work on your laptop or computer and be sure it will still be there the following morning, especially when so many schools and universities are spending so little on protecting themselves and their students from cyber threats.

It’s best to back up your work every time you make any amendments to it, but at the very least, a weekly backup should be performed.

Save a copy of your work both online and offline and utilize cloud storage, too. It’s also worth considering keeping a memory stick handy if you prefer to store your data and carry it around.

Educational institutions have limited budgets, but when it comes to cybersecurity there really is no excuse not to provide maximum protection. As a student, you should do all you can to keep your data safe and by avoiding open WI-FI.

connections and protecting your finances at all times you can do this. And don’t forget to take security seriously and regularly back up your work too to give yourself the best chance of beating the cyber hackers.

Kickout Devices Out of Your Network and Enjoy all the Bandwidth

Wireless Card Down

Scanning for BSSID

Connected devices on the network

Disconnect Wireless Clients

Disclaimer

Why Using a VPS to Host your Own VPN is Safer than Using a VPN Service

VPN on VPS is Safer

Annabelle & MBRLock Ransomware New Evolution that Directly Infecting Master Boot Record In Compromised Computers

Annabelle & MBRLock Ransomware

Annabelle Infection with Master Boot Record

MBRLock Infection with Master Boot Record

Mexican central bank Says that Hackers Stole Millions of Dollars from Mexico Banks

Google to Remove Green Secure Indicator for HTTPS Pages

Law Enforcement Agencies Shutdown a Marketplace that Renting out servers for Hackers

MaxiDed takedown

“The police investigation focuses on the criminal activities of MaxiDed and the people behind MaxiDed.

U.S Identified the Suspect Who Behind the major CIA Hacking Tools Leak and Provide to WikiLeaks

3 Million Facebook Users Highly Sensitive Data Leaked by Personality App, called myPersonality in Last 4 Years

Personal Information Leaked

Easily Access the Sensitive Data

Hackers Use Old UPnP Protocol Exploit to Launch Heavy Bandwidth DDoS Attacks

Educational Institutions Admit To Spending Little Cash On Cyber Security

WI-FI Safety

Protect your student loan & finances

Be security conscious

Backup your work

How To Access Dark Web Anonymously and know its Secretive and Mysterious Activities

How to Build and Run a Security Operations Center (SOC Guide) – 2023

Network Penetration Testing Checklist – 2025