Today, I want to talk about the dangers of mobile end devices, how everything is connected, the risks they pose, as well as how they can be critically exploited by threat actors.
This article topic was inspired from a recent thread I was in where a womanโs mobile device got hacked and it led to various parts of her life being compromised in the process, putting her overall safety as well as that of her friends and family at risk! I wanted to raise more awareness and teach people how to protect their digital identity! A lot of the article will be me addressing what happened, as well as remedies I gave her to protect herself.
This is also the start of a new series that is called the โDANGER!โ series, where I raise more Cyber Security awareness about critical flaws and vulnerabilities within system infrastructures, including any protocols and data communication methods, where I also talk about mitigation strategies that can be used to prevent such threats.
There will also be a LIVE demonstration for those of you who are subscribed to my patreon, to see how closely I can exploit mobile end devices in order to retrieve any and all sensitive data from the mobile end device! There will also be a step by step exploit guide walking you through the entire process as well, and how to gelocate someoneโs phone and turn it into a GPS tracker!
Disclaimer
As always, personal disclaimer, any and all information for this is strictly for educational purposes and I do not condone any form of illegal activity, nor am I responsible for anything you should use this information for. DO NOT pen-test on anyone's network unless it is your own, or you have permission to do so. Now, letโs begin!
- The Hacker Who Laughs ๐ธ๐ธ๐๐ธ๐ธ
Foxy Proxy
Today Iโm going to cover the ins and outs of some of the core basics on how to use the burp suite proxy server for ethical hacking. The key point of this article is to discuss the main features that are commonly used, as well as walk through on how to use them.
There will be live video demonstrations of course, but like always, that is for the PAID patreon members. Iโm also going to show you how to botnet and command and control with the burp suite proxy server and how to strip any and all network traffic on a multitude of systems using it!
Disclaimer
As always, personal disclaimer, any and all information for this is strictly for educational purposes and I do not condone any form of illegal activity, nor am I responsible for anything you should use this information for. DO NOT pen-test on anyone's network unless it is your own, or you have permission to do so. Now, letโs begin!
- The Hacker Who Laughs ๐ธ๐ธ๐๐ธ๐ธ
Footprinting RECON
Today's EXCLUSIVE article, as well as for the rest of the next 2 EXCLUSIVE issues, we will be covering full in depth on the very material that Iโve provided you with in my free samples: footprinting and information gathering, scanning and enumeration, as well as attacking various systems.
For today we are going to focus on Footprinting and information gathering regarding web application systems. This will get you into the feel on how to conduct the first phase of a penetration test against a web application server
This will include a LIVE 14 min video demonstration that is ONLY for patreon members a part of the Cyber Security Tier on my patreon!.
Disclaimer
As always, personal disclaimer, any and all information for this is strictly for educational purposes and I do not condone any form of illegal activity, nor am I responsible for anything you should use this information for. DO NOT pen-test on anyone's network unless it is your own, or you have permission to do so. Now, letโs begin!
- The Hacker Who Laughs ๐ธ๐ธ๐๐ธ๐ธ
SSO and OpenAuth
Today I want to talk about SSO and OpenAuth, two forms of authentication methods that are highly common and popular in today's security infrastructures, and discuss the major critical flaws they contain from a fundamental standpoint.
For the sake of the argument, I will be focusing on the initial main premise of the two, and NOT advanced versions of them which have received some security upgrades for obvious reasons. I want to focus more on talking about the overall design of the two methods and the BIG flaws in them.
This article is a part of the new Danger! Series Iโm launching, which is where I raise more Cyber Security awareness about critical flaws and vulnerabilities that exist within various system infrastructures, including any protocols and data communication methods, and the Dangers of what could happen should they be exploited to the fullest extent. I also go over various mitigation strategies that can be used to prevent them as well. If by chance there is an exploit video for me showing the full potential risk, it will be included in the advance version of this article for PAID patreon members only!
Disclaimer
As always, personal disclaimer, any and all information for this is strictly for educational purposes and I do not condone any form of illegal activity, nor am I responsible for anything you should use this information for. DO NOT pen-test on anyone's network unless it is your own, or you have permission to do so. Now, letโs begin!
- The Hacker Who Laughs ๐ธ๐ธ๐๐ธ๐ธ
DLL/Code Injection
Today I want to talk about DLL/Code injection, which are forms of hooking techniques that allow an attacker to manipulate the overall function calls within a program to deliver malicious code and or shell code payloads in a covert manner to a system. I also want to explain the key difference between DLL and Code injection, as itโs commonly assumed to be one in the same. They are similar, BUT, are vastly different.
This allows us to control all the key function calls that control the windows system software wise, while also allowing us to manipulate and control key function calls that communicate directly with the hardware on the system, allowing us to control it.
This allows an attacker to bypass various forms of security, such as application firewalls for example, allowing them to exploit the system further and gain higher levels of privileges on the target system and exploit it further, extending their reach and possibly infecting more systems and the overall network infrastructure together as a whole.
I will be going over any and all function calls that are used to pull off the DLL/Code injection exploit, as well as the methodology and science behind it. Which will be available for PAID patreons only. There will also be a follow up video in the next bi-weekly issues that will feature a live programming video to demonstrate the process.
Disclaimer
As always, personal disclaimer, any and all information for this is strictly for educational purposes and I do not condone any form of illegal activity, nor am I responsible for anything you should use this information for. DO NOT pen-test on anyone's network unless it is your own, or you have permission to do so. Now, letโs begin!
- The Hacker Who Laughs ๐ธ๐ธ๐๐ธ๐ธ
ExifTool Exploit
Today we are going to be covering how to extract metadata from images, which can be used in order to find someoneโs location with just a mere photo.
We are also going to go over various methods that can be used in order to wipe the metadata from any and all photos that you take.
When you upload a photo to stuff like Instagram for example, websites tend to have a process where they handle and wipe any and all metadata from the main photo image to preserve end user privacy.
Disclaimer
As always, personal disclaimer, any and all information for this is strictly for educational purposes and I do not condone any form of illegal activity, nor am I responsible for anything you should use this information for. DO NOT pen-test on anyone's network unless it is your own, or you have permission to do so. Now, letโs begin!
- The Hacker Who Laughs ๐ธ๐ธ๐๐ธ๐ธ
2024 Resources 2
Hellloooo Everyboddyyy! This is something that has been long overdue (for a month haha). WE FINALLY REACHED 500 CONNECTIONS!!!!! Couldnโt have done this without all the support form you guys: reacting to all my stuff, sharing, commencing, engaging, some of you even becoming full on patreon paid followers!
I wanted to write a special article and give out some more resources, as well as any guidance or advice I can give you that will aid you on your Cyber Security journey, specifically for offensive security and penetration testing.
Disclaimer
As always, personal disclaimer, any and all information for this is strictly for educational purposes and I do not condone any form of illegal activity, nor am I responsible for anything you should use this information for. DO NOT pen-test on anyone's network unless it is your own, or you have permission to do so. Now, letโs begin!
- The Hacker Who Laughs ๐ธ๐ธ๐๐ธ๐ธ
SSID & MAC Filtering
Today I want to talk about Network Security, specifically misconceptions from a few networking security methodologies that we commonly assume are fully secure in terms of defending our network infrastructures. The goal is to highlight the flaws within them, and prove a major point, one that is commonly seen in todayโs Cyber Security practice, which is the over reliance on tools and or security methods. I will be talking about stuff like: MAC address filtering, port security, and even stuff like hiding SSIDโs, and the various ways they could easily be bypassed, and methods that can be added or stacked to improve upon them.
This article is a part of the new Danger! Series Iโm launching, which is where I raise more Cyber Security awareness about critical flaws and vulnerabilities that exist within various system infrastructures, including any protocols and data communication methods, and the Dangers of what could happen should they be exploited to the fullest extent. I also go over various mitigation strategies that can be used to prevent them as well.
Disclaimer
As always, personal disclaimer, any and all information for this is strictly for educational purposes and I do not condone any form of illegal activity, nor am I responsible for anything you should use this information for. DO NOT pen-test on anyone's network unless it is your own, or you have permission to do so. Now, letโs begin!
- The Hacker Who Laughs ๐ธ๐ธ๐๐ธ๐ธ
Cookie Session Hijacking
Today we are going to be going over what cookie session hijacking is, and how to perform it. I want to talk about cookie session hijacking, the overall risk it poses for our digital landscape, as well as how to defend against it!
This is also a common means to breach a system you WILL see in a lot of CTF challenges, so PAY CLOSE ATTENTION IN THE VIDEO to how itโs done.
Disclaimer
As always, personal disclaimer, any and all information for this is strictly for educational purposes and I do not condone any form of illegal activity, nor am I responsible for anything you should use this information for. DO NOT pen-test on anyone's network unless it is your own, or you have permission to do so. Now, letโs begin!
- The Hacker Who Laughs ๐ธ๐ธ๐๐ธ๐ธ
Zip2John
Today we are going to be covering our first tool that can be used for ethical hackingโฆ. Zip2John.
Ever ran into a situation where you needed to bypass a secure zip folder for a CTF challenge, or just overall in general? Fear NOT! This tool will help you!
Disclaimer
As always, personal disclaimer, any and all information for this is strictly for educational purposes and I do not condone any form of illegal activity, nor am I responsible for anything you should use this information for. DO NOT pen-test on anyone's network unless it is your own, or you have permission to do so. Now, letโs begin!
- The Hacker Who Laughs ๐ธ๐ธ๐๐ธ๐ธ