Hack Insight Press published one of my blog posting in their February issue that focuses on the WiFi Pineapple. My original post can be found HERE. The magazine article can be found HERE. In summary, this article talks about how to use the Wifi Pineapple Mark V by Hak5 to perform a phishing attack attack.
A description of the what the February Issue contains is shown below.
The WiFi Pineapple Mark V is the latest generation wireless network auditing tool from Hak5. With its custom, purpose built hardware and software, the WiFi Pineapple enable users to quickly and easily deploy advanced attacks using our intuitive web interface.
In this release we will introduce you to WiFi Pineapple Mark V and you will read 2 articles covering it’s advanced usage.
Moreover you will read a technical tutorial covering hacking Android through Kali Linux with focus on application security.
We will also present you “truth behind automated web application scanners” that explains that automated vulnerability management scanners for web applications cannot detect all security flaws listed in the OWASP Top 10 and to lead decision-makers and IT Security professionals into believing this is unethical.
At the end you will read a great article covering hunting and decrypting communications of Gh0st RAT in Memory.
Read this issue from cover to cover and enjoy the hacking!
Contents:
Page 5: Hacking Airwaves with Fruit
If you’re doing any wireless penetration testing these days, odds are you have a WiFi Pineapple Mark IV from Hak5 in your toolkit. If you’re not a professional penetration tester or are just starting out with wireless hacking, the Pineapple is a device that will save you a considerable amount of headaches and is easily the best “all-in-one” tool for the job.
Page 18: Sophisticated Phishing with the WiFi Pineapple Mark V
To summarize what WiFI Pineapple Mark V is capable of, it is a small portable attack tool that can run things such as Karma used to spoof trusted SSIDs and SSL strip to remove trusted connections while sniffing traffic.
Page 25: Android Hacking through Kali Linux
In this demonstration, we are going to learn how we will be exploiting the Android Smart Phone using Backdoor through Kali Linux Operating System. For this demonstration we are going to use Android ISO (4.4 version) & Kali Linux 1.0.9 in VMWare.
Page 46: Hunting and Decrypting Communications of Gh0st RAT in Memory
This article contains the details of detecting the encrypted Gh0st RAT communication, decrypting it and finding malicious Gh0st Rat artifacts (like process, network connections and DLL) in memory. I also present a Volatility (Advanced Memory Forensics Framework) plugin (ghostrat) which detects the encrypted Gh0st RAT communication, decrypts it and also automatically identifies the malicious Gh0st RAT process, its associated network connections and the loaded DLL’s. This can help the digital forensic investigators and incident responders to quickly narrow down on the Gh0st RAT artifacts without having to spend time on the manual investigation.
Page 59: The truth behind automated web application scanners
Companies are lead to believe that some web application scanners can detect all vulnerabilities and security issues listed in the OWASP Top 10, and this blog post will demonstrate why this statement cannot be true. Automated vulnerability management scanners for web applications cannot detect all security flaws listed in the OWASP Top 10 and to lead decision-makers and IT Security professionals into believing this is unethical.
Do you want more hacking publications? Subscribe to Hack Insight and receive:
–> 24 unique magazine editions per one year.
–> Access to all the previous releases from the archives.
–> Access to special publications, workshops and video tutorials.