5 Free And Easy Steps To Make Anyone A Computer Hacker

These 5 steps are free, and they can turn anyone into a cyber security professional, or professional computer hacker.

1)  Register at the free cyber security training website, Cybrary: http://www.cybrary.it

Cybrary home page

2)  Take the class to learn the fundamentals of computer networking: https://www.cybrary.it/course/comptia-network-plus/

3)  Learn the fundamentals of cyber security: https://www.cybrary.it/course/comptia-security-plus/

4)  Take the ethical hacking class: https://www.cybrary.it/course/ethical-hacking/

Session Hijacking Screen Shot

5)  Practice the free tools that you learn about, on a computer at home.

Advertisements

Online Safety Checklist

Is your personal information secured online and are you taking all the possible measures to ensure that it is safe? There are some simple steps that you can follow to strength your online security!

  1. Password Protection- When it comes to password security, it is better to be safe than sorry. Refrain from sharing your password online. Create passwords that are unique and difficult for a hacker to figure out… don’t make it easy for them! Don’t use your pet’s name, or your birth date- this is information that can be easily discovered. Another problem with passwords is the vast accumulation of them over time. Do not keep your passwords in your phone, or saved on a document on your computer. These files can end up in the hands of hackers, leaving your personal information at risk. Consider using a protected password manager to store your passwords.
  2. Do not open attachments from untrustworthy sources! –Simple as that.
  3. Safe Online Shopping-  shopping online is quick and convenient, but can also put your personal information at risk of being stolen. When you use your credit card online it is susceptible of being hacked. A piece of advice: Only use your credit card on websites with the prefix “https”. The “s” confirms that the site is using a secure protocol to encrypt any communication between you and the website you are shopping on. So when in doubt, play it safe and don’t shop on that site, but if you must…look for the “s”.
  4. Mobile Device Safety- Now-a-days almost all of our personal accounts can be accessed in the palm of our hands. This includes banking accounts, shopping accounts, email, etc. The scary thing is, it is so easy for your mobile device to be misplaced and stolen. So, it is just as important to ensure that your are following the above safety tips with your mobile devices.
    • Set lock codes on your phone
    • Enable Find My iPhone, iPad, and Mac.
    • Set up Do Not Track in your web browser
    • Look for the “https” URL
    • Avoid connecting to public Wi-Fi
    • Manage your privacy settings for your apps

These are just a few simple tips to get you headed on the right path to securing your personal information. It is easy to overlook practices that make us vulnerable to cyber attacks. But, it is important to make ourselves aware. Consider taking TrainACE’s Security+ Training Course to strengthen your knowledge on general security concepts.

RATs: What are they and why should they be taken seriously?

In the world of computing, RATs aren’t the flea infested rodents that caused the plague, but they can be just as nasty. Also known as Remote Administration Tools, RATs allow an operator to access another computer remotely, gaining control of the machine typically for malicious purposes. While there are a number of legitimate and helpful reasons for remote administration and desktop sharing, RATs usually refer to software that is being installed without the knowledge of the intended victim. Moreover, RAT software is typically designed to be installed as part of a Trojan horse, actively avoiding detection by the victim or the victim’s security software and in some cases even disabling firewalls and other security measures.

What Are Remote Administration Tools?
Remote Administration Tools allow the operator to gain control of another machine remotely with the intention of using it maliciously, often without the knowledge or intervention of the targeted computer’s user. Among other capabilities, RAT operators may use the program to:

  • Control the webcam, microphone, speakers, and screen capture function
  • Control key computer functions: power on/off; log on/off
  • Download, execute, and upload files
  • Run shell commands
  • Modify the registry
  • Overclocking, which can destroy hardware

RAT Trojan Horses
Remote Administration Tools are typically installed via a Trojan horse attack, with the malicious software often being disguised as a legitimate program or bound to an otherwise innocuous program. The victim may download the legitimate looking program online or via email or some other person to person file sharing option. In some cases, a false error message may appear, giving the impression the file did not download properly and possibly leading to a false sense of security for the victim of the Trojan attack. Other RAT programs immediately disable security software, like firewalls and antivirus programs, in order to operate undetected.

Once installed, the RAT Trojan horse will allow the remote operator to:

  • Alter the desktop background wallpaper, and move, alter, and delete icons and files on the desktop;
  • Control the mouse and/or keyboard, as well as peripheries like the CD-ROM drive, which can be opened remotely via a RAT Trojan;
  • Display fake error messages and reformat drives;
  • Install software, viruses, and other malicious software;
  • Modify, delete, and transfer files;
  • Phish for passwords, credit card numbers, and other sensitive information through keystroke logging or by installing keystroke capture software;
  • Record video and sound by controlling the webcam or microphone;
  • Take on the task manager by viewing, canceling, and starting tasks; and
  • View the screen, print text, and play sounds.

Examples of RATs
If all of that isn’t enough to convince you of the seriousness of RATs, consider some famous RAT software:

  • Back Orifice: First released in 1998, BO was specifically designed for Windows computers. The program can be installed without user interaction, allowing remote access to the infected computer.
  • Beast Trojan: Discontinued in 2004, Beast Trojan was one of the first to use a reverse connection, which allowed the remote operator complete control of the infected machine.
  • Blackshades: In 2014, nearly 100 people were arrested as part of a sting operation to put an end to this malicious software that has taken over more than 500,000 computers in over 100 countries.
  • Bifrost: Active since 2004, Bifrost attacks Windows 95 to Windows 7 operating systems, providing remote access to manage processes, files, and windows; control of screen and webcam capture functions; and password extraction, among other capabilities.
  • NetBus: Released months ahead of the Back Orifice program in 1998, NetBus was used to remotely download child pornography to the computer of a Lund University Fulbright law scholar, who consequently lost his research funding.
  • ProRat: It is nearly impossible to remove ProRat without the latest antivirus software. This RAT is typically installed along with another file it is “bound” to, so when the user opens an image file, for example, the malicious software is surreptitiously installed in the background.
  • Optix Pro: More lethal than previous releases because it was able to get past most available firewalls and antivirus programs, Optix Pro terrorized computer users worldwide before being terminated by its creator in mid-2005.
  • SubSeven: Still active today, the SubSeven RAT permits undetected installation and remote keystroke logging. Some argue the program is the predecessor of botnets.

Considering how lethal RATs can be and how difficult it can be to fully remove them once installed, the best defense is to be a well-informed computer user. For the most comprehensive information on Remote Administration Tools, consult our most recent RAT white paper for the latest tips on how to combat RATs.

Did You Know Big Data can Help you Hunt Hackers?

Everyone knows that big data is being used by businesses for many things, mainly along the lines of business intelligence and marketing. However, few people know how much big data is coming into play when it comes to cyber security. There are a variety of applications for big data and cyber security, the collection of intel, social media trends and more.

There is a free webinar coming up about the use of big data for hunting hackers. You can join the webinar here:

https://www4.gotomeeting.com/register/268910071

The webinar is going to be held on February 26th, from 1-2pm.

 

The Emergence of Python as a “Must Know” Language for Cyber Security Pro’s

Programming has become essential to cyber security. IT security professional must efficiently write applications and scripts; often on short notice. The Python language provides unmatched ease, flexibility, and functionality for both new and experienced coders. It has emerged as a top choice for cyber security professionals because it lessens development effort and the coder’s learning curve. 

Python Is Designed For Users
Python is a high-level, interpreted language based on C and C++ and influenced by several other languages. First released in 1991 by principal developer Guido van Rossum, Python excels at readability and ease of use. It allows even novice programmers to be productive in a short amount of time. Python is designed for rapid application development, a methodology that suits the fast-paced and shifting security environment. Cyber professionals can quickly prototype, test and deploy an application.

Python offers the versatility of running as a script or executable and is cross-platform. It is ideal for mixed code environments as it integrates easily with other languages. Programmers can wrap existing C or C++ code to behave like native Python, and they can create or extend modules in C, C++, Java or .NET. Python’s scripting capability can also be embedded in other applications.

Python Beats Competition at Rapid Application Development
Cyber security experts code for several scenarios and need speed, reusability and functionality. Python’s support of the rapid application development methodology enables testers, hackers, and systems administrators to create and customize tools. Coders can quickly prototype new Web applications and clients. Python’s simplicity and vast libraries let hackers deploy code to capture packets, decrypt passwords, and engineer other attacks. Common tasks such as scanning ports can be easily automated. Python’s modular design and clean syntax make code easier to extend and maintain. In a changeable security environment, this timesaving efficiency is critical.

In spite of its powerful capabilities, Python is easy to learn and is often referred to as a beginner’s language. Its terse code and strict syntax make it highly readable. Security experts from other language backgrounds or with minimal programming experience can learn it more quickly than verbose languages such as Ruby and C++. Unlike tackling C++, novice coders can use Python without a detailed understanding of object orientation.

Cyber security professionals with diverse coding backgrounds need to produce the same testing and threat neutralization results. As a high-level language, Python allows users to focus on the coding goal rather than low-level procedures. It uses dynamic typing to aid rapid development. Languages that employ static typing, such as Java, require more programming effort to declare and manipulate types. Coders also save time with Python’s automatic memory management and exception handling.

Python Is Versatile
Python’s versatility is another advantage in the cyber security world. Unlike Perl, Python is designed to be a major programming language. Perl offers powerful scripting capabilities and works well as a glue language using small programs. However, Python is suited for both scripting and for creating complex, compiled applications. Its scalability makes it a solid default choice for diverse coding needs within an organization.

Security specialists often need to build on existing code, such as canned test programs, written in other languages. Python integrates with C, C++, Java, and .NET as a module or embedded script. Coders can use the ctypes module, the Python C API, or a wrapper generator such as SWIG. The ability to extend existing software saves developer time and preserves existing functionality already serving a vital security role.

Python Has Powerful Libraries
Hackers, penetration testers, and other security experts need a language library that provides the entire spectrum of features to create powerful and often novel programs. Python comes with modules to support Web activities such as parsing HTTP and XML and building clients. Django and other open-source Web frameworks are available from developers favoring the rapid application development methodology. Third-party modules offer robust features, such as optimized calculation handling, that make Python an increasingly solid language for data applications.

Python’s simple and clean structure, modular design, and extensive library make it ideal for security applications. Cyber experts rely on the capability to rapidly code programs and the feature set to implement new strategies and techniques. No other language offers as powerful a combination, and Python stands as the must-know language for the serious security professional.

For more information on Python for Security Professional’s training, visit: http://www.trainace.com/courses/python

Virtualization Training on the Up and Up; VMware and Hyper V Will Battle it Out

Virtualization training is easily one of the hottest training trends of 2010. After a brutal year in 2009, companies everywhere are looking for ways to cut costs and boost productivity. Virtualization management is catching on quickly, thanks to its proven success at saving companies money and increasing productivity.

Virtualization management allows you to create multiple virtual machines (software-based) on a single physical computer. Each virtual machine can run its own operating system and applications, completely isolated from other machines. Products like VMware and Hyper V by Microsoft let you utilize the full capabilities of your hardware, allowing one computer to do the work of several, which saves you money in IT energy costs and hardware costs. Companies everywhere are excited about the possibilities that come with virtualization, which is why VMware training and Hyper V training are one of the hottest trends of 2010.

Dont Forget Microsoft Office Training and Certification

In the training and certification world perhaps the most overlooked cert may be Microsoft Office certification, or the Microsoft Certified Application Specialist (MCAS).

We all use MS Office probably every day, we fall into the groove of doing the same things (tasks, functions, etc.) that work for us and that apply to our specific roles in the workplace. But there will very likely come a time (soon, if not already, for many of you out there) where we will be placed in a situation where one of the common skill sets we use in MS Office becomes foreign to us. Most likely this will happen when your company or organization makes the upgrade to the newest platform of MS Office.

Have you started working with Office 2007 yet? Its quite a bit different from 2003, and what about the next version to come out. What if your organization upgrades you to that straight from 2003, you’ll be way behind the curve.

Since Office (Excel, Word, Access, PowerPoint and Outlook mainly) are all so essential to what we do, its crucial to stay sharp with them. That’s why Microsoft Office Training is probably the most overlooked training (and certification) in the IT and tech training industry. Stay fresh and consider taking a class every now and then. They are relatively cheap and you can really increase productivity by a wide margin. Whats $350 dollars when you increase your employee’s or your own productivity by 10%?