Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

I a new in this security, but I like to learn more. I am asking if someone can h

ID: 3627649 • Letter: I

Question

I a new in this security, but I like to learn more.
I am asking if someone can help me by giving me more information about security or hacking. If you can provide me with website, papers research, chart, codes and any thing I can read and apply and talk about it on security discussion. Just to talk about it no porject ot anything 
for example, 4G network security, I could not find much information which can help me to talk about it
You can give any topic that's you have knowledge about it, so I can read and make talk about for security people in computer science. 

I need it soon. 
Thanks for help

Explanation / Answer

A hacker is a person who breaks into computers and computer networks for profit, in protest, or because they are motivated by the challenge.[1] The subculture that has evolved around hackers is often referred to as the computer underground but it is now an open community.[2] Other definitions of the word hacker exist that are not related to computer security. They are subject to the long standing hacker definition controversy about the true meaning of hacker. In this controversy, the term hacker is reclaimed by computer programmers who argue that someone breaking into computers is better called a cracker,[3] not making a difference between computer criminals ("black hats") and computer security experts ("white hats"). Some white hat hackers claim that they also deserve the title hacker, and that only black hats should be called crackers. n today's society understanding the term "hacker" is complicated because it has many different definitions. The term can be traced back to MIT (Massachusetts Institute of Technology). MIT was the first institution to offer a course in computer programming and computer science and it is here in 1960 where a group of MIT students taking a lab on artificial intelligence first coined this word. These students called themselves hackers because they were able to take programs and have them perform actions not intended for that program. “The term was developed on the basis of a practical joke and feeling of excitement because the team member would “hack away” at the keyboard hours at a time.” (Moore R., 2006).[4] Hacking developed alongside phone phreaking, a term referred to exploration of the phone network without authorization, and there has often been overlap between both technology and participants.[citation needed] One of the first hacks was accomplished by Joe Engressia also known as The Whistler. Engressia is known as the grandfather of phreaking. His hacking technique was that he could perfectly whistle a tone into a phone and make a free call.[5] Bruce Sterling traces part of the roots of the computer underground to the Yippies, a 1960s counterculture movement which published the Technological Assistance Program (TAP) newsletter.[citation needed] Other sources of early 1970s hacker culture can be traced towards more beneficial forms of hacking, including MIT labs and the Homebrew Computer Club, which later resulted in such things as early personal computers and the open source movement. NFORMATION SECURITY SERVICE, ETHICAL HACKING TRAINING & CYBER INVESTIGATION SOLUTIONS Every day when Appin-ites wake up, we strive to come up with new ways to make our clients feel more secured. Its our mission to secure what is important to you, and to better it with time. We offer Information Security, Ethical Hacking & Allied Technology training to students and help them build a career by taking our courses ranging from 6 weeks to 3 years. Having trained and mentored over 83000 students in classroom and distance learning training sessions; we are confident of doing justice with a students career. We also provide exclusive business opportunities to Individuals and Small Business to start a franchise in their area focused on IT & Security training and solutions. Over 110 entrepreneurs have joined hands with us in 18 nations and 70 cities. Its true that we are still very short of the 33000 mark achieved by Subway but hope to get there soon. We offer investigative solutions to investigative and intelligence bodies with specialization in cyber investigation work. 530 organizations including countries governments and top-notch lawyers trust us with their investigation related work. Last but now the least, Appin holds unique distinction of providing Information security consulting & network security services to India's all 4 major airports Delhi, Mumbai, Bangalore, Hyderabad and also is a security solutions provider to over 1300 Websites that are audited and monitored by Appin globally. We may have served Microsoft, Intuit, Actis & Daikin; we promise to help you with your security needs with equal zeal and enthusiasm if you are are 20 people company that selects us as their security partner. We will feel extremely privileged for same. Google Hacking Diggity Project The Google Hacking Diggity Project is a research and development initiative dedicated to investigating the latest techniques that leverage search engines, such as Google and Bing, to quickly identify vulnerable systems and sensitive data in corporate networks. This project page contains downloads and links to our latest Google Hacking research and free security tools. Defensive strategies are also introduced, including innovative solutions that use Google Alerts to monitor your network and systems. SearchDiggity Stach & Liu’s new GUI applications that serves as a front-end to both GoogleDiggity and BingDiggity. SearchDiggity v1.0 can be downloaded as an MSI or as a standalone. GoogleDiggity With the retirement of Google’s SOAP Search API on September 7, 2009, most of the security utilities available for Google Hacking cease to function, leaving the security industry with a need for new and innovative tools. GoogleDiggity is a new MS Windows command line utility designed to help fill that need. GoogleDiggity leverages the Google AJAX API, so it will not get you blocked by Google bot detection while scanning. Also, unlike other Google Hacking tools available, GoogleDiggity actually allows you to specify a Google Custom Search Engine (CSE) id to run Google Hacking vulnerability checks against a customized version of Google that will only return results tailored to your organization. GoogleDiggity v. 0.2 can be downloaded here. BingDiggity BingDiggity is a new command line utility that leverages the new Bing 2.0 API and Stach & Liu’s newly developed Bing Hacking Database (BHDB) to find vulnerabilities and sensitive information disclosures related to your organization that are exposed via Microsoft’s Bing search engine. This utility also provides footprinting functionality that allows you to enumerate URLS, hosts, domains, IP-to-virtual host mappings, etc. for target companies. BingDiggity v 0.1 will be available for download shortly. Google Hacking Alerts and Bing Hacking Alerts Defensive strategies for protecting your organization from Google Hacking attacks traditionally have been limited, mostly falling back on the approach of “Google Hack Yourself”. This approach has several shortcomings. While a few free tools exist that allow security staff to Google Hack their organization, they typically are inconvenient, only utilize one search engine, and provide only a snapshot in time your organization’s exposure. Google Hacking Alerts provide real-time vulnerability updates via convenient RSS feeds. Google Alerts have been created for all 1623 GHDB/FSDB search strings, which generate a new alert each time newly indexed pages by Google match one of those regular expressions. This feeds have been organized and can be viewed/searched by importing the following file into Google Reader: StachLiu-Google_Hack_Alerts-16July2010.xml. Bing Hacking Alerts employs a similar approach, but instead leverages Stach & Liu’s Bing Hacking Database (BHDB) in conjunction with Microsoft’s Bing ‘&format=rss” directive to turn Bing searches into RSS feeds. These feeds are organized and can be viewed/searched via Google Reader by importing the following file: StachLiu-Bing_Hacking_Alerts-28July2010.xml A combined file for both Google and Bing alerts can be downloaded here: StachLiu-GoogleAndBing_Hack_Alerts-28July2010.xml SharePoint – GoogleDiggity Dictionary File New GoogleDiggity input dictionary file containing 109 queries that allow users to uncover SharePoint specific vulnerabilities exposed via the Google search engine. This dictionary helps assessors locate exposures of common SharePoint administrative pages, web services, and site galleries that an organization typically would not want to be made available to the public, let alone indexed by Google. The dictionary text file can be used directly as input to the –f option of the GoogleDiggity.exe command line tool. Also, it can be imported for use within the SearchDiggity GUI tool from the menu: “File”->”Import Query Definition”. We're supposed to hack our way into the domain controllers, active directory servers, web servers, and the rest of the network in general, as far as we can go. It's our final project. The network admin has approved of this under a few conditions, we have to write a detailed report of what we do, what we used, we may not damage anything, steal sensitive information, disrupt services, etc.. We may use any means necessary as long as we follow the conditions. So, my question is, where do we have the best chance of succeeding? Exploits? MITM attacks? Keyloggers? Emails with trojans? All the server's are running Windows Server 2008 / R2 (at least I haven't seen any Linux machines when nmapping the network). I'm quite familiar with computers, networking, and programming, tho I have never written any exploits myself. I tried autopwn using Fast-Track from BackTrack against the active directory servers, domain controllers, email servers, and a few other, but without success. Any help would be appreciated! P.S. First post on Reddit! :) EDIT: A lot of people are calling bullshit on this, but I can assure you it isn't. We were assigned this project mainly because the teacher knows we won't get anywhere, and if we brake any rules the network admin and the teacher have set, we get fired from the school immediately, without questions or assessment. The school network is quite secure. Second edit, as posted below: Ok, so the assignment is over now. 1: done 2: done 3: done Walked into server room: done [serious fail] Stole math tests: done Stole school cafeteria database: done Found an open share (C:Users) which turns out is from the school masters secretary. [goldmine] And more... all reported and well documented. I think I'll 10/10 on this one :D So your teacher has assigned you a final that includes preforming offensive security techniques. If this were true, wouldn't that indicate said teacher has already, at the very least, discussed required techniques? I find it hard to believe that any teacher would make such an assignment (on a production environment), I find it even harder to believe that any administrator would allow such a situation to take place. Arbitraily running "auto-pwn" already shows disregard for the continual operation of any network. How about you post some tangible proof that such an assignment exists. PS - In all likelihood a teacher and network administrator would not have the authority to approve such an assignment anyway, they don't own the network, nor the data (normally). Even real penetration tests require the authorization of a large number of people in multiple capacities. I am calling skiddie-scam on this entire post. permalink [–]Schnitzelnator[S] 4 points 3 months ago* Not sure if this is proof enough: http://i.imgur.com/zynHR.png - the project on my school network http://pastebin.com/bZKC8wJQ - the description I can try to get a photo of me and the school network admin next monday and his signature on paper with the reddit alien if you want. Our teacher is terrible at spelling since he's from Spain, so the Google translate is pretty bad, but understandable as a whole. EDIT: To answer your first question, no, he hasn't, that's the point of the project, we start from scratch, do our best in 2 weeks or so. We have only been setting up win servers with AD, IIS, LDAP, etc..., no security stuff. permalinkparent [–][deleted] 1 point 3 months ago So what I am gathering from you is in a class where you don't discuss defensive or offensive techniques your teacher just makes up an assignment just to see if you can break in... to the entire school network and not some isolated set up designed for testing purposes.... I am sorry but this just doesn't pass the smell test. Further more posting a picture of you and someone else that is completely unverifiable will just not fly for proof. permalinkparent [–]Schnitzelnator[S] 0 points 3 months ago I know, I thought it was a joke at first too, but it wasn't. I would have preferred a network set up for testing purposes, with a few holes in it, where we would have some chance of success. I'll be honest, I don't think anyone in our class is going to get in anywhere, that's why I came here for help. On another note, I found a Pervasive SQL database shared publicly on the network (with read-write access), It's from the school cafeteria, and contains nothing but what they sell, who bought it, and when. I suppose I can put that in my report :D permalinkparent [–]SergeiGolos 2 points 3 months ago I think his sincerity is really unimportant in a sub reddit dedicated to a field built on anonymity. permalinkparent [–]wrayjustin 4 points 3 months ago I am unsure how you've derived that /r/hacking is dedicated to a field built on anonymity. I am unsure why you think hacking in general is a field built on anonymity. permalinkparent [–]CrawZ 7 points 3 months ago Methodology; try and USB boot / "Live CD" boot an OS other than the restricted network, or - plug in a laptop to the network. (You may need to spoof one of the real computer's MAC addresses and apply it to your network device). I suspect you're more going to find out what type of budget your network was built under, higher class/quality routers/gateways/switches can watch your packets closely and stop these type of attempts. However, the cheaper equipment typically don't monitor these type of exploits. I encourage you to treat this as an educational exercise, and if you master it - you can build your own networks better in future. Use your powers for good, not evil, all that stuff. HTTP tunneling is one of the easiest things you could play with, if you can install something like [WinGate](www.wingate.com/) you can often bypass outgoing firewall restrictions. Packet Sniffing - Download & analyse unencrypted network packets, you can sometimes find plain-text usernames and passwords to servers/devices. Network Trolling - you can (try and) run a DHCP & DNS server and set your 'server' as the DNS & gateway. Computers will then look to your 'server' for internet access, you can either give them unlimited access from your HTTP tunnel (wingate) or, add some fun A records that can point facebook.com to google. Let your curiosity be your educational motivation. :) Personal note; I was suspended from high-school for 'hacking', between the school, parents and I - we came to a deal that got me a scholarship for school and was a network admin for my last 2 years of school. Everything turned out better than expected. permalink [–]Schnitzelnator[S] 2 points 2 months ago Ok, so the assignment is over now. 1: done 2: done 3: done Walked into server room: done [serious fail] Stole math tests: done Stole school cafeteria database: done Found an open share (C:Users) which turns out is from the school masters secretary. [goldmine] And more... all reported and well documented. I think I'll 10/10 on this one :D permalinkparent [–]Who_Needs_College 4 points 2 months ago Social Enginering is going to be the easiest, dont go directly for the admin because i dont think that would work... Try to find someone that would have admin access but may not be the brightest person. For example most IT Directors at schools dont have a lot of knowledge about tech. They are pretty much the managers / budget people. I would spoof an email from the admin to him. Just set the reply to your self. So when the IT director looks at the email it will seem to come from the admin who is requesting their password, when he hits reply the email will be send to you. Email spoofing is really easy to do. If that doesn't work then send a spoofed email address to the entire school. That would be a pretty big security breach if you had a lot of people replying to you. permalink [–]Who_Needs_College 3 points 2 months ago You can also try ARP poisoning to do some data mining.

Related Questions

I THUMBS UP AND LEAVE POSITIVE FEEDBACK ! PLEASE ANSWER THE 2 STUDY QUESTIONS FO
Question #2817488
I THUMBS UP AND LEAVE POSITIVE FEEDBACK FOR THE ANSWERS TO STUDY QUESTIONS 1-7!
Question #385770
I THUMBS UP AND LEAVE POSITIVE FEEDBACK FOR THE ANSWERS TO STUDY QUESTIONS 1-7!
Question #386423
I THUMBS UP AND LEAVE POSITIVE FEEDBACK FOR THE ANSWERS TO STUDY QUESTIONS 5-7!
Question #386623
I THUMBS UP AND LEAVE POSITIVE FEEDBACK FOR THE ANSWERS TO STUDY QUESTIONS 5-7!
Question #386684
I TRIED USING cp/afs/umbc.edu/users/j/d/jdixon/pub/cs202 to copy files but it sa
Question #3832092
I The following table shows the cost structure for a firm producing in a perfect
Question #1248003
I The table below gives data on output for a firm in the short run. The firm is
Question #1114903

Navigate

Previous
I a confused onw whether this should be treated as a dipole or two point charges
Next
I a trying to AJAX a variable from a javascript/HTML file and recieve the variab

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.