My Hack Stuff https://myhackstuff.com Exploring Things on Internet Wed, 15 Aug 2018 12:47:47 +0000 en hourly 1 https://wordpress.org/?v=4.9.8 https://myhackstuff.com/wp-content/uploads/2018/03/cropped-1-3-32x32.jpg My Hack Stuff https://myhackstuff.com 32 32 Updated VIP IPTV Channels List (Beginners Guide) https://myhackstuff.com/updated-vip-iptv-channels-list-beginners-guide/ https://myhackstuff.com/updated-vip-iptv-channels-list-beginners-guide/#respond Wed, 15 Aug 2018 12:44:14 +0000 https://myhackstuff.com/?p=1152 Guide about Updated VIP IPTV Channels List In this knowledge base article we’ll discuss Updated VIP IPTV Channels List. First of all we should have some knowledge what IPTV channels are? Answer is that these are Internet Protocol television (IPTV) the delivery of television content over Internet Protocol (IP) networks. This is in contrast to delivery […]

The post Updated VIP IPTV Channels List (Beginners Guide) appeared first on My Hack Stuff.

]]>
Guide about Updated VIP IPTV Channels List

In this knowledge base article we’ll discuss Updated VIP IPTV Channels List. First of all we should have some knowledge what IPTV channels are? Answer is that these are Internet Protocol television (IPTV) the delivery of television content over Internet Protocol (IP) networks. This is in contrast to delivery through traditional terrestrial, satellite, and cable television formats.

Is Netflix an IPTV?

Essentially, IPTV is a formally ordered subscription-based digital TV tune-up accessible to customers from ISPs. IPTV has a lot of similarities to the OTT content streams consumers enjoy from companies like Hulu and Netflix. In both cases, the content is delivered via the Internet and streamed on demand.

What does IPTV stand for on a TV?

IPTV stands for Internet Protocol TV—but what does “Internet Protocol” mean? It’s the essence of how the Internet works. Send an email to a friend or download a web page and the information you set in motion doesn’t travel in one big lump, as you might expect.

What is a m3u file used for?

M3U (MP3 URL or Moving Picture Experts Group Audio Layer 3 Uniform Resource Locator in full) is a computer file format for a multimedia playlist. … Although originally designed for audio files, such as MP3, it is commonly used to point media players to audio and video sources, including online sources.

What is a WPL or m3u file?

The main difference between WPL and M3U is the principal application that uses them. WPL was created for and is used by Microsoft’s Windows Media Player. It is the default file format and all playlists you create with WMP uses WPL. On the other hand, M3U began with Winamp; a very popular and free music player.

What will play an Xspf file?

XSPF is a file format for sharing the kind of playlist that can be played on a personal computer or portable device. In the same way that any user on any computer can open any Web page, XSPF is intended to provide portability for playlists.

Can VLC play m3u8?

m3u8 files are m3u files encoded in utf8. m3u files are a text based playlist format. You can open the file with any text editor and see that it contains a list with files to be played. if you open the file with vlc, it has to download every single video before playing it. Click next if you want to read complete guide about how to use IPTV with VLC (Windows 7 and 10 Guide).

Bein Sports HD and SD Channels List

BT Sports HD and SD Channels List

How to use IPTV with VLC (Windows 7 and 10 Guide)

VLC is one of greatest media players if you want to stream Live TV from your PC and Laptop. You simply need an M3U format channel list to run it with this media player.

There are two different ways to use IPTV with VLC. Download and follow the step to install VLC Media Player

The first method

Upload file m3u. With this method please make sure you downloaded your M3U list. If you don’t have M3U list you can ask for it. After that, follow this guide step by step:

Step 1: Open up VLC Media Player

Step 2: Simply Drag & Drop the downloaded m3u file with your VLC or open it via Media > Open File > “Choose your .m3u file

Updated VIP IPTV Channels List (Beginners Guide)

Now, you should be able to watch IPTV with VLC media player.

Thanks for reading now let me recommend you some other practical guides about penetration testing of Remote Access Protocols, Remote Desktop ProtocolSSH Network Protocol, Network RoutersWordPress website using WPSeku from My Hack Stuff.

 

 

The post Updated VIP IPTV Channels List (Beginners Guide) appeared first on My Hack Stuff.

]]>
https://myhackstuff.com/updated-vip-iptv-channels-list-beginners-guide/feed/ 0
Bypass MAC filtering (the physical assessor) https://myhackstuff.com/bypass-mac-filtering-the-physical-assessor/ https://myhackstuff.com/bypass-mac-filtering-the-physical-assessor/#respond Tue, 14 Aug 2018 11:09:42 +0000 https://myhackstuff.com/?p=1146 Introduction to Bypass MAC filtering In this article we are going to discuss about how to bypass MAC filtering. An attacker needs to be aware of methods for remote compromise: attacking the VPN, wireless infiltration from a distance using high-gain antennas, and so forth. However, the pen tester can never forget the big picture. This is a […]

The post Bypass MAC filtering (the physical assessor) appeared first on My Hack Stuff.

]]>
Introduction to Bypass MAC filtering

In this article we are going to discuss about how to bypass MAC filtering. An attacker needs to be aware of methods for remote compromise: attacking the VPN, wireless infiltration from a distance using high-gain antennas, and so forth. However, the pen tester can never forget the big picture. This is a field where it’s very easy to get caught up in the highly specific technical details and miss the human element of security design.

There’s a design flaw concept that pen testers like to call the candy bar model. This simply refers to a network that is tough and crunchy on the outside, but gooey on the inside. In other words, it’s a model that emphasizes the threats of the outside world when designing the security architecture, while assuming that someone who is physically inside company facilities has been vetted and is therefore trusted. The mindset here dates back many years; in the earliest days of what became the internet, the physical access points to the network were inside highly secure facilities. Packets coming in over the network were safely assumed to be from a secure environment and sent by an authorized individual. In today’s world, a packet hitting the border of a company’s network could be from an authorized individual on a business trip, or it could be from a clever teenager in Thailand eager to try out some newly learned tricks.

The candy bar model will come up in later chapters when we discuss other network attacks. Once you crack that outer shell, you’ll often find that the path forward seems paved especially for you—and a successful compromise will inform your client of the devastating consequences of this mistaken assumption.

How you social engineer your target is a subject for another book altogether, but for the purposes of this discussion, let’s assume that you have physical access to network drops. Not all physical access is the same, though: if you convinced your target to hire you as a full-time employee, then you’ll have constant physical access. They’ll even hand you a computer. However, what’s more likely is that you’ve exploited a small gap in their physical security stance, and your presence can be undetected or tolerated for only a short period of time. You’ve snuck in through the smoker’s door

after striking up some conversation with an unwitting employee; you’ve been given permission to walk around for an hour with a convincing-looking contractor uniform and clipboard; or (my personal favorite) you’ve earned trust and affection by bringing in a big box of doughnuts for the people expecting an auditor’s visit based on a well-scripted phone call. We’ll demonstrate how to set up a Kali box to function as a rogue wireless access point while impersonating the MAC address of a VoIP phone.

Configuring a Kali wireless access point to bypass MAC filtering

You’ve found an unoccupied cubicle with an empty desk and a generic IP Phone. The phone is plugged in and working, so you know the network drop is active. We’ll drop our small laptop running Kali here and continue the attack from outside.

First, we’ve unplugged the IP Phone so that our bad guy can take the port. We’re going to clone the MAC address of the IP Phone on our Kali box’s Ethernet port. From the perspective of a simple MAC address

whitelisting methodology of NAC, this will look like the phone merely rebooted. 

I use ifconfig to bring up the interface configuration. In my example, my Ethernet port interface is called eth0 and my wireless interface is called wlan0. I’ll note this for later, as I will need to configure the system to run an access point with DHCP and DNS on wlan0, while running NAT through to my eth0 interface. I can use ifconfig eth0 hw ether to change the physical address of the eth0 interface. I’ve sneaked a peek at the label on the back of the IP Phone – the MAC address is AC:A0:16:23:D8:1A.

So, I bring the interface down for the change, bring it back up, then run ifconfig one more time to confirm the status of the interface with the new physical address:

Bypass MAC filtering

Two handy tools in the Kali repository are dnsmasq and hostapd:

  • dnsmasq is a lightweight network infrastructure utility. Completely free and written in C, this is a nifty tool for setting up a quick and dirty network on the fly, complete with DHCP and DNS forwarding. In our example, we’re using it as a DHCP and DNS service for the wireless clients who connect to our access point (which would be you and your colleagues, of course).
  • hostapd (host access point daemon) is, as the name implies, access point software for turning your ordinary wireless network interface into an access point and even an authentication server. You can confirm that whatever Wi-Fi card you’re using supports AP mode with this command:

# iw list |grep “Supported interface modes” -A 8

If you see AP in the results, you’re good to go. We use apt-get install hostapd dnsmasq to grab the tools.

If you run into problems with apt-get (for instance, package not found), always review your repository’s sources.list file as a first step. Don’t add arbitrary sources to the sources.list file; this is a great way to break your Kali installation. Since the release of Kali 2016.1, the active repository for rolling users is this: deb http://http.kali.org/kali kali-rolling main contrib non-free.

First, let’s configure dnsmasq. Open up /etc/dnsmasq.conf using the nano command:

Bypass MAC filtering

You can see that the configuration file has everything you need to know commented out; I strongly recommend you sit down with the readme file to understand the full capability of this tool, especially so you can fine-tune your use for whatever you’re doing in the field.  Since this is a hands-on demonstration, I’m keeping it pretty simple:

  • I set my interface to wlan0, where the USB wireless card that will play the role of access point is located.
  • I set the DHCP range where new clients will be assigned IP addresses when they request an assignment. The format is [bottom address],[top address],[lease time]. The address range here is what would be assigned to new clients, so make
  • sure you don’t overlap with the gateway address. You’re the gateway!
  • DHCP options specification. This isn’t arbitrary—these numbers are specified in RFC 2132 and subsequent RFCs, so there’s a lot of power here. For our purposes here, I’m setting the gateway with option 3 and DNS with option 6. In this case, they’re the same address as we would expect on a tiny LAN like this one. Note the address: 10.11.12.1. That’s the gateway that by definition, will be your wlan0 interface. You’ll define that address when you bring up the wireless interface just prior to firing up the access point.
  • I defined the upstream DNS server; I set it to Google 8.8.8.8, but you can use something different. 
  • I did some logging, just in case we need it.

Final Steps

Hit Ctrl + X and confirm the file name to save it. Now, we’ll move on to the hostapd configuration. Open up /etc/hostapd/hostapd.conf using the nano command:

Bypass MAC filtering

Again, this is a tool with a lot of power, so check out the readme file so you can fully appreciate everything it can do. You can create a rather sophisticated access point with this software, but we’ll just keep it simple for this example:

  • I set the interface to wlan0, of course.
  • I defined the wireless driver; this is nl80211, the interface between cfg80211 and user space, and it allows for management of the device.
  • ssid is our service set identifier – our network’s name. I’m using NotABadGuy because I want to convince the world that I’m really a good guy, but of course, you’ll fine-tune this to your needs. There’s a bit of social engineering potential here to minimize suspicion on the part of those casually scanning the environment. 
  • hw_mode is the 802.11 modulation standard; b, g, and n are common.
  • I’ve defined the channel here, but you can configure it to pick the channel automatically based on surveying.
  • macaddr_acl is a Boolean flag to tell hostapd if we’re using a MAC-based access control list. You’ll have to decide if this is something you need for your purposes. In my example, I’ve configured encryption, and I like to use randomly generated MACs on my devices anyway, so I’d rather not deal with whitelisting MACs. 
  • max_num_sta is one way to keep the population of wireless clients restricted— this is the maximum number of clients that are allowed to join. I set mine as 1 here since I only expect myself to be joining, but you could omit this.
  • ignore_broadcast_ssid simply allows you to hide the network. What it really does is cause your AP to ignore probe request frames that don’t specify the SSID, so it will hide your network from active scans, but you should never consider a functional access point to be hidden. I want to see it in my example, so I set it to 0.
  • The remaining options allow me to configure WPA2 encryption.  

Believe it or not, those are the basics for our quick and dirty access point to the physical network. Now, I’ll bring up the wlan0 interface and specify the gateway

address I defined earlier. Then I bring up dnsmasq and tell it to use my configuration file. We enable IP forwarding to tell Kali to act like a router with sysctl. We allow our traffic through and enable NAT functionality with iptables. Finally, we fire up hostapd with our configuration file.  

We’ll be looking at iptables again, so don’t worry about the details here. 

When a wireless client connects to this network, they will have access to the corporate network via eth0; to a MAC filter, traffic coming from that port will appear to be coming from a Cisco IP Phone:

Bypass MAC filtering

Thanks for reading now let me recommend you some other practical guides about penetration testing of Remote Access Protocols, Remote Desktop ProtocolSSH Network Protocol, Network RoutersWordPress website using WPSeku from My Hack Stuff.

The post Bypass MAC filtering (the physical assessor) appeared first on My Hack Stuff.

]]>
https://myhackstuff.com/bypass-mac-filtering-the-physical-assessor/feed/ 0
How to access Webcams around World? https://myhackstuff.com/how-to-access-webcams-around-world/ https://myhackstuff.com/how-to-access-webcams-around-world/#respond Tue, 07 Aug 2018 21:34:32 +0000 https://myhackstuff.com/?p=1137 Beginners Guide to access Webcams around World There are many sites offering free access webcams around world. The following are the most popular ones: World Web Cam Search : This displays available webcams from around world using Google Maps. Earth Cam : This is a live streaming webcam from different places around globe. Another great […]

The post How to access Webcams around World? appeared first on My Hack Stuff.

]]>
Beginners Guide to access Webcams around World

There are many sites offering free access webcams around world. The following are the most popular ones:

World Web Cam Search : This displays available webcams from around world using Google Maps.

Earth Cam : This is a live streaming webcam from different places around globe. Another great way to access webcams around world.

Fisgonia : This is a visual representation of a webcam—using Google Maps—from different locations around globe. You can filter the cameras according to different categories such as airports, train stations, animals, traffic, universities, and so on, and you can specify the country using Google Maps.

World Cam : This lists webcams in different places globally and offers information about the location such as their location on maps and weather information about the target area. Another great way to access webcams around world.

UM Weather : This lists hundreds of weather cameras across North America.

Opentopia : This lists publicly accessible webcams from different places around world.

Mila : This is a live webcam from Iceland. Another great way to access webcams around world.

Package Tracking

Package tracking is useful to track shipments across the entire world. If your OSINT work requires investigating a package sent via land or air, you can use the following links to find more information about it:

After Ship : This tracks couriers worldwide. Just enter the package number, and it will automatically detect the courier company.

Tracking EX : This tracks 235 couriers.

17 Track : This is a package-tracking service.

Package trackr : This tracks global couriers and visualizes the delivery path with Google Maps.

Boxoh : This is a package-tracking service for USPS, UPS, FedEx, and DHL/AirBorne.

Canada Post : This tracks packages in Canada.

Royal Mail : This tracks royal mail delivery.

Thanks for reading now let me recommend you some other practical guides about penetration testing of Remote Access Protocols, Remote Desktop ProtocolSSH Network Protocol, Network RoutersWordPress website using WPSeku from My Hack Stuff.

The post How to access Webcams around World? appeared first on My Hack Stuff.

]]>
https://myhackstuff.com/how-to-access-webcams-around-world/feed/ 0
Username, E-mail Search and Investigation https://myhackstuff.com/username-e-mail-search-and-investigation/ https://myhackstuff.com/username-e-mail-search-and-investigation/#respond Tue, 07 Aug 2018 21:25:47 +0000 https://myhackstuff.com/?p=1133 Beginners Guide to perform Username, E-mail Search and Investigation In this article we’ll discuss how to perform Username, E-mail Search and Investigation. You can check specific usernames to see where they are being used (e.g., social media sites) or to know whether a particular username really exists. Check User Name : Check the use of a specific […]

The post Username, E-mail Search and Investigation appeared first on My Hack Stuff.

]]>
Beginners Guide to perform Username, E-mail Search and Investigation

In this article we’ll discuss how to perform Username, E-mail Search and Investigation.

You can check specific usernames to see where they are being used (e.g., social media sites) or to know whether a particular username really exists.

  1. Check User Name : Check the use of a specific username on 160 social networks. This is useful to discover target social media accounts to see if they are using the same username on multiple platforms.
  2. Namechk : Check to see whether a specified username is used for major domain names and social media sites.
  3. Namecheckr : Check a domain and social username availability across multiple networks.
  4. User Search : Scan 45 popular social media websites.

Free services can help you to locate people according to their associated e-mail address. E-mail validation services check whether an e-mail address exists and gives other detailed technical information about it.

  1. E-mail Dossier : This site gives detailed technical validation reports about e-mails.
  2. Emailhippo : Free Email address verification service.
  3. Hunter : This website offers free Email address verification service/100 email per month.
  4. E-mail Checker : You can use this site to verify whether an e-mail address is real.
  5. Mail Tester : This site offers e-mail address verification.
  6. Byte Plant E-mail Validator : You can validate e-mail addresses in bulk.
  7. E-mail Format : Find the e-mail address formats in use at thousands of companies.
  8. E-mail Permutator+ : This is a free e-mail permutator service.
  9. com: Provide e-mail address patterns for more than 1,000 companies.
  10. Scam Dex : This is a huge archive of scam e-mails.
  11. E-mail Header Analysis : Get detailed technical information extracted from e-mail headers. This includes the sender IP address, e-mail, and sender ISP in addition to geographical information. To use this service, you need to copy the e-mail header and paste it into the E-mail Header Analysis engine and click “Submit header for analysis.” See the following note to learn how to extract the Gmail message header.

Follow these steps to extract e-mail headers from Gmail:

  1. Open the target e-mail.
  2. Click the down arrow located next to the Reply button and select “Show original”

Data Compromised Repository Websites

These sites hold a list of websites that have suffered from a data breach in the past. When a site suffers from a data breach, registered user details especially usernames and passwords usually get revealed to the public. Many people have a bad practice of using the same password for more than one account (e.g., using the same password for Facebook and for an e-mail account), so knowing one password may grant access to other social accounts/services belonging to the same user.

The following sites are popular websites that list information from a data breach; you can use them to gain intelligence about any target online:

Have I been Pwned : This site lists half a billion real-world passwords previously exposed in data breaches. You can also download the Pwned Passwords list, which contains additional data about each breached account (such as the number of times that password had been seen in the source data breaches). This site can be searched using a target e-mail address or the password itself to see whether it appears in plain text on any public password dump list. This is a recommended site.

Breach Alarm : Enter your e-mail address to see whether your associated online account passwords have been exposed in a previous data breach. Results will get sent to the specified e-mail address.

Global Cyber Vandalism Statistics : This site holds information about the most active website hackers, most active hacker groups, recently hacked government and academic websites, recently reported hacked websites, and reported defacements on hold (not verified).

Hacked E-mails : Check anonymously whether your e-mail has been compromised in a previous data breach.

Phone Number Search

A reverse phone lookup service is useful to find out who is behind a specific phone number. Some services also specify the carrier name and type in addition to phone number type. The following are some phone lookup services:

Z lookup : This is a site that does international reverse phone lookups including cell phones.

Reverse Phone Lookup : This site traces a telephone back to its owner for free.

Inter800 : Search for phone numbers within the United States.

Twilio : Identify phone number formats, find caller names, find caller types (business or personal), identify phone number carrier, and check phone number type (landline, VoIP, or mobile).

Spy Dialer : This is a reverse phone lookup for cell phones and landlines.

Who calld : This is a reverse phone lookup service for international numbers.

Info Bel : Search for the phone number of a person or company anywhere in the world.

Fone Finder : Search for U.S./Canadian telephone numbers.

True Caller : This is an international reverse phone number lookup.

Free Carrier Lookup : This is a carrier lookup service.

Phone Lookup : This is a reverse phone number lookup service.

You cannot get reverse phone lookup for mobile phones easily for free; however, there are many paid websites that offer such services.

Thanks for reading now let me recommend you some other practical guides about penetration testing of Remote Access Protocols, Remote Desktop ProtocolSSH Network Protocol, Network RoutersWordPress website using WPSeku from My Hack Stuff.

The post Username, E-mail Search and Investigation appeared first on My Hack Stuff.

]]>
https://myhackstuff.com/username-e-mail-search-and-investigation/feed/ 0
People Search Engine? A Knowledge Base Review https://myhackstuff.com/people-search-engine-a-knowledge-base-review/ https://myhackstuff.com/people-search-engine-a-knowledge-base-review/#respond Tue, 07 Aug 2018 13:24:33 +0000 https://myhackstuff.com/?p=1128 What Is a People Search Engine? People search engines are similar to typical search engines; people search engines index online content but focus on people’s personal details and store the results in huge databases to return information upon request. Different parameters are used to search for people on these sites such as target e-mail address, phone […]

The post People Search Engine? A Knowledge Base Review appeared first on My Hack Stuff.

]]>
What Is a People Search Engine?

People search engines are similar to typical search engines; people search engines index online content but focus on people’s personal details and store the results in huge databases to return information upon request. Different parameters are used to search for people on these sites such as target e-mail address, phone number, social username, and full name. Some websites offer additional search parameters such as relative names, mailing address, date of birth, known aliases, ages, and even photographs using a reverse image search technique. The databases used by people search engines to locate information are diverse. Find out how to locate someone online here.

For instance, many people search engines search within the deep web to extract information from source databases that typical search engines cannot reach; these include birth and death databases, public records (such as criminal and tax records), and other overlooked sources (such as information stored in proprietary databases). Please bear in mind that the people search engines will also index results from social media platforms such as Facebook and LinkedIn, making them a convenient solution to return comprehensive result sets.

Online investigators (such as law enforcement and intelligence services) need people search engines to acquire accurate information about their targets; other parties are also interested in using such services. For example, employers can conduct background checks on their perspective employees, and individuals can look up the amount of personal information that is revealed about themselves online.

What Are Public Records?

We already talked about people search engines; these sites derive part of their results from public repositories. So, what do we mean when we say public records? Public records consist of information that has been mostly produced by government entities and is meant to be nonconfidential. Every person on Earth has a set of public records. For example, the most important mandatory public records of every human is their birth and death records! Different countries handle public records differently, as public records will contain personally identifiable information (PII) about people, and exposing such details to the public is subject to law.

In the United States, access to national public records is governed by the Freedom of Information Act (FOIA),i which clearly states that any person has the right to obtain access to government information in executive branch agency records. Until now, the United States was the only country in the world that gives unrestricted access to public records of its citizens. This means searching for United States citizens and residents returns richer results compared with other countries.

Government records come in different types such as text, photographs, and maps, and they are stored in paper and electronic formats as well such as CD/DVDs, tapes, and computer databases. Aside from laws regulating access to public records, what you need to know is that many online services offer access to such data for free or in exchange for a small fee.

Example of Public Records

Public records contain different types of information. The following list categorizes the records into groups based on type of information; however, the following list is not inclusive of all types:

  1. Birth records
  2. Death records
  3. Marriage records
  4. Divorce records
  5. Address records
  6. Criminal records
  7. Court/litigation records
  8. Voting records
  9. Driver license records
  10. Education history
  11. Property records
  12. Tax/financial records
  13. Weapon permits
  14. Traffic violations
  15. Bankruptcy records
  16. Sex offender records
  17. Professional licenses
  18. E-mail records
  19. Telephone records
  20. Census records

Thanks for reading now let me recommend you some other practical guides about penetration testing of Remote Access Protocols, Remote Desktop ProtocolSSH Network Protocol, Network RoutersWordPress website using WPSeku from My Hack Stuff.

The post People Search Engine? A Knowledge Base Review appeared first on My Hack Stuff.

]]>
https://myhackstuff.com/people-search-engine-a-knowledge-base-review/feed/ 0
How to Locate Someone Online? https://myhackstuff.com/how-to-locate-someone-online/ https://myhackstuff.com/how-to-locate-someone-online/#respond Tue, 07 Aug 2018 13:09:53 +0000 https://myhackstuff.com/?p=1125 Locate Someone Online Techniques Introduction In this article we are going to discuss about how to locate someone online? There are various techniques to locate someone online. Following are the most popular sites used to locate information about people online. TruthFinder: Popular site to locate someone online TruthFinder is one of the most popular people […]

The post How to Locate Someone Online? appeared first on My Hack Stuff.

]]>
Locate Someone Online Techniques Introduction

In this article we are going to discuss about how to locate someone online? There are various techniques to locate someone online. Following are the most popular sites used to locate information about people online.

TruthFinder: Popular site to locate someone online

TruthFinder is one of the most popular people search engines; it is a public search record that gives instant access to a wide set of personal information about anyone living in the United States. TruthFinder has a huge database of social media profiles, address history, contact information, public records (federal, country, and state data sources), and other commercial sources. You can search using the target’s first and/or last name in addition to the city/state where the target lives or lived before.

TruthFinder scans the deep web of Internet resources to fetch results from places that conventional search engines cannot operate; it also searches the dark web for exposed personal information, providing a great service for anyone who may suspect that their personal details have been sold on the dark web (it offers a free dark web monitoring service for its registered members). A valid search in TruthFinder will produce a report with detailed information about the target such as birth and death records, property records, criminal records, education history, work history, location history, social media and dating profiles, relatives’ names, family members, contact information, and more.

411 : Another site to locate someone online

On 411 you can search for people within the United States. Search parameters include the full name, location, reverse phone lookup, e-mail, and business. The free account returns basic information such as location, contact information, and possible relatives; however, the paid subscription returns in-depth results.

Pipl : A popular site to locate someone online

Pipl is another popular way to locate someone online and people search engine that covers the entire world. It allows you to search for people using their e-mail address, phone number, or social username. Pipl collaborates with other people search engine services to return comprehensive results. These services can be accessed by clicking the sponsored links that appear on your search result page. The current associates are Peoplelooker.com, Archives.com, and Spokeo.com. These services charge fees for giving deeper details about the person of interest.

These are other important people search engines that you should consider during your search:

Spokeo : This is a commercial people search engine that gives detailed reports about any target.

TruePeopleSearch : You can search by target name, reverse phone, and reverse address. The service is free and shows the contact information (phone and e-mail) in addition to current and previous addresses.

US Search : This gives basic information about the person of interest such as address, relatives, work, and age. To unlock the full profile, you need to pay for a premium subscription. The service is limited to the United States only.

Peek You : This is another popular way to locate someone online, aggregates information from social media profiles, news sources, blogs, and other public databases. To unlock the full details, you need to pay.

Zaba Search : You can find people in the United States using a name or phone number. The service is free, and you can register using your Facebook account for free to get the benefits of the premium service and another popular way to locate someone online

White Pages : You can search for people within the United States using their name, phone number, business, or address. The White Pages database includes more than 500 million people. The free subscription account gives the following information about the person of interest: landline numbers, current and previous residences, relatives, and associates.

Been Verified : You can search for people within the United States using their name, phone, e-mail, or mailing address. The basic report gives general information about the subject, while the commercial subscription gives a detailed report about anyone, including criminal records (where available) and property tax records. This service is popular in the United States and used by millions each year.

Address Search : You can search for someone’s e-mail or mailing address using a name and location. The service is limited to the United States.

Lullar : You can search social media websites using the target’s e-mail address or first and last names or username.

Yasni : You can search for people based on their work history.

My Life : This is another popular way to locate someone online shows the reputation score of any target based on the information gathered from government, social, and other sources, plus personal reviews written by others. To unlock the full report, you need to register and pay for the service.

Snoop Station : You can search for people using their full name and location. This is a commercial service.

Advanced Background Check : You can give basic details about the target such as mailing address, phone, and e-mail; to unlock the full details, you need to pay.

Family Tree Now : Discover your family tree by searching with first and last names and city/state. This is a free service.

Radaris : This is another popular way to locate someone online and a public record deep search engine; it returns comprehensive information about a target. It also lists the online mentions about the target such as résumé, business records, publications, videos and images, social networking profile, and web references.

Profile Engine : This is is another popular way to locate someone online and a social network search engine.

Info Space : This is a metasearch engine that returns comprehensive results from different public data sources and other people search engine sites.

Cubib : You can search millions of online data records for free. Aggregated data is derived from people search, marketing data, property records, vehicle records, court records, patents, business registration, domain name registration, and White House visitation records.

Fast People Search : This is a reverse name, address, or phone lookup for free.

Speedy hunt : You can search for people in the United States and return a detailed report where available about them, which include arrest and sex offender records. You need to pay to use this service.

That’s Them : You can search for people using their name, address, phone, and e-mail for free.

Webmii : You can search for people and for their visibility score for free.

How Many of Me : You write the name, and the site will return the number of people in the United States who have your entered first and last names.

Genealogy : You can search family history records using the information originally posted in GenForum.

Sorted By Name : This is another popular way to locate someone online  and a list of links to genealogy details based on the first letter of the person’s surname mentioned on other websites.

Vital Records

A major portal for locating vital records within the United Sates is Vitalrec . This site tells you how to obtain vital records (birth certificates, death records, and marriage license information) from each state and territory in the United Sates. All you need to do is to select the person of interest’s state and then browse the available vital records links for that area. This should be your first place to search for vital records in the United Sates.

Please note that Vitalrec.com does not store any information in its database; it just offers links directly to each state’s page, and it mentions where and how to get state’s vital records. The international section  gives details on where to find such information in other countries.

Vital records are government records usually created by local authorities. They include birth and death records, marriage licenses, and divorce decrees. When searching for vital records, the returned result will usually come with the target’s personal details. For instance, a birth record will usually come with the parent’s full name, the child’s name, and the place where the event took place. The death record will come with the location where the person buried, a death certificate, and the name of the person who reported the event to the authorities.

Marriage records will hold the couple’s parents’ names and the place where the marriage was registered. Finally, the divorce record will hold information about the couple’s children’s names. Other related records such as ancestry records (offered by some databases) and the mailing address of the person of interest can also appear when searching in vital records.

Sorted by Birth Date : This site uses the Death Master File as of March 2014. The Death Master File is a database made publicly available by the US Social Security Administration since 1980, it contains personal information about people who had Social Security numbers and whose deaths were reported to Social Security Administration from 1962 to present.

DeathIndexes : This site holds a directory of links to websites with online death indexes categorized by state and country.

Family Search : This is a U.S. Social Security death index.

Find a Grave : You can find information about people, including their birth, death, and burial information, and it may include pictures, biographies, family information, and more. The site holds more than 170 million memorials in its database.

Deaths of U.S. citizens in foreign countries : This is a record of deaths overseas.

Obits Archive : You can search more than 53 million U.S. obituaries here.

U.S., Department of Veterans Affairs BIRLS Death File, 1850–2010 : This database contains birth and death records for more than 14 million veterans and VA beneficiaries who died between the years 1850 and 2010.

Melissa : This displays a list of people who have died in the last 24 months within the United States.

Deceased Online : This is the central database for U.K. burials and cremations.

National Records of Scotland : This includes links to births, deaths, and marriage government records in Scotland and selected countries like the United States and Canada.

Find My Past : You can search for vital records in the United Kingdom, Australia, New Zealand, the United States, Canada, and Ireland.

Forebears : International genealogical records are kept here. Select your country and record type to display related results.

Thanks for reading now let me recommend you some other practical guides about penetration testing of Remote Access Protocols, Remote Desktop ProtocolSSH Network Protocol, Network RoutersWordPress website using WPSeku from My Hack Stuff.

The post How to Locate Someone Online? appeared first on My Hack Stuff.

]]>
https://myhackstuff.com/how-to-locate-someone-online/feed/ 0
Ultimate guide for Encryption Techniques 2018 https://myhackstuff.com/ultimate-guide-for-encryption-techniques-2018/ https://myhackstuff.com/ultimate-guide-for-encryption-techniques-2018/#respond Mon, 06 Aug 2018 07:11:52 +0000 https://myhackstuff.com/?p=1121 Introduction to Encryption Techniques In this article we’ll discuss encryption techniques. Encryption provides a robust set of techniques to ensure secure transactional sensitive data flows online, thus preventing hackers and cybercriminals from accessing sensitive content, even if they succeed in capturing the transmitted encrypted data. The mathematical formulas involved in today’s cryptographic standards are enough […]

The post Ultimate guide for Encryption Techniques 2018 appeared first on My Hack Stuff.

]]>
Introduction to Encryption Techniques

In this article we’ll discuss encryption techniques. Encryption provides a robust set of techniques to ensure secure transactional sensitive data flows online, thus preventing hackers and cybercriminals from accessing sensitive content, even if they succeed in capturing the transmitted encrypted data. The mathematical formulas involved in today’s cryptographic standards are enough to prevent most attackers from decrypting stolen data. In this section, we will present some tools and advice that helps you to keep your confidential data private by encrypting it.

Securing Your Passwords

Make sure to secure your online accounts using strong, complex passwords. It is also highly recommended to change your password every three months. There are many free tools to aid you in the password generation process. Such tools will produce highly secure passwords that contain a combination of letters, numbers, and symbols. Here is a list of some of these tools:

Free Password Generator

PWGen

Many websites offer online password generation services. However, we prefer not to use such services because your password can be intercepted while traveling to your PC. To store your passwords, you should use a security program to keep them safe; using a password manager program is essential to keep all your passwords in a safe location. A password manager encrypts the database that contains your credentials and protects it with a master password. This is the only password you must remember.

KeePass Password Safe

Master Password

Password Safe

Encrypting Your Hard Drive/USB Sticks

Encrypting data becomes essential in today’s digital age as it considered the last line of defense if an attacker successfully gains access to your confidential data. In other words, encryption will be your last hope to prevent the compromise, use, or disclosure of your sensitive information to the public or to your enemies. Keeping stored information on a hard drive secure is easy when using encryption software. For instance, Windows provides a built-in encryption utility that is available for most of its versions (Windows 7 and beyond) called BitLocker. Using this utility is easy; all you need to do is to right-click the drive you want to encrypt and select Turn on BitLocker. A wizard will appear that walks you through all the steps to configure your drive encryption (setting a password and storing a recovery key).

There are many reputable disk encryption software applications that provide disk and even OS partition encryption. VeraCrypt is supported on all major OSs. It can encrypt hard drives including OS partitions and USB stick drives. VeraCrypt also creates encrypted vaults that can be used to store data and then transfer it into a USB stick or send it over the Internet securely. You can check the documentation section for how to use this tool in different scenarios.

DiskCryptor offers encryption of all disk partitions, including the system partition. It is supported only on Windows OS.

Cloud Storage Security

Most people are using cloud storage to back up and store their sensitive data (such as documents, personal pictures, contact lists, address books, and the like). The many security incidents that have taken place lately with major cloud service providers shows that their security measures alone may not be enough to stop such compromises. To counter such risks, don’t rely on the cloud service provider to secure your data. Always encrypt your data before uploading it to the cloud and make sure to have a backup copy stored somewhere else when dealing with sensitive data. Here are two programs that can be used to secure your data before uploading it to the cloud:

Duplicati uses AES-256 or GPG to encrypt your data before sending it to the cloud.

Cryptomator uses AES-256 to encrypt your data and uses SCRYPT to protect against brute-force attacks. It works by creating an encrypted vault (a virtual hard drive on your local machine that encrypts everything inside it before uploading it to the cloud provider). Please note that compression programs like 7-Zip and PeaZip also offer encryption features, so you can compress and protect your files with a password before uploading it to the cloud.

Secure E-mail Communications

Whenever an e-mail is sent, it should be encrypted to assure the integrity and confidentiality of its contents. In today’s digital age, e-mail becomes the main means of communications for both individuals and public/private organizations, and breaching this communication medium would have a serious consequence. E-mail data breaches occur daily to assure that the contents of your emails are secure, so you should use encryption software. Detailing how to incorporate encryption in your e-mails is beyond this book’s scope. However, in this context, you should understand that when sharing information with colleagues (e.g., as part of your OSINT investigation) through e-mails, you should take care to encrypt it first. In this section, we will give you resources and tools to learn how to do this. However, if you want to understand the ins and outs of e-mail encryption, you should check out our book Digital Privacy and Security Using Windows: A Practical Guide (Apress, 2017).

Gpg4win (GNU Privacy Guard for Windows) allows you to create cryptographic keys (public and private keys), encrypt files and folders, and sign your e-mails before sending (digital signature). Gpg4win is the official GnuPG distribution for Windows. Another implementation of the GnuPG project to be used on other platforms.

Mozilla Thunderbird can be configured to use GnuPG on all major platforms through installing the Enigma add-on, which adds OpenPGP message encryption and authentication to the Thunderbird e-mail client. It features automatic encryption, decryption, and integrated key management functionality.

You can direct your Thunderbird e-mails through the Tor Network by using an extension for Mozilla Thunderbird called TorBirdy. According to its creators (it belongs to the Tor project), TorBirdy is still in beta release and should not be used to secure communications in extremely hostile environments. You can find information on how to install and use this extension.

A browser extension is available for both Firefox and Google Chrome called Mailvelope that can be used with most web e-mail services. It allows its users to exchange encrypted e-mails using the OpenPGP encryption schema. You can either generate your key pair or import existing one (for example, from Kleopatra). You can use this extension without installing any tools except the extension on your browser. It is open source and available here. However, we do not recommend encrypting messages within web browsers because this will make them more vulnerable to cyberattacks that regularly hit browsers.

Secure E-mail Providers

If you prefer to use a webmail for some of your tasks, it is advisable to use a secure endto-end e-mail provider that offers extended security features for your e-mail account. For instance, ProtonMail is different from other regular e-mail providers in many ways. It is based in Switzerland and follows its jurisdiction, which is considered the best one in the world in terms of protecting user privacy. ProtonMail uses two passwords to protect your e-mail account. The first one authenticates your account credentials on the server, and the second decrypts your inbox within your web browser or app, meaning that it never goes online to the ProtonMail server. If you are exchan e-mails with another ProtonMail user, you can safely set your emails to destroy itself within a time limit in addition to sending encrypted e-mails to other ProtonMail users. It is especially useful to destroy sensitive e-mails automatically on both sides of the communications. Finally, if you want to use an e-mail for only one time (for example, to activate some services anonymously), you can go with any of the following two services:

Hidester

Guerillamail

 Secure IM and Online Calling Services

IM conversations are another form of communications that you may need to protect. No one can guarantee that giant IT providers that offer free IM, voiceover IP, and video conference services do not log your chat—or at least the metadata of the conversation such as date/time and login IP address—for some period. We cannot discuss the security features of each available application in this book. However, we will focus on the security feature that makes one application more secure than the rest. For instance, most VoIP and chatting applications work the same way. They encrypt the messages exchanged between the people involved in the conversation, but they do not encrypt the message metadata. The best secure VoIP/IM application is one that has the following technical characteristics: it should be open source so its code can be audited by independent security experts, it should not offer/show ads or any type of commercial advertisements, the provider and hence the app should not store the decryption key on its server so no one can request the key to decrypt user data, it should not store any metadata about the user connection, and the user contact list should not be stored on the app server and if necessary it should be saved encrypted. It should offer clear options to choose what you want to backup before sending it to the cloud provider. The following are some popular secure and well-supported messaging apps:

  1. Tor Messenger Although it still in beta version, this is considered the best secure IM chat. Traffic is directed through the Tor Network for maximum anonymity.
  2. Cryptocat is an open source secure messaging application, it encrypt all communication by default and allows for secure sharing of files online.
  3. Signal: This is a secure messaging and VoIP app; it is easy to use and offers similar functions as WhatsApp and Viber Apps. This app runs on Android and iPhone devices only.
  4. Ghost Call: This is an end-to-end encrypted calling service.
  5. ChatSecure: This IM program works only on iOS when it is configured to use OTR over XMPP.

Thanks for reading now let me recommend you some other practical guides about penetration testing of Remote Access Protocols, Remote Desktop ProtocolSSH Network Protocol, Network RoutersWordPress website using WPSeku from My Hack Stuff.

The post Ultimate guide for Encryption Techniques 2018 appeared first on My Hack Stuff.

]]>
https://myhackstuff.com/ultimate-guide-for-encryption-techniques-2018/feed/ 0
Avoid Spamming Techniques (Ultimate Guide in 2018) https://myhackstuff.com/avoid-spamming-techniques/ https://myhackstuff.com/avoid-spamming-techniques/#respond Thu, 02 Aug 2018 21:16:03 +0000 https://myhackstuff.com/?p=1113 In this knowledge base article we’ll discuss how to avoid spamming techniques. When we hear the word spam, do you know what comes to our mind? We think of all those annoying emails with their poorly worded and often obscene messages that clutter your inbox daily and we want to avoid spamming. That’s spam, all […]

The post Avoid Spamming Techniques (Ultimate Guide in 2018) appeared first on My Hack Stuff.

]]>
In this knowledge base article we’ll discuss how to avoid spamming techniques. When we hear the word spam, do you know what comes to our mind? We think of all those annoying emails with their poorly worded and often obscene messages that clutter your inbox daily and we want to avoid spamming. That’s spam, all right, but there’s another kind of spam that’s directed at search engines. In this knowledge base article, you find out about spam techniques that some websites use to fool or trick the search engines into delivering a higher listing on the SERPs or results page.

What is Spam and how to avoid spamming?

When you normally think of spam or to avoid spamming, the first thing that comes to mind is either the canned meat product or the junk email that’s clogging up your inbox. When we here in SEO‐land talk about spam, however, we mean something a little different than meat by‐products, unwanted emails, or British comedy troupes. Search engine spam (also sometimes known as spamdexing) is any tactic or web page that is used to deceive the search engine into a false understanding of what the whole website is about or its importance.

Any time you think you can achieve higher rankings by deceiving the search engines, you’d better think again! Google and the other engines get better all the time at sniffing out spam, and the penalties can be harsh. Even inadvertent spam can get a website in trouble, so in this knowledge base article we go over some of the more popular and dangerous methods that have been used. Then we delve into the guidelines search engines use to define what they consider spam, as well as our search engine optimization (SEO) code of ethics to help keep you and your blog/site in the clear.

It can be external or internal to your website, it may violate the search engines’ policies directly, or it may be a little bit sneakier about its misdirection. How spam is defined depends on the intent and extent and how to avoid spamming? What is the intent of the tactic being used, and to what extent is it being used? If you stuff all your metadata (text added into the HTML of a page describing it for the search engine) full of keywords (words or phrases relating to your site content that search engines use to determine whether it’s relevant) with the sole intent of tricking the search engine so that your page will receive a higher page rank on the results page, that’s spam. Also, if you do that all over your website, with your Alt attribute text (text used to describe an image for the search engine to read), your links, and keywords, trying to trick the search engine spider (the little programs that search engines use to read and rank websites) into giving you the highest rank possible, it’s a little harder to claim to the search engine that it was simply an accident and it was done out of ignorance.

Most technologies that are used in the creation, rendering, and design of websites can be used to trick the search engines. When a website tries to pull a fast one, or the search engines even so much as perceive it did, the search engines consider that website spam. Search engine companies do not like spam. Spam damages the reputation of the search engine. They’re working their hardest to bring you the most relevant results possible, and spam‐ filled pages are not what they want to give you. Users might not use the search engine again if they get spammy results, for starters. So if someone’s caught spamming, that person’s site could be penalized or removed entirely from the search engine’s index (the list of websites that the search engine pulls from to create its results pages).

How to discover the types of spam and avoid spamming?

In the following sections, we talk a little about what types of spam there and to avoid spamming are in SEO‐land and what not to do in order to keep your site from getting penalized or even pulled out of the engines by accident. Spam is any attempt to deceive the search engines into ranking a page when it does not deserve to be ranked. In the following sections, we describe spam that is known to be detected and punished by the search engines.

Do not attempt any of the discussed methods, because they will result in your site being branded as a spammer. This knowledge base article is not meant to cover every type of spam out there on the web. It’s just meant to give you the knowledge you need to recognize when a tactic might be venturing down the wrong path. Spammers use other advanced techniques that may also be detectable by the search engines, so avoid any attempt to deceive the search engines.

Hidden text/links Guide another avoid spamming guide

One of the more obvious ways to spam a site is to insert hidden text and links in the content of the web page (the content of a site being anything that the user can see). All text has to be visible to the user on the site. Hidden content can be defined as text that appears within the rendered HTML code that is not visible on the page to the user without requiring user‐interaction in order to see it. Hidden text can simply be a long list of keywords, and the hidden links increase the site’s popularity. Examples of using hidden text and links are listed below

  • White text/links on a white background: Putting white text and links on a white background renders the text invisible to the user unless the text is highlighted by right‐clicking on the mouse. Spammers can then insert keywords or hyperlinks that the spiders read and count as relevant.
  • Text, links, or content that is hidden by covering it with a layer so that it is not visible: This is a trick that people use with CSS. They hide spiderable content under the page that can’t be seen with the naked eye or by highlighting the page.
  • Positioning content off the page’s view with CSS: This is another programming trick spammers use.
  • Links that are not clickable by the user: Creating a link that has only a single 1‐x‐1 pixel as its anchor, that uses the period on a sentence as the anchor, or that has no anchor at all. There’s nothing for a user to click, but the engine can still follow the link. Using invisible or hidden text is a surefire way to get your site banned so that it no longer shows up in the engines. The reasoning behind this is that you would want all your content visible to the user, and any hidden text is being used for nefarious purposes. Usually, you find this as white text on a white background, but it could be any color as long as it’s not visible to a user (black on black, gray on gray, and so on). This is spam and will get your site banned.

What are Doorway pages? another avoid spamming guide

A doorway page is a web page submitted to search engine spiders that has been designed to satisfy the specific algorithms for various search engines but is not intended to be viewed by visitors. Basically they do not earn the rankings but instead deceive the search engines into rankings by design and keyword‐stuffing tricks that you’d never want to put on a page for a user to see. Doorway pages are there to spam the search engine index (the database of information from which search engines draw their primary results) by cramming it full of relevant keywords and phrases so that it appears high on the results page for a particular keyword, but when the user clicks it, he or she is automatically redirected to another site or page within the same site that doesn’t rank on its own. Doorway pages are there only for the purpose of being indexed, and there is no intention for anyone to use those pages. Sometimes more sophisticated spammers build a doorway page with viewable, relevant content in order to avoid being caught by the search engine, but most of the time a doorway page is made to be viewed only by a spider. Doorway pages are often used in tandem with deceptive redirection.

Deceptive redirection another avoid spamming guide

This may be happened to you also for example you do a search for a cartoon you used to love as a kid, and you click one of the links on the results page. But instead of the page you were expecting, you get an entirely different website, with some very questionable content. What just happened? Behold the headache that is deceptive redirection.

Deceptive redirection is a type of coded command that redirects the user to a different location than what was expected via the link that was clicked. Spammers create shadow page/domains that have content that ranks for a particular search query (the words or phrase you type into the search text box), yet when you attempt to access the content on the domain, you are redirected to a shady site (often having to do with porn, gambling, or drugs) that has nothing to do with your original query.

The most common perpetrators of deceptive redirects are also a spam method: doorway pages. Most doorway pages redirect through a Meta refresh command (a method of instructing a web browser to automatically refresh the current web page after a given time interval). Search engines are now issuing penalties for using Meta refresh commands, so other sites will trick you into clicking a link or using JavaScript (a computer programming language) to redirect you.

Google now considers any website that uses a Meta refresh command or any other sneaky redirect (such as through JavaScript) to be spam. Not all redirects are evil. The intent of the redirect has to be determined before a spam determination can be made. If the page that you are redirected to is nothing like the page expected, it is probably spam. If you get exactly what you expect after a redirect, it probably isn’t spam.

What is cloaking? Avoid Spamming Guide

Another nefarious form of spam is a method called cloaking. Cloaking is a technique in which the content presented to the search engine spider is different from that presented to the user’s browser, meaning that the spiders see one page while you see something entirely different. Spammers can cloak by delivering content based on the IP addresses (information used to tell where your computer or server is located) or the User‐Agent HTTP header (information describing whether you’re a person or a search engine robot) of the user requesting the page.

When a user is identified as a search engine spider, a server‐side script delivers a different version of the web page, one that contains content different from the visible page. The purpose of cloaking is to deceive search engines so they display the page when it would not otherwise be displayed. Like redirects, cloaking is a matter of intent rather than always being evil. There are many appropriate uses for this technique. News sites use cloaking to allow search engines to spider their content while users are presented with a registration page. Sites selling alcohol require users to verify their age before allowing them to view the rest of the content, while search engines pass unchallenged.

Unrelated keywords another avoid spamming guide

Unrelated keywords are a form of spam that involves using a keyword that is not related to the image, video, or other content that it is supposed to be describing in the hopes of driving up traffic. Examples include putting unrelated keywords into the Alt attribute text of an image, placing them in the metadata of a video, or placing them in the Meta tags of a page. Not only is it useless, but it also gets your site pulled if you try it.

Keyword stuffing occurs when people overuse keywords on a page in the hopes of making the page seem more relevant for a term through a higher keyword frequency or density. Keyword stuffing can happen in the metadata, Alt attribute text, and within the content of the page itself. Basically, going to your Alt attribute text and typing porsche porsche porsche porsche over and over again is not going to increase your ranking, and the page will likely be yanked due to spam. There are also much sneakier methods of using keyword stuffing: using hidden text in the page, hiding large groups of repeated keywords on the page (usually at the bottom, far below the view of the average visitor), or using HTML commands that cause blocks of text to be hidden from user sight. Read guide about Stay Anonymous while using Windows 10.

Link farms another avoid spamming guide

You might envision a “link farm” as a pastoral retreat where docile links graze in rolling green pastures, but alas, you would be wrong. A link farm is any group of websites that hyperlink (a link to another part of the website) to all the other sites in the group. Remember how Google loves links and hyperlinks and uses them in its algorithm to figure out a website’s popularity? Most link farms are created through automated programs and services. Search engines have combated link farms by identifying specific attributes that link farms use and filtering them from the index and search results, including removing entire domains to keep them from influencing the results page. Not all link exchange programs are considered spam, however. Link exchange programs that allow individual websites to selectively exchange links with other relevant websites are not considered spam. The difference between these link exchange programs and link farms is the fact that the site is selecting links relevant to its content, rather than just getting as many links as it can get to itself.

Thanks for reading now let me recommend you some other practical guides about penetration testing of Remote Access Protocols, Remote Desktop ProtocolSSH Network Protocol, Network RoutersWordPress website using WPSeku from My Hack Stuff.

The post Avoid Spamming Techniques (Ultimate Guide in 2018) appeared first on My Hack Stuff.

]]>
https://myhackstuff.com/avoid-spamming-techniques/feed/ 0
Stay Anonymous while using Windows 10 https://myhackstuff.com/stay-anonymous-windows-10/ https://myhackstuff.com/stay-anonymous-windows-10/#respond Tue, 24 Jul 2018 22:27:53 +0000 https://myhackstuff.com/?p=1109 This is really a big question now that how we can stay anonymous while using Windows 10. Because compared with the previous Windows versions, Windows 10 comes equipped with enhanced security features for encryption and authentication. Windows 10 is also more robust against bootkits and rootkit attacks. To use the modern security features offered by […]

The post Stay Anonymous while using Windows 10 appeared first on My Hack Stuff.

]]>
This is really a big question now that how we can stay anonymous while using Windows 10. Because compared with the previous Windows versions, Windows 10 comes equipped with enhanced security features for encryption and authentication. Windows 10 is also more robust against bootkits and rootkit attacks. To use the modern security features offered by Windows 10, your computer must have certain hardware components.

Hardware components required to stay anonymous

  • Trusted Platform Module (TPM) version 2.0: This is used to store the cryptographic keys of BitLocker. This is a full disk encryption feature offered by some editions of Windows 10 (Windows 10 supports BitLocker on Pro, Enterprise, and Education editions).
  • Unified Extensible Firmware Interface (UEFI): This is the BIOS replacement used in modern certified Windows computers.
  • Fingerprint scanner: This enhances the traditional Windows authentication schema.

A retinal scanner and a 3D camera for facial recognition are highly recommended so you can activate the advanced biometric authentication scheme of the Windows 10 Hello feature. However, their existence in modern computers is still limited because they increase a computer’s price significantly. As we already said, Windows 10 enhances the regular Windows authentication by introducing a modern authentication mechanism called Hello.

This app allows a user to log in to a machine using a fingerprint, face, or even iris. User biometric data will not be stored anywhere online according to Microsoft for this feature to work. It is highly recommended not to use the Hello feature on the computer where you are going to conduct your OSINT search or using it for security purpose. It is always advisable to use the local Windows account when signing into Windows as no one can guarantee what might happen when you send your credentials or other sensitive information over an unsecured medium like the Internet.

Windows 10 comes equipped with many new features to personalize the user experience when using it. For instance, Cortana is a Windows digital assistance that allows a user to navigate Windows using voice commands; it also monitors user actions on Windows such as what the user types and searches for and personalizes future events according to this. To control Cortana’s collection and use of your data, check this page for more information, which contains instructions on how to disable it on different Windows devices. Several privacy configurations of Windows 10 are stored in one location. Windows 10 created a privacy dashboard that is accessed by pressing Windows key + i to access the Settings page and then selecting Privacy.

Everything in the Privacy dashboard is self-explanatory; it is advisable to disable everything you do not need and not to use the Microsoft Edge browser for conducting online searches. Skype, Dropbox, and Microsoft OneDrive are also not recommended for exchanging important files. This will also help you to stay anonymous while using Windows 10.

How to destroy digital traces in windows 10 and stay anonymous?

Data destruction is an important step in covering your digital traces when conducting OSINT searches. Digital traces/previous usage on the computer remain even after formatting it many times. There are three ways in which data and remnants of it—can be destroyed securely: physical, degaussing and logical destruction (sanitizing). We will briefly describe each technique, but let’s first talk about the different types of hard drives in use today.

There are two types of hard drives currently used in computing devices.

  • Hard disk drive (HDD): This is the old type that has been used since the early days of personal computers. It is a mechanical device that mainly consists of a metal platter (could be more than one) made of glass or aluminum coated with magnetic material to store data. HDDs are usually used for mass storage and cost less than SSDs.
  • Solid-state drive (SSD): This is a more advanced version of a drive. It does not contain any moving parts and has no platters. Instead, it stores data on small microchip units (like USB flash drives). SSD is faster and smaller than HDD but has a limited lifespan compared to HDD. Modern computers—and all smartphones and tablets—use SSD as the only storage unit type; however, this does not mean that HDD is going to fade away.

HDD is a mature technology, and it will remain in use for a long time according to many studies. For this book, let us see the difference between SSD and HDD in terms of data recovery. Recovering data from an HDD is relatively easy and can be conducted by any user with the appropriate tools. When you delete a file on an HDD, the file is not deleted directly; instead, only the pointer to this file on disk is deleted. This operation helps to speed up the deletion process, saving valuable time.

Recovering data from an SSD drive is quite difficult and impossible in many cases. For instance, an SSD uses a different mechanism when handling deleted files. All modern SSDs utilize the TRIM command when enabled. This command will remove deleted file data blocks instantly, allowing for another file to take up that space. This speeds up the writing process the next time the OS needs to write data onto the drive.

There are many approaches to implementing TRIM on SSD devices, depending on the OS in use. Some operating systems will execute TRIM instantly after each file deletion, while others will execute TRIM at regular intervals. Now, let’s see how data can be destroyed completely when using both types of hard drive. The following techniques are used to achieve this:

  • Physical destruction: This is the most secure and usually preferred method used by intelligence services and giant corporations to destroy classified and high-grade data assets. This technique works by physically destroying the storage medium—whether it is HDD, SSD, CD/DVD, or flash drive—so that it is no longer can be used.
  • Degaussing: This is another secure technique to prevent antirecovery techniques from recovering your data from the storage medium; it works by exposing the storage medium to the powerful magnetic field of a degausser to destroy the stored data magnetically. This technique works well with HDD. SSD devices are better destroyed physically to avoid the ability to recover top-secret data.
  • Logical destruction: This is the most widely used technique to destroy data while maintaining storage medium for future use. This technique works by using specialized software to cover the old data and remnants of data with random characters written by the wiping tool. There are many wiping algorithms already used to destroy data digitally in this way; some are more secure than others. However, what you should know when using such a technique to destroy data is that it cannot guarantee 100 percent removal of all data on your drive. Some advanced recovery techniques that are hardware based are still able to capture your old data, or at least parts of it (but doing so is costly and time-consuming). Logical data destruction techniques have some disadvantages too; they need time to finish because they must write random data multiple times (several passes) over all the available sectors on the hard drive.

In addition, this technique assumes your hard drive is working and writable to write the random data into it. Another challenge to wiping software comes when using it to wipe data stored using the RAID technology. This technology offers fault tolerance by mirroring data onto multiple disk drives in different physical locations. In such a situation, the wiping tool should track all mirrored data across all enterprise storage servers. Different standards have been developed to wipe data (logical data destruction) on hard drives.

Different programs exist to wipe your hard drives, and the majority support more than one wiping standard. I have mentioned free tools below.

DBAN The free version supports HDD only.

Eraser Open source; supports SSD.

CCleaner Drive wiper and Windows trace cleaner.

SDelete Erases data according to DOD 5220.22-M.

For SSD drives, the majority of SSD manufacturers offer utilities to erase data securely from their drives. You can check your SSD drive manufacturer’s website for such utilities.

Intel Solid State Drive Toolbox

Corsair SSD Toolbox

Samsung Magician

SanDisk SSD

Destroying your digital traces is important when conducting OSINT searches. Bear in mind that browsers, image-viewing software, Microsoft Office programs, and anything you do on your computer will leave digital traces. By using the advice in this section, you will make tracking your traces difficult and even impossible. This will also help you to stay anonymous while using Windows 10

Covering Your Laptop Camera to stay anonymous

Hackers and intelligence services go after computer cameras and microphones when targeting specific people. So, it is advisable to cover your webcams with tape for security reasons. This will also help you to stay anonymous while using Windows 10

Avoiding Pirated Software stay anonymous

Pirated software can include malicious payload like a Trojan or keylogger that can invade user privacy and spy on the computing device. It is strongly advised not to access pirated websites that distribute illegal contents such as Torrent websites. If you prefer to use freeware programs downloaded from the Internet, it is highly advisable to use your antivirus solution to scan them before executing them. To become more confident, you can scan the downloaded program with free scan services, which comes in handy when you want to scan a specific file/program using multiple antivirus engines.

VirusTotal is a free service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, Trojans, and all kinds of malware. All you need to do is enter the website URL you want to check or upload the file/program to see whether it is clear from malware threats. This will also help you to stay anonymous while using Windows 10.

Handling Digital Files Metadata stay anonymous

This will also help you to stay anonymous while using Windows 10. Metadata is data about data; it contains descriptive usually hidden information about the file it belongs to. Digital file metadata includes the author name, file size, location, creation date/time, and comments. Conceptually, all digital file types can include metadata. From a privacy perspective, users are mainly concerned about the metadata that exists in digital images, audio files, and video files. Microsoft Office and other digital text document creation software also contains a wealth of metadata.

Metadata usually comes stored in the digital file; however, some file types store it in a separate file. One metadata type existing within images files is EXIF. This is a standard that specifies the format for images, sound, and ancillary tags used by digital cameras (including smartphones), scanners, and other systems handling image and sound files recorded by digital cameras. EXIF data is embedded within the image file and works with JPEG images only. EXIF metadata can contain geolocation metadata in addition to a wide array of technical information. Other types include Extensible Metadata Platform (XMP), which supports different digital file types and is not limited to images, and the International Press Telecommunications Council (IPTC), which is considered an older meta-information format.

It is advisable to check the metadata of all digital files before uploading them to the Internet or sharing them with colleagues to avoid leaking private information about yourself and the device. There are many freeware tools that can view and edit a digital file’s metadata; we’ll begin with digital images. Exif Pilot is a free EXIF editor that allows you to view, edit, and remove EXIF, EXIF GPS, IPTC, and XMP data in addition to adding new tags and importing and exporting EXIF and IPTC to/from text and Microsoft Excel files. Other free tools that can be used to view image metadata are GIMP and XnView, which comes free for private and educational purpose. Read a complete guide about how to perform a DNS Leak here.

Windows comes with a built-in function that allows you to view and remove some metadata associated with documents and digital images. However, keep in mind that Windows may not be able to remove all EXIF tags, so if you intend on sharing important files, always use the suggested third-party tools already mentioned. To remove EXIF using Windows, right-click the image, select Properties, and go to the Details tab. At the bottom, click Remove Properties and Personal Information to open the EXIF removal tool. The tool lets you either create a copy of the image with all the metadata removed or pick and choose which properties to erase from the selected file. I hope you like this simple guide to stay anonymous while using Windows 10.

Thanks for reading now let me recommend you some other practical guides about penetration testing of Remote Access Protocols, Remote Desktop ProtocolSSH Network Protocol, Network RoutersWordPress website using WPSeku from My Hack Stuff.

 

 

The post Stay Anonymous while using Windows 10 appeared first on My Hack Stuff.

]]>
https://myhackstuff.com/stay-anonymous-windows-10/feed/ 0
How to perform a DNS Leak test and Stay Anonymous? https://myhackstuff.com/perform-dns-leak-test-stay-anonymous/ https://myhackstuff.com/perform-dns-leak-test-stay-anonymous/#respond Tue, 24 Jul 2018 05:41:55 +0000 https://myhackstuff.com/?p=1106 If you are using a VPN and other anonymity services you should perform a DNS leak test also because only using VPN does not guarantee that your web browsing history will not get revealed. Sometimes even though you are protecting your connection using a VPN, a connection leak can occur and reveal the real IP […]

The post How to perform a DNS Leak test and Stay Anonymous? appeared first on My Hack Stuff.

]]>
If you are using a VPN and other anonymity services you should perform a DNS leak test also because only using VPN does not guarantee that your web browsing history will not get revealed. Sometimes even though you are protecting your connection using a VPN, a connection leak can occur and reveal the real IP address without you being aware.

Guide to perform a DNS Leak test

Let me discuss that why such a leak occurs when part of your computing device traffic (DNS traffic) is not routed through the secure channel of the anonymity service you are using and hence the VPN. Instead, it gets directed to your ISP’s Internet servers, allowing them to potentially monitor and log the complete web browsing history, even though you’re using a VPN.

To ensure that your VPN provider is not vulnerable to this risk, you are strongly advised to test your connection directly after connecting to your VPN provider, you need to go to this website. There you will see two buttons along with your current IP address. The first button is labeled “Standard test,” and the second is “Extended test.” Click the second button for detailed results. 3. The detailed results page will show you a list of all the DNS servers (along with their locations) that are used to resolve your typed website URLs into IP addresses. If any of these servers are not related to your VPN provider company, this means your connection is leaking information about you.

Conclusion

Reputable VPN providers have a connection leak prevention mechanism. However, you need to make sure that your VPN provider has this feature enabled automatically for your connection. Always do DNS leak testing. Keep in mind that always traffic is tunneled through your VPN-encrypted tunnel and not through your ISP.

If you want to read knowledge base article about Raspberry Pi beginners guide read here.

Thanks for reading now let me recommend you some other practical guides about penetration testing of Remote Access Protocols, Remote Desktop ProtocolSSH Network Protocol, Network RoutersWordPress website using WPSeku from My Hack Stuff.

 

The post How to perform a DNS Leak test and Stay Anonymous? appeared first on My Hack Stuff.

]]>
https://myhackstuff.com/perform-dns-leak-test-stay-anonymous/feed/ 0