TOP - 16 INTELLIGENCE AGENCIES IN THE WORLD

INTELLIGENCE AGENCIES :

1. CIA (Central Intelligence Agency), USA -

Headquarters: Langley, Virginia

Founded: September 18, 1947

The Central Intelligence Agency (CIA) is a civilian foreign intelligence service of the federal government of the United States and its the first line of defense for the United States.

2. RAW (Research and Analysis Wing), India -

Headquarters: New Delhi

Founded: September 21, 1968

The agency's primary function is gathering foreign intelligence, counter-terrorism, advising Indian policymakers, and advancing India's foreign strategic interests. The agency came into being after the Sino-Indian war of 1962 and the India-Pakistan war of 1965.

3. Mossad, Israel -

Headquarters: Tel Aviv-Yafo, Israel

Founded: December 13, 1949

Mossad, meaning Institute for Intelligence and Special Operations, is the national intelligence agency of Israel. Mossad, like the CIA, has active agents spread across the world and are involved in intelligence gathering, covert operations and ‘protecting Jews and Jewish interests’.

4. ISI (Inter-Services Intelligence), Pakistan -

Headquarters: Islamabad\s

Founded: January 1, 1948

Officially, the ISI is responsible for providing security intelligence assessments to the government of Pakistan. ISI is Pakistan’s most important intel agency.

5. MI6 (Secret Intelligence Service), UK -

Headquarters: London

Founded: July 4, 1909

The Secret Intelligence Service, often known as MI6, collects Britain's foreign intelligence. It provides the government with a global covert capability to promote and defend the national security and economic well-being of the country.

6. GRU (Main Intelligence Agency), Russia -

Headquarters: Moscow

Founded May 7, 1992

“GRU” is the English version of the Russian intelligence agency, which means Main Intelligence Directorate. The GRU is Russia's largest foreign intelligence agency

7. MSS (Ministry of State Security), China -

Headquarters: Beijing

Founded: July 1, 1983

China's MSS is the civilian intelligence, security and secret police agency, which is responsible for counter-intelligence, foreign intelligence and political security.

8. NIA (National Investigation Agency), India -

Headquarters: New Delhi

Founded: 2009

The NIA can investigate terror cases across the country without having to get permission from the states. The agency investigates terror offences, waging war against the country, offences on nuclear facilities, etc. National Investigation Agency came into force after Parliament passed the National Investigation Agency Act 2008.

9. NSA (National Security Agency), USA -

Headquarters: Maryland, United States

Founded: November 4, 1952

NSA (National Security Agency) is a United States intelligence agency within the Department of Defense that is responsible for cryptographic and communications intelligence and security.

10. FSS (Federal Security Service), Russia -

Headquarters: Moscow

Founded: April 12, 1995

Federal Security Service is a Russian internal security and counterintelligence service created in 1994 as one of the successor agencies of the Soviet-era KGB.

11. BND ( Bundesnachrichtendienst), Germany -

Headquarters: Berlin

Founded: April 1, 1956

BND abbreviation of Bundesnachrichtendienst, The Federal Intelligence Service is the foreign intelligence agency of Germany. The BND headquarters is located in central Berlin and is the world's largest intelligence headquarters.

12. IB (Intelligence Bureau), India -

Headquarters: New Delhi

Founded: 1887

The major functions of the IB can be classified as counterintelligence, counterterrorism, VIP Security, anti-secession activities, intelligence collection in border areas and infrastructure protection. IB also maintains partnerships with foreign agencies, including security agencies in the USA, UK and Israel.

 

13. DGSE (General Directorate for External Security), France -

Headquarters: Paris

Founded: April 2, 1982

France's DGSE (Directorate-General for External Security) is equivalent to the British MI6 and the American CIA, the DGSE safeguards French national security through intelligence gathering and conducting paramilitary and counterintelligence operations abroad, as well as economic espionage.

 

14. FBI (Federal Bureau of Investigation), USA -
Headquarters: Washington, D.C.

Founded: July 26, 1908

The FBI is the nation's lead federal law enforcement agency for investigating and preventing acts of domestic and international terrorism.

 

15. ASIS ( Australian Secret Intelligence Service), Australia -

Headquarters: Canberra

Founded: May 13, 1952

The Australian Secret Intelligence Service is work relates to foreign intelligence in the interests of Australia's national security, foreign relations and national economic well-being.

16. CSIS (Canadian Security Intelligence Service), Canada -

Headquarters: Ottawa

Founded: June 21, 1984

CSIS was created in 1984 by the Canadian Security Intelligence Service Act, which gives it the power to investigate, collect, analyse and retain information and intelligence about activities that are suspected of being a threat to Canada, and to report to and advise the government of Canada.

Read More

What is IP address? Types of IP addresses

 

What is IP address?

An IP address is a unique address that identifies a device on the internet or a local network. IP stands for "Internet Protocol," which is the set of rules governing the format of data sent via the internet or local network.

In essence, IP addresses are the identifier that allows information to be sent between devices on a network: they contain location information and make devices accessible for communication. The internet needs a way to differentiate between different computers, routers, and websites. IP addresses provide a way of doing so and form an essential part of how the internet works.

Types of IP addresses

There are different categories of IP addresses, and within each category, different types.

Consumer IP addresses

Every individual or business with an internet service plan will have two types of IP addresses: their private IP addresses and their public IP address. The terms public and private relate to the network location — that is, a private IP address is used inside a network, while a public one is used outside a network.

Private IP addresses

Every device that connects to your internet network has a private IP address. This includes computers, smartphones, and tablets but also any Bluetooth-enabled devices like speakers, printers, or smart TVs. With the growing internet of things, the number of private IP addresses you have at home is probably growing. Your router needs a way to identify these items separately, and many items need a way to recognize each other. Therefore, your router generates private IP addresses that are unique identifiers for each device that differentiate them on the network.

Public IP addresses

A public IP address is the primary address associated with your whole network. While each connected device has its own IP address, they are also included within the main IP address for your network. As described above, your public IP address is provided to your router by your ISP. Typically, ISPs have a large pool of IP addresses that they distribute to their customers. Your public IP address is the address that all the devices outside your internet network will use to recognize your network.

Public IP addresses

Public IP addresses come in two forms – dynamic and static.

Dynamic IP addresses

Dynamic IP addresses change automatically and regularly. ISPs buy a large pool of IP addresses and assign them automatically to their customers. Periodically, they re-assign them and put the older IP addresses back into the pool to be used for other customers. The rationale for this approach is to generate cost savings for the ISP. Automating the regular movement of IP addresses means they don’t have to carry out specific actions to re-establish a customer's IP address if they move home, for example. There are security benefits, too, because a changing IP address makes it harder for criminals to hack into your network interface.

Static IP addresses

In contrast to dynamic IP addresses, static addresses remain consistent. Once the network assigns an IP address, it remains the same. Most individuals and businesses do not need a static IP address, but for businesses that plan to host their own server, it is crucial to have one. This is because a static IP address ensures that websites and email addresses tied to it will have a consistent IP address — vital if you want other devices to be able to find them consistently on the web.

This leads to the next point – which is the two types of website IP addresses.

There are two types of website IP addresses

For website owners who don’t host their own server, and instead rely on a web hosting package – which is the case for most websites – there are two types of website IP addresses. These are shared and dedicated.

Shared IP addresses

Websites that rely on shared hosting plans from web hosting providers will typically be one of many websites hosted on the same server. This tends to be the case for individual websites or SME websites, where traffic volumes are manageable, and the sites themselves are limited in terms of the number of pages, etc. Websites hosted in this way will have shared IP addresses.

Dedicated IP addresses

Some web hosting plans have the option to purchase a dedicated IP address (or addresses). This can make obtaining an SSL certificate easier and allows you to run your own File Transfer Protocol (FTP) server. This makes it easier to share and transfer files with multiple people within an organization and allow anonymous FTP sharing options. A dedicated IP address also allows you to access your website using the IP address alone rather than the domain name — useful if you want to build and test it before registering your domain.

 

Read More

Change IP Address on Windows usin command prompt

Change IP Address on Windows using command prompt in Less Than 30 Seconds

 

Step 1.  Click "Start" in the lower left corner of the screen

 

Step 2.   Click "Run"

 

Step 3.  Type "command" and press OK

You should now be at the MSDOS prompt screen.

 

Step 4.  Type “ipconfig /release” in the same way, and hit “Enter”

 

Step 5.  Type "exit" and leave the prompt

 

Step 6.  Right-click "Network Places" or "My Network Places" on your desktop.

 

Step7.   Click on "Properties"

 

You should now be on a screen with something titled "Local Area Connection", or something close to it, and,

If you have one network connected, so will all your other networks.

 

Step  8.  Right click on "Local Area Connection" and click on "Properties"

 

Step   9.  Double-click "Internet Protocol (TCP/IP)" from the list under the "General" tab.

 

Step   10.  Click on "Use the following IP address" under the "General" tab

 

Step   11.  create an ip address

 

Step   12.  Press "Tab" and it should automatically fill in the "Subnet Mask" section with the default numbers.

 

Step   13.  here press the "ok" button

 

Step   14.  Hit the "Ok" button again

You should now be back at the "Local Area Connection" screen.

 

Step   15.  Right-click on "Local Area Connection" and go to Properties again.

 

Step   16.  Go back to "TCP/IP" settings

 

Step   17.  This time, select "Obtain an IP address automatically"

 

Step   18.  hit "ok"

 

Step   19.  hit "ok" again

 

you now have a new ip address

Read More

Top 5 Phishing Simulators

 

Phishing

Phishing is the fraudulent attempt to obtain sensitive information or data, such as usernames, passwords and credit card details or other sensitive details, by impersonating oneself as a trustworthy entity in a digital communication. 

 

1. Phishing Frenzy

While this open-source Ruby on Rails application is designed as a penetration testing tool, it has many features that could make it an effective solution for internal phishing campaigns. Perhaps the most important feature is the ability to view detailed campaign stats and easily save the information to a PDF or an XML file. You can probably guess the “however” part that’s coming up: Phishing Frenzy is a Linux-based application, with installation not to be handled by a rookie.

2. King Phisher

With this open-source solution from SecureState, we are entering the category of more sophisticated products. King Phisher’s features are plentiful, including the ability to run multiple campaigns simultaneously, geo location of phished users, web cloning capabilities, etc. A separate template repository contains templates for both messages and server pages. User interface is clean and simple. What is not that simple, however, is installation and configuration. King Fisher server is only supported on Linux, with additional installation and configuration steps required depending on flavor and existing configuration.

3. SpeedPhish Framework (SPF)

Another Python tool created by Adam Compton. SPF includes many features that allow you to quickly configure and perform effective phishing attacks, including data entry attack vector (3 website templates are included, with possibility of using custom templates as well). While a tech-savvy security professional can have a lot of fun with SPF and will be able to run phishing campaigns against multiple targets, it is still mainly a pentesting tool, with many great features (such as email address gathering) being of little importance for someone performing internal phishing tests.

4. Social-Engineer Toolkit (SET)

Another tool from TrustedSec, which, as the name suggests, was designed for performing various social engineering attacks. For phishing, SET allows for sending spear-phishing emails as well as running mass mailer campaigns, as well as some more advanced options, such as flagging your message with high importance and adding list of target emails from a file. SET is Python based, with no GUI. As a penetration testing tool, it is very effective. As a phishing simulation solution, it is very limited and does not include any reporting or campaign management features.

5. SpearPhisher BETA

This tool isn’t trying to deceive anyone (other than its phishing targets). Developed by TrustedSec, SpearPhisher says it all right in the description: “A Simple Phishing Email Generation Tool.” With an emphasis on ‘simple.’ Designed for non-technical users, SpearPhisher is a Windows-based program with a straightforward GUI. It allows you to quickly craft a phishing email with customized From Email, From Name, and Subject fields and includes a WYSIWYG HTML editor and an option to include one attachment. You can send the crafted email to several recipients via adding email addresses to To, CC, and BCC fields. The program has been in Beta since 2013, so it’s not likely to see any updates in the near future.

 

Read More

What Is Encryption And Its Types

Encryption:

Encryption is a form of data security in which information is converted into ciphertext. Only authorized people who have the key can decipher the code and access the original plain text information.

 

encryption type

Here are some examples of common types of encryption used today.

 

triple dece

Triple Data Encryption Standard (DES), often written 3DES, is a variant of the original DES encryption algorithm that encrypts data three times. Triple DES uses three 64-bit keys, so the key length is 192 bits. Triple DES is a symmetric encryption, and the key is private. Because it encrypts data in 64-bit segments, Triple DES is considered a block cipher. Cipher Block Chaining (CBC), however, is an encryption mode that struggles at high data rates.

 

blowfish

Blowfish is an encryption technology designed by Bruce Schneier in 1993. Similar to Triple DES, Blowfish is a symmetric block cipher. Unlike Triple DES, Blowfish performs variable-length key encryption. Instead of setting 64-bit segments, Blowfish encrypts segments ranging from 32 to 448 bits. Blowfish is a patent-free and unlicensed encryption technology. For this reason, it is free and available for public use.

 

RSA

The RSA encryption key, named after its creators Ron Rivest, Adi Shamir and Leonard Edelman, is the standard encryption technique for protecting critical data. RSA is asymmetric cryptography, so there is a public key and a private key. The RSA algorithm uses prime factorization. Simply put, this key requires factorization of the product of two large prime numbers. Although it sounds simple, figuring out these two numbers can be tricky. Decrypting can be expensive and tedious, even for large computers. While RSA can be very useful, it becomes increasingly inefficient at higher security levels.

 

aes

Due to an increase in brute-force attacks on the original DES, the Advanced Encryption Standard (AES) was put into place in 2002. AES is a symmetric block cipher that was originally named Rijndael. This block cipher uses three different keys: AES-128, AES-192, and AES-256. These three keys are used to encrypt and decrypt 128 bits of information. Since its adoption, AES has been used to protect classified government information and sensitive data.

 

ECC

Elliptic Curve Cryptography (ECC) is a very advanced approach. Often based on a common public key algorithm, ECC combines elliptic curves and number theory to encrypt data. These elliptic curves lie within finite regions and are symmetric on the x-axis of a graph. Given these properties, cryptographers can provide strong security with very short and efficient keys. For example, an RSA key of 15,360 bits would be equivalent to an ECC key of just 512 bits.

Read More

Types of password attack and how it's work

 how it's work

The typical process followed by a password cracker includes these 

four steps:

Steal passwords by some nefarious means. That password is 

encrypted before it is stored using a hash. Hashes are mathematical 

functions that transform an input of arbitrary length into an 

encrypted fixed-length output.

Choose a cracking method, such as a brute-force or dictionary 

attack, and choose a cracking tool.

Prepare password hashes for cracking programs. This is done by 

providing an input to the hash function to create a hash that can be 

authenticated.

Run the cracking tool.

A password cracker may also be able to identify encrypted 

passwords. After retrieving the password from the computer's 

memory, the program may be able to decrypt it. Or, using the same 

algorithm as the system program, the password cracker creates an 

encrypted version of the password that matches the original.

password attack

1. Brute force attack

A brute force password attack is essentially a guessing game where the hacker tries various password combinations using the hacking software until they are able to crack the code. These hackers hope that their victims either reuse a password that has already been compromised or use a common phrase such as "12345".

 

2. Credential Stuffing

Credential stuffing is also a type of brute force attack that uses stolen credentials to break into your online accounts and profiles. In addition to using spyware and other types of malware to get what they want, the dark web often contains lists of compromised passwords for cybercriminals to use for their devious schemes. . Hackers can use these lists to carry out their credential stuffing schemes and exploit your data.

 
3. Social Engineering

Cyber thieves have a variety of skills - one of which is creating trustworthy websites. Password hackers create what are known as social engineering websites that they design to look like legitimate login pages. These cyber criminals send you to a fake login field that will not give you access to your account. It only records the information you type, giving cyber criminals exactly what they want.,

 

4. Dictionary Attack

Another sibling of the brute force attack family is the dictionary attack. These cyber attacks play on our habit of using single-word phrases as our passwords. The hacker can use automated password-guessing software to try each word in a dictionary as your password to see if they have any luck.

More advanced dictionary attacks Hackers develop a list of keywords specific to your life, such as birth dates, siblings/pet names, and/or past street names.

 

5. Keylogger Attack

A keylogger is spyware that is used to track and record what you type on your keyboard. Despite being legal to use, based on logic, hackers take advantage of this software by intentionally infecting vulnerable devices and recording private information without their knowledge.

 

6. Data Leak or Password Spray Attack

Password spraying is when a hacker uses a large number of stolen passwords – sometimes in the millions – on a small number of online accounts to see if they can gain access. Hackers use advanced automated password-guessing software that limits the number of attempts that can be made on an account. This prevents them from triggering security alerts and continues to try under the radar.

 

7.phishing

Password phishing attacks often come in the form of emails or text messages, diverting your attention to an urgent matter. The hacker may combine these messages with a link to a strategically designed social engineering website designed to trick you into logging into their profile. These websites will record the credentials you type in, giving an attacker direct access to your real account.

 

8. Man-in-the-middle attack

A man-in-the-middle attack uses phishing messages to pose as a legitimate business in order to accomplish the following goals:

Use malicious attachments to install spyware and record passwords

Embed links to social engineering websites to trick people into compromising their credentials

 

9. Traffic Interception

Traffic interception is also a type of man-in-the-middle attack. This is when password crackers eavesdrop on network activity to capture passwords and other types of sensitive information. There are several ways cyber criminals do this, one of which is to monitor unsecured Wi-Fi connections. But they can also use a tactic called SSL hijacking – when a cyber criminal intercepts the connection between a target and the legitimate site they are on and records any information shared between the two.

 

10. Shoulder surfing

Being aware of your physical surroundings is just as important as spotting suspicious activity online. One way hackers get passwords is by looking over people's shoulders in public as they type. People often focus on entering their password only to find that a nosy neighbor is looking out for them.

Read More

Password Cracking And Best Cracking Tools

 

How Password Cracking Works:

The typical process followed by a password cracker includes these four steps:

Steal passwords by some nefarious means. That password is encrypted before it is stored using a hash. Hashes are mathematical functions that transform an input of arbitrary length into an encrypted fixed-length output.

Choose a cracking method, such as a brute-force or dictionary attack, and choose a cracking tool.

Prepare password hashes for cracking programs. This is done by providing an input to the hash function to create a hash that can be authenticated.

Run the cracking tool.

A password cracker may also be able to identify encrypted passwords. After retrieving the password from the computer's memory, the program may be able to decrypt it. Or, using the same algorithm as the system program, the password cracker creates an encrypted version of the password that matches the original.

Best Password Cracking Tools:

1.) John the Ripper

John the Ripper is a good choice for a password cracking tool, mainly because of its open-source nature and support for a variety of platforms. The open-source nature means that the code is available to the public, so users do not have to worry about the legality of the software and the potential malware of malicious programs that may be deeply integrated into the software.

Link :https://www.openwall.com/john/

2.) hashcut

Known as the world's first and only in-kernel rules engine, Hashcat is another password cracking tool that can help recover various passwords, such as those used for WiFi, documents, and other file types. Is. Multiple platforms and operating systems are supported such as Windows, Linux and macOS for desktop. There's also mobile support for Android, iOS, and Windows Mobile.

Link: https://hashcat.net/hashcat/

3.) Medusa

Medusa is an online password-cracking tool that supports protocols such as HTTP, SSH, FTP, CVS, AFP, POP3, Telnet, and more. The software works as a login brute-forcer; Multiple credentials are inputted using as many protocols as possible to arrive at the correct password.

Link: https://www.kali.org/tools/medusa/

4.) THC Hydra

THC Hydra has seen many comparisons to Medusa as a password cracker, but there are notable differences between the two software. Like Medusa, THC Hydra is also an online password cracking tool that uses brute-force password guessing method. One important difference is that THC Hydra can be installed on Windows, macOS, Linux, FreeBSD, and Solaris, notably more platforms than Medusa supports. In addition to the brute-force method, THC Hydra can also use a dictionary attack using an external wordlist.

Link :https://www.kali.org/tools/hydra/

5.) WFuzz

WFuzz is another brute-force password-cracking tool, much like Medusa and THC Hydra. Another feature of the program is searching for hidden resources such as servlets, directories and scripts. The tool also supports multiple injection types with multiple dictionaries.

Link: https://www.kali.org/tools/wfuzz/

6. Brutus

Brutus can recover passwords and usernames from websites, operating systems, and other applications. True to its name, Brutus uses a brute-force dictionary attack to retrieve passwords.

 

7.) Rainbow Crack

RainbowCrack is another password cracker tool that uses Rainbow Table Attack to decipher passwords in hash form. The main technique used is a time-memory trade-off technique that can be accelerated with multiple GPUs. Users can use RainbowCrack to generate rainbow tables to use in the password cracking process or download pre-existing rainbow tables from the Internet.

Link : http://project-rainbowcrack.com/

8.) L0phtCrack

L0phtCrack is an open-source password cracking tool that can be used to crack Windows passwords. The main techniques used by L0phtCrack are dictionary attacks and brute-force attacks, which allows the program to generate and guess passwords.

9.) Ofcrack

OphCrack is a free, open-source password cracker that uses a rainbow table attack to decipher passwords. Specifically, the program cracks LM and NTLM hashes. LM hashes are for Windows XP and earlier operating systems, while NTLM hashes are for Windows Vista and later Windows operating systems.

10.) aircrack-ng

Aircrack-ng is a good alternative for cracking WiFi passwords, allowing users to crack passwords that use the WEP or WPA/WPA2 PSK standards. For techniques, Aircrack-ng uses a dictionary attack with several supported algorithms including PTW and FMS.

Link : https://www.aircrack-ng.org/

11.) Crackstation

Unlike most entries on the list, CrackStation does not have a standalone program installed on the computer. rather, crackus sed on any operating system, even on mobile.

Link : https://crackstation.net/

12.) Cain and Abel

Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocols. The program does not exploit any software vulnerabilities or bugs that could not be fixed with little effort. It covers some security aspects/weaknesses present in protocol's standards, authentication methods and caching mechanisms; Its main purpose is the simplified recovery of passwords and credentials from various sources, however it also ships some "non-standard" utilities for Microsoft Windows users.

Link: https://web.archive.org/web/20190603235413/http://www.oxid.it/cain.html

13.) HackBrowserData

It is an open-source tool that could help you decrypt data (password|bookmark|cookie|history|creditcard|download|localStorage|extension) from the browser. It supports the most popular browsers on the market and runs on Windows, macOS and Linux.

Note: This post is only for educational purpose, stay safe, stay ethical.

Read More