ETHICAL HACKINGRecently while being on lock down, I've been studying Ethical Hacking and how can someone penetrate, gain access, and bypass any security just to steal information on a certain target (single person or even a group). My first practice was to hack my own phone and it is was just easy as 1 2 3. Then, I chatted my friend that I would hack her, I her a malicious file/mobile app on my friend and ask her "
Just install it I just wanted to test if my mobile app can work on other devices." Then with that little
Social Engineering, I managed to gain access in here phone without her knowing. (ofcourse she didn't think it was possible) I've sent her a picture of her on her phone's front cam then teach her the lesson in which she was both amazed and shocked with how easy anyone could access other device. She then later accepted my actions as it was even a lesson for her.
I've also seen users in here that said their accounts was hacked. Below would contain some tips on how to prevent such events.
There are a lot of attacks that can be used to gain access, most commonly on Android and Windows devices.
COMMON ATTACKS- ANDROID HACKING
- APK FILE (Android Package) - never ever download any APK files online even those MOD (modified) apps that lets you use a premium-like service of a certain application (Spotify, Netflix, etc). One thing I've learned is that hackers can inject payloads (malicious scripts) on an existing APK file, meaning that they can have a malicious script running on an already trusted android application. And with a simple installation, hacker can gain access on your device, without you noticing!
- PDF FILE - never trust someone to make you view nor even download ANY pdf files! I've recently learned that a single pdf can even manage to gain an access on your android device without even any detection from Google's preinstalled anti-virus.
- WINDOWS HACKING
- ANY FILE!!! - Yes, you've read it right! There's an easy attack that can load/inject scripts and payloads on file formats such as Image files (JPEG, PNG, anything!), PDF Files, and even other Microsoft Office file formats! There is even a way to bypass any antivirus just with a single encryption of the script injected to the file, hence with a single execution, the attacker can easily gain access on your computer!
- WIRELESS HACKING
- PUBLIC WIFI - never ever connect to any public and open Wi-Fi! There's an attack that allows the hacker to use his Wi-Fi adapter (can be preinstalled on laptops, smartphones, wi-fi dongles) to monitor ALL the traffic that is going through the Wi-fi. Basically, Wi-Fi transfers data on the air not on a single unseen line but rather scatters it in the mid air, and just let the clients (users) fetch those data depending upon their Wi-fi connection's channel. Therefore, He can track and listen to the transfers of data, even focus on a single I.P/target, and fetch all the traffic (contains passwords, images, even chats!). The attacker can even send you fake websites of what your are visiting and let you input your credentials!
TIPS TO PREVENT SUCH ATTACKS- Android hacking attacks can be prevented easily by simply not trusting any anonymous offers and file/application downloads. Just focus on applications that is on your Playstore and not download anything from unknown sources, even those that can give you hacks on many subscription-based services and platforms!
- Preventing such Windows attacks is easy. Always keep your anti-virus updated (I personally suggests using Windows Defender that updates almost everyday and already preinstalled on any Windows distributions). Also, never download files that came from the internet even from simple emails from unknown sources. Better use Virtual Machines for downloading files so that the attacker cannot gain access on your main files.
- NEVER CONNECT TO ANY PUBLIC/OPEN WIFI. That's just a simple prevention that is much worth and better than any post-actions.
- USE STRONG PASSWORDS OR EVEN ENCRYPT IT! There are a lot of text-encryption such as base64 (can be repeated multiple times), TDES, AES, etc. Those I've mentioned are the pretty strong encryptions, you can even combine all the encryption to have a solid password. I use all of it one by one (from plaintext -> base64 -> etc..) then save the output as my password online. With that, the possibility of bruteforcing your password would be even less than zero.
I've posted this simply just to warn all the users on how can they be vulnerable digitally. There had been a lot of users whom still had been hacked here in the forum, and I hope the tips could be somehow helpful for them and make them less vulnerable to certain cyber attacks. This is only for educational purposes, please do not commit nor try
Hacking without further approval from someone you would test it.
Let me know if you have more suggestions or any clarifications with the thread!
