about 11 months ago - No comments
by bareform A hacker is a computer follower who enjoys programming, solving problems related to it, trying to increase computer capabilities, learning all the details of a particular piece of software, and so on. Sometimes the term hacker is also related to a person who gains unauthorized access to computer systems with some malicious intent.
about 11 months ago - No comments
by Claudio.Ar When a fortune-teller stares into her crystal ball she claims to see through to the misty future and offers guidance to those willing to hand over the required fee. However, she might be stumped when faced with questions about the state of tomorrow’s computer viruses, or whether or not there will be a
about 11 months ago - No comments
by Voxphoto If you are thinking to hack PSP then be sure that the hacking is not an easier task. When the PSP has launched then after few days it has found to get hacked. Hacking is done so to advance the gaming features of the Play station. This is done so that the people
about 11 months ago - No comments
How heart-wrenching is it to find out after adding Google Analytics to your website that the added code contains malicious codes, designed to download viruses on your visitors’ computers? Not very pleasing! Well, that is exactly what is happening to many website owners who have added the Google Analytics code to their websites. One website
about 11 months ago - No comments
In case you are new to dissemination examination I would suggest you to read this Penetration Testing with BackTrack article. I have already protected the major stages of dissemination examination. Here I would clarify methods and instruments which pen examiners and hackers on a standard basis use to assault targets. ATTACK- This is the major
about 1 year ago - No comments
by mightyohm LifeA5 Academy is an ethical hacking training institute based in india . Its in city agra and we do offer ethical hacking course ,seo , web designing , networking and penetration testing courses.Basically its a Ethical Hacking Institute .In current arena,hackers are continously breaching in one’s life and making them disturbed and the
about 1 year ago - No comments
by wiseleo If you acknowledge the foe and recognize yourself, you need not fear the result of a hundred battles. If you recognise yourself merely not the foeman, for every victory gained you volition also suffer a defeat. If you cognize neither the opposition nor yourself, you testament succumb in every battle.” – Sun Tzu,
about 1 year ago - No comments
It is known as Ethical Hacking, the act of being active in planning attacks over the website’s security and networking. It is the Penetration Testing that is referred to here in this article. Both known and unknown vulnerabilities that harms the overall integrity of a website and the system, its network, data is pointed out
about 1 year ago - No comments
by luisuribe_ If you acknowledge the foe and recognize yourself, you need not fear the result of a hundred battles. If you recognise yourself merely not the foeman, for every victory gained you volition also suffer a defeat. If you cognize neither the opposition nor yourself, you testament succumb in every battle.” – Sun Tzu,
about 1 year ago - No comments
by Steve Rhodes Ethical Hacking Training is always understood as hottest career for students. It is the technology, in which one protects computer, network and web servers.Now a days, computers are continuously attacked from many virus programs and people are facing many financial frauds.Ethical Hacking experts always help users to overcome these problems.For being a
about 1 year ago
While Google is a researcher’s friend, it is a hacker’s dream. The subtitle of Google Hacking for Penetration Testers is “Explore the Dark Side of Googling”. The dark side of Google is that far too many networks are insecure with inadequate security and enable unauthorized information to leak into Google. This leakage creates the situation where significant amounts of password files, confidential information, and configuration data and much more are easily available.
After reading Google Hacks: Tips & Tools for Smarter Searching, the real power and potential danger of Google is easily understood. Author Johnny Long details how penetration testers can harvest information that has been crawled by Google. The need for Google to be an integral part of any penetration test is now easily understood.
In a similar manner, when Dan Farmer wrote SATAN in 1995, it was met with significant consternation in that many felt he was wrong to release such a powerful program into the wild. Silicon Graphics, his employer at the time, considered his conduct unprofessional and summarily fired him. Ironically, in 2005, a security administrator can be fired if they don’t run a vulnerability scanner akin to SATAN. Running scanning tools is now part of security due diligence and any administrator not running such a tool is careless.
With that, some may think author Johnny Long gives far too much ammunition to those seeking to peruse corporate data, but those were the same mistaken objections to SATAN. The book is not meant to be a crutch for script kiddies, its aim is rather to show how Google can be used to uncover data that most companies would rather remain secured. It is simply a matter of time until such Google searches will be considered due diligence for any basic security endeavor.
The book’s 12 chapters show how one can plunder and pillage corporate data via Google. Chapters 1 and 2 provide a basic introduction to Google searching, including building Google queries, URL and operator syntax, search reduction, and more.
Chapters 3 through 10 detail the internals of Google hacking. The avenues of attack are nearly endless and various methods are detailed from traversal techniques, site crawling, tracking down Web server logins, and much more. With the sheer amount of data produced on corporate Web sites, it is hard not to have information leakage. The problem is that Google is the perfect glue to bond those disparate pieces of data together to form a dangerous set of connected data. Google is now gluing isolated data, which is dangerous data when in the wrong hands.
Chapter 11 details what can be done to protect an organization from Google hackers. While author Johnny Long may be a hacker, he is quite mainstream when he writes that the best hardware and software configuration money can buy can’t protect computing resources if an effective security policy is not in place. Long observes that a good security policy, when properly enforced, outlines the assets the organization is trying to protect, how the protection mechanisms are installed, the acceptable level of operational risk, and what do to in the event of a compromise or disaster.
Chapter 11 details the use of the robots.txt file, which can be used to block Web crawlers such as Google. The chapter also recommends the use of various tools to secure an internal Web site. Tools from Foundstone are detailed, in addition to Gooscan, a tool created by Long that enables bulk Google searches to determine how much information has leaked.
A decade ago, Google was the type of powerful search tool that was rumored to be used within the NSA. Today, petabytes of data are only a few clicks away on Google, and with the Google API, all of that information can be seamlessly integrated into a few scripts. The challenge companies face is to take security seriously and stop making it easy for their password files, payroll data, and other confidential information to be entered into Google’s server farm.
Rating: 5 / 5
about 1 year ago
An excellent book dedicated to a seemingly narrow topic. Googling is mainstream, I can’t think of one person that has traveled the internet that hasn’t stopped by Google.com at least once in their surfing career. Unfortunately, there are hackers that spend a lot of time on Google!
If you are responsible for securing your employer’s network you can not be without this indispensable reference. For less than $50 you could save your company from exposing information that can be readily used by hackers to obtain your most prized data.
Chapters 1-2 provide you with the basics of Googling. There isn’t much more information than you can get from Google’s website, but Johnny does a great job of explaining the basics of Google.
Chapters 3-10 are the meat of the book. While I’ve used Google extensively in performing penetration tests before reading this book I’ve learned many new techniques to dig deeper in less amount of time.
Chapter 11 explains how you can secure your systems from hackers using Google to gather information about your company. The chapter also introduces tools such as Gooscan. It also details methods Google has in place to remove information you’d rather not have the public see.
Chapter 12 discusses automating your Google searches with the Google API. A basic understanding of computer programming is required.
The book concludes with two appendices which will help you in developing a good strategy for security testing and securing your website.
The author’s writing style is straightforward and easy to read. Reading and absorbing this book is like taking a master’s level course in the art of information enumeration. Highly recommended for anyone administering networks connected to the Internet.
Rating: 5 / 5
about 1 year ago
I am involved in penetration testing on an occasional basis (my principal role is audit management, my principal interest is systems auditing), per other reviews this is an excellent resource for anyone planning or executing tests.
I have used google with simplistic searches and obtained good results (e.g. pictures of site being tested, too much detail in job postings …). This book is an excelent source of ideas and techniques, for both social engineering, and more technical tests.
It has also made me consider what the google desktop search tool could be used for, when run on key servers in internal nets.
Authors writing style is very easy to read yet packed with valuable information.
This book is likely to be of significant value to forensic investigators and for those with an interest in competitive intelligence.
Rating: 5 / 5
about 1 year ago
Syngress’s “Google Hacking for Penetration Testers” (GHPT) by Johnny Long demonstrates to average Joes the power of Google. The author is the authority on how to use Google to recon an intended target. Considering the narrow focus of the subject, the book is able to thoroughly dissect the various tools and weapons Google offers. Certainly, this book is not admitting anything not already known in the hacking world, but the books does provide a valuable asset as a one-stop-shop at using Google.
First and foremost, before scouting a target, you must cover your tracks. GHPT first focuses on anonymity (I was particularly impressed with using Google as a proxy server on page 95). After masking yourself, the book focuses on network mapping, and locating exploitable targets. The book then offers 10 searches to find oodles of information that website owners probably don’t want you to have. One chapter is devoted to tips to hunt usernames and passwords. Chapter 12, on automating Google Searches, was particularly valuable to me as I’m an extreme novice at scripting.
The book is written in a very simple, plain-spoken (or, more correctly, plain-written) style. While this book should not be the first book on one’s security shelf, the subject cannot be any better defined than this book.
I give this book 4 pings out of 5:
!!!.!
Rating: 4 / 5
about 1 year ago
I have been using this book for three weeks. Every time Google Hacking gets further than three feet from my keyboard, I get up, find it, put it back by my side. I first used the “recipies” in the book to locate intellectual property violations of SANS material. Next, I went on a digital painting campaign and created over 150 images and used the book to help me find the raw source material. Most recently, I have used the optimized searches the book shows one how to do to help with a research project.
Buy the book, try the searches, learn what is possible. It wouldn’t hurt to use the book for its intended purpose as well, to see what information about you, about your organization is exposed on the Internet.
Rating: 5 / 5