hakin9 is bimonthly magazine about hacking and IT security, covering techniques of breaking into computer systems, defense and protection methods.  Our magazine is useful for all those interested in hacking - both professionals (system administrators, security specialists) and hobbyists.  The magazine is of Polish origin, it's also translated and published in other countries and language versions:

in English (DIGITAL EDITION only)
in German (in Germany, Austria, Switzerland, Luxembourg and Belgium)
in French (in France, Canada, Luxembourg, Belgium, Morocco)
in Spanish (in Spain, Argentina, Portugal, Mexico)
in Italian (in Italy)
in Czech (in Czech Republic and Slovakia)
in Polish (in Poland)

hakin9 offers an in-depth look at both attack and defense techniques and concentrates on difficult technical issues.

hakin9's target readers are those responsible for IT system security, programmers, security specialists, professional administrators, as well as people taking up security issues in their free time.

hakin9 Starter Kit is a step-by-step guide to hacker techniques.  It covers basic techniques of breaking into computer systems.  This magazine starts with entry level examples of the most popular security topics.

hakin9 is published by Software-Wydawnictwo Sp. z o. o.

         Editors: hakin9 team
     Cooperation: Piotr Sobolewski, Stefan Lochbihler
          Covers: Agnieszka Marchocka
             DTP: Anna Osiecka
     Translators: Zbigniew Banach, Marek Szuba
    Proofreaders: Nicholas Potter, Dustin F. Leer, Martin Placek
Top Beta Testers: Steven Roddis, Steve Lape, Sieng Chye Oh, Satish Chandra, Roderick Lucas, Richard Chamberlain, Rene Heinzl, Renato Borseti, Petko Petkov, Peter Howe, Paul Bakker, 
                  Pastor Adrian, Pablo Fernandez, Juan Bidini, Stavros Lekkas, Jan Feyereisl, Johan Ericsson, J.Ignacio Toledo, Felipe Lora, Wendel Guglielmetti Henrique, 
                  David Stow, Alicia Asín Pérez, Andrej Bielko, Antonio Merola, Carl Sampson, Clancey McNeal, Damian Szewczyk

Note:  Hakin9's issue numbering system is a complete mess.  They have also have a buch of special issues sprinkled inbetween, so these will be in a somewhat random order, or will most likely be mislabeled with the wrong volume/issue number and published date.


Download Issues

  Hakin9 - Volume 0, Number 1



  Hakin9 - Volume 0, Number 2  Issue 02/2005 (2) - March/April 2005



  Hakin9 - Volume 0, Number 3  Issue 03/2005 (3) - May/June 2005

  1. TEMPEST - Compromising Emanations  - by Robin Lobel


  Hakin9 - Volume 0, Number 4  Issue 04/2005 (4) - July/August 2005

  1. Dangerous Google - Searching for Secrets  - Information which should be protected is very often publicly available, revealed by careless or ignorant users.  The result is that lots of confidential data is freely available on the Internet - just Google for it, by Michal Piotrowski


  Hakin9 - Volume 0, Number 5  Issue 05/2005 (5) - September/October 2005

  1. Anatomy of Pharming: How Your Money is Stolen
  2. Pharming - DNS Cache Poisoning Attacks
  3. Robot Wars - How Botnets Work
  4. Voice over IP Security
  5. Exploiting Java VM Security Vulnerabilities
  6. Advanced SQL Injection Techniques
  7. Bad Tools Make


  Hakin9 - Volume 0, Number 6

  1. Detection of Sniffing in Switched Networks  - Sniffing in switched networks is typically conducted using one of two methods: MAC flooding or ARP spoofing.  However, unlike sniffing in traditional, hub-based networks, both these methods are active and so can be detected – though sometimes this is not easy, by Daniel Kaczorowski and Maciej Szmit
  2. IPSec VPN discovery and Fingerprinting  - Many people believe that IPSec VPN systems are invisible and inherently secure.  However, in reality most implementations can be easily detected and fingerprinted.  Once this step is achieved, a successful attack is only a matter of time, by Roy Hills
  3. Port Knocking from the Inside Out  - Leaving a port open to the public is like an invitation for an intruder.  Unfortunately, most services such as HTTP or SMTP need to be open for everyone to see.  However, some of the more critical services may be accessible only when required.  Here's where port knocking comes in, by Martin Krzywinski
  4. Total Control - Low-Level Network Access  - Developing applications that directly access layers of the ISO/OSI model can be a difficult task, frequently requiring non-standard packet formatting.  Help is at hand, however, in the form of the WinPcap and libnet libraries, which put the programmer in total control of the content being sent out into the network, by Konrad Malewski
  5. Attacks on Layer-Two of the OSI Model  - Layer-two of OSI model is one of the weakest links when trying to assure network security in an organization.  It is also one of the most commonly ignored, because there aren't many public implementations of layer-two attacks.  However, a successful attack on layer-two can be just as dangerous as any other, by Alfredo Andros and David Barroso
  6. ARPAlert 0.4.10  - ARPAlert is intended for controlling access to LANs.  The utility listens for ARP requests and compares them against a list of authorized MAC addresses.  ARPAlert is used in corporate security solutions, by Thierry Fournier
  7. How to Create Polymorphic Shellcode  - In the last issue of hakin9 magazine, we learned how to create and modify shellcode.  We have also studied the common problems related to shellcode and the techniques of working around them.  In this article, we will learn about polymorphism and how to create shellcode that does not get detected by intrusion detection systems, by Michal Piotrowski
  8. Hold on to Thine Cash  - Is the most logical for all us to take all money out of the bank and hide it under the pillow?, by Tomasz Nidecki
  9. Exploiting Format String Vulnerabilities  - In the second half of 2000, a whole new class of exploits was discovered, shocking the IT security community.  It turned out that a vast array of programs, including well-known applications such as wu-ftpd, Apache with PHP3 or screen, have serious vulnerabilities - and all because of format strings, by Piotr Sobolewski and Tomasz Nidecki


  Hakin9 - Volume 1, Number 1  Issue 01/2006 (6)

  1. Wi-Fi security - WEP, WPA and WPA2  - Wi-Fi (Wireless Fidelity) is one of today's leading wireless technologies.  However, one configuration aspect all too often goes unnoticed: security.  Let's have a closer look at the level of security of encryption methods used in modern Wi-Fi implementations, by Guillaume Lehembre
  2. Oracle Rootkits  - It is not common knowledge that rootkits can also be implemented, and are being implemented by intruders in databases, often containing critical company data.  Alexander describes rootkits in Oracle databases and presents how we can avoid them, by Alexander Kornbrust
  3. Windows Server 2003 Security  - We present Windows Server 2003 and its security.  We explain what security enhancements it offers, what is still exploitable, what new exploitation techniques have been devised lately and what can we do to protect it as much as possible against possible break-in, by Rudra Kamal Sinha Roy
  4. Detouring Network Firewalls  - Firewalls also have their weaknesses and detouring them, both due to misconfiguration and due to product weaknesses, is possible.  Oliver describe how an intruder can gain access to a system by detouring a firewall, by Oliver Karow
  5. Spyware Infection Methods  - Such programs like spyware are usually bundled as a hidden component or downloaded from the Internet unwillingly.  They install and run without user knowledge.  Christiaan presents what methods such programs use to infect Windows systems and how can one protect oneself against them, by Christiaan Beek
  6. Column - Dumb Ideas in Computer Security  - There's lots of innovation going on in security.  Stephano introduces you what are the most dumbest ideas in computer security, by Stephano Zanero
  7. Writing Advanced Linux Backdoors - Packet Sniffing  - People create new defenses for backdoors and intruders are forced to innovate new techniques to keep pace with the rapidly progressing security industry, e.g. packet sniffing backdoors.  Brandon describes how they work by writing our own proof-of-concept tool, by Brandon Edwards
  8. Security Tools - Delete Secure  - Secure Delete is a suite of tools for securely erasing files, directories, free disk space, swap space and RAM, by Michal Szymanski
  9. Security Tools - SendIP  - SendIP makes it possible to prepare and send network packets using the NTP, BGP, RIP, RIPng, TCP, UDP and ICMP protocols, as well as raw IPv4 and IPv6 packets with user-supplied parameters and arbitrary data, by Piotr Sobolewski
  10. Cryptography for Mail and Data  Would you put confidential information on a postcard and send it to your friends, colleagues, or business partners?  Well, no.  But why would you put confidential information in an e-mail and send it around the world?, by Lars Packschies
  11. Simple Event Correlator for Real-Time Security Log Monitoring  Over the past decade, event correlation has become a prominent event processing technique in many domains (network and security management, intrusion detection, etc.).  However, existing open-source log monitoring tools don't support it well.  In this paper, we will discuss how to employ SEC for monitoring and correlating events from security logs, by Risto Vaarandi


  Hakin9 - Volume 1, Number 2  Issue 02/2006 (7)

  1. Hacking an IBM iSeries Server  - iSeries, a.k.a. AS/400 servers, are used by manufacturers, banks, insurance companies, casinos and governments.  Odds are that wherever there is an iSeries based application, the money is as well.  With over 300,000 customers worldwide and millions of users, some people are bound to be rogue hackers looking for a way to exploit it for their own means.  We present what should be done to avoid such practice, by Shalom Carmel
  2. Secure Linux - Security Kit Review  - Linux systems are fairly resistant to intrusion attempts. However, for certain applications requiring very high security levels, the features found in standard distributions may prove insufficient.  This article examines several of the most popular ways to increase Linux system security at kernel level, by Michal Piotrowski
  3. Security Tool - GFI Network Server Monitor 7  - We show you how to monitor servers in your network using GFI Network Server Monitor, by Stefan Lochbihler
  4. Security tool - SwitchSniffer  - We present how simple is SwitchSniffer for monitoring local area networks, and describe more its features like basic administration and abuse detection, by Pawe Charnas
  5. ICMP Use and Abuse  - We describe how to use ICMP protocol and how it can be used by intruders for evil purposes.  We present all ICMP protocols, their meaning and ways in which can be used.  We explain how to configurate firewall to protect our system against attacks, by Antonio Merola
  6. Automating the Exploitation Process on Linux x86  - We describe some automation buffer overflow bugs identification methods and compare some techniques.  We present a tool which could identify them and produce exploit code would definitely ease the burden, by Stavros Lekkas  (vuln.c)
  7. Sony, Rootkit and the Fifth Power  - We present the rootkits and spyware history putting on audio CDs by Sony company.  We describe the scandal, by Michal Piotrowski
  8. Sender Authentication - Protection or Threat  - We criticize the sender authentication mechanism and show why SPF is insecure.  However, solutions being implemented as a quick and dirty patch to the notoriously insecure and broken SMTP protocol are introducing more threats, instead of fixing the problem at hand, by Tomasz Nidecki
  9. Building an IPS using Snort  - Computer systems are usually protected by firewalls, with any attacks that do get through being monitored by intrusion detection systems.  However, nowadays it is not enough to detect an intruder - what use is detection if we cannot prevent the attack?  Intrusion prevention systems provide the answer, and in this article we will go through building an IPS and maintaining it, by Michal Piotrowski
  10. Snort_inline as a Solution  Using Snort_inline in many different environments and scenarios has proved to be a winning strategy to secure internal networks, DMZ networks or home networks.  In order to work properly in the drop mode, it should adapt to the features of the environment it is protecting.  Therefore, we will not only present its configuration techniques but also the ways to add a dedicated device which is best suited for the environment we want to protect, by Pierpaolo Palazzoli and Matteo Valenza
  11. We're Up Against - Interview with Dr. Gary McGraw  Gary McGraw, Cigital, Inc.'s CTO, is a world authority on software security.  Dr. McGraw is co-author of five best selling books.  We asked him about IT security situation, carless private users, vulnerabilities in the system and many more...?
  12. Column - The Future's So Bright I Gotta Wear Shades  - We present the different view on rootkits, by Konstantin Klyagin
  13. Column - Microsoft Does It Again  - We consider the fact that Microsoft has made using digital signatures next to impossible for common users, by Tomasz Nidecki


  Hakin9 - Volume 1, Number 5

  1. Shatter Attack - Vulnerable Windows
  2. Tools - LANsurveyor 9.5  Explains why LANsurveyor is easy to use, proven network and desktop management software, by Stefan Lochbihler
  3. Tools - Acunetix Web Vulnerability Scanner  Shows you how to scan directory structure and perform automatically an entire set of typical attacks that gets profit of configuration or programming errors using Acunetix scanner, by Carlos Garcia Prado
  4. Code Injection Using Windows GUI Messages  Few could suspect that an innocuous GUI feature such as Windows messages could pose a danger to system security.  We show why this seemingly innocent mechanism can be used to inject malicious code into another application and escalate an intruder's privileges, by Krzysztof Wilkos
  5. Advanced L2.6KM Rootkit Development  Focus on the development of a rootkit for the 2.6 series of the Linux kernel.  Techniques and methods of hiding the attacker actions within the system will be the primary target, along with discussing how to detect rootkits in the owned box: know your enemy, know thyself, by Pablo Fernandez
  6. Introduction to Passive Information Gathering  In this article, we will learn how to locate valuable information that can help compromise a company's IT infrastructure, by Blazej Kantak
  7. How IPSec Works  You will learn all about the IPSec protocol which is used to secure IP data transmissions and is one of the most complicated network protocols, by Benoni Martin
  8. Custom IPTables Extensions  We will show you how to implement the required functionality yourself by writing an extension module when the firewall is based on IPTables.  What's more, you'll be surprised just how easy it is, by Jarosaw Sajko
  9. Hacking Beyond the Net  Many in the IT community have never forgiven the media for twisting the original meaning of hacker.  Despair not, though - the constructivist spirit advocated by the likes of Eric S. Raymond and Richard Stallman is not dead, by Michal Piotrowski
  10. Column - The Future's So Bright I Gotta Wear Shades  Freedom of piracy is one of the greatest freedoms the humanity gained in the most important virtual battle of all.  Read more in Konst's column, by Konstantin Klyagin
  11. Column - My Car has a Firewall  Who says technology just brings well-being?  Want to know more?, by Regis Gabineski
  12. Interview - Situation on IT Security Scene  hakin9 talks to Neon Software's President, Craig Isaacs, as the company puts first things first in managing an unmanaged network.
  13. How to Cook a Covert Channel  Before starting to cook your covert channel, you first have to think about the receipt (recette): decide how your covert channel will look like, what it will be used for (antipasti or dessert?) and finally when you'll have your dinner.  Today's menu focuses on HTTP cookies so let's review the receipt and start to cook, by Simon Castro and Gray World Team


  Hakin9 - Volume 1, Number 6  

  1. HTTP Authentication Vulnerability
  2. Problems with HTTP Authentication  Authentication is a technique of identification based on knowledge.  HTTP provides natural functionality of HTTP authentication.  In this article, Emilio will concentrate on basic authentication, which is more widespread among clients and Web servers but also less secure, by Emilio Casbas
  3. Analysis of Network Traffic  If you administer a network of any kind you can be certain that sooner or later it will become a target of an attack.  However, you are capable of eliminating, or at least significantly reducing any chances of its success.  Bartosz will show you how to analyze the network traffic, by Bartosz Przybylski  (aut.sh)
  4. Weaknesses of Anti-Virus Programs  The moment the First Programmer created the First Program, the probability of attempts being made to attack it increased by one.  Robert will describe how anti-virus programs detect the presence of a virus in the system and how to perform an attack against a system using an anti-virus program, by Robert Majdanski?
  5. Penetration Testing in Practice  Penetration testing often takes place in situation where the management doesn't fully trust the IT department.  It is sometimes ordered by the IT department itself to show its excellent work.  However, this is not the case covered by this case study.  Leran more about penetration test from Miroslav's article, by Miroslav Ludvik
  6. Social Engineering Attacks  Somebody has once accurately called social engineering 'hacking the mind.'  It is an arithmetic average of social engineering proper (exerting pressure and manipulating people) with cracking (breaking into IT systems).  The combination of these two mechanisms results in a powerful tool, the destructive power of which many still remain unaware of, by Tomasz Trejderowski
  7. XSS in Practice  Internet has become more and more important.  Millions of dollars are invested in websites.  Big businesses don't work with simple HTML sites anymore; everything has to be dynamic these days.  But by giving people the opportunity to insert data on a website, the chance of getting vulnerable gets bigger.  Roderick will present XSS attacks in practice, by Roderick W. Lucas
  8. Port Scanning a Violation of Property Rights  It is a common misconception that a lack of new statues makes all actions over the Internet legal unless expressly prohibited.  This is a misconception as old laws do apply to new technology as well.  The response to a property right is a general duty on other people not to interfere with the res (thing), by Craig S. Wright
  9. Why Is There No Anti-Virus?  Konst will present his ideas, by Konstantin Klyagin
  10. Tool - TDFS's TCP/IP Packets Unlimited  TTpU is a tool written to be able to generate any kind of TCP/IP packet with the possibility to specify a lot of IP and TCP options, by Alberto Maria Scattolo
  11. Tool - LogHound  Employs a frequent itemset mining algorithm for discovering frequent patterns from event logs, by Stefan Lochbihler


  Volume 2, Number 1  

  1. Security Scanners Chart  Dear Readers - we present a new section in hakin9, consumer's test.  In this edition we asked users about their opinion on advantages and disadvantages of security scanners.  You can find out if the prizes are adequate to the quality, what are the main problems that the users experienced and finally you will see the rating.
  2. Introduction to XPath Injection Techniques  - In this article, we'll describe an XPath injection attack which is one of the latest techniques employing manipulating XPath queries in order to extract information from an XML database.  He will show you how to employ XPath injection method to bypass safeguards in certain applications, by Jaime Blasco


  Volume 2, Number 2  Issue 02/2007 (9)

  1. Firewall Leak Testing  David Matousek of Matousec Transparent Security and Paul Whitehead of Comodo prepared, especially for hakin9 readers, personal firewall leak tests.  Here are the results.


  Volume 2, Number 3  Issue 03/2007 (10)

  1. Designing a Crypto Attack on the CCRP (bit shuffling) Cipher  You will get to know some most important things connected with crypto attacks.  Dale Thorn writes about the conventional attacks, about how to host and prepare the crypto attack.
  2. Analysing and Mapping Wireless Network  Andrej Komarov provides you with some precious information on Wi-Fi positioning, creating a wardriver's map and running attacks in the wireless infrastructure.


  Volume 2, Number 5  Issue 05/2007 (12)

  1. Choosing Data Recovery Software  Especially for our readers, hakin9 team prepared the consumers tests on Data Recovery Tools.  We hope it will help you to choose the best DRT.
  2. VoIP Security Testing and Solutions  Four members of Snort Attack Project explain basics of VoIP vulnerability and using the tools for auditing on SIP and IAX.  They also discuss a notion of risk analysis.


  Volume 2, Number 6  Issue 06/2007 (13)

  1. Analyzing Malicious Code  The article presents the various techniques and tools used for analyzing malicious code.  Includes a tutorial on how to examine the NetSky-P worm.
  2. Consumers Tests on Virtual Machines  Consumers tests on Virtual Machines.  Our goal is to help the readers make a right decision when choosing a VM.


Random Volume 2 Articles

Choosing a Router for Home Broadband Connection  Consumers tests on routers.  Our goal is to help the readers to make a right choice when buying, choosing a router.  04-2007

Defending the Oracle Database with Advanced Security Features  Mikolas Pansky provides general information on Oracle, teaches a basic hacking Oracle methods and basic Oracle defense techniques.  04-2007



  Hakin9 - Volume 3, Number 1  Issue 01/2008 (14)



  Hakin9 - Volume 3, Number 2  Issue 02/2008 (15)



  Hakin9 - Volume 3, Number 3  Issue 03/2008 (16)

  1. Pentest Labs Using Live CDs  - After reading this article, you will come to know how to use and design live CDs for use in a penetration test lab, by thomas Wilhelm
  2. Best Practices for Secure Shell  - The article presents the usage of an application called Secure Shell.  It explains why SSH is the best secure tool for remote access.  The paper also shows the best practices in using SSH and tips on how to avoid common mistakes, by Ryan W. Maple
  3. Cracking LDAP Salted SHA Hashes  - The article will teach you how LDAP salted SHA hashes are structured, how to employ modern day tools to crack LDAP SSHA hashes.  The author shows why LDAP SSHA hashes should be treated like clear-text data, by Andres Andreu
  4. Javascript Obfuscation Techniques  - A very useful paper on how to conceal JavaScript code and how to detect and deobfuscate code hidden by these techniques, by David Sancho, Trend Micro
  5. Breaking in Add-on Malwares  - This article covers the working functionality of malware add-ons.  It presents the practical techniques that will help to understand malwares effectively, by Aditya K. Sood, a.k.a. 0KN0CK
  6. Vulnerabilities Due to Type Conversion of Integers  - In this article the author presents the nature of type conversion.  He explains how C's type conversions work, how vulnerabilities can be caused by unsafe type conversions and how to review C code for such vulnerabilities.  Last but not least, you will get to know how to prevent them, by Davide Pozza
  7. Authentication and Encryption Techniques  - Part II of a three-part series on Postgres.  This article is to present ideas that can be used to mitigate threats presented in first part, using various authentication and encryption technologies that are available on Linux and other UNIX-like operating systems, by Robert Bernier


  Hakin9 - Volume 3, Number 4  Issue 04/2008 (17)



  Hakin9 - Volume 3, Number 5  Issue 05/2008 (18)



  Hakin9 - Volume 3, Number 6  Issue 06/2008 (19)

  1. Client-Side Exploits  Client-side exploit are some of the most commonly seen exploits and this is mainly due to the fact that traditional perimeter security (firewalls, router access lists) offer little or no protection against these kinds of exploits.  This is due to the fact that client-side exploits target vulnerabilities on the client applications, by Anushree Reddy


  Hakin9 - Volume 4, Number 1  Issue 01/2009 (20)



  Hakin9 - Volume 4, Number 2  Issue 02/2009 (21)



  Hakin9 - Volume 4, Number 3  Issue 03/2009 (22)



  Hakin9 - Volume 4, Number 4  Issue 04/2009 (23)



  Hakin9 - Volume 4, Number 5  Issue 05/2009 (24)

  1. My ERP Got Hacked - An Introduction to Computer Forensics, Part II


  Hakin9 - Volume 4, Number 6  Issue 06/2009 (25)



  Hakin9 - Volume 5, Number 1  Issue 01/2010 (26)



  Hakin9 - Volume 5, Number 2  Issue 02/2010 (27)



  Hakin9 - Volume 5, Number 3  Issue 03/2010 (28)



  Hakin9 - Volume 5, Number 4  Issue 04/2010 (29)



  Hakin9 - Volume 5, Number 5  Issue 05/2010 (30)



  Hakin9 - Volume 5, Number 6  Issue 06/2010 (31)



  Hakin9 - Volume 5, Number 7  Issue 07/2010 (32)



  Hakin9 - Volume 5, Number 8  Issue 08/2010 (33)



  Hakin9 - Volume 5, Number 9  Issue 09/2010 (34)



  Hakin9 - Volume 5, Number 10  Issue 10/2010 (35)



  Hakin9 - Volume 5, Number 11  Issue 11/2010 (36)



  Hakin9 - Volume 6, Number 1  Issue 01/2011 (37)



  Hakin9 - Volume 6, Number 2  Issue 02/2011 (38)



  Hakin9 - Volume 6, Number 3  Issue 03/2011 (39)



  Hakin9 - Volume 6, Number 4  Issue 04/2011 (40)



  Hakin9 - Volume 6, Number 5  Issue 05/2011 (41)



  Hakin9 - Volume 6, Number 6  Issue 06/2011 (42)



  Hakin9 - Volume 6, Number 8  Issue 08/2011 (44)



  Hakin9 - Volume 6, Number 9  Issue 09/2011 (45)

  1. Brief  - eLearnSecurity and ID Theft Protect, by Armando Romeo
  2. The Bug Story  - Despite the fact that our networks gardens are full of beautiful/gorgeous things, at same time they're full of bugs.  The problem is that the Internet serves as connection between these gardens, which makes it easy for bugs to travel from one garden to another.  A bug may be found in my neighbors' garden across the street, but in a matter of time, I will be seeing it creeping in my garden too...  This time Ali tales us a quick history of the most vicious bugs in software till today.  From his amusing article we will find out why software bugs exist today and how to avoid them.  He will also present us the analysis one of the most popular bug in the IT security history and learn us on this example a quick analysis of a bug.  Read the column which is as well for entertaiment as for gathering some basic knowledge, by Ali Hadi
  3. Secure Coding: Hits and Misses  - This article expose the basics of most of the common software vulnerabilities, and explore the best programming practices to avoid their occurrence.  The analysis will be made from a general perspective, but providing concrete examples and walk through to clarify the concepts discussed.  The examples included in each point will range from academic to real vulnerabilities found while performing different source code audits.  From this article you will learn best practices that architects and developers should be aware of in order to develop applications with a proper sense of security.  After the reading you will also start to think of the security analysis in terms of the actors involved, to enhance and better adapt different attack vectors the common roots of many security issues, by Jorge Luis Alvares Medina
  4. For My Eyes Only  - Data is a marvelous thing; so easy to create but so difficult to keep track of and maintain.  This marvelous thing is the very thing that can take companies down to their knees.  All without anyone knowing until it is too late...  A silent killer...  Data at rest and company drive shares spell disaster.  Learn how to protect yourself against your data be it your programs, scripts and allow automation to occur non-interactively without you having to type your password in because you don't want to save them within the execution file.  This demonstration focuses on the Apple Mac platform but can be easily geared otherwise, by Israel Torres
  5. Secure Coding PHP  - It can be said that software is only as good as its code or as good as the developer who wrote that code.  Yet if we used this adage to compare current web based software, we are in need of some major retrofits to the software we entrust our personal data to.  The recent cyber attacks on BART - the San Francisco Bay Area's rapid transit system - only demonstrates the need for better and more secure software especially when personal and private information is at stake.  As cyber attacks only seem to be growing in number, we have to start to focus more on secure coding as we try to walk the thinning line that is security and usability.  With this in mind, we will discuss some of the techniques one can use to write more secure PHP code including user input verification and data encryption...  In this article author shows how to write secure code in PHP and validate user input.  You will also learn some encryption techniques and other counter measures, by Rich Hoggan
  6. Secure Coding in Database  - Information systems are not islands.  Either data is manually entered, or, as is more commonly the case, interchanged with other systems.  Some systems are very tightly integrated: a database transaction committed in one system becomes available in another almost immediately.  Other systems are more loosely coupled and synchronize data on a scheduled basis.  Some partners in the interchange do an outstanding job of vetting their data and making sure that the data feeds are clean.  But what do you do when a data supplier comes under attack, the data becomes vandalized, or it is rendered unavailable?  This text will give you the knowledge about creating automatic audit trails for critical database tables and also about creating processes to guard against and recover from bad data.  You will learn building a lightweight process for rapid data recovery that avoids using complex, time-consuming database backup tools, by Steve Hodge
  7. Mobile and Tablet Application Coding Security  - There are practical techniques to securing app code - the first involves limiting privileges to a set of operations - this is known as sandboxing.  The second technique involves identifying executables as they enter the trusted domain, a.k.a. firewall approach, do you want the app to run and how will it run are important queries.  The third technique involves code trust - is the executable trustworthy?  In this article author will attempt to discuss briefly some of the main mobile app security issues of today and consider what developers have to do to maintain and improve their coding security practices.  Read and find out why code signing and sandboxing are two app security principles that should be pro-actively incorporated into the mobile coding development cycle, by Julian Evans
  8. Virustotal  - Hispasec Sistemas has managed the service, VirusTotal, since June 2004.  The VirusTotal website offers the public access to multiple Anti-Virus (AV) engines hosted by them to provision online scanning of individual files to uncover malware by harnessing a combination of signature-based and heuristic detection.  This is the short column where you will find description of this very popular tool.  If you haven't come across the VirusTotal yet this text should encourage you to pay more interest in it, by Mervyn Heng
  9. What's Wrong With the Bible?  - Corporate IT security policies are often described by security professionals as "the Bible."  This comparison always makes my skin crawl, since it suggests a certain lack of imagination.  But in reality, the comparison makes sense.  Both interpretations were probably written a long time ago by people who hadn’t met you, or by employees that faced precisely the same issues, technologies, and situations you face in your job today.  More than that, both were probably written by different groups of people over time...  Read the essay column in which the author deals with different legal curiosities and IT security cliches, by Drake
  10. Review of Passware Kit 11.0  - Passware Password Recovery Kit Forensic 11.0 is a handy all-in-one package for recovering different types of passwords quickly and with ease.  Be it from a Windows laptop, Mac VM, or USB stick this software raises the bar for password cracking.  Read the program review and check is it worth it's price and buying, by Israel Torres


  Hakin9 - Volume 6, Number 10  Issue 10/2011 (46)



  Hakin9 - Volume 6, Number 11  Issue 11/2011 (47)



  Hakin9 - Volume 6, Number 12  Issue 12/2011 (48)



  Hakin9 - Volume 7, Number 1  Issue 01/2012 (49)



  Hakin9 - Volume 7, Number 2  Issue 02/2012 (50)



  Hakin9 - Volume 7, Number 3  Issue 03/2012 (51)



  Hakin9 - Volume 7, Number 4  Issue 04/2012 (52)



  Hakin9 - Volume 7, Number 5  Issue 05/2012 (53)



  Hakin9 - Volume 7, Number 6  Issue 06/2012 (54)



  Hakin9 - Volume 7, Number 7  Issue 07/2012 (55)



  Hakin9 - Volume 7, Number 8  Issue 08/2012 (56)



  Hakin9 - Volume 7, Number 9  Issue 09/2012 (57)



  Hakin9 - Volume 7, Number 10  Issue 10/2012 (58)



  Hakin9 - Volume 7, Number 11  Issue 11/2012 (59)



  Hakin9 - Volume 8, Number 1  Issue 01/2013 (61)



  Hakin9 - Volume 8, Number 2  Issue 02/2013 (62)



  Hakin9 - Volume 8, Number 3  Issue 03/2013 (63)



  Hakin9 - Volume 8, Number 4  



  Hakin9 - Volume 8, Number 5  Issue 05/2013 (65)



  Hakin9 - Volume 8, Number 6  Issue 06/2013 (66)



  Hakin9 - Volume 8, Number 7  Issue 07/2013 (67)



  Hakin9 - Volume 8, Number 8  Issue 08/2013 (68)



  Hakin9 - Volume 8, Number 9  Issue 09/2013 (69)



  Hakin9 - Volume 9, Number 3  Issue 03/2014 (72)



  Hakin9 - Volume 11, Number 2

  1. Analysis of Linux Malware Tsunami Using Limon  - A number of devices are running Linux due to its flexibility and open-source nature.  This has made the Linux platform the target for malware attacks, so it becomes important to analyze the Linux malware.  Today, there is a need to analyze Linux malwares in an automated way to understand its capabilities, by Monnappa K. A.
  2. Never Assume Secure  - It's been a wild ride in the world of cyber security the past few years.  Large corporations and small businesses alike have not been immune to the wrath of nation states, hacktivists, and professional hackers for hire.  And don't think it's only crafty pros who are bent on mayhem.  In the past two weeks alone, three teenagers and a 20-year-old have been arrested in the British telecom hack of Talk Talk, which potentially affected well over 1 million customers.  This was Talk Talk's third known breach since December 2014, by Paul Janes
  3. Modern Age: WordPress Security Threats  - The Internet has become a medium to connect billions of people online.  Until afew years ago, people used to hire programmers to code their site.  To overcome that, Web Content Management Systems were created which allow nontechnical users to build a website with little or no programming knowledge.  Now, anyone can start their own blogs, business, forums and organizations.  It helps us to bring our ideas and projects to life in an "online" environment.  Some of the Web CMS are WordPress, Joomla and Drupal.  The most popular content management system is WordPress, by Aaditya Purani
  4. The Life Of A Vulnerability  - Battles are always about attack and defense.  In military wars, armies combat on the battlefields and the one that wins is the one that had successful attacks on the other, which failed to strongly defend.  In politics, the people overthrow their government by attacking its failed policies; while the latter is also not able to defend back by satisfying their needs either by convincing them with those rejected policies or issue new acceptable ones.  In sports, the player or the team wins the match by attacking the opponent persistently and also defending against receiving goals or losing points, by Louay Saleh
  5. Deanonymization  - The Tor network is a group of volunteer-operated servers that allows people to improve their privacy and security on the Internet.  Tor's users employ this network by connecting through a series of virtual tunnels rather than making a direct connection, thus allowing both organizations and individuals to share information over public networks without compromising their privacy, by Alexander Antukh
  6. Agents of Shield: Diagnosis and Prevention of Dos/DDos Attacks  - Given the relentless growth of online activities worldwide, the threat landscape utilized by hackers has become vast and complex.  Reports indicated that individuals and organizations alike will continue to succumb to online threats and attacks.  In 2014 survey conducted by the Cyberedge group, the report published that 71% of those surveyed were affected by a successful attack (Cyberedge, 2015).  While a security mindset has led to some progressive security improvements in the dominant platforms for business and personal use such as Microsoft Windows are leading to a decline in the number of vulnerabilities discovered, there are other problems emerging, by by Anthony Caldwell & Ronan Dunne
  7. Formula Injection  - To start with, Web Application Penetration Testing is the name given to software testing that focuses on web applications.  Most websites out are vulnerable to wild attacks due to lack of security tests.  Over 70 attacks exist which can result in a fatal impact on websites.  Web Application Penetration Tests are legitimate hacking attacks carried out to discover all such vulnerabilities and inculcate proper remediation before launching the application to users.  he OWASP Testing Guide is a popular testing list which is preferred by pentesters to audit applications, by Samrat Das
  8. Web Applications Pentesting Tools: Burp Suite Playbook  - Web Application pen testing can be done through various tools available.  This article will mainly focus on 'Burp Suite' tool and its various interesting features.  After reading this article, the reader will be able to configure Burp Suite with the browser, exploit XSS using Burp plugins and will know how to use different tabs of Burp Suite, by Pranav Jagtap
  9. How to Develop Secure Software - Action Plan to Make Secure Software  - The purpose of this article is to provide a guideline for secure software development.  Easily avoided software defects are a primary cause of commonly exploited software vulnerabilities.  By identifying insecure coding practices and developing secure alternatives, software developers can take practical steps to reduce or eliminate vulnerabilities while developing software product, by Jeevan Dahake
  10. Interview with Yevgeniy (Jim) Brikman, founder of Atomic Squirrel  "Startup is a company that spends most of its time searching," by Marta Sienicka and Marta Strzelec


  Hakin9 - Volume 12, Number 5



  Hakin9 - Volume 12, Number 13  

  1. Preview


  Hakin9 - Volume 13, Number 7



  Hakin9 - Volume 13, Number 10

  1. Preview


  Hakin9 - Volume 15, Number 4

  1. Preview

Exploiting Software

  Hakin9: Exploiting Software - Volume 2, Number 1  Issue 01/2012 (5)



  Hakin9: Exploiting Software - Volume 2, Number 3  Issue 03/2012 (7)



  Hakin9: Exploiting Software - Volume 2, Number 4  Issue 04/2012 (8)



  Hakin9: Exploiting Software - Volume 2, Number 8  Issue 08/2012 (12)



  Hakin9: Exploiting Software - Volume 2, Number 9  Issue 09/2012 (13)



  Hakin9: Exploiting Software - Volume 2, Number 10  Issue 10/2012 (14)


Starter Kit

  Hakin9: Starter Kit - Volume 1, Number 1  Issue 01/2007 (1)



  Hakin9: Starter Kit - Volume 1, Number 2  Issue 02/2007 (2)



  Hakin9: Starter Kit - Volume 1, Number 3  Issue 03/2007 (3)



  Hakin9: Starter Kit - Volume 2, Number 1  Issue 01/2010 (4)



  Hakin9: Starter Kit - Volume ?, Number ?  Issue 01/2011 (4?)



  Hakin9: Starter Kit - Volume 3, Number 10  Issue 04/2013 (10)


On Demand

  Hakin9: On Demand - Volume 1, Number 1  Issue 01/2012 (1)



  Hakin9: On Demand - Volume 1, Number 2  Issue 02/2012 (2)



  Hakin9: On Demand - Volume 1, Number 7  Issue 07/2012 (7)



  Hakin9: On Demand - Volume 1, Number 8  Issue 08/2012 (8)



  Hakin9: On Demand - Volume 2, Number 1  Issue 01/2013 (10)



  Hakin9: On Demand - Volume 2, Number 3  Issue 03/2013 (12)



  Hakin9: On Demand - Volume 3, Number 1  Issue 01/2014 (16)


Bible

  Hakin9: Bible - Volume ?, Number ?  Issue 01/2012 (3)


Mobile Security

  Hakin9: Mobile Security - Volume 2, Number 1  Issue 01/2012 (2)



  Hakin9: Mobile Security - Volume 2, Number 2  Issue 02/2013 (3)



  Hakin9: The Ultimate Guide to Mobile Security  01/2012 (4)


Workshops

  Hakin9: Workshops - Backend Database Hacking



  Hakin9: Workshops - Certified Ethical Hacker


Open

  Hakin9 - Volume 1, Number 1  Issue 01/2013 (1)



  Hakin9 - Volume 1, Number 4  Issue 04/2013 (4)



  Hakin9 - Volume 2, Number 6  Issue 01/2014 (6)



  Hakin9 - Volume 11, Number 11  



  Hakin9 - Volume 12, Number 14



  Hakin9 - Volume 13, Number 5

  1. PortWitness  - Developing an automated tool using Bash Scripting for OSINT, by Sahil Tikoo
  2. mitm6  - Compromising IPv4 networks via IPv6, by Fox-IT
  3. CoffeeMiner  - Hacking Wi-Fi to inject cryptocurrency miner to HTML requests, by Arnau Code
  4. Galileo  - Web application audit framework, by Momo Outaadi (m4ll0k)
  5. Interview with Felipe Daragon, Creator of Syhunt and Huntpad  - "Writing is the art of cutting words."  I believe this applies well to programming as well.  If you write code, remember to cut lines, keep it as simple as possible and avoid redundancy - this should be a continuous goal.
  6. PeNCrawLer  - An advanced web-crawler and "dirbuster," by Mahdi Makhdumi
  7. OWASP Mth3l3m3nt Framework  - by Munir Njiru
  8. Sn1per  - Automated pentest recon scanner, by 1N3
  9. Lama  - The application that does not mince words, by Tatam
  10. AirpyDump  Analyze wireless packets on the fly, by Shameer Kashif
  11. Interview with Mohammed, creator of wpCrack  - "I didn't find the tool I wanted on the internet, so I decided to make my own."
  12. ESP8266 Deauther 2.0  - Scan for Wi-Fi devices, block selected connections, create dozens of networks and confuse WiFi scanners!, by Stefan Kremser
  13. Interview with Olie Brown, creator of RFCrack  - "RF was something I didn’t see sufficient penetration testing information on but essential for me to know while testing devices, so I created my own tool and learning material."
  14. mimic  Covert execution in Linux, by @emptymonkey and @stygianblu
  15. ProbeQuest  - by Paul-Emmanuel Raoul
  16. Defense Matrix  - by Ivens Portugal, K4YT3X


  Hakin9 - Volume 15, Number 3


Extra

  Hakin9: Extra  Issue 07/2011 (7)



  Hakin9: Extra  Issue 04/2012 (11)



  Hakin9: Extra  Issue 06/2012 (13)



  Hakin9: Extra  Issue 02/2013 (20)



  Hakin9: Extra  Issue 03/2013 (21)


Best Of

  Hakin9 - Volume 1, Number 1  Issue 01/2009 (1)



  Hakin9 - Volume 1, Number 2  Issue 01/2010 (2)



  Hakin9 - Volume ?, Number ?  Issue 03/2013 (8)


Random

  Hakin9: Python Compendium for Hackers and Programmers



  Hakin9: Reverse Engineering Compendium



  Hakin9: Malware - From Basic Cleaning to Analysing



Knowledge is Power

GBPPR Projects