Women and Mathematics.( Phụ nữ và Toán học.)


Women have had many difficulties throughout history to carry out their work in the world of science and, in particular, in the world of Mathematics. With the integration of women in the workplace it seems that these differences have diminished, although the presence of women in the academic and scientific categories of responsibility seems to be low. A study on this problem in the area of ​​Mathematics could approach the origins of some problems that women face today in the development of their professional qualification.

Motivated by all this, the Royal Spanish Mathematical Society has constituted the Commission «Women and Mathematics» which aims to address, together with the group of mathematical women of our country, various studies related to the current situation of mathematical women in Spain in the field of education and research.

This Commission is open to all those mathematicians interested in participating and making contributions on these topics.

WM_1

(VIDEO) Journeys of Women in Mathematics:

Source: https://miguelangelmudoy.blog/2020/03/01/women-and-mathematics/


The Rise and Rise of Women in Mathematics

Sonya-Kovalevskaya

Sonya Kovalevskya (1850-1891)

The influential collection of biographical essays by Eric Temple Bell, Men of Mathematics, was published in 1937. It covered the lives of about forty mathematicians, from ancient times to the beginning of the twentieth century. The book inspired many boys to become mathematicians. However, it seems unlikely that it inspired many girls: the only woman to get more than a passing mention was Sofia Kovalevskaya, a brilliant Russian mathematician and the first woman to obtain a doctorate in mathematics [TM163 or search for “thatsmaths” at irishtimes.com].

A more recent collection of biographies, Remarkable Mathematicians: From Euler to von Neumann, by Ioan James, published in 2003, did slightly better: in addition to Kovalevskaya, it described the life and work of Sophie Germain, an outstanding French mathematician, and Emmy Noether, who has been called “the mother of modern algebra.” In an obituary in The New York Times, Albert Einstein wrote “Fräulein Noether was the most significant creative mathematical genius thus far produced since the higher education of women began”. Still, only three of the sixty mathematicians profiled in James’s book were women

Things are changing!

Maryam-Mirzakhani

Maryam Mirzakhani  (1977-2017)

In 2014, Maryam Mirzakhani was awarded a Fields Medal for her mathematical research. This award is regarded as equivalent to a Nobel Prize. Mirzakhani was the first woman to win the award in its 80-year history. Born in Tehran on 12 May 1977, she was the first girl to compete for Iran in the International Mathematical Olympiad, and she won gold medals in Hong Kong in 1994 and in Toronto in 1995, gaining a perfect score each time. This was a remarkable achievement. Mirzakhani specialised in the geometry and dynamics of complex curved surfaces. She was a professor at Stanford University from 2008 until her death in 2017 from breast cancer at the age of just forty years.

KarenUhlenbeck

Karen Uhlenbeck

In 1990, Karen Uhlenbeck presented a Plenary Lecture at the International Congress of Mathematicians – the ICM – the largest and most important gathering of mathematicians in the world. Uhlenbeck was only the second woman to give a plenary lecture, the first being Emmy Noether in 1932. This indicates how difficult it has been for women to reach the pinnacle in a male-dominated field.

The Abel Prize, named in commemoration of the outstanding Norwegian mathematician Niels Henrik Abel, is a prestigious international prize, awarded annually for work in mathematics. In March this year, it was announced that the winner of this year’s prize is to be Karen Uhlenbeck, for her pioneering work in geometry, analysis and mathematical physics. She is the first woman in the 16-year history of the prize to receive it. On the 21st of this month, His Majesty King Harald V will present the prize to Uhlenbeck at a ceremony in Oslo.

Celebrating Women in Mathematics

At the World Meeting for Women in Mathematics in Rio de Janeiro last year, Mirzakhani’s birth date – 12 May – was chosen for the celebration of women in mathematics. The aim is to inspire women to follow careers in maths and to encourage an open and inclusive environment for all. Many events are taking place throughout the world during May as part of the celebrations.

The May 2019 celebration is expected to be the first of many. Amongst other events, a half-day event is planned at the School of Mathematics and Statistics, UCD for 29 May, including a talk by Brendan Guilfoyle on the works of Karen Uhlenbeck. Let us hope that these events raise awareness and increase understanding of the difficulties in achieving a balance in mathematics. We need people with the best brains to work in the field; it is immaterial whether they are men or women.

Source: https://thatsmaths.com


To maths or not to maths? That is the question

May 12th this year is the inaugural International Women in Mathematics Day, and it honours the birthday of Professor Maryam Mirzakhani, the first woman to win the prestigious Fields Medal in Mathematics. Today’s blog celebrates this day and it is written by Professor of Mathematics, Jacqui Ramagge, who is also Head of the School of Mathematics and Statistics at The University of Sydney and is edited by Guest Editor Anthea Batsakis.

To math or not to maths? That is the question.

It starts young.

Think of all those times you’ve walked into primary classrooms to find the walls lined with artwork. Some are great, some could do with more practice and, in any case, the teacher is signalling that every effort is valued and worthy by displaying them all.

But how many times have you seen maths proudly displayed?

Why don’t we display calculations – in colours if you like – or showcase geometric investigations?  Schools need to better flag that maths and statistics are important and can be studied by all. It’s a social and cultural thing – particularly for girls, who receive so many signals that maths is not for everyone, and especially not for them.

This culture that discourages girls from STEM is changing slowly, but the world is changing at a greater pace.

I don’t know what the future holds, but I do know that it will involve a lot more maths and stats. Every time you touch your smartphone, for instance, maths and stats are working hard for you. From the engineering enabling us to build smartphones in the first place, to the algorithms that a search engine uses to efficiently find answers for you, or to decide if you’d like to see a picture of a cat in your social media feed, maths is all around us.

And it’s not just a matter of convenience – the mathematical sciences are there for you when you’re sick, from modelling diseases, experimental design in the early stages of drug development, and all the way to the calculation of dosages.

We could argue that so long as someone knows how to do all these things, then it doesn’t matter that most of us don’t, and we’ll be fine. But there’s one big problem with this approach.

People consistently underestimate the level of maths and statistics needed to succeed in other science subjects. International studies across different institutions have shown results from high school maths better predict a student’s success at first-year university chemistry – rather than results from high school chemistry.

Our analysis of student performance data at the University of Sydney revealed that students who had studied HSC General Mathematics, which doesn’t involve calculus, were twice as likely to fail first-year chemistry than those who studied calculus-based HSC Mathematics. A similar observation is true of first-year biology and other units.

With increasing numbers of students taking HSC General Mathematics, we introduced a summer bridging course and a semester-long remedial unit. But these measures simply cannot replace a two-year introduction to calculus at high school.

For this reason, as of 2019, degrees at the University of Sydney including Science, Commerce, Economics, Pharmacy, and Veterinary Science will have a prerequisite of a minimum performance in HSC Mathematics (Band 4). You can visit the website to see a full list.

It’s also a prerequisite for Engineering and Mathematics, but people already understand the need for this. More than 95 per cent of high-school students studying Engineering studied HSC Mathematics Extension 1 or 2 – and more than 80 per cent of them are male.

These new maths prerequisites are not there to convince the maths, physics and engineering students to pursue maths in high-school; but to get students who are interested in the life sciences and economics to take higher levels of mathematics at school.

So, why do we need prerequisites? Unfortunately, encouraging students to take higher levels of mathematics at school isn’t as easy as just explaining its wide-ranging usefulness and impact on success at university.

For one thing, as a society we have this strange notion that maths requires talent, that you’re either born a “maths person” or you’re not, and that nothing can change that.

The reality is that the overwhelming majority of the population can do maths to a high level, in the same way that the majority of the population could speak a second language if they wanted to.

It helps if you start early, but what they both predominantly require is consistent work. You can’t expect to miss a couple of weeks and then slot back effortlessly into class because maths builds on all previous work.

So it is really important that you catch up on missed work. Success in maths depends on many things, but the two most important are resilience and a growth mindset.

Then there is the added complication of widespread misconceptions and perverse incentives. This is closely related to the main mechanism for university admissions in Australia – the ATAR score – and our obsession with rankings.

The ATARs of all the students in the state used to be published in newspapers. After a particularly nasty piece of reporting on school ATARs in 1997, the NSW government made it illegal to disclose a person’s ATAR to a third party.

Undeterred, newspapers now rank schools directly on their HSC results on the basis of the number of top-scoring (Band 6) results the students get.

So, a student with a Band 5 in HSC Mathematics may be streets ahead of a student with Band 6 in HSC General Mathematics at university, but only the Band 6 counts towards the high-school ranking. This means schools have a conflict of interest: Should they work in the best interests of the student, or maximise the ranking of the school?

Sadly, I know Principals who opt for the latter.

And when I ask schools why they continue to advise students to take lower levels of maths, I am told that a student will receive a higher ATAR by more easily getting a higher score in HSC General Mathematics, rather than in HSC Mathematics.

But this is not true.

It is hard to prove either way because we can’t run a controlled experiment; however, analysis by the Universities Admission Centre (who run the ATAR) indicates that, in fact, a student’s ATAR benefits from taking higher levels of mathematics.

So for students still deciding on their HSC choices, the message is simple: If you want to maximise your chances of success at university in STEMM disciplines, Commerce, or Economics, then take at least HSC Mathematics Advanced. If you think you might want to do Engineering, Maths, or Physics at university, then take at least HSC Mathematics Extension 1 and preferably Extension 2.

Don’t mortgage your future. It’s much easier to keep up than to catch up, so if in doubt take the higher course and drop down if you need to.

And good luck!

About the author:

Jacqui Ramagge is a Professor of Mathematics and Head of the School of Mathematics and Statistics at the University of Sydney. Appointed in 2015, Jacqui was only the second female Professor of Mathematics at the University of Sydney, the first having been Professor Nalini Joshi who was appointed in 2002. The School now has five female professors, the most of any university in Australia. Jacqui works with the Australian Research Council; advises the Australian Curriculum, Assessment and Reporting Authority on the Senior Secondary Australian Curriculum in Mathematics; serves on the Board of the Australian Mathematics Trust; and is the President of the Australian Mathematical Society 2019-2020. Jacqui regularly speaks at Year 10 information nights and has made a couple of videos demystifying the ATAR calculation.

Source: https://womeninscienceaust.org

Finding Pwned Passwords in Active Directory


Weak and leaked password accounted for 73% of breaches in the last year, as reported by Verizon and Rapid7. Do you know how many of your users are using a blacklisted password?

If you test user passwords, you’ll know Microsoft has never made it easy. There are always tricks to export password hashes but each method has its pros and cons.

Why?

The New NIST Password Guidelines make sensible new recommendations. The current climate of data breaches is at the heart of one of its major changes. That is: check a user password against a corpus of breached data.

A password audit is a very effective way of demonstrating this area of weakness. of the most prevalent attacks today: Password Spraying and Credential Stuffing.

How?

This is a two-step process. Dump the hashes from a DC first, and then compare the hashes to a list of breached passwords/hashes. Various ways to grab the hashes exist, each carrying some risk as it’s an unsupported process. Techniques for obtaining the hashes from a Windows Domain Controller boil down to:

  • Local Security Authority Subsystem Service (LSASS) injection
  • Shadow Copy replication with Microsoft Vssadmin
  • (Ab)Using the Domain Replication Service

Local Security Authority Subsystem Service (LSASS) Injection

Dumping the LSASS (Local Security Authority Subsystem) process space is the oldest method. This is the historical way of extracting domain hashes within a Windows eco-system. Several tools and techniques exist to do that, one of the most common and reliable is Mimikatz.

Start mimikatz.exe and type the following commands:

privilege::debug
log mimikatz-output.txt
lsadump::lsa /inject /patch

The first command takes care of granting the privileges required. The second sets a log file for the output. The final command instructs the tool on which technique to use (LSASS Injection).

Once this is complete, the log file created should look like this:

mimikatz-output

But it needs to be in a pwdump format and look like this:

user:hash

Note: this is not the full pwdump format but it’s all that’s needed here

A few lines of awk (after stripping out the header/footer of the log file) will suffice:

# cat mimi.awk
BEGIN { RS = "" ; FS = "\n" ; ORS =""; OFS=""}
{ sub(/User : /,""); print $2 ","}
{ sub(/NTLM : /,""); print $4}
{ print "\n"}

Problems with this technique:

  • Risks crashing / blue screening the server
  • Very likely to trigger an AV
  • Slow and cumbersome (takes a long time to parse the memory space)
  • It’s not secure (hashes will need to be scrubbed)

Using The Windows Tools

A safer way is to rely on the Windows built-in Vssadmin (Volume Shadow Copy) utility. VSSadmin can take a copy of the c:\Windows.dit file (this file is locked as it’s used by LSASS).

This method is less disruptive, much less likely to get caught by AV and unlocks the password history too. It can take up a lot of space, as the NTDS.dit can grow pretty large. It also might increase the risk of detection and network disruption as a result.

To create a shadow copy and copy the required files (NTDS.dit, SYSTEM, SAM), the commands are as follows:

Create Shadow Copy

vssadmin create shadow /for=C:
vssadmin-shadowcopy
vssadmin-shadowcopy

Copy NTDS.dit, SYSTEM and SAM

copy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1\Windows\system32\ntds\ntds.dit c:\temp
copy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1\Windows\system32\config\system c:\temp
copy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1\Windows\system32\config\sam c:\temp

copy-system-sam
copy-system-sam

Clean-Up

vssadmin List shadows
vssadmin Delete Shadows /shadow={Shadow Copy ID}
delete-shadow-copy
delete-shadow-copy

The DSInternals Powershell Module will convert it into a suitable format for cracking:

$key = Get-BootKey -SystemHiveFilePath 'c:\temp\system'
Get-ADDBAccount -All -DBPath 'c:\temp\ntds.dit' -Bootkey $key | Format-Custom -View HashcatNT | Out-File shadow-hashes.txt -Encoding ASCII

The above will process a copy of the NTDS.dit file, extract user and hash information, format it in a hashcat-compatible output and write it to a file.

shadow-hashes
shadow-hashes

(Ab)Using the Domain Replication Service

The safest method of obtaining domain hashes is to (ab)use the ‘Domain Replication Service’. This works by temporarily spawning up a new Domain Controller on the network and syncing up the credential storage to it.

The steps to perform this are as follows:

  1. Install the DS-Internals Powershell Module
  2. Set the credentials
  3. Export the Hashes from AD
  4. Run the script

The DSInternals package needs to be installed, as follows:

Install-Module -Name DSInternals

dsinternals-install
dsinternals-install

Enter credentials by running the following powershell command:

$credentials = Get-Credential

The following will dump those pesky hashes:

Get-ADReplAccount -all -NamingContext “DC=Example,DC=org” -Server DC1 -Credential $mycredentials | Format-Custom -View HashcatNT | Out-File c:\temp\hashes.txt -Encoding ASCII

Note: Ensure you change the domain and DC according to your environment (here Example, org, and DC1)

The above will produce a hashcat-compatible ASCII plain-text file to compare against the HIBP hashes.

This is how hashes.txt will look like:

hashes.txt
hashes.txt

Identifying Vulnerable User Accounts

So which users on the network are vulnerable? Let’s explore a couple of ways of doing this.

Using Wordlists

A good wordlist of compromised passwords is needed. There are various lists of cracked passwords over at hashes.org, such as:

John the Ripper and Hashcat are amongst the most respected crackers out there. Usage for these is as follows:

Using JtR (John the Ripper)

john --format=nt hashes.hashcat --wordlist=hashes.org-2019.txt

Using Hashcat

hashcat -m 1000 -a 0 --username hashes.hashcat hashes.org-2019.txt

On a very modest system, it takes less than a couple of minutes to run through the dictionary file which results in the output below:

Viewing the results

$ john --show --format=nt hashes.hashcat|tail
ex468260:budlight
ex360998:passw0rd
ex458554:Mother21
ex997924:Number44
ex591208:Welcome14
ex480187:Lauren24
ex305134:Claire1987
ex956673:abcd1234

323 password hashes cracked, 329 left

----

$ hashcat --username --show -m 1000 hashes.hashcat |tail
ex665602:a4e7a61a102b34f0e0a15e4cc1e8ab77:Liverpool123
ex999378:d59287f790dcbcf24f1bbd8c4703bd54:Password17
ex295780:d59287f790dcbcf24f1bbd8c4703bd54:Password17
ex939490:c5ab70617cae17f46f60a2f175bb5386:Champs02
ex499827:37184b08e38ae6f5057b94141722fa65:M0nday30
ex178773:cab8e82c0ea675f7e3744c808cf3209b:Butterfly29
ex852117:cab8e82c0ea675f7e3744c808cf3209b:Butterfly29
ex472603:cab8e82c0ea675f7e3744c808cf3209b:Butterfly29
ex453529:2fa2b0486ca0fff77ba6ce64d640d864:Central02
ex808769:4b21ab52ba9834f8cd167effc7ec087e:Christmas12

Using HIBP NTLM

To perform this check offline, download a copy of the Have I Been Pwned database, in NTLM format (ordered by hash). It’s not a good idea to perform the password check online.

The latest version of the HIBP database is here:

https://haveibeenpwned.com/Passwords

At the time of writing, this is version 5.

hibp
hibp

Extracting it (with 7zip) can take a while:

7zip
7zip

The final step is to compare the HIBP database containing the NTLM hashes (sorted by hash) in c: with the extracted the hashes in the same folder.

This script will make it easy:

powershell -Executionpolicy bypass
Import-Module .\Match-ADHashes 

The comparison of the hashes is done using the Match-ADHashes function.

$list = Match-ADHashes -ADNTHashes C:\temp\hashes.txt -HashDictionary C:\temp\hibp.txt

The above command will populate the $list list variable with the results (Note: this might take a while). The results can be exported into a more useful format and write it to disk:

$list | select Hash,Frequency,@{Name=’user’;Expression={[string]::join(“;”, ($_.user))}} | Export-Csv -Path c:\temp\pwned-users-report.csv -Delimiter ‘;’ -NoTypeInformation

Note: Frequency is the number of times that password(hash) has been seen collectively within the Have I Been Pwned leaked database.

The above will pipe the contents of $list into a CSV file with the matching hash, a count and the list of pwned users.

pwned-users-notepad
pwned-users-notepad

Password Analysis With Pipal

Pipal is a useful utility written by Robin Wood to perform an analysis of user passwords. You have to have access to the plain-text of the password in order to gather any useful information.

Usage of the tool is pretty simple, no external library is needed, just Ruby installed.

Running Pipal on the results obtained yields the following output:

$ ./pipal.rb found.txt
Generating stats, hit CTRL-C to finish early and dump stats on words already processed.
Please wait...
Processing:    100% |oooooooooooooooooooooooooooooooooooooooooo| Time: 00:00:00


Basic Results

Total entries = 346
Total unique entries = 285

Top 10 passwords
Butterfly29 = 3 (0.87%)
Password2 = 3 (0.87%)
Reind33r = 3 (0.87%)
Tanzania3 = 3 (0.87%)
Password284 = 3 (0.87%)
Tilling7 = 3 (0.87%)
Christian7 = 3 (0.87%)
Babybrain3 = 3 (0.87%)
1111111111 = 2 (0.58%)
Molly154 = 2 (0.58%)

Top 10 base words
password = 28 (8.09%)
welcome = 5 (1.45%)
london = 5 (1.45%)
victoria = 4 (1.16%)
tilling = 3 (0.87%)
tanzania = 3 (0.87%)
christmas = 3 (0.87%)
jessica = 3 (0.87%)
april = 3 (0.87%)
liverpool = 3 (0.87%)

Password length (length ordered)
8 = 155 (44.8%)
9 = 85 (24.57%)
10 = 57 (16.47%)
11 = 34 (9.83%)
12 = 14 (4.05%)
14 = 1 (0.29%)

Password length (count ordered)
8 = 155 (44.8%)
9 = 85 (24.57%)
10 = 57 (16.47%)
11 = 34 (9.83%)
12 = 14 (4.05%)
14 = 1 (0.29%)

<--output stripped for brevity-->

Pipal can be used to get a good insight into what common passwords are being used on the Active Directory Domain being tested. This knowledge can be used to create relevant exclusion wordlists to prevent users from setting common, easy-to-guess passwords.

A Different/Better Approach

It’s easy to check how many Windows domain users are using compromised passwords. It’s also rather convoluted and error-prone as well as very time-consuming.

What if there were an automated way of checking this that:

  • Gives instant results (a few minutes vs hours/days)
  • Is comprehensive, repeatable and deterministic
  • Secure (doesn’t leave a trace of the domain hashes anywhere)
  • No software installation required
  • User-friendly (not just for ubergeeks)
  • Doesn’t need Domain Admin privileges

The efficiency of this process can be significantly improved. Comparison times can be optimized down to milliseconds.

Running Pwncheck

Pwncheck is the currently most optimal way of getting a list of pwned users. No installation needed, nor Domain Admin privileges.

The 3 privileges that pwncheck needs can be granted like so:

#Just substitute the pwncheck account below with the account you want to assign replication privileges with

$Account = "pwncheck"

$RootDSE = [ADSI]"LDAP://RootDSE"
$DefaultNamingContext = $RootDse.defaultNamingContext

$cmd = "dsacls '$DefaultNamingContext' /G '`"$Account`":CA;`"Replicating Directory Changes`";'"
Invoke-Expression $cmd
$cmd = "dsacls '$DefaultNamingContext' /G '`"$Account`":CA;`"Replicating Directory Changes All`";'"
Invoke-Expression $cmd
$cmd = "dsacls '$DefaultNamingContext' /G '`"$Account`":CA;`"Replicating Directory Changes In Filtered Set`";'"
Invoke-Expression $cmd

Running pwncheck is a three-step process:

  1. Start the pwncheck executable
  2. Wait for it to download/load the DB
  3. Enter your credentials and click Go
pwncheck-gui
pwncheck-gui

After a few seconds, the pwncheck GUI will:

  • Write the report to disk
  • Securely scrub the process memory space and close its main window
  • Open up the report folder to reveal the report data

The README.html file containing the password audit results can then be viewed for the full report:

pwncheck-report
pwncheck-report

The pwncheck report dashboard

pwncheck-report-1
pwncheck-report-1
pwncheck-report-2
pwncheck-report-2
pwncheck-report-3

If you like this new approach, or if you have any comments, we’d love to hear from you!

You can see it in action here: pwncheck demo

Source: https://44con.com/2020/02/25/finding-pwned-passwords-in-active-directory/

Under the hood of Kubernetes and microservices


Under the hood of Kubernetes and Microservices

cloudmelon

In this blog, we’ll start to talk about the migration journey and innovation journey before diving into different architecture types of applications, from monolith then look at the principles of microservices as well as the basics of Containers and Kubernetes through the architectural perspectives. After getting a basic understanding of all these things, we can have a closer look at a few options of using DevOps tools to help enterprises boost the productivity, in particular, using Jenkins X as their main CI/CD tools while working with Kubernetes although we got a couple of other options as well. 

From monolithic to the microservices architecture

Back to the day, monolithic architecture has been popular over the last decades before the cloud became a trend. Monolithic architecture based applications tend to layer the structure into three tiers or N-tier applications, which basically like the following :

  • A presentation layer also called the front-end…

View original post 2,399 more words

Upgrading Active Directory from 2012 R2 to 2019


Hi folks, this is a very quick post where I will explain the steps to upgrade Active Directory from 2012 R2 to 2019. If you are still running 2012 R2 you will be missing out on some of the features to integrate your on-prem AD into Azure Active Directory so its definitely a requirement to […]

Upgrading Active Directory from 2012 R2 to 2019 — Virtualmanc.co.uk

Interview with an ethical hacker


Phỏng vấn một hacker mũ trắng

The Silicon Path

As the old Bon Jovi song goes, “good guys don’t always wear white.” Today, we’re talking to Greg, a penetration tester who makes his living by legally hacking companies to test their security posture.

Photo by vipul uthaiah on Unsplash

The media frequently portrays hackers as guys wearing hoodies clacking away at a BASH interface at 2am. The truth is that a large majority of hackers fall into two categories: organized crime and the professionals (AKA “penetration testers” or security researchers) who operate legally on behalf of companies. Neither wear hoodies, typically.

I recently did an interview with Greg, an ethical hacker who makes his living by hacking companies that have hired him to find flaws in their security posture. Today, he reveals how he got into this field – and how you can too!

I add in some clarification when Greg used acronyms or names that may…

View original post 4,640 more words

Best Books To Learn Ethical Hacking!


Các quyển sách hay để học Ethical Hacking

HACKING STUFF

Is hacking your passion? Are you fascinated with the thought of becoming a system security expert? If yes, then pull up your socks and start learning the right away with any of these books from this list of best ethical hacking books. You may want to pursue ethical hacking in a professional manner or just for fun. But whatever may be the case, it certainly requires a great deal of patience and dedication to learning about various penetration testing methodologies.

Today, cybersecurity has assumed tremendous importance since there is a major possibility of confidential information getting stolen from data servers or cloud storage. It is considered a breach of security and an attack on a system’s integrity. Malicious hackers sneak into a person’s private data or a company’s information system and gain unethical access to data or systems. It can also prove to be dangerous if a malicious hacker gets…

View original post 625 more words

HOW TO HACK FACEBOOK ACCOUNT


Facebook has been using for years by the users and its members do have lots of trust on it even though in the recent time we have noticed lots of security concerns with Facebook. Therefore it’s not easy to hack facebook account. The members of Facebook keep on increasing and there are approximately 1.97 billion active users available on Facebook.

We are very keen to Facebook and share our daily activities with our friends on Facebook. We share all the special occasions such as our birthdays, anniversaries, photos, vacations and also our businesses on Facebook. We also share the emotional moments, cherished moments and sometimes our ideology and philosophy on Facebook. We are sharing all these just to get the world aware about what we think. We strongly feel that nobody will be able to hack fb account but it’s not always true.

Also readHow to Hack Pubg and SS7 attacks to hack whatsapp

We believe that whatever we share is available to our friends, relatives and those who follow us on Facebook. But sometimes there are some bad people also who use our information for malicious purposes and can use the information against us. They keep watching us secretly and know every activity about us and they are always looking to hack facebook account of different people surfing on facebook.

Also Read: How to do Wireless Wifi Hacking

Top 4 Methods to Hack Facebook Account or to Hack FB Account

In order to hack somebody’s facebook acoount, there is no need to be a professional hacker. A bit of computer knowledge will enable you to access other’s facebook account. In this article I will show you some working and proved methods that you can use to hack someone’s facebook account. At the end of article I will also tell you how to prevent your facebook account from being hacked.

#1. Using Keylogger to hack Facebook Account:

Software Keylogger:  A software keylogger can be downloaded on the victim’s PC. As soon as it is activated it starts recording each stroke of the keyboard that victim makes. The software keylogger has to be downloaded on the victim’s computer without his knowledge. The keylogger would remain undetectable in the background and once it captured all the keystrokes of the victim, it will send the reports of captured data to your email.

Step by Step Guide to Use Keylogger to Hack Facebook Account

Step 1stIn the first step, download a good keylogger. You can also download emissary keylogger. You can also download some other keylogger via Google search.

Step 2ndOnce you download the emissary keylogger, extract the files on desktop. Many a times your anti-virus might delete the keylogger. So, disable the antivirus before downloading the emissary keylogger. There are no harmful viruses in this keylogger so don’t afraid.

Step 3rdNow, in the third step execute the emissary.exe file and you will instantly see the window as seen in the image below:

Step 4thNow, in the fourth step enter your Gmail details in the keylogger then click on “Test” to test the connection. You can create a fake gmail id for this purpose. Here you should test that all the information of keystrokes are delivering to your email or not.

Step 5thIn the fourth step, enter the time at which you would like to receive reports through email. You can use 20 minutes as it always preferable. Also change your server file name. Check all the boxes as shown in the image below:

Step 6th: Now click on ‘Build’ button and create your server file (make sure that your server file is in the same directory).

Step 7thAs this keylogger is free, you cannot send the server .exe file from email services. In fact, all of the email services don’t allow sending and receiving .exe files. It is therefore you need to first crypt and bind your file to any other file such as in image, videos, document etc. If you don’t know how to crypt and bind files than follow the below method to bind the file:

How to Bind Keylogger with Image, PDF or any other File:

Step 1stIn the first step, you need to download any file binder. I would recommend you to download shockwaves file binder. The password is futuretricks.

Step 2ndYou would have three files now. First one is the keylogger.exe file, second one is image or pdf file in which you would like to bind keylogger and third one is shockwave file binder.

Step 3rdNow, you are required to open the shockwave file binder and you will find two browsing options there. In the first browsing option select the image file or pdf file in which you would like to bind the keylogger. In the second browsing option you need to select the keylogger .exe file as shown in the image below:

Step 4thNow, tick on “Run Second File Hidden” and also click on Bind Button as shown in the image below:

Step 5th Now choose the name and path of the new file and your file is successfully bound with the keylogger.

Step 6thNow send this file to the victim and as soon as he open the image, PDF or any other file with which you had bind the keylogger, the keylogger will be installed in the victim’s computer.

Step 7thOnce the binding process is complete, you can also upload this file on free file storage websites such as mediashare, rapidshare, 4share etc. You can either send the victim the direct download link from the free storage websites.

As soon as victim execute the file you send, the keylogger file will installed on his computer and it start searches all the keystrokes including the username and passwords of facebook and send you email containing all the keylogs and screenshots from time to time as the time interval you have set earlier.

#2. Using Phishing to Hack Facebook Account

Phishing method is another method of attack to hack facebook account. Phishing means to send a fake page to the victim and as soon as he/she enters username and password, you will fetch it from the fake page uploaded on your server.

Phishing can be done using the Kali Linux OS or without Kali Linux. In this article, we will be discussing both methods as how to create a phishing page using the Kali Linux and how to make a phishing page online. For the first method, you should know how to install Kali Linux on your PC.

A phishing page to hack facebook account can be done using the social engineering toolkit that is already installed in Kali Linux OS. The phishing link should be sent to the victim from the same local area network as you and the data that the victim enters on the fake page will be stored in a file on your machine.

Steps by Step Guide to Hack Facebook Account Using Phishing with Kali Linux

Step 1st: Open the Kali Linux with root access as ‘setoolkit’ needs you to have root access.

Step 2nd: Now Type setoolkit’ in the command line.

Here you will get a warning that this tool is to be used with proper license and authorization or for only educational purposes and if you use it for malicious purposes than you violate the terms and conditions of the tool.

Step 3rd: You should agree with the terms and conditions by typing Y in the command line.

Step 4th: Here you will see a menu “next”. Enter 1 as your choice.

Step 5th: Enter 3 to select the ‘Credential Harvester Attack Method’ in order to get the victim’s confidential information by creating a fake page that will few form fields including the username and password options.

Step 6TH:  Now, you do have the option here that is either to build a fraudulent page by your own or you can also clone the page of facebook site or other trustworthy site.

Step 7th: If you wish to get a Clone page than Enter 2 in the command line. It may take few minutes to create a page.

Step 8th: Now, in order to get the IP address you should open a new terminal window and write ifconfig. You should copy the IP address as mention in the “inet” field.

Step 9th: SET will ask you to put the IP address where the confidential information of the victim to be stored. Paste the IP address as you copied in the earlier step.

Step 10th: As we have chosen to make a clone of a website, we need to enter the URL or domain of the website of which we would like to make a clone.

Step 11th: As the SET requires the Apache server so you should Enter Y when it prompted about starting the Apache process.

Step 12th: Till here, you have completed the setting up of Phishing page and hosted it on server. SET will make us aware about the directory at which the captured data will be stored.

Step 13th: In order to hide the IP address you should use the URL shortening services to change the URL of actual site.

Step 14th: Now Go to the browser and type http://yourIP (for example:http://192.168.0.203)

Step 15th: If the victim fills the information here in this page and clicks on “Log in”, he will be redirected to actual Facebook login page. Most often, users doesn’t take it seriously and consider it as error in Facebook.

Step 16th: In the final step you can go /var/www/html where you will be able to see the harvester file created there.

Note: Above phishing method is described here just for the educational purposes as you will be able to aware what steps that hackers are taking to hack your facebook account and therefore you should protect yourself. Here you should know the difference between the fake page and real page and it can easily be identifiable if you the URL in the browser. You should never enter your username or passwords in any of the URL of which you are not aware of.

Hope this step by step guide gave you a complete idea of how phishing attacks work.

#3. Hack facebook on same wifi android

This is another method using which one can hack facebook account. In this method, you can get almost 90% successes if you and the victim are on the same wifi network.  I am writing this method in order to make the people aware that what hackers can do if you are on same wifi network and  this is just for educational purpose so don’t use this method or any other above mentioned methods for illegal purposes.

How to Hack Facebook Account same wifi Android:

First you need to install an app called as Faceniff which is an android application and it is being widely used to intercept web-sessions profiles creating over different WI-FI Networks, and getting confidential information of the victim including the username and passwords of Facebook, Twitter,  Instagram  and other sites but make sure that you and victim are on the same WIFI network otherwise this method will not work.

Steps to follow to hack facebook account on same WIFI

1ST Step:  First, you need to install an app known as Faceniff . Download it from here.

2nd Step: Now, connect with the internet connection and also open the Faceniff app.

3rd Step: The next step is to click the red button. The red button you click will turn into green once the sniffer is on.  It seems like that of Firesheep for android devices.

4th Step: Firesheep is an extension of firefox that enables unscrupulous users to do the same task.  FaceNiff even supports WPA encrypted wireless networks.

5TH Step: In the fifth step, press the enter button and you will see the list of accounts which are connected to same WIFI network and you can choose any of the accounts.

6th Step:  Now, click the account you want to hack and you will get logged in automatically and can do whatever you want with the hacked account.

How to Protect Yourself from this App: In order to protect yourself from the above attack, you need to enable HTTPS for every service wherever it is available. You should always protect your internet connection whenever you use public Wi-fi at any place such as at coffee shop, restaurants or airport with a VPN.

#4. Hack Facebook Account Using Shellphish

Requirements:

  1. You need to have Kali Linux operating system.
  2. Internet Connection
  3. Shell Phish (will let you know in the below steps as how to get it)
  4. Firefox, Chrome or any other browser.

Step by Step Guide to Hack Facebook Account with Shell Phish

Step 1: Open Fireforx with Kali linux

Step 2: Now type github.com in the browser.

Step 3: Now, you need to type shell phish in the search box available.

Step 4: Choose the first repository.

Step 5: Here you need to click on the clone or download link and copy the link

Step 6: Open the Terminal

Step 7:  Now type git clone URL, and then paste the link here that you have copied before. Now, press enter.

Step 8: You will now redirected to downloading the shellphish file from here.

Step 9: Once the download complete, change your directory to shellphish by just typing “cd shellphish”.

Step 10: Now, type the commands (1s -1) within the shellphish directory. It will prompt to show you all the files and their permissions.

Step 11: Here, you will need to change the permissions of shellphish.sh

Step 12: Permissions are usually written as (-rw-r–r– ) in which (-r) means reading permissions and (w) means writing permissions.

Step 13: You will not find here the execute permissions as x. In order to add such permissions, you will require you to enter a command (chmod +x shellphish.sh). You will soon get the new permission as x just after entering the command.

Step 14: Just by typing (./shellphish.sh), you can execute the command.

Step 15: Shellphish terminal will start. From here, choose any option just by typing their numbers such as I if you want to make an instagram phishing page.

Step 16: Now, choose the port forwarding service which will provide you the phishing URL. For example, you can choose ngrok,

Step 17: If you are using it for the first time, than wait for few seconds as it will shortly start downloading ngrok.

Step 18: Once the download process is finished, it will provide you a link, which actually is the URL you can use to phish the victim.

Step 19: Now, you can easly send this lnk to your target using Whatsapp, Messanger, email or through any other media file.

Step 20: Once the target clicks over the link you send, you will instantly get its location as well as the IP address.

Step 21: Once the page open, the victim as enters the username and password in the page you given, it will be sent to you and the victim will be redirected to their instagram or facebook account whatever the phishing page is.

Top 3 Tools For Facebook Account Hacks

#1. Hack Facebook 2019:

They do have a team of software professionals & they promise to hack any facebook account to polish their programming skills as a part of their hobby. In today’s scenario, facebook hacking is becoming more and more complex. Gone are the days when hacking was an easy task, it is a challenging task today. Facebook has from time to time; use different strategies & security processes which are enormously tough to break. However, Facebook hacking is still possible using few universal programming language holes, security vulnerabilities & human error which no matter how advanced the security of a website like facebook gets, you still will be able to hack fb online.

Their Official Website:  https://www.hackfacebook2019.com/

#2. SicZine:

SicZine is another tool which can be use for facebook account hack. However it is quite simple and it is also automated which one of the main factors that their service would is proved to quite effective and affordable too. They also claimed that you will remain anonymous while hacking facebook account and their success rate for hacking facebook account is really high.

Their Official Website:  https://www.siczine.com/

#3. FbTracker:

Fbtracker is another tool that is quite famous for hacking facebook profile, usernames and passwords. They do have their app also so it can run on smartophones also. You can watch each and everything on a single Dashboard using their online platform.

CyberCure Technologies Pvt. Ltd.
CS-4, 2nd Floor, Chandni Plaza
Gyan Khand -1, Indirapuram,
Ghaziabad(NCR) -201014,India

Landmark: Near St. Francis School
Mobile: +91-9555550880
Email: info@cybercure.in

Source: cctinternshala.home.blog