Ftx Crash

 RUMEAR SAAY THIS HACKE IS  CREATE BY FTX                                                                                                            Elliptic said although the theft is unconfirmed, $473 million in crypto assets were apparently stolen from FTX.

 @FTX official say this 

                    to mitigate damage upon observing unauthorized transactions,” MILLER SAID THIS 

Investigating abnormalities with wallet movements related to consolidation of ftx balances across exchanges - unclear facts as other movements not clear. Will share more info as soon as we have it.

The stable coins and other missing tokens are being quickly converted to Ethereum FTX, until last week one of the most powerful players in the crypto industry

The stablecoins and other missing tokens are being quickly converted to ether

FTX, until last week one of the most powerful players in the crypto industry,

Under a microscope

As scrutiny of crypto exchanges increases, Singapore-based crypto.com admitted to accidentally sending more than $400 million in Ethereum to the wrong account. Its CEO, Kris Marszalek, said on Twitter the transfer of 320,000 ETH was made three weeks ago to a corporate account at competing exchange Gate.io instead of to one of its offline, or “cold”, wallets.

And though funds were recovered, users are withdrawing from the platform fearing the same outcome as FTX. Binance CEO Changpeng Zhao issued a warning on Twitter saying, “if an exchange have to move large amounts of crypto before or after they demonstrate their wallet addresses, it is a clear sign of problems.”

‘We have since strengthened our process and systems to better manage these internal transfers,” Marszalek tweeted Sunday.

From                                                                                                                                                                     IOSCO(International Organization of Securities Commissions), which coordinates rules for G20 countries and others, has already set out principles for regulating stable coins, but now the focus is turning to platforms which trade in them.

In mainstream finance there is functional separation between activities like broking, trading, banking services and issuance, with each having its own set of conduct rules and safeguards.

"For investor protection reasons, there is a need to provide additional clarity to these crypto markets markets through targeted guidance in applying IOSCO's principles to crypto assets," Servais said.

International Organization of Securities Commissions, is an umbrella body for market watchdogs like the Securities and Exchange Commission in the United States, Bafin in Germany, Japan's Financial Services Agency, and the UK Financial Conduct Authority, who all commit to applying the body's recommendations.

The European Union's new markets in cryptoassets or MiCA framework is an "interesting starting point" for developing global guidance as it focuses on supervision of crypto operators, said Servais, who also chairs Belgium's financial regulator FSMA.

Spoofing

 1. IP Spoofing 

This technique is done to mask the IP address of a computer that the hacker is using in order to fool a network into thinking that a legitimate user is communicating with a targeted computer. To do this, a hacker imitates another IP address or range to meet the IP address criteria set by a network administrator. 

This spoof hacking technique works by finding an IP address that a trusted host uses. After doing so, you can modify the headers of packets in order to fool the network into believing that it is coming from an authorized user. This way, you can send harmful packets to a targeted network, without having them being traced back to you. 

2. DNS Spoofing  

DNS spoofing works by using the IP address of a website in order to send someone into a malicious website where a hacker can easily harvest private information or user credentials. This man-in-themiddle attack allows you to communicate with an unsuspecting target into thinking that he has entered a website that he searched for, and then allow a hacker to freely receive account details that this user will be entering on a false website. 

In order for this to work, the hacker needs to be on the same LAN as the target. In order to acquire access to that LAN, a hacker can simply search for a weak password on a machine that is connected to that network, which can even be done remotely. Once this is done successfully, a hacker can redirect users to go to a rigged website and monitor all activities that they will do there. 

3. Email spoofing 

Email spoofing is very useful when it comes to bypassing security services employed in an email service. This means that when an email address is spoofed, the email service will recognize any mail sent from a rigged account as legitimate and will not be diverted to the spam inbox. This technique allows a hacker to send emails with malicious attachments to a particular target. 

4. Phone number spoofing 

Phone number spoofing typically uses false area codes or phone numbers in order to mask the location or identity of a hacker. This tactic allows hackers to successfully tap voicemail messages of their targets, send text messages using a spoofed number, or mislead a target from where a call is coming from – all these tactics are very effective when laying the groundwork for social engineering attacks.

Hacking Tools

 Both ethical and criminal hackers have access to abundance of hacking tools that can be used to either attack or protect a particular system. These tools can be crowd-sourced from the internet through forums and other online hubs dedicated to hackers.

As a beginning ethical hacker, it is very important that you learn the most commonly used tools to detect possible vulnerabilities, conduct tests, and administer actual hacks. Here are 8 of the most popular tools used by hackers today: 

1. Angry IP Scanner (ipscan) 

Most popularly called as ipscan by seasoned hackers, this tool is used to track computers through their IP addresses and also to snoop for ports to check for gateways that will lead them straight into a targeted computer system. This tool is also commonly used by system engineers and administrators to check for possible vulnerabilities in systems that they are servicing. 

This tool is open source and can be used across platforms, and is lauded for being one of the most efficient tools for hacking that is available on the market. 

2. Kali Linux

 Launched in 2015, this application is one of the favorites of hackers because of the abundance of features. This security-centered toolkit allows you to run it right from a CD or through a USB, without need for any installation. This toolkit contains most of the interfaces that you need for hacking, which includes creation of fake networks,spoof messages, and even crack WiFi passwords. 

3. Cain & Abel

 Cain & Abel is one of the most efficient hacking toolkits that work well against Microsoft operating systems. This tool allows you to recover wireless network passwords, user account passwords, and use a few brute force methods when it comes to cracking passwords. You can also use it to record VoIP conversation sessions.

 4. Burp Suite 

Burp Suite is one of the most essential tools that you can use when you want to map out vulnerabilities on a website. This tool allows you to examine every cookie that resides on a website, and also start connections within website applications. 

5. Ettercap 

This tool is efficient when it comes to launching man in the middle attacks, which is designed to make two different systems believe that they are communicating with each other, but a hacker is secretly relaying a different message to the other. This tool is efficient in manipulating or stealing transactions or transfer of data between systems, or to eavesdrop on a conversation.

 6. John the Ripper 

This is one of the best brute force password crackers which use the dictionary attack. While most hackers may think that brute force tactics involve too much time to crack a password, John the Ripper is known to be one of the more efficient tools when it comes to recovering encrypted passwords. 

7. Metasploit 

Metaspoit is widely acclaimed among hackers because it is an efficient tool when it comes to identifying possible security issues and also to verify mitigations of system vulnerabilities. It also is one of the best cryptography tools for hackers since it is also efficient when it comes to masking identities and locations of an attack. 

8. Wireshark and Aircraft-ng

These tools are used together to detect wireless connections and hack user IDs and passwords on a WiFi connection. Wireshark serves as a packet sniffer, and Aircraft-ng serves as the packet capturing suite that will also allow you to use a variety of other tools to monitor WiFi security

What is an Active Attack?

 An active attack is a direct exploit on a targeted network, in which a hacker aims to create data changes or create data that will attach itself to the target to make further exploits. 

Active attacks are typically classified into the following:

1. Masquerade attack 

    In this attack, a hacker pretends to be a legitimate user of the network in order to gain deeper access or better authorization. A hacker typically does this by using hacked user IDs and passwords, bypassing an authentication system, or exploiting discovered security flaws. 

Once a hacker becomes successful in infiltrating the system with the identity that he pretends to have, they can easily make changes or delete any software or file, and even kick out authorized users on a network. They can also make modifications on the network and router settings, which may allow them to gain access to the 

2. Session replay 

    In this attack, a hacker makes use of a stolen session ID in order to create an automatic authentication the next time the target accesses a particular website. This attack exploits the web’s nature of storing forms, cookies, and URLs on a browser. 

   Once the hacker gets the data used by a particular session ID on a targeted website, he can then proceed to a session replay attack, which allows him to do everything that the legitimate user of the ID can do. Since session replay attacks do not happen on real time, this attack is typically discovered once the legitimate user finds discrepancies on his account. Most of the time, victims of a session replay attack only discover that their accounts has been compromised when identity theft already occurred. 

3. Denial of Service (DoS) and Distributed Denial of Service (DDoS) 

    A DoS attack is defined as the denial of access or service to a legitimate user – you can see that all services that are running on your computer are slowing down or quit suddenly as you use them. A DDoS attack, on the other hand, involves a larger number of systems that have been previously compromised by a hacker to attack a particular target.

  While DoS and DDoS attacks are not used to destroy a target’s security system or to steal data, it can be used to generate profit loss or to render a computer system entirely useless while it is being used. Usually, these attacks are made to create a temporary loss in connectivity on a network and deny all related services. In certain occasions, these attacks can also work to destroy certain files and programs on a targeted computer. 

    A DoS or a DDoS attack is very similar to having a slow internet connection and a slow computer at the same time. During such an attack, you may feel that your network’s performance is unusually slow and you cannot access any website. At the same time, it is also relatively easy to find out if you are being targeted for an attack – you may see that you are receiving too much spam or other signs of unusual traffic. 

Now that you have an idea on the types of attacks that a hacker may launch, it’s time for you to learn how a hacker can launch them and prepare yourself to do countermeasures

crack wifi

Hey

Before know if you attack on someone or system in Terms of cyber security

Step 1 :- identify a person or system 

Step 2:- scan a system or person because we need to ac a

What is a Passive Attack?

 A passive attack is an attack wherein the hacker waits for the perfect opportunity to penetrate your system. This type of attack is typically done in order for a hacker to observe your networking structure, the type of software you use, or any security measures that you have already installed. 

Passive attacks typically happen when a hacker monitors possible system vulnerabilities without making any changes to the data that he targets. You can think of this attack as a hacker’s means of researching about his target in order to launch a more effective attack. Passive attacks are classified into: 

1. Active reconnaissance 

        This happens when an intruder listens right into a targeted system by engaging the target to find out where weak points are. This is typically done through port scanning, which is an effective tactic to find out where the vulnerable ports are located and what type of data they normally host. After discovering the vulnerability, a hacker may engage this weak point and exploit the services that are associated with them. 

2. Passive reconnaissance

         This happens when a hacker chooses to study the targeted system without actively engaging it, without the intention of directly engaging the target. Passive reconnaissance tactics include war driving (discovery of unprotected wireless network), dumpster diving (finding data on discarded devices or documents), or masquerading (pretending to be a network user with authorization) 

These two tactics can be essential tools when it comes to discovering vulnerabilities in your computer system to enable you to prevent any further attacks. Once you are able to use reconnaissance tactics, you can easily map out where the weak points of your computer system really are. 

Once you are able to identify vulnerable points through the use of test reconnaissance attacks, you will realize that the simplest and best way to protect your computer system from snooping is to install an IPS (intrusion prevention system), which will serve as your safeguard from port scans and your automated method of shutting down any attempts of a port scan before an intruder gets a complete map of your network. At the same time, you can also install a good firewall that will control the visibility of your network’s ports.