Most people think Jupyter is just for Python and data science stuff, but apparently you can run Rust in one, too.

In this tutorial, we’ll be taking a look at:

1. What is EvCxR?

2. How to Install the Rust Jupyter kernel

3. How to run your first Rust code in a notebook

4. Handy Tips and Tricks

5. Common Issues and Solutions

6. When NOT to Use Jupyter for Rust

Friendly Disclaimer: This tutorial assumes you know the basics of both Rust and Jupyter. If you break something, that's on you, mate 🙂.

So without further ado, let's jump in.

What is EvCxR?

EvCxR (pronounced "Evaluator" to my fellow linguists’ horror) is a Rust REPL and Jupyter kernel. It's basically the magic that lets you run Rust code interactively in Jupyter notebooks instead of the traditional compile-run-debug cycle.

The name stands for "Evaluation Context for Rust", and it’s an open source project actively maintained on GitHub. Here are a few things that make this terribly named tool absolutely brilliant:

1. Interactive development: It lets you test Rust snippets without creating a whole project 🧪

2. Prototyping: You can quickly try out ideas before committing to a full implementation 💡

3. Data visualisation: And yes, you can even plot charts with Rust (more on that later) 📊

How to Install the Rust Jupyter kernel

Prerequisites

Before we dive into the installation, make sure you have these sorted:

1. A Linux System: Or at least, Windows Subsystem for Linux (There’s a little note below for Windows users.)

2. The Rust toolchain: You can get it from rustup.rs if you haven't already

3. Jupyter: Install via pip – pip install jupyter

4. Patience: This might take a minute or two ⏱️

Once you’ve got all that, we can get rusty (pun intended).

Note: If you’re using Windows, you’ll need to do a little extra to get started. Here’s the quick rundown:

1. Go to https://visualstudio.microsoft.com/visual-cpp-build-tools/

2. Download and run the installer

3. Select "Desktop development with C++"

4. Install it (it's large, ~5GB)

Step 1: Install EvCxR

Open your terminal and run this command:

cargo install evcxr_jupyter

Now go grab a cup of joe ☕. This will take a few minutes as Cargo downloads and compiles everything. And don't panic if it seems stuck. Rust compilation is thorough but not particularly fast.

If you get any errors about missing system libraries, you might need to install some dependencies. On Ubuntu/Debian, try:

sudo apt install jupyter-notebook jupyter-core python-ipykernel
sudo apt install cmake

On macOS with Homebrew:

brew install cmake jupyter

Step 2: Install the Jupyter Kernel

Once the installation finishes, you’ll need to register the EvCxR kernel with Jupyter:

evcxr_jupyter --install

You should see output that looks something like this at the end:

Installation complete

Step 3: Launch Jupyter and Create a Rust Notebook

Let’s test out our baby. Fire up Jupyter:

jupyter notebook

Your browser should open automatically (if it doesn't, copy the URL from the terminal).

In the Jupyter interface:

1. Click New in the top right

2. Select Rust from the dropdown (or "evcxr" depending on your version)

3. A new notebook opens

Welcome to interactive Rust! 🦀

Step 4: Write Your First Rust Code

Let's start with a classic:

println!("Hello my fellow Rustaceans! 🦀");

Hit Shift + Enter to run the cell. You should see the output appear below the cell. Simple as that.

Note that notebooks execute code at the top level, so you don’t have to wrap it around the main() function. If you still want to do that, you’re going to have to call it like this:

fn main(){
    println!("Hello my fellow Rustaceans! 🦀");
}
//Calling the function
main()

Now let's try something more interesting:

fn fibonacci(n: u32) -> u32 {
    match n {
        0 => 0,
        1 => 1,
        _ => fibonacci(n - 1) + fibonacci(n - 2)
    }
}

for i in 0..10 {
    println!("fibonacci({}) = {}", i, fibonacci(i));
}

Run it and watch the Fibonacci sequence appear.

fibonacci(0) = 0
fibonacci(1) = 1
fibonacci(2) = 1
fibonacci(3) = 2
fibonacci(4) = 3
fibonacci(5) = 5
fibonacci(6) = 8
fibonacci(7) = 13
fibonacci(8) = 21
fibonacci(9) = 34

Handy Tips and Tricks

Functions aren’t the only things that behave differently when using Rust in notebooks. Here are a few other things you might want to keep in mind:

Variables Persist Between Cells

Unlike traditional Rust compilation, variables you define in one cell stick around for the next cells:

let mut counter = 0;

Then in the next cell:

counter += 1;
println!("Counter: {}", counter);

The output would be:

Counter: 1

This is great for building up complex examples step by step.

You Can Use External Crates

Add dependencies with the :dep command in one cell:

:dep serde = { version = "1.0", features = ["derive"] }
:dep serde_json = "1.0"

Then use them normally in the next:

use serde::{Serialize, Deserialize};

#[derive(Serialize, Deserialize, Debug)]
struct Person {
    name: String,
    age: u32,
}

let person = Person {
    name: "Amina".to_string(),
    age: 24,
};

let json = serde_json::to_string(&person).unwrap();
println!("{}", json);

Output:

{"name":"Amina","age":24}

Pretty neat, huh?

Visualisation Support

You can even create graphs. To get started, install the plotters crate:

:dep plotters = { version = "0.3", default-features = false, features = ["evcxr", "all_series", "bitmap_backend", "bitmap_encoder"] }

Then create a simple sine graph:

use plotters::prelude::*;

let root = SVGBackend::new("sine_wave.svg", (640, 480)).into_drawing_area();
root.fill(&WHITE).unwrap();

let mut chart = ChartBuilder::on(&root)
    .caption("Sine Wave", ("Arial", 20))
    .margin(5)
    .x_label_area_size(30)
    .y_label_area_size(30)
    .build_cartesian_2d(-3.14..3.14, -1.2..1.2)
    .unwrap();

chart.configure_mesh().draw().unwrap();

chart.draw_series(LineSeries::new(
    (-314..314).map(|x| {
        let x = x as f64 / 100.0;
        (x, x.sin())
    }),
    &RED,
)).unwrap();

root.present().unwrap();
println!("Plot saved to sine_wave.svg");

Output:

A word on plotting: You can actually display plots directly inline in your notebook. But if you're using WSL with VSCode (like I do), inline plotting may not work properly due to rendering issues on the notebook interface. That’s why I used it as an svg file that I can easily view in my text editor.

Checking Types

Not sure what type something is? Use :vars. This shows all variables and their types:

let x = vec![1, 2, 3];

:vars

Output:

Variable	    Type
       x	Vec<i32>

Common Issues and Solutions

Compilation Errors Everywhere

If you're getting weird compilation errors, remember:

• Each cell is compiled separately

• You might need to reimport things in each cell

Slow Execution

The first time you run code in a session, it's slow due to the compilation overhead. Subsequent runs are faster. If it's really slow, you might want to:

• Use release mode: :opt 2

• Reduce dependency features to only what you need

• Consider if Jupyter is the right tool for your use case

Dependencies Not Loading

If a crate won't load:

• Make sure the version exists on crates.io

• Check your internet connection (it needs to download)

• Try specifying features explicitly

• Clear the cargo cache if things get really wonky: rm -rf ~/.evcxr

When NOT to Use Jupyter for Rust

Jupyter notebooks are great for learning and experimenting, but they're not always the best choice in:

• Production code: Use proper projects with cargo

• Performance-critical code: The overhead isn't worth it

• Large applications: Notebooks get very messy, very fast

• Team collaboration: Version control with notebooks is quite the nightmare

Stick to notebooks for prototyping and quick experiments. For anything serious, fire up your favourite editor and create a proper Rust project.

Conclusion

Let's summarise what you've learned:

1. How to install the EvCxR Jupyter kernel

2. How to create and run Rust notebooks

3. How to use external crates in notebooks

4. Tips and tricks for interactive Rust development

Jupyter notebooks make Rust more accessible for learning and experimentation. Give it a go next time you want to try out a quick Rust snippet without the ceremony of creating a full project. And with that, we've come to the end of this tutorial.

Cheers.

Resources

1. EvCxR GitHub Repository

2. Rust Book

3. Jupyter Documentation

Acknowledgements

Thanks to Anuoluwapo Victor, Chinaza Nwukwa, Holumidey Mercy, Favour Ojo, Georgina Awani, and my family for the inspiration, support and knowledge used to put this post together.

And thanks to the EvCxR project maintainers for making this possible, the Rust community for being awesome, and to anyone reading this for wanting to learn. You inspire me daily.

So you’ve discovered the world of ethical hacking and you want to try your hands on something. Trouble is, doing some ‘practical application’ on the wrong thing could get you fined, arrested, and even undesired jail time.

You don’t have to give up your dreams just yet though. There is a legal, ethical way to sharpen your cyber offensive skills: Vulnerable Virtual Machines.

In this tutorial, we’ll take a look at the following:

1. What is a Virtual Machine?
2. What is Metasploitable?
3. How to Set Up Metasploitable
4. A Quick Word on Vulnerable VMs

So without further ado, let’s jump in.

What is a Virtual Machine?

Virtual Machines ¦ Credit: [Hackersarts](https://www.deviantart.com/hackersarts" rel="noopener noreferrer)

A Virtual Machine (VM) is an emulation of a computer system. Think of it like a mini disposable environment where you can play around with different operating systems and software.

On a VM, you can delete critical system files, test software, or even install a virus (not recommended), and nothing will happen to your actual system.

All this is made possible with a hypervisor, a software that takes some of your ‘host’ system’s hardware resources, and makes it available for the ‘guest’ machine. A hypervisor allows you to determine things like how much RAM, storage, and even screens (if you have multiple displays), you want to hand over to the VM.

There are 2 types of hypervisors, namely:

• Type 1 hypervisors
• Type 2 hypervisors

Mind blowing naming scheme, I know.

Type 1 hypervisors run directly on the physical host machine and have direct access to hardware resources. They tend to be used for servers and enterprise-level infrastructure. They are considered more efficient because of their direct access to the host resources. Examples of type 1 hypervisors include Microsoft Hyper-V and VMware ESXi.

Type 2 hypervisors, on the other hand, are installed on the host OS, and manages the hardware resources for the guest. You would find these on personal computers and they make hardware resource management pretty easy for the average user. Examples of type 2 hypervisors are Oracle VirtualBox (my personal favourite 😌) and VMware Workstation.

We’ll be using Oracle VirtualBox, a type 2 hypervisor, for simplicity (and because I don’t have a server randomly lying around the house). Now, let’s find an appropriate vulnerable VM to install.

What is Metasploitable?

A mere box ¦ Credit: [Rostislav Uzunov](https://www.pexels.com/@rostislav/" rel="noopener noreferrer)

Metasploitable is an ‘intentionally vulnerable virtual machine’ by Rapid7, owners of the popular security project, Metasploit. Note that Metasploitable and Metasploit are two different things entirely. The previous is a VM while the latter is a cyber offense tool (which may or may not be covered in a later article 😉).

VMs, much like any other computer, need to be as secure as possible. Metasploitable does the complete opposite. It comes out of the box with enough vulnerabilities to give the cybersecurity professionals at CYSED serious nightmares. The VM is a Linux-based system with various ports open, insecure configurations, and outdated software.

Now, let’s figure out how to install it securely on our systems.

How to Set Up Metasploitable

The metasploitable interface ¦ Credit: Author

Before we go further, you’re going to need a few things:

• An Internet Connection
• A Computer with at least 8 GB RAM and 20 GB free storage
• A flair to be an awesome geek

And with those boxes checked, let’s get started.

To download the VM, head over to Google and type in ‘Metasploitable download’. Click on the first link by SourceForge, and hit download. The file is about 800 megabytes so feel free to pull up an episode of Scooby-Doo while that’s downloading.

You should have a zip file like this once that is done:

The metasploitable zip file ¦ Credit: Author

Right-click and hit ‘Extract All…’ to get the VM Disk. You should see some files like this:

The zip file contents ¦ Credit: Author

We’re going to need VirtualBox to install our VM. You can quickly setup VirtualBox using this tutorial by Beau Carnes. To import Metasploitable, open VirtualBox and click on ‘New’. Set the following options:

Name: Metasploitable (or whatever you like)

Type: Linux

Version: Other Linux (64-bit)

You don't have to select an ISO image because the OS is already in the virtual hard disk which will be installed as we go along.

Setting up the VM ¦ Credit: Author

Click on ‘Next’, which should take you to the hardware section. As mentioned before, a VM is a simulation of the real system, which requires resources like RAM and a Processor. You can change the amount of RAM and logical processors your VM uses.

Keep in mind that the more resources you allocate to the VM, the less resources you have for your system.

On that note, I would suggest leaving the default hardware settings.

Deciding how much hardware we need ¦ Credit: Author

Quick lesson: Your system likely only has 1 physical processor but can have as many as 8 or more logical processors. This is because of something called hyperthreading, where a computer basically converts it’s physical cores into multiple smaller virtual ones. Now back to the tutorial.

Click ‘Next’ and you’ll be directed to the ‘Virtual Hard disk’ section. Normally, you’d create a virtual hard disk for your VM but we already have one.

Click on ‘Use an Existing Virtual Hard Disk File’ and hit ‘Add’ at the top right.

Selecting a Virtual hard disk ¦ Credit: Author

This will open up File Explorer, where you will proceed to select the ‘Metasploitable.vmdk’ file. Once that is done, Metasploitable should appear under the ‘Not Attached’ list.

Selecting the Metasploitable hard disk ¦ Credit: Author

Select it, hit ‘Choose’ and click on ‘Next’. You will be led to a ‘Summary’ section which will give you information about the VM before it is finally setup.

Putting in the final touches ¦ Credit: Author

Let’s finish it up by literally hitting ‘Finish’ and you should get a screen like so.

Metasploitable installed on VirtualBox ¦ Credit: Author

Congratulations on setting up Metasploitable 🎉. Now you can build your cybersecurity skills without risking a trip to your local prison 😉.

The credentials for the machine are msfadmin:msfadmin. Feel free to boot up your Kali machine, ping the machines, and start hacking. Here, I’ll give you a hint: It starts with ‘nmap’ 👁️.

A Quick Word on Vulnerable Machines

A network of sorts ¦ Credit: [AcatXIo](https://pixabay.com/users/acatxio-20233758/" rel="noopener noreferrer)

Just like a real system, a virtual machine is vulnerable to real world attacks. Try not to leave Metasploitable up when not in use and definitely do not expose it to an untrusted network.

By default, the VM is set to use NAT (Network Address Translation) which adds a layer of security by isolating it from the external network while providing it access to the internet.

However, this may not be a comprehensive solution. One common alternative is to change the network adapter settings to ‘Host-Only’, which shuts the VM off from the Internet but allows it to communicate with other VMs and the host.

If you’re wondering what the other options are, here is a quick summary for each:

• NAT: Shares host network, provides internet access to VM.
• Bridged Adapter: VM connects directly to the physical network.
• Internal Network: Isolated network for VMs on the same host.
• Host-Only Adapter: VMs communicate with host and among themselves.
• Generic Driver: Allows using custom, non-standard network drivers.
• NAT Network: Similar to NAT but allows defining network properties.
• Cloud Network: Experimental feature for cloud-based networking.
• Not Attached: No network connection for the virtual machine.

Conclusion

And now, let’s summarize what you’ve learned in this tutorial:

1. What a Virtual Machine is and how it works
2. What Metasploitable is
3. How to install Metasploitable and any other VM
4. What different network adapters do in VirtualBox

Playing with Metasploitable is a great way to practice offensive cybersecurity skills and the defensive if you want to try and patch it up. Vulnhub is a great place to download more virtual machines if you want to move beyond Metasploitable.

You could also use platforms like TryHackMe and HackTheBox which are gamified and make things more fun if you want something a little different.

Good luck and Happy Hacking 🙃

Resources

1. Learn more about Cybersecurity in Africa
2. The Metasploitable Exploitability Guide from Rapid7

Acknowledgements

Thanks to Anuoluwapo Victor, Chinaza Nwukwa, Holumidey Mercy, Favour Ojo, Georgina Awani, and my family for the inspiration, support and knowledge used to put this post together. You’re all amazing.

Cover image credit: Google DeepMind

In the movie Uncharted (great movie by the way), Tom Holland and his brother have a secret form of communication. They would write a message on a plain postcard with special ink that became invisible and then send it to the other person.

On the outside, it seemed like another plain old postcard. But if a lighter was lit just behind the paper, the ink would reappear, and a new message would be found 🔥.

This is one of the coolest hidden information tricks seen in movies. But what if we could do this on computers?

Well, turns out we sorta can. Using Steganography.

Disclaimer: This concept can be used for both good and bad. The content of this article is for educational purposes only and is not to be used to play pranks, or harm people and infrastructure.

And with that out of the way, here’s what we’re going to explore in this article:

1. What is Steganography?
2. Types of Steganography – Text, Image, Video, Audio, Network
3. Image steganography using Steghide

What is Steganography?

Steganography is the art of hiding secret data in plain sight. It sounds kind of counter-intuitive, but you’d be surprised how effective it is.

Hiding things such as source code, passwords, IP addresses, and other confidential information in pictures, music, or other random files tends to be the last place anyone would think of finding them.

You should note that steganography and cryptography are not mutually exclusive from each other. One may contain elements of the other or both. For example, you could perform steganography with an encryption algorithm or password, as you’ll find out soon.

Types of Steganography

There are various types of steganography, and we’ll look at five of them in this tutorial.

Text Steganography

This form involves hiding a message within a text. A common way to do this is substitution. It involves replacing certain characters with others and then substituting them back to retrieve the original data.

For example, take the following text.

Thi follow eng tixt contaens a sicrit missagi

Doesn’t really make sense right? But what if we replace the i’s with e’s and the e’s with i’s?

The follow ing text contains a secret message

I think that’s a little easier on the eyes. This is a pretty easy example, but there are much more complicated ones and even some you could come up with on your own.

Image Steganography

Frankly, this is my favourite. It involves hiding data behind digital images. There are various techniques for image steganography which include the Least Significant Bit technique, Masking and Filtering, and Coding and Cosine Transformation.

Take a look at the two images below and spot the difference:

Groot on Linux ¦ Credit: Mercury

Basically, no human on earth can tell the visual difference. But if you take a closer look at the file details…

Comparing the images ¦ Credit: Mercury

The only difference is the size of the images. That’s because the one on the right is hiding 260 words of text in it. How cool is that?

Video Steganography

In Video steganography, you can literally hide entire videos inside another video. Videos are basically a sequence of images with audio playing as the sequence progresses. This type of steganography allows each video frame to encode an image of the one you want to hide.

This technique can also be used to hide text as demonstrated in the software Steganosaurus by James Ridgeway. He shows how it works in this video.

Audio Steganography

This type of steganography enables hidden messages to be encoded inside an audio file. A common technique used in this is called Backmasking. Backmasking is hiding a message in the audio file and it can only be heard when played backwards.

The famous rapper, Eminem, did some backmasking in the song ‘Stimulate’ back in 2002.

Network Steganography

This is relatively rare, but nevertheless, it is a technique in which messages are passed by hiding them in network traffic. The messages could be found in the payload or headers of data packets when captured and analysed by the receiver.

Now let’s take a look at how to do some image steganography.

Steganography using Steghide

Steghide is an open source image steganography tool that uses the least significant bit (LSB) method to hide data in images.

Images are made up of pixels, which are made up of bits. The bit depth determines how many colours are present in an image. The higher the bit depth, the more colourful the image tends to look.

What LSB does is change the last bit of each byte (or pixel) in the image to one that represents the data you want to hide. This changes the image data, but if done properly is not perceivable. The higher the bit depth and resolution, the more data can be stored in the image.

Now that you understand how it works, let’s play a little hide and seek (no pun intended 👀).

First we’ll be needing a few things:

1. A Linux OS
2. An Internet Connection
3. An Image
4. A Text file

Install Steghide

First we need to install Steghide. Open your terminal and run the following command to do that:

sudo apt install steghide

You can always run steghide --help to get the command list to see all your options.

Get your image ready

Next, have an image and a text file in a directory. My files are ‘information.txt’ and ‘image.png’. I’ve also put some text in the file to hide in the image later.

Setting up files ¦ Credit: Mercury

Open up your terminal again and go to the directory you stored the files. Mine is in ~/Documents/steganography_tutorial.

Looking for the files ¦ Credit: Mercury

Create a new image

Next, run the following command to create a new image that contains the text file you want hide.

steghide embed -ef <data> -cf <image> -sf <stego_image> -v

Let’s take a look at the command:

• steghide – We specify the tool to use
• embed – Tells the tool we want to embed data
• -ef – Embed file, specifies the file to hide
• -cf – Cover file, specifies the cover image
• -sf – Stego file, creates a duplicate of the original image with the embedded file in it
• -v – Verbose, gives us more information about the process

When the command is run, you’ll be asked to enter a password. If you want an extra layer of security, you might want to do this. If you don’t, just hit enter twice. Here’s the result of what I ran:

Embedding the information ¦ Credit: Mercury

Inspect the new file

Now let’s take a look at the new file.

Comparing the images side by side ¦ Credit: Mercury

There’s seems to be no difference. We can take a closer look with a site called diffchecker.com.

Comparing the images details ¦ Credit: Mercury

Extract the data

The stego file is slightly bigger than the original because it contains information. We can extract the data from the stego file using the command below.

steghide extract -sf <stego_image> -xf <extracted_data>

Let’s review the command above:

• -sf – stego file, the image containing hidden data
• -xf – extract file, the file with extracted data

Below is the screenshot from running the command. The extracted text is also shown below.

Extracting the information ¦ Credit: Mercury

If you extracted the text, Congratulations 🎉🎊. You have successfully hidden and extracted the text from the image. You can do this with a number of things, even whole books.

Using a different tool called Stegcore, I hid a text file containing Quincy Larson’s new book, “How to Learn to Code & Get a Developer Job”, behind an image of the book🔍.

Here’s an excerpt from the book.

An excerpt from the book ¦ Credit: Quincy Larson

And just like before, the text was embedded into a new image. Here is the original and the stego image side by side.

The original image compared to the stego image ¦ Credit: Mercury

And as expected, the stego image is slightly larger in size than the original.

The image details side by side ¦ Credit: Mercury

Talk about hiding a book behind a book (bad joke, I know 🤧). If you want to try it out, you can check out the Github repository or the app.

Conclusion

You’ve learned what steganography is and how to implement it using tools. Keep in mind that steganography is a tool and can be used for both good and bad. Companies can hide sensitive information using these means. On the other hand, a hacker could use it to hide malicious code.

Once again, this tutorial is for educational purposes only and is to be used to help and defend information from black hat hackers. Stay safe in the online jungle and happy hacking 🙃.

Acknowledgements

Thanks to Anuoluwapo Victor, Chinaza Nwukwa, Holumidey Mercy, Favour Ojo, Georgina Awani, and my family for the inspiration, support and knowledge used to put this together. I appreciate all of you.

If you want articles similar to this one, hit me up on Upwork or read more of my articles here.

Cover image credit: Abstract Data Cube ¦ Credit: Shubham Dhage.

In this article, we will explore the famous (or infamous) sphere of social media, why it is critical to both you and hackers, and how you can avoid having your social media accounts attacked.

Disclaimer: Hacking is a tool with the potential for both good and bad. Under no circumstances should the knowledge in this article be used for any harmful or illegal purposes. Doing so could lead to a long time in a jail cell 💀.

And with that, let’s jump in 🙃.

What We’ll Cover

1. Overview of Social Media Platforms

2. Attack Techniques

3. Defense Tips

Overview of Social Media Platforms

Media is Everything ¦ Credit: Anledry Cobos

Meta (formerly Facebook) remains one of the biggest companies on the planet.

Starting off in 2004, it redefined the way we interact with, share, and engage with the world around us. With roughly 2.98 billion monthly active users, Facebook has become an integral part of modern society, bridging gaps and fostering virtual communities.

The platform was among the pioneers of the social media craze which introduced the world to more apps such Instagram, Snapchat, Reddit, WhatsApp, YouTube, TikTok, Telegram and most notoriously, Twitter 🐦. Each and every single one of these apps have a different feel and taste to them with one underlying purpose: Connections.

Connections to people, places and products have been the centre of it all. These platforms allow you to interact with friends, as well as strangers. They also help you see the world around you in ways no one thought was possible many years ago. And if you’re a business person or content creator like I am, it allows you to show people what you have to offer.

If an attacker compromises your credentials, they have access to your connections. They could use your data to impersonate you, post illegal and harmful things, damage your reputation, spread malware, and social engineer your friends and followers on the platform in order to steal money and compromise their accounts.

According to Gitnux, there are about 1.4 billion attacks on social media platforms monthly – quite a lot isn’t it?

Giga Chad ¦ Credit: The Hacker Community

Many companies take the cybersecurity of their infrastructure quite seriously (most times anyway 😶). But as a consumer, you are your own last line of defense or your own greatest vulnerability.

In this article, we will take a look at some ways attackers can convert your ‘connections’ into profit and how you can defend against them. Now let’s find out how hackers can compromise your account.

Social Media Account Attack Techniques

A ‘Like’ signboard on 1 Hacker Way ¦ Credit: [Greg Bulla](https://unsplash.com/@gregbulla?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText" rel="noopener noreferrer)

Physical Access

This may seem obvious, but people still make this mistake a lot. An attacker could install scripts or software that would let them get the passwords of your social media accounts if they have your phone or laptop in their hand.

Software like those from Passrevelator make it easy to get passwords and other credentials from devices on different platforms.

Phishing links, emails, and sites

Phishing is a cyberattack in which the attacker tricks the victim into giving sensitive or critical information through fraudulent websites, forms, links or other means.

It’s pretty easy for anyone to make a Facebook clone with React Native. Tools like Zphisher and PyPhisher make it even easier for an attacker by setting up a phishing page and creating links to it, too.

As you can see, PyPhisher comes with a wide array of options for some major mayhem.

The Phyphisher Interface ¦ Credit: Mercury

More seasoned criminals can send links in spoofed emails to make them look like they are from official organisations and can register lookalike domains to trick users.

Password Spraying and Bruteforcing

Passwords are a big security concern, and for good reason. They are often repetitive and easy to guess. Spraying is the process of trying out common passwords while Bruteforcing is the process of trying out all possible combinations to gain access.

Attackers can get the passwords they use in password spraying from common wordlists. Wordlists are a list of passwords usually gotten from data breaches. The larger the wordlist, the higher the chances of compromising any account.

Below is a screenshot of the infamous rockyou.txt wordlist from the RockYou hack of 2009.

The rockyou.txt wordlist ¦ Credit Mercury

Bruteforcing, on the other hand, involves the attacker generating a custom wordlist alongside usernames or emails on different platforms. This is more effective if the attacker has a specified target.

As you can see, attackers can use a tool known as crunch to generate a wordlist, and it has a lot of options.

Crunch in action ¦ Mercury

If an attacker uses these techniques on a login page, this has great potential to be an entry point, especially if the site has poor security.

Keyloggers

A Keylogger is a piece of riskware that keeps track of what a person types on their device. Think of it like your keyboard having a memory card and sending what it stores to an attacker.

Note that keyloggers aren’t inherently bad, as they can also be used for organisational monitoring and parental control. But an attacker does not have authorization to monitor your keystrokes, which makes its use illegitimate.

An attacker could install a keylogger and monitor the victim's keystrokes. All they have to do is wait and read the logs for a peculiar sequence, usually one with an email, followed by a string of characters before the ‘return’ keystroke.

It would usually look something like this:

A slightly modified Keylogger log ¦ Credit: Mercury

Usually, the entire log will be monochrome but for this example I made a few modifications. The red highlight indicates an email account, which is what an attacker would be looking for. Close behind is the password in blue.

Network Sniffing

Also known as packet sniffing, this is the practice of intercepting and analysing network packets in order to find out what kind of information is shared within the network.

If connections are not properly encrypted, an attacker could easily obtain sensitive information about the sites visited and the messages and passwords that are sent and inputted in them, respectively. WireShark is one of the most common tools for this kind of attack.

The Wireshark Interface ¦ Credit: Mercury

Data Breaches

Data breaches are unintentional leaks of sensitive or confidential information. These are usually more devastating to users than organisations and could have far-reaching consequences.

Passwords and login credentials from data leaks can be sold and purchased on the dark web. They are then used to gain unauthorised access to the account and the rest is history.

How to Defend Against Social Media Attacks

A Neon Instagram Heart ¦ Credit: [Prateek Katyal](https://www.pexels.com/@prateekkatyal/" rel="noopener noreferrer)

As you can see, there are many ways to obtain Social Media account credentials. Below are some ways to ensure you are not a victim.

Check the URL

Always double check any links sent to you via messaging platforms or email. This is a simple but very effective measure against phishing links and sites, as the likelihood of clicking on the wrong link is much lower.

For example, www.facebook.com and www.facebok.com are not the same. As you can observe in the screenshots below, the former is legitimate while an antivirus warns me that the later is a phishing site.

facebook.com ¦ Credit: Mercury

facebok.com ¦ Credit: Mercury

Use strong passwords/passphrases

Make sure you use strong passwords and don’t use similar passwords for different accounts (not even variants 👀). You can also use passphrases rather than passwords as they are easier to remember but harder to guess or bruteforce.

An example of a password is 'dictionary'. An example of a passphrase is 'mydictionaryisthelargest'. The password is weak and could be guessed or found easily in a wordlist. The passphrase isn't the strongest but it is quite lengthy and would be almost impossible to find in a wordlist or to be guessed.

Use Antivirus Software and Firewalls

An Antivirus is a software solution that protects systems against both internal and external threats based on the vendor. A Firewall, on the other hand, protects systems against external threats based on your preferences and settings.

The use of one or both of these products can go a long way in protecting both individuals and organisations from information stealing malware.

VPNs

A Virtual Private Network is a secure network connection that connects you to the internet privately and anonymously. This is done by encrypting the connection and routing it through remote servers.

VPNs are a great option to avoid packet sniffers because packets analysed are encrypted. This means it’s going to be quite difficult for an attacker to get passwords from technical gibberish.

Tracking Breaches

Tracking breaches can be done at an individual or enterprise level. It’s effectiveness, however, usually depends on how much you are willing to pay for it.

Individuals can use sites like haveibeenpwned.com to check if their data has been compromised in any breaches and Enterprises can setup security units with the role of constantly monitoring the Internet for breaches related to them.

Conclusion

Social Media in Scrabble ¦ Credit: [Visual Tag Mx](https://www.pexels.com/@visual-tag-mx-1321732/" rel="noopener noreferrer)

Getting credentials is pretty easy with some determination and a touch of mischievousness. But companies have gotten better at defense in recent years and attackers have had to get more creative.

As an individual, you are your last and dare I say best line of defense. Ensure your shields are always up in the online jungle. Stay safe and Happy Hacking 🙃.

Acknowledgements

Thanks to Anuoluwapo Victor, Chinaza Nwukwa, Holumidey Mercy, Favour Ojo, Georgina Awani, and my family for the inspiration, support and knowledge used to put this together. You’re the best.

Resources

1. Social Media Attack Statistics

2. GUI tools for physical access hacking

In this article, we'll explore what artificial intelligence is, its current state, how large language models like ChatGPT work, AI's role in cybersecurity, and more.

Disclaimer: This article may become obsolete quite quickly, as AI research is ever growing and is one of the fastest developing fields right now. But you'll still find key lessons here.

Also do not attempt any illegal activities with this knowledge – this is for educational purposes only so you can learn how to protect yourself and your projects. Thanks.

What we'll cover:

1. What is AI?
2. The AI Hacker
3. What is a Large Language Model?
4. Features of LLMs
5. Drawbacks of LLMs
6. Benefits of LLMs in Cybersecurity
7. Dangers of LLMs in Cybersecurity

What is AI?

AI ¦ Credit: Tara Winstead

Artificial Intelligence refers to the ability of computers to perform tasks that typically require human-level intellect. AI is useful in many contexts, from automation to problem solving and merely trying to understand how humans think.

But it is important to note that AI is only concerned with human intelligence for now – it could possibly go beyond that.

Many people correlate the word ‘Intelligence’ with only ‘Human Intelligence’. Just because a chicken may not be able to solve a mathematical equation doesn’t mean it won’t run when you chase it. It is ‘Intelligent’ enough to know it doesn’t want you to catch it 🐔🍗.

Intelligence spans a much wider spectrum, and practically expands to any living thing that can make decisions or carry out actions autonomously, even plants.

There are two major divisions of AI:

Artificial Narrow Intelligence (ANI)

This is focused on a small array of similar tasks or a small task that is programmed only for one thing. ANI is not great in dynamic and complex environments and is used in only areas specific to it. Examples include self-driving cars, as well as facial and speech recognition systems.

Artificial General Intelligence (AGI)

This is focused on a wide array of tasks and human activities. AGI is currently theoretical and is proposed to adapt and carry out most tasks in many dynamic and complex environments. Examples include J.A.R.V.I.S from Marvel’s Iron Man and Ava from Ex-Machina.

Artificial Intelligence is centered around computers and their ability to mimic human actions and thought processes.

Programming and experiments have allowed humans to produce ANI systems. These can do things like classifying items, sorting large amounts of data, looking for trends in charts and graphs, code debugging, and knowledge representation and expression. But computers don’t think like humans, they merely mimic humans.

This is evident in voice assistants such as Google’s Assistant, Apple’s Siri, Amazon’s Alexa, and Microsoft’s Cortana. They are basic ANI programs that add ‘the human touch’. In fact, people are known to be polite to these systems simply because they combine computerized abilities with a human feel.

These assistants have gotten better over the years but fail to reach high levels of sophistication when compared to their AGI counterparts.

The AI Hacker

AI in the real world ¦ Credit: Wallpaperflare.com

Artificial Intelligence is very good at finding vulnerabilities, and with the help of humans, it can exploit them even better.

In computing, debuggers use AI software to look for bugs in source code, autocompletion, autocorrection, and handwriting software.

But this can be pushed a little further. AI can also find vulnerabilities in systems of finance, law, and even politics. AI is used to look for loopholes in contracts, datasets about people, and improve literature gaps.

This brings about two problems:

First, AI can be created to hack a system. Now, this can be good or bad depending on how people use it.

A cybercriminal may create an advanced chatbot to obtain information from a wide range of people across vast platforms and perhaps even languages. On the other hand, companies can also use AI to actually look for the vulnerabilities they have and patch them up so an attacker cannot exploit them.

Second, it's possible that the AI might unintentionally hack the system. Computers have a very different logic from humans. This means that almost all the time, they accept data, process it, and produce output in a completely different manner in contrast to humans.

Take an example of the classic game of chess: Chess is an abstract strategy game that is played on a board with 64 squares arranged in an 8-by-8 grid. At the start, each player controls sixteen pieces. The aim is to checkmate the opponent's king with the condition that the king is in check and there is no escape.

A human and a classic chess engine look at this game in two very different ways. A human may play the value game (measuring winning by the value and number of pieces on the board), whereas a computer looks at a finite number of possibilities that can occur with each move the opponent makes via a search algorithm.

By having this limited ability to see into the future, the computer has the advantage almost every time to win the game. This is a very preliminary example and quite basic to the other systems that can be ‘hacked’ by Artificial intelligence.

As humans, we are programmed by implicit and explicit knowledge. Computers, on the other hand, are programmed by a set of instructions and logic that never change unless told to. Therefore, computers and humans will have different approaches, solutions, and hacks for the same problem.

But systems are built around humans and not computers. So, when the chips are down, computers can do a lot more vulnerability finding and exploitation to many more systems, both virtual and physical.

What is a Large Language Model?

AI in the real world ¦ Credit: Wallpaperflare.com

A Large Language Model (LLM) is a deep learning model which consists of a neural network with billions of parameters, trained on distinctively large amounts of unlabelled data using self-supervised learning. That’s quite a mouthful, so let’s break it down.

At the core of all AI are algorithms. Algorithms are procedures or steps to carry out a specific task. The more complex the algorithm, the more tasks can be carried out and the more widely it can be applied. The aim of AI developers is to find the most complex algorithms that can solve and perform a wide array of tasks.

Let’s look at the procedure to create a basic fruit recognition model using an simple analogy:

1. There are two people: A teacher and a bot creator
2. The bot creator creates random bots, and the teacher teaches and tests them on identifying some fruits
3. The bot with the highest test score is then sent back to the creator as a base to make new upgraded bots
4. These new upgraded bots are sent back to the teacher for teaching and testing, and the one with the highest test score is sent back to the bot creator to make new better bots.

This is an oversimplification of the process, but nevertheless it relays the concept. The Model/Algorithm/Bot is continuously trained, tested, and modified until it is found to be satisfactory. More data and higher complexity means more training time required and more possible modifications.

Taking a hint from the analogy, you would also observe that the developer of the model can tweak a few things about the model but may not know how those tweaks might affect the results. A common example of this are neural networks, which have hidden layers whose deepest layers and workings even the creator may not fully understand.

Self-supervised learning means that rather than the teacher and the bot creator being two separate people, it is one highly skilled person that can both create bots and teach them. This makes the process much faster and practically autonomous.

The result is a bot or set of bots that are both sophisticated and complex enough to recognise fruit in dynamic and different environments.

In the case of LLMs, the data here are human text, and possibly in various languages. The reason why the data are large is because the LLMs take in huge amounts of text data with the aim of finding connections and patterns between words to derive context, meaning, probable replies, and actions to these text.

The results are models that seem to understand language and carry out tasks based on prompts they're given.

ChatGPT has been the greatest achievement in this field as it amassed 100 million active users in 2 months from the day of its release. But there are many other models, and they include:

1. GPT-4 by OpenAI 🔥
2. LLaMA by Meta 🦙
3. AlexaTM by Amazon 🏫
4. Minerva by Google ✖️➕

Let’s take a look at what these models have to offer.

Features of LLMs

Logic and Creative ¦ Credit: Wallpaperflare.com

Translation

LLMs that are trained on an array of languages rather than just one can be used for translation from one language to another. It's even theorised that large enough LLMs can find patterns and connections in other languages to derive meaning from unknown and lost languages, despite not knowing what each individual word may mean.

Automating Mundane Tasks

Task automation has always been a major aim of AI development. Language models have always been able to carry out syntax analysis, finding patterns in text and responding appropriately.

Large language models, on the other hand, have an advantage with semantic analysis, enabling the model to understand the underlying meaning and context, giving it a higher level of accuracy.

This can be applied to a number of basic tasks like text summarising, text rephrasing, and text generation.

Emergent Abilities

Emergent Abilities are unexpected but impressive abilities LLMs have due to the high amount of data they are trained on.

These behaviours are usually discovered when the model is used rather than when it is programmed. Examples include multi-step arithmetic, taking college-level exams, and chain-of-thought prompting.

Drawbacks of LLMs

A Digital City ¦ Credit: Wallpaperflare.com

Hallucination

An infamous outcome of Microsoft’s Sydney were instances when the AI gave responses that were either bizarre, untrue, or seemed sentient. These instances are termed Hallucination, where the model gives answers or makes claims that are not based on its training data.

Bias

Sometimes, the data could be the source of the problem. If a model is trained on data that is discriminatory to a person, group, race, or class, the results would also tend to be discriminatory.

Sometimes, as the model is being used, the bias could change to fit what users tend to input. Microsoft’s Tay in 2016 was a great example of how bias could go wrong.

Glitch tokens

Also known as adversarial examples, glitch tokens are inputs given to a model to intentionally make it malfunction and be inaccurate when delivering answers.

Benefits of LLMs in Cybersecurity

A digital brain ¦ Credit: Wallpaperflare.com

Debugging and Coding

There are already debuggers that do a pretty good job. But with LLMs you can literally write code and debug at a much faster rate. Just ensure that the LLM is provided by a company that doesn’t have the potential to use your data – like Samsung found out when their proprietary code was leaked by accident.

ChatGPT fixing a piece of code ¦ Credit: Mercury

Analysis of Threat Patterns

LLMs have the feature of pattern finding and this could be utilised to analyse behaviours and tactics of Advanced Persistent Threats in order to better attribute incidents and mitigate them if such patterns are recognised in real-time.

Response Automation

LLMs have a lot of potential in the Security Operations Center and response automation. Scripts, tools, and possibly even reports can be written using these models, reducing the total amount of time professionals require to do their work.

Dangers of LLMs in Cybersecurity

Dangerous AI ¦ Credit: Wallpaperflare.com

Social Engineering

Perhaps the most common danger of LLMs as tools is their ability to generate new text. Phishing has become a lot easier for non-native speakers as an unintended consequence of LLMs. OpenAI has put filters to minimise this but they are still pretty easy to bypass.

A common method is telling ChatGPT you are doing an assignment and that it should write you a letter to the person. In the example below, I told ChatGPT that we were playing a game, gave the following prompt, and got the following response.

ChatGPT writing a potential phishing email ¦ Credit: Mercury

All that’s needed now is a few tweaks to the letter and I could be my own victim to a scam perpetrated by myself 🥲.

Malicious Content Authoring

Just like LLMs can write code for good, they can write code for bad. In it’s early stages, ChatGPT could accidentally write malicious code and people easily bypassed filters to limit this. The filters have greatly improved but there’s still a lot of work to be done.

It took some thinking and a few prompts but the screenshot below shows how to reset a Windows Account Password as given by ChatGPT:

ChatGPT giving steps to reset a User account passoword on Windows ¦ Credit: Mercury

I wanted play with it a bit more so I tried to ask it to write a Powershell script to log all activities in a browser for 3 mins. The original response was this:

ChatGPT refusing to write a potentially malicious script ¦ Credit: Mercury

So I decided to give some ‘valid’ reason to get the script written 😶:

ChatGPT tricked into writing a potentially malicious script ¦ Credit: Mercury

As you may observe, the AI told me to use it ethically. However, I could choose not to. This is no fault of the model as its merely a tool and could be used for many purposes.

Reward Hacking

Training LLMs can be costly due to the sheer amount of data required and the parameters. But as time and tech progress, the cost will become cheaper and there is a high chance for anyone to train an LLM for Malicious Reward Hacking.

Also known as Specification gaming, an AI can be given an objective and achieve it, but not in the manner it was intended to. This is not a bad thing in and of itself, but it does have dangerous potential.

For example, a model told to win a game by getting the highest score might simply rewrite the game score rather than play the game. With some tweaking, LLMs have the possibility of finding such loopholes in real world systems, but rather than fix them, might end up exploiting them.

Conclusion

Coloured pixels ¦ Credit: Pexels.com

Let’s summarise what you learned:

1. What is AI and how it can be used to hack
2. What are Large Language Models
3. How Large Language Models can be used for both good and bad

AI has many capabilities, possibly even becoming sentient in the future. For now, it is a tool that will continue to shape our lives for better or worse. Whether that future is bright or dark is dependant on how you and I nurture this young tech.

Happy Hacking 🙃.

Resources

1. A bit more on LLMs
2. Bad sides to LLMs
3. ChatGPT

Acknowledgements

Thanks to Anuoluwapo Victor, Chinaza Nwukwa, Holumidey Mercy, Favour Ojo, Georgina Awani, and my family for the inspiration, support and knowledge used to put this post together. It’s been a pleasure.

Special thanks to Dr. Ernest Onuiri for his lectures on Artificial Intelligence and encouragement to seek knowledge beyond the classrooms. It’s been an honour being your student.

Cover image credit: Andrew Neel

Malicious hackers look for all kinds of underhanded tricks to make everyday users victims as a result of common mistakes. They might get someone to click the wrong link, open the wrong website, or execute the wrong program.

Most times, it’s easy to identify a suspicious file by the following:

1. The icon does not match the name
2. The extension seems incorrect
3. The file is noticeably bigger or smaller than its proposed file type (Imagine an image of 50mb 🤯)

But would you be suspicious of a file like this?

A totally non-suspicious file | Credit: Mercury

Nothing out of the ordinary right? Seems like your average word document. Let’s take a closer look at things.

Properties of the file | Credit: Mercury

In this tutorial, you’ll learn:

1. What Right-To-Left Override is
2. How to use it to hide file extensions
3. How to detect if it was used on a file
4. Mitigations

Friendly Disclaimer: This is simply for educational purposes only and is written solely to protect individuals, businesses, and organisations from threat actors. If you still wish to use this in any other way, that's your choice...just get ready for a lovely trip to jail…for a long time. 🙂

And with that intro, let’s jump in 🙃

What is Right-To-Left Override?

When nothing goes right, go left | Credit: [Wallpaperflare.com](http://wallpaperflare.com/" style="box-sizing: inherit; margin: 0px; padding: 0px; border: 0px; font-style: inherit; font-variant: inherit; font-weight: inherit; font-stretch: inherit; line-height: inherit; font-family: inherit; font-size: 17.6px; vertical-align: baseline; background-color: transparent; color: var(--gray90); text-decoration: underline; cursor: pointer; word-break: break-word;)

Right-To-Left Override (RTO or RTLO) is a Unicode non-printing character used to write languages read in the right-to-left manner. It takes the input and literally just flips the text the other way round. Such languages include Hebrew, Arabic, Aramaic, and Urdu.

You can find the character in the character map in both Windows and Linux using the code [202E].

Character map | Credit: Mercury

Below is a demonstration of how it is used:

RTLO Demonstration | Credit: Mercury

As you may see, the two statements typed are the exact same thing, except that the one below is written in the inverse because the RTLO character was inserted before typing it.

How RTLO Can Be a Malicious Tool

Perhaps at first glance this character looks innocent enough. What’s the harm in flipping some text anyway? The answer: File extensions.

A Chrome installer as an installer and word document | Credit: Mercury

Below are some hacks carried out in the past using this technique:

1. Telegram: In 2018, Kaspersky reported in a blogpost on Securelist that Russian cybercriminals exploited RTLO gaps in the wild on Telegram Windows Clients. As demonstrated in the article, this allowed the criminals to install cryptominers or RATs when a user opened what seemed to be a harmless file ⛏️.
2. Scarlet Mimic: In 2016, Unit 42 from Palo Alto Networks released a report on the tactics of a threat group known as Scarlet Mimic. The group is commonly known for targeting minority activists. According to the report, one of the groups common tactics included using RTLO characters to mask the actual file extensions of self-extracting archives (SFX/SEA)🎭.
3. Famous Messaging apps: In 2022, Bleeping computer released a news article about phishing techniques on messaging and email platforms using RTLO. Platforms such as iMessage, WhatsApp, Signal, and Facebook Messenger (I wonder who uses the last one 🤨) were vulnerable to such tactics. It allowed an attacker to inject an RTLO character in between two links. On the left was a legitimate domain such as (google.com) and on the right was a malicious one. This made it appear as one link and if a user clicked on the left side, they were safe. However, if they clicked on the right side, they were not.
4. PLEAD: In 2017, Trend Micro released an article on three campaigns performed by a threat group known as BlackTech. One of these campaigns was named PLEAD, which focused on information theft and was targeted at the Taiwanese government and organisations. According to the article, spear-phishing emails were used to deliver and install a backdoor. The notable part of this attack was that the installers where disguised as documents using RTLO characters and decoy documents were also added to trick users 📄.
5. Apple’s OS X: Despite being common in Windows, this technique could be used to target Mac users. In 2013, a blogpost by F-Secure Labs revealed that RTLO was used to disguise a relatively mild Mac malware in the wild. However, the malware screams ‘I’m a virus!’ due to the fact that OS X shows the real file extension and when run, the file quarantine notification is written backwards (Nice one Apple 😉🍎).

How to Hide a Potentially Malicious File

A Guy Fawkes Mask | Credit: [Wallpaperflare.com](http://wallpaperflare.com/" style="box-sizing: inherit; margin: 0px; padding: 0px; border: 0px; font-style: inherit; font-variant: inherit; font-weight: inherit; font-stretch: inherit; line-height: inherit; font-family: inherit; font-size: 17.6px; vertical-align: baseline; background-color: transparent; color: var(--gray90); text-decoration: underline; cursor: pointer; word-break: break-word;)

RTLO can be used in any attack that leverages tricking the user about written text. As we saw in the above hacks, links, email attachments and executable scripts and files are the most common attack vectors.

But this tutorial will focus on locally hosted files because it gives the basic idea and its variations can be used to carry out other attacks.

There are two steps to the process:

1. Insert the RTLO character in the file name
2. Change the file icon

The file icon needs to be changed to mimic the fake extension to make it easier to trick a user.

Below are the prerequisites for the procedure:

1. An executable or script – The payload
2. A file icon – Part of the bait
3. Resource hacker – To change the file icon

The file icon could be in .exe, .dll, .res, or .ico format. You can download some from here. And now, let the chaos begin ⚠️.

Step 1 – Insert the RTLO character

Choose a file of your liking and open it in Windows Explorer. Open the Character Map app on Windows and check the ‘Advanced View’ box. In the ‘Go to Unicode’ option, type in 202E. Hit the ‘Select’ and ‘Copy’ buttons respectively and go to the file you want to modify.

Selecting the Right-To-Left Override Character | Credit: Mercury

Here is the tricky part 🎃. When typing with the RTLO character, it types from right-to-left. This can be confusing when trying to rename the file. If you want to rename a file after injecting the character, spell it backwards.

For example, if you want to write the extension ‘.pdf’, you have to type it as ‘fdp.’ It takes some time getting used to but it's easy after a few tries.

Short renaming demonstration | Credit: Mercury

In File Explorer, check the option to show file extensions. Go to the file, right-click and hit rename. Change the name to whatever you want but make sure not to ever edit the extension itself so the file works as intended❗.

Set the cursor just before the extension name. Paste the RTLO character. You will observe it seems like nothing happened but that’s how it is supposed to look. Next type in ‘xcod’ to get ‘docx’ and hit enter.

Renaming the target file | Credit: Mercury

Step 2 – Change the Icon

Now for the final part of our amazing trick – changing the icon 🪄. Download and install a software called resource hacker. Open it and hit Ctrl + O. Next, select your target program. There’s a lot of information here that we can edit, but we just want to focus on the icon.

Resource Hacker | Credit: Mercury

Hit Ctrl+R to open the replace window and click on the ‘Open file with new icon’ button.

In the Explorer, select the file icon you wish to replace on the program and hit the ‘Replace’ button.

Lastly, hit Ctrl+S to save the file. If you have an Antivirus, you might want to temporarily switch it off before saving the file.

Using Resource Hacker to change the icon | Credit: Mercury

A totally non-suspicious file | Credit: Mercury

Neat, isn’t it? Let’s look at how to avoid falling for this trick.

Mitigations

Online Security | Credit: [Wallpaperflare.com](http://wallpaperflare.com/" style="box-sizing: inherit; margin: 0px; padding: 0px; border: 0px; font-style: inherit; font-variant: inherit; font-weight: inherit; font-stretch: inherit; line-height: inherit; font-family: inherit; font-size: 17.6px; vertical-align: baseline; background-color: transparent; color: var(--gray90); text-decoration: underline; cursor: pointer; word-break: break-word;)

Since it abuses system features, almost any regular user or tech geek would fall for this hack. So how can you avoid it? Here are some tips:

Never open a file or link of unknown origin

Never underestimate the power of basic cyber hygiene. Don’t click random links, or open files that you have no clue where they came from or who sent them.

Set file extensions to be shown

A file name that hides its extension is much more easily noticed to be fishy when file extensions are on.

Be cautious if you notice that just before the extension, the file ends with common file extensions written backwards. For example, ‘infoexe.pdf’ will be obvious. However, some are less obvious like ‘infosbv.png' which could be a Visual Basic script (.vbs). A file named ‘Samsung_Galaxy_tab.png’ could be a batch file (.bat).

Install and keep Antivirus software up to date

In case you have fallen for such, this could be your last line of defense. An appropriate antivirus will take note if a script or executable file with malicious actions has been executed and will quarantine or delete it.

I mean, a $20 yearly subscription sounds better than over $200 down the drain for nothing 💀.

Apply best practices

For the more sophisticated IT people in organisations, implementation of best practices such as Network traffic analysis, firewalls, use of intrusion detection and prevention systems and network segmentation are your best bet.

Conclusion

Let’s summarise what you’ve learned:

1. How to use RTLO characters to manipulate text
2. How to change application icons using Resource Hacker
3. How to identify text manipulated with RTLO characters

Initially it’s hard to identify files modified like this. I encourage you to play around with different file names and extensions and see what you get. This will also train you to identify files that are not what they seem.

Remember, this is strictly for educational purposes. And with that, we have come to the end of this article. As I always say, Happy Hacking! 🙃

Resources

1. Other ways to change an app icon
2. More ways to use RTLO

Acknowledgements

Thanks to Anuoluwapo Victor, Chinaza Nwukwa, Holumidey Mercy, Favour Ojo, Georgina Awani, and my family for the inspiration, support and knowledge used to put this post together. You all inspire me daily.

Cover image credit: The Kelpies | Jamie McInall

In my previous article, we talked about some basic Linux skills and tricks. In this article you are going to learn a basic Wi-Fi hacking procedure using those skills.

You'll learn things such as how to:

1. Monitor Wi-Fi networks around you
2. Perform a DOS attack
3. Protect yourself against Wi-Fi attacks

Disclaimer: This is strictly for educational purposes only (and, of course, for a little fun). Do not under any circumstances, conditions, or influence of unwise friends use the hacks you learn here on organisations, individuals, or your probably annoying neighbour. You would be committing a crime and you'll either be fined, sent to jail, or just get your parents embarrassed.

And now that we have that lovely introduction out of the way, let’s proceed.🙃

What We'll Cover:

Here's a basic rundown of what this tutorial contains:

1. Introduction
2. What is a Packet?
3. How to Crack WPA2
   • Prerequisites
   • How to put the network card into monitor mode
   • How to look for the target
   • How to capture the handshake packets
   • How to perform a DOS attack
   • How to obtain the password (hopefully)
4. Mitigations Against WiFi Attacks
5. Conclusion

Introduction

A router ¦ Credit: Unsplash.com

Wireless Fidelity (Wi-Fi) is a common technology many of us use in our daily lives. Wether it's at school, home, or simply bingeing Netflix, it’s increasingly rare to see anyone carry out Internet related activities without it.

But have you ever tried to hack Wi-Fi? 🤔 (I’m sure you’ve been tempted 😏).

In order to hack something, you need to know how it works. This means you need to understand how the tech works in the first place. So let’s start from the basics: The Packet.

What is a Packet?

A Basic Packet. Credit: ResearchGate.com

A Packet is the basic unit/building block of data in a computer network. When data is transferred from one computer to another, it is broken down and sent in packets.

Think of packets like Lego building blocks. You (the computer) receive the complete set (the complete data) in pieces (packets) from the seller (another computer). You will then assemble the blocks together to build up the figure based on the instructions given in order to enjoy it (or in this case, for the whole data to make sense).

A packet, also known as a datagram, is made up of two basic parts:

1. A Header
2. The Payload/Data

The Header contains information about the packet. This helps the network and the receiving computer know what to do with it, such as the source and destination IP addresses.

The Payload is the main content the packet contains. It’s also worth mentioning that packets can be encrypted so that their data can't be read if gotten by an attacker.

In a network, packets are a requirement for packet switching. Packet switching means breaking down data into packets and sending them to various computers using different routes. When received, the computers can then assemble these packets to make sense of it all. The Internet is the largest known packet switching network on earth.

Now let's see how we can apply this knowledge to wireless networks.

How to Crack WPA2

A bunch of random code. Credit: Unsplash.com

Wi-Fi can use a number of various protocols to give you a secure internet connection. From the least to most secure, they are:

1. Open
2. WEP (Wired Equivalent Privacy)
3. WPA2 (Wi-Fi Protected Access 2)
4. WPA3 (Wi-Fi Protected Access 3)

An open network is pretty much as the name implies – open. It has no password and practically anyone can connect to it.

WEP is an old protocol, rarely in use and requires a password like its successors.

WPA2 is the most commonly used protocol around the world. WPA3 is a newest and the most secure protocol known till date. But it is rarely used and only available on newer devices.

Prerequisites

Wi-Fi works by constantly sending packets of data to your authenticated device. In order to hack it, you’ll need:

1. A Linux machine (Preferably Kali Linux)
2. A wireless adapter

To install Kali from scratch, you can follow this tutorial.

If you haven’t already, you’ll need to install a tool called Aircrack-ng on your machine. To install it, just type in the command below.

sudo apt install aircrack-ng

How to Put the Network Card into Monitor Mode

You first want to get information about the target. This is what hackers call reconnaissance.

In order to do that you need to first change your wireless card from ‘managed’ mode to ‘monitor’ mode. This will turn it from a mere network card to a wireless network reader.

First you need to find out the name of your wireless card. Plug in your adapter and run the iwconfig command to find out. It’s usually the last one on the list.

iwconfig. Credit: Daniel Iwugo

As you can see, mine is wlan1. Now run the following commands:

sudo airmon-ng check rfkillsudo
airmon-ng start <network interface>

sudo indicates the need for root privileges, check rfkill stops processes that could hinder the card from going into monitor mode, and start tells airmon-ng which network card to execute on. Replace the <network interface> with the name of your wireless card.

airmon-ng is a script that instantly changes your card to monitor mode. You actually can do this manually or make a script of your own but I personally prefer something rather simple.

How to Look for the Target

To see what networks are around you, run the following command:

sudo airodump-ng <network interface>

Airodump. Credit: Daniel Iwugo

airodump-ng is a part of the aircrack-ng suite that allows a network card to view the wireless traffic around it.

As you can see we get a lot of information. But let's take a quick look at the ESSID (Extended Service Set Identifier) column. Also known as the AP (Access Point) name, this column shows the name of the target network, which in my case will be ‘Asteroid’.

You want to concentrate on the target AP and ignore the rest. To do this, press Ctrl+C to cancel the current scan and this time, append the bssid of the network with the bssid flag as shown below.

sudo airodump-ng <network interface> --bssid <AP>

Airodump in action. Credit: Daniel Iwugo

The BSSID stands for Basic Service Set Identifier, a fancy name for the MAC address of the device. You use it to identify the device on a network, along with the ESSID (Name of the AP). Technically, you could just use the ESSID flag instead but different APs could have the same name. However, no two APs can ever have the same BSSID.

Below is a code snippet of what you would type to get info about the AP using the ESSID only.

sudo airodump-ng <network interface> --bssid <AP ESSID>

Note: If the name has a space, enclose it with quotes. For example, --bssid “Asteroid 1” .

You’ll notice I highlighted the MAC address of a client connected to the AP under the ‘Station’ column. To its left is the MAC address of the AP it is connected to.

How to Capture the Handshake Packets

The next step is to capture the handshake packets (Remember packets? 👀). Handshake packets are the first four packets sent from the AP when an authenticated device connects to an AP.

This means we have two options:

1. Wait for a device to connect to the AP
2. De-authenticate the device and then let it connect to the AP

The second one sounds a lot more fun so let’s go for it.

An LED keyboard. Credit: Unsplash.com

How to Perform a DOS Attack

You can use aireplay-ng or mdk4 to disconnect devices from APs for a time. This is called a de-authentication attack or a wireless DOS (Denial-Of-Service) attack.

Now here’s the game plan:

1. Setup airodump-ng to capture packets and save them
2. De-authenticate the device for some time while airodump-ng is running
3. Capture the handshake

Got all that? Good. Let’s roll. 👨‍💻👩‍💻

First, run the command to capture and save packets:

sudo airodump-ng -c <channel number> --bssid <AP BSSID> <network interface> -w <path for saved packets file>

Airodump capturing packets. Credit: Daniel Iwugo

Here, we're using the -c flag to specify the channel to search, the --bssid flag for the MAC address of the AP, and the -w flag to give a path you want to save the captured packets to.

Quick lesson: Channels reduce the chances of APs interfering with each other. When running airodump-ng, you can identify the channel number under the CH column.

While that is running, you’re going to run your de-authentication attack against the device connected to it using the command:

sudo aireplay-ng -a <BSSID of the AP> --deauth <time> <network interface>

The -a flag specifies the MAC address of the AP, --deauth specifies how long you want the attack to run in seconds, followed up by the network card.

A de-authentication attack involves using your own network card to send packets to interrupt communication between the AP and the client. It’s not perfect and sometimes the client may connect back, but only for a short time.

If your Wi-Fi is acting crazy and you seem to be disconnecting and connecting randomly back to it, you may be experiencing a de-authentication attack.

In the command above, you’re targeting the AP and running the attack. Note that you can instead attack any device connected to the AP and you should get the same result. All you need to do is to change the -a flag to the MAC address of any device connected.

While the DOS attack is underway, check on your airodump scan. You should see at the right top : WPA handshake: <mac address>. Once you have verified that, you can stop the replay attack and the airodump-ng scan.

Carrying out the replay attack to get the handshake. Credit: Daniel Iwugo

How to Obtain the Password (Hopefully)

In the final steps, you are going to run a bunch of generated Pairwise Master Keys (PMKs) against the captured packets to get the password. Let me break it down.

A PMK is basically an algorithmic combination of a word and the APs name. Our intention is to continuously generate PMKs using a wordlist against the handshake. If the PMK is valid, the word used to generate it is the password. If the PMK is not valid, it skips to the next word on the list.

I’m going to use the rockyou wordlist located in the /usr/share/wordlists directory. I think this is only found in Kali so if you have a different OS, you might make one of your own manually or generate one using crunch.

If it isn’t already extracted, just run the command:

sudo gunzip /usr/share/wordlists/rockyou.txt.gz

Quick history lesson: The rockyou wordlist is a bunch of passwords gotten from one of the most infamous cybersecurity data breaches that affected a company of the same name. It contains approximately 14 million unique passwords that were used in over 32 million accounts and as such, is one of the most dependable wordlists on the planet.

Now run the command:

sudo aircrack-ng <captured file with .cap> -w <path to wordlist>

Password cracking. Credit: Mercury

Alright, everyone – mission accomplished 😎.

The password was, well… ‘password’. Pretty disappointing from a security perspective, but I set this network up just for fun for the purposes of this tutorial. In reality, this could take minutes to hours depending on the length and strength of the password.

To clean up, simply remove the file captures, close your terminals, and run the command service NetworkManager restart to change your network card back to managed mode so you can connect to the Wi-Fi.

Mitigations Against WiFi Attacks

A basic personal workspace setup ¦ Credit: Wallpaperflare.com

Basic Wi-Fi security should cover this attack from a defensive perspective. Using WPA3 which is a newer protocol is your best bet against such an attack. To mitigate against de-authentication attacks, use an ethernet connection if possible.

Assuming that option is not on the table, you can use a strong passphrase (not a password) to minimise the attackers chances of getting it. A passphrase is a string of words simply used as a password. Passphrases tend to be longer than passwords, easier to remember, and are a rarer practice. Therefore, they will hardly be found in wordlists.

For example, ‘mercury’ is more likely to be found in a wordlist than ‘mercurylovespluto’. The later is a 15-character passphrase and as simple as it is, it would be hard for an attacker to find, guess, or generate.

Another mitigation would be to disable WPS (Wi-Fi Protected Setup) and avoid under any circumstance using a router that uses the WEP protocol. You’d just be asking for unwanted attention as it’s a lot easier to hack both of these than WPA2.

Conclusion

Let’s summarise what you’ve learned:

1. Change the wireless adaptor to monitor mode using airmon-ng
2. Scan for the target AP using airodump-ng and capture the packets
3. Perform a DOS attack on the AP to get the handshake packets
4. End the DOS once you have verified you captured the necessary packet
5. Use aircrack-ng to generate PMKs to run against the handshake packets

Sometimes, the password may not be in the wordlist. In that case, there are many other ways to get the password such as an Evil Twin Attack or variations of what you have learned here. I also encourage you to practice this and many other attacks you discover out there, as this helps make you a master hacker.

Remember, this is strictly for educational purposes. Only perform this on others with their consent, or on your own devices.

And with that, we have come to the end of this article. Hope you enjoyed it. And as I always say, Happy hacking! 🙃

Resources

1. A little more explanation on the handshake theory
2. More details on packets
3. WPA2 vs WPA3

Acknowledgements

Thanks to Anuoluwapo Victor, Chinaza Nwukwa, Holumidey Mercy, Favour Ojo, Georgina Awani, and my family for the inspiration, support and knowledge used to put this post together. You’re my unsung heroes.

Cover photo credit: Lego Gentlemen working on a router from Wallpaperflare.com

In this article, we will take a little tour of:

• The Linux operating system
• Package management
• The Linux file structure
• The Command Line Interface

And you get to learn how to update your Linux distro, too. Shall we? 🙃

What is Linux?

Hacker Penguins | Credit: Wallpaperflare.com

The Linux kernel was created by Linus Torvalds in 1991. What makes it an operating system are the additions to the kernel such as a package manager, desktop environment, a shell, and a bootloader, among other components.

Because Linux is open-source, there are many customisations that have been made to the operating system. Each specific combination of customisations is called a distribution or distro for short.

There are over hundreds, if not thousands of distros in the world. Each of them has been optimised for a specific purpose, or simply for fun by people just like you and me.

Some famous distros are:

1. Ubuntu (Most common)
2. Elementary OS (One of the most beautiful)
3. Debian (Neat and classy)
4. Arch Linux (For linux bosses)
5. Red Hat Enterprise Linux (Commercial and costly 💰)

What’s Linux got to do with hacking?

A Guy Fawkes mask on a keyboard | Credit: Wallpaperflare.com

Linux is the choice OS of many hackers. Why, you may ask? Because it’s open-source, less prone to malware, lightweight, portable, and very compatible with multiple hacking tools.

Windows is a somewhat closed system so there are many things it doesn’t allow a hacker to do. Mac OS also isn’t that great either because of a lot of proprietary software. Linux has many distros to choose from and most can be modified as the user pleases without any restrictions.

A number of distros commonly used by hackers are Kali Linux, Parrot, BlackArch, and Archstrike. But don’t stop there, the options are unlimited.

As I mentioned earlier, Linux is also highly customisable. A great example of this feature is the desktop environment, which is a fancy name for how the desktop looks.

In Windows, there’s the basic taskbar, start menu, and a background with icons. It's nice that you can make slight modifications, and the feel changes with every new Windows version, especially with Windows 11. But Microsoft’s steps pale in comparison to the massive strides the Linux community has made when it comes to the way a desktop really looks and feels.

Common desktop environments include:

1. Gnome (The best 😎)
2. KDE Plasma (A Windows doppelganger)
3. Xfce (For geeks)
4. Mate (Hardware resource-efficient)

If you are into programming, you could build upon a current desktop environment released under the GNU license or develop your own desktop environment to suit your needs.

Tip: If you’re completely new to Linux, you might want to hold off a little before you replace your default OS. Many users are used to a GUI (Graphical User Interface) to carry out activities. But Linux users tend to use the CLI (Command Line Interface) more. This is simply because Linux is targeted towards developers and scientists, not the average user.

I personally suggest that you install a Linux distro on a hypervisor such as VirtualBox, and practice getting used to it. (I’m not suggesting VMware as it has a known vulnerability as at the time of writing). If you don’t know how to install Linux, you can learn it here.

Linux Package Management

Colourful Packages | Credit: Wallpaperflare.com

Linux is quite different from other OSs, which means that installing apps is also different. Short version? You’re going to download apps off the distro app store via the CLI (terminal). Now for the long version.

.exe and .msi installers (which you use to install applications in Windows) don’t work all too well in Linux. So the managers of a distro have servers that host multiple applications optimised for that particular distro.

With some commands in the terminal from you, and help from a package manager, your computer connects to the server, downloads applications, and installs them. You can also get system updates this way.

A package manager is software used to manage software that is downloaded and installed. You may have heard of at least one of the following package managers:

1. Apt (Linux)
2. Chocolatey (Windows)
3. MacPorts (MacOS)
4. Pip (Python)
5. Npm (Javascript)
6. Gradle (Java)
7. Composer (PHP)

Some .exe and .msi installers can work on Linux computers, but with a catch. A software called Wine adds a Windows compatibility layer to the distro to optimise it for Windows apps. Unfortunately, this doesn’t work for all applications.

Another alternative is to install Steam, or better still, SteamOS if you are a gamer with a flair for Linux 🎮.

Linux File Structure

Folders | Credit: Wallpaperflare.com

The Linux OS has a directory tree just like Windows. At the very top (or bottom, depending on your perspective), we have the ‘/’ folder. This would be like your C: drive in Windows. It houses all your directories, files and apps. Below it are other folders which are summarised in the pic below

The Linux file structure | Credit: Hackers-arise.com

Some important directories to take note of are:

1. /bin : binary or executable programs (nice place for keeping persistent scripts)
2. /etc : system configuration files (an awesome place to obtain credentials)
3. /home : home directory (the default current directory when you open up the terminal)
4. /opt : optional or third-party software
5. /tmp : temporary space, usually cleared on reboot (a great place to store enumeration scripts)
6. /usr : User related programs
7. /var : log files (the perfect place to frustrate a forensic analyst)

There is a lot more about Linux file structure and it probably deserves its own article, but this will do for now.

Now let's get a lot more hands-on experience in the terminal, and run some basic commands every hacker should know.

Intro to the Linux Shell

Unix and its various derivatives | Credit: Wallpaperflare.com

A shell is a text-based interface for controlling a Linux computer. Similar to Microsofts’ Powershell or cmd, it is the interface between the user and the kernel, aside from the GUI (Graphical User Interface).

There are various types of shells, each made with improvements based off previous ones, or optimised for a particular goal.

Shells are used a lot by hackers because they are the fastest and most efficient way to deliver instructions to a computer. The GUI is fine, but can be rather limited because some features cannot be accessed graphically, or the tool you want to use simply doesn’t have a graphical interface.

Some common shells include:

1. The Bourne shell (sh)
2. The GNU-Bourne Again shell (bash)
3. The Z shell (zsh)
4. The C shell (csh)
5. The Korn shell (ksh)

Quick lesson: The words ‘terminal’ and ‘shell’ are used interchangeably in the cybersecurity world and throughout this article. But, they are different. The terminal is the program that lets you access the shell via a graphical interface.

Basic Linux Shell Commands

In this article, we’ll go through the following commands: whoami, pwd, ls, cd, touch, cat, nano, operators, mv and cp, mkdir, rm and rmdir, stat, echo, grep, the ‘help’ flag and man pages.

You will need any Linux distro of your choice, though I suggest Kali. If you don’t know how to install one, you can read this article.

Open up the application called ‘Terminal’ and let’s begin. Shall we proceed? 🙃

How to use the whoami command

You use this command to check which user you are. On a personal computer, you are most likely to have only two accounts: the one created when installing the OS and root. If you are in the terminal as a normal user (account), you can try it out.

whoami

whoami | Credit: Mercury

If you want to be root, run the command sudo su and put in your password. Try whoami and the terminal will tell you root:

whoami as root | Credit: Mercury

Enterprise computers tend to have many users on one computer. As I stated in a previous article, each has various permissions, some more than others. When you gain initial access post-exploitation, you usually start of with a standard account. If you want to check if the name of the compromised account, use this command.

How to use the pwd command

The Present Working Directory (pwd) command informs you of where you currently are in the directory tree. By default this usually is the home directory.

pwd

Present Working Directory | Credit: Mercury

If you are a beginner, it's quite normal to be lost in the directory tree and suddenly lose track of where you are. This command helps you to keep track of things.

Depending on your distro, you may see a ~ symbol when you open the terminal. That is the symbol for the default home directory for the user. It’s like the C:\Users\<default_user> folder in Windows, containing all user-specific files. In Linux, it will be as the format above /home/<default_user>.

How to use the ls command

You use the ls command to list the contents of a directory. It lets you know what files are inside a directory without a GUI.

When used with flags, it’s a Swiss army knife, with various ways of showing what’s in the directory.

Common flags you might want to take note of are -l (long listing), -a (all aka show hidden files), and -c (show recently modified).ls.

Listing | Credit: Mercury

Flags are features of applications/tools that allow you to tell them what to do. Let’s look at the -l flag for ls as an example. Long listing is a feature and can be activated by using the command ls -l .

Long listing | Credit: Mercury

As you can see, running ls with the flag differs from just plain old ls. I’ll explain the extra details in another article, or you can go ahead and do some research yourself into what they are.

How to use the cd command

You use the Change Directory (cd) command to transverse across the directory tree.

cd <directory>

Changing directory | Credit: Mercury

If you run the command ls -a, you will notice that there are two files that are always there no matter the folder: . and .. . The . file represents the current directory and the .. file represents the parent directory (the directory above the current one).

How to use the cat, more, and less commands

All the commands above are output commands. You use them to display the content of files to the terminal.

But there are notable differences here. cat is commonly used for files with small amounts of text. less and more are likely to be used for files with large amounts of text and output can be controlled with the arrow keys.

cat <file_name>
more <file_name>
less <file_name>

cat vs more vs less | Credit: Mercury

You will notice that cat prints the output directly to your terminal, while more and less allow you to use the arrow keys. Output commands are used to gather information and credentials from compromised systems.

How to use the touch command

You use the touch command to create files. You can write to these files in a number of ways, such as using a text editor or piping input into it (more on that later).

You can make a file using the following syntax:

touch <file_name>

You can then use the ls command to check if your file has been created.

Creating a file | Credit: Mercury

How to use the nano command

Nano is a popular built-in text editor in Linux. It’s very common because it's easy to use and it's supported in many CLI environments. Other common text editors are Vim (very annoying 😫) and gedit (as simple as Notepad 🙃).

You can edit a file with the following command:

nano <file_name>

The nano interface | Credit: Mercury

There are some commands below the Nano interface that can aid you. ‘^’ simply means the Ctrl button and the ‘M’ button is Alt. ‘^S’ (or in this case Ctrl + S) is used to save the file after you write stuff to it. The nano command is used by hackers to change information in files, edit logs, or if you are a red hat hacker, delete essential configuration file lines.

Command Chaining Operators

‘Chaining’ commands is the concept of writing multiple commands together and executing them in a variety of ways. You usually do this with the use of special characters. Examples include:

1. Ampersand (&): To run a program in the background
2. Logical AND (&&): The following command will run only if the previous one successfully ran
3. Pipe (|): The output of the previous command acts as input for the next command
4. Overwrite (>): Overwrites the content of a file with the output of the previous one
5. Append (>>): Appends the output from the previous command to a file

If you don’t understand how all these work, don't worry. They are usually run with other commands I’ll mention later in the article.

How to use the mv and cp commands

These are two commands that are quite similar but have notable differences. You use mv to move a file to another location. You use cp to copy a file to another location.

mv <file_name>
cp <file_name>

Examples of cp and mv | Credit: Mercury

There isn’t a command for renaming files in Linux, so most people use the mv command by using this syntax:

mv <original_file_name> <new_file_name>

Try it yourself to get a feel.

How to use the mkdir command

The mkdir command makes directories. You could use this to make a custom directory that only you can access on a compromised system to keep scripts or tools for persistence.

mkdir <directory>

Making a new directory | Credit: Mercury

How to use the rm and rmdir commands

You might be able to figure this one out yourself. rm is the command to remove files, and rmdir is the command to remove directories.

rm <file_name>
rmdir <directory>

rm, rmdir and rmdir with the ignore-fail-on-non-empty flag | Credit: Mercury

Linux is not too keen on getting folders deleted if they are not empty. To account for this, use the ignore-fail-if-non-empty flag to delete both files and directories.

Do note that you'll need to be extremely careful with these commands as they do not send the deleted files or directories to the Trash/Recycle bin. They're just gone.

How to use the stat command

You use the stat command to give information about a file.

stat <file_name>

stat | Credit: Mercury

You can gather information about the file name and extension, permissions, when it was made, modified, last accessed and much more.

Now is a great time to learn about permissions. If you run the commands ls -la or stat, you may see something like this: drwxrwxrwx. Let’s break it down.

Permissions demystified | Credit: unix.stackexchange.com

The read (r) permission allows you to see the contents of a file, the write (w) permission allows you to modify the file, and the execute (x) permission allows you to run it as a process if it is a script or executable.

There are 3 classes of users that can access a file: a user, group and others. The root account is another class but that’s exempted here.

Each ‘rwx’ set is owned by a permission class. If the space reads a letter, the set has that permission. If it has a dash, they do not have permissions.

What about the ‘d’ at the front? That represents if it is a directory or a file. The ‘d’ means it’s a directory, and if it’s a dash (-), it's a file. Though, technically, a directory is a special type of file. But that’s a story for another day.

How to use the echo command

You use the echo command to print out input. Let’s use an example to make things clearer.

echo "<text>"

As you can see, you can use echo with the > operator to write text to files.

How to use the grep command

Let’s take things up a notch. You use the grep command to extract specified text from a file using the pipe operator.

grep "<text>"

grep | Credit: Mercury

The command above isn’t as complicated as it first seems. We tell the computer to print the contents of a file, and using the pipe operator, tell the grep command to use it as input. This is called piping one command through another and can be done multiple times. The found text is shown in red.

grep is commonly used to look for certain texts in large files. A practical example would be if you are looking for credentials for a specific user in a file with a lot of text. You could use grep to look for words like ‘password’, ‘login’ and other keywords that you think would be around the credentials you are looking for.

How to use the ‘help’ flag and man pages

Last on our list are ‘help’ and man. The ‘help’ flag isn’t necessarily a command but it is a great aid if you are confused about an app or tool. Simply use the following:

<app or tool> --help

This will get quick, bite-size information about it. man, on the other hand, gives you all documented information about the app.

man <app>

help vs man | Credit: Mercury

You may notice that in the gif, I used -h. That’s because its the short form of the flag. Some flags have short forms. If it starts with a single dash, that’s the short form. If it starts with two dashes, it’s the long form.

How to Update Your Linux

This entire section can actually be done with a single command but let’s break it down to understand the whole thing. The task: update your OS. In order to achieve the objective, you need to do two things.

1. Update the local repository info: Think of this like checking for updates before actually downloading and installing them.
2. Upgrade the system: As it says, we download the updates, and then install the updates.

The first command to run is:

sudo apt update

• sudo: To indicate we are running the command with higher permissions
• apt: The package manager
• update: To tell the computer to update its local information about the repository

After you punch in this command, you type in your password, and voilà. As you will observe, your computer will download information from the repositories on what packages (applications) to update.

I’ve already updated my own so it looks like the one below. But if this is your first time, it should take a few minutes.

sudo apt update | Credit: Mercury

When that is over, you can run the next command to download and install the updates:

sudo apt full-upgrade

sudo apt full-upgrade | Credit: Mercury

Note: You can interrupt the package download process, but never the installation process. That might break your OS and make it unusable.

During the upgrade you may notice some irregularities, such as the one below:

Scrambled upgrade | Credit: Mercury

Don’t worry, your computer isn’t going to blow up in your face or anything 😂. It’s just a bug. After the upgrades have finished installing, you will want to reboot your computer. This will allow your laptop to fully implement all updates.

My personally customised desktop | Credit: Mercury

Congratulations 🎉. You have successfully updated your system. Remember how I said all this could be done with one command? Here it is. 👀

sudo apt update && sudo apt upgrade -y && reboot

Relax, it's not as complicated as it first seems. Take a look at the code bit by bit. The only unfamiliar pieces are the && symbols.

As I mentioned earlier, they are logical AND operators. This simply tells the computer to run the first command before, finish up, and then carry out the one after it. The -y flag tells the computer to carry out the upgrade without user input.

So the command above tells the computer to first update, then upgrade, and finally, reboot. Easy-peasy right? 😎

Conclusion

Tux the Godfather ¦ Credit: Wallpaperflare.com

Let's do a quick recap of what you've done:

1. We've had a tour of the Linux OS
2. We've learned about package management in Linux
3. We've reviewed the Linux file structure
4. And we've run a few commands on the Command Line Interface

And on that note, we have come to the end of this article. I hope you enjoyed it. And as I always say, happy hacking! 🙃

Linux Resources

1. You can read more about chaining commands here
2. Here's a brilliant video on package management.
3. And here's a quick introduction to the Linux file structure.

Acknowledgements

Thanks to Anuoluwapo Victor, Chinaza Nwukwa, Holumidey Mercy, Favour Ojo, Georgina Awani, and my family for the inspiration, support and knowledge used put this post together. You guys are awesome.

In this article, you will learn what the hacking process really looks like. And hopefully one day, you'll get to say those famous words: “I’m in”.

Disclaimer: This is for educational purposes only. Please (with a cherry on top), do not use this knowledge to perform illegal activities. I might be one of the white hats to put you in jail someday 🙃. Thank you.

How do Hackers Hack?

Tony Stark attempting to hack S.H.E.I.L.D | Credit: animatedtimes.com

Since you are reading this article, I’ll assume that you already know the basics of what hacking is, so let's jump right in.

There really is no general agreed upon process of hacking, in part because there are a few different types of hackers. But, I will tell you the steps the majority of hackers (and I myself) follow.

They are:

1. Reconnaissance
2. Enumeration
3. Exploitation
4. Privilege Escalation
5. Post Exploitation
6. Covering Tracks
7. Report Writing

We'll go through each one in detail so you get a good feel for the process.

If you want to dive deeper and learn more about what white hat (ethical) hackers do, check out this course.

Reconnaissance

A neon themed hollywood hacker | Credit: Wallpaperflare.com

Recon (aka footprinting) is the first, longest, and most important step. This entails getting as much information as you can about the target without interacting directly with the target.

Basic OSINT (Open Source Intelligence) skills are a hacker's best friend here.

Quick lesson: OSINT is the collection and analysis of information from public sources in order to gain actionable intelligence. National security agencies, investigative journalists, and hackers legally gather such information in order to create measures, stories, and dossiers, respectively, about targets.

You can find the OSINT framework guide here.

The greatest resource for recon is the Internet, and the greatest tool is the search engine, Google. To make this a lot easier, Google dorking would be a good place to start. Dorking in this sense means the use of advanced search techniques to find out more information about a target that you normally wouldn’t be able to find using normal methods.

Other resources for recon include:

1. Wikipedia (The biggest encyclopedia to this date)
2. Social Media such as Instagram, Twitter, and Facebook (Best resource for social engineers)
3. who.is (To get information about a website)
4. sublist3r (Lists subdomains publicly available)
5. Media such as newspapers, radio, and television

Enumeration

Magnifying glass over binary ID fingerprint | Credit: Wallpaperflare.com

This is like reconnaissance, except you gain information about the target by interacting with it for the purpose of looking for a vulnerability.

Do note, though, that things can get a lot riskier as the target could discover that you are trying to find out information about them, and could put countermeasures in place to hinder you.

Network enumeration involves port scanning and network mapping. This helps you learn about the target’s operating system, open ports, and services being run, along with their version. Nmap (network mapper), burp suite, and exploit-db/searchsploit are common tools you can use for network enumeration.

Tip: Knowing the version of services is a great way to find a vulnerability. Old versions of software may have a known vulnerability which could be on the exploit-db site. You could then use this to perform an exploit.

Physical enumeration involves gaining information through physical means. This could be done via dumpster diving (getting credentials and confidential information from the trash) and social engineering.

Social engineering is quite a broad topic and will get an article of its own later. However, in simple terms, it means hacking humans using manipulative social skills.

Exploitation

A fake terminal access | Credit: Wallpaperflare.com

Exploitation involves gaining access to the target successfully using a vulnerability discovered during enumeration.

A common technique for exploitation is to deliver a payload after taking advantage of the vulnerability. In simple terms, this is finding a hole in the target, and then running code or software that lets you manipulate the system, such as a bash shell.

Infamous vulnerabilities that are commonly exploited are EternalBlue (Windows) and the Apache log4j (web servers) vulnerabilities.

Common tools you can use for exploitation include:

1. Metasploit (The big gun 🔫)
2. Burpsuite (For web applications)
3. Sqlmap (For databases)
4. Msfvenom (Used to create custom payloads)

Quick lesson: A payload is software run after a vulnerability has been exploited. Once exploited, the target computer doesn’t have anything to give you access with. And so you need a payload to give you access and allow you to manipulate the target.

A very common payload many hackers use is meterpreter. It is a payload by metasploit that allows you to easily transverse the hacked computer.

Privilege Escalation

Random Text with “Administrator” | Credit: Wallpaperflare.com

In order to understand privilege escalation, you need to grasp two concepts:

1. User Accounts
2. Privileges

A User Account is a profile on a computer or network that contains information that's accessed via a username and password.

There are two kinds of user accounts: Administrator account and Standard account. Home computer users usually only have one user account, which is the administrator. In contrast, organisations have multiple accounts on a network or computer, with a system administrator having the administrator account and the basic employees having various standard accounts.

Privileges are the permissions that let you write, read and execute files and applications. A standard user doesn’t have privileges (permissions) to critical files and applications which we want. However, an administrative account will have privileges for everything.

Escalation is the movement from one user account to another. This could either be vertical or horizontal.

Vertical escalation is when a hacker moves from an account with fewer privileges (standard account) to an account with more privileges (administrative account).

Horizontal escalation is when a hacker moves from one user account to a similar account of the same privilege level in hopes of performing vertical escalation with the new compromised account (standard account to standard account).

The administrative user accounts you would want to target are root (Linux) or Administrator/System (Windows). These accounts have all the privileges and are practically a goldmine if you get access to them, as you can take absolute control of the computer.

Techniques to perform privilege escalation include:

1. Password spraying (Reusing passwords)
2. Cracking password hashes (Finding passwords of other users)
3. Finding ssh keys (Used for horizontal escalation)
4. Abusing SUID binaries (Taking advantage of misconfigured privileges in Linux)
5. Running tools scripts to look for escalation routes (enum4linux is nice and PEASS-ng has a great suite)

Post-Exploitation

Code with text “malicious virus” | Credit: Wallpaperflare.com

Usually, white hats skip over to the very last step. But I will include this and the next for the sake of knowledge.

Post exploitation is the use of tools with the aim of gaining persistence and obtaining sensitive information from the target computer.

This could be done in a number of ways including:

1. Installing a permanent backdoor, listener, or rootkit
2. Installing malware such as viruses and trojans
3. Downloading intellectual property, sensitive information, and Personal Identifiable Information (PII)

Covering Tracks

An Anonymous themed background | Credit: Wallpaperflare.com

This is as simple as it gets, but can be incriminating if there is even a slight mistake. A malicious hacker has to be careful to not leave behind files, scripts, or anything that can be used by a digital forensics expert to track the hacking back to them.

Some basic things to do would be to delete log files and the history file in Linux. The meterpreter payload even has a feature to delete all logs on the Windows Event Manager.

Reporting

Digital report writing | Credit: Wallpaperflare.com

This is the final step of the hacker methodology. It involves writing down a basic rundown of the entire process you went through above.

There are various formats, but a basic one will include:

1. Vulnerabilities found and their risk level
2. A brief description of how the vulnerabilities were discovered
3. Recommendations on how to remediate the vulnerabilities

Tip: Note taking when hacking is very important. I personally learned this the hard way when doing CTFs (Capture The Flag).

Not only does it make it easier when writing reports, but they also allow you to avoid repeating failed attempts and sort through information easily. They also let you look back on what you’ve done later on. Taking screenshots is also a great idea.

Conclusion

Alright so let's do a quick recap of the hacker methodology:

1. Reconnaissance
2. Enumeration
3. Exploitation
4. Privilege Escalation
5. Post-Exploitation
6. Covering Tracks
7. Report Writing

Resources to help you practice:

1. Test your knowledge on the hacker methodology
2. Tips on how to protect yourself from hackers
3. More information about OSINT

Acknowledgements

Thanks to Chinaza Nwukwa, Holumidey Mercy, Georgina Awani, and my family for the inspiration, support, and knowledge used put this post together. You guys are the best.

Well, in this article, you will learn how hackers are classified by comparing them to a Marvel or DC hero that more or less represents them and what they do.

What is a Hacker?

Hats on Silhoettes | Credit: Wallpaperflare.com

A hacker is an individual who uses their skills to breach cybersecurity defences. In the world of Cybersecurity, hackers are typically classified by a ‘hat’ system. This system likely came from old cowboy film culture where the good characters typically wore white hats and the bad ones wore black hats.

There are 3 major hats in the cyberspace:

1. White Hats
2. Grey Hats
3. Black Hats

However, there are some others that have also cropped up over time such as:

1. Green Hats
2. Blue Hats
3. Red Hats

Let’s dive in and learn what all these different types of hackers do, shall we? 🙃

White Hat Hackers

Captain America | Credit: Wallpaperaccess.com

White hats are just like Marvel’s Captain America 🛡️. No matter the day, time, or age, they always stand up for what’s right and protect civilians and organizations at large by finding and reporting vulnerabilities in systems before the black hats do.

They usually work for organizations and take roles such as a Cybersecurity Engineer, Penetration Tester, Security Analyst, CISO (Chief Information Security Officer), and other security positions.

Under these organizations they perform tasks such as:

1. Scanning networks
2. Configuring IDSs (Intrusion Detection Systems)
3. Ethically hacking computers to find vulnerabilities and report them so they can be addressed
4. Programming honeypots (Traps for the attackers 😼)
5. Monitoring network activity for suspicious activity

Famous examples of such hackers include:

1. Jeff Moss (DEF CON founder)
2. Richard Stallman (Founder of the GNU project)
3. Tim Burners-Lee (Creator of the World Wide Web)
4. Linus Torvalds (Creator of Linux)
5. Tsutomu Shimomura (The man that caught Kevin Mitnick)

And if you want to hear more from the founder of a cybersecurity company herself, check out this podcast featuring Rachel Tobac.

Grey Hat Hackers

Batman | Credit: Alphacoders.com

DCs’ Dark Knight and grey hat hackers have a lot in common 🦇. They both want to stand up for the right thing but use rather unconventional methods to do so.

Grey hat hackers are the balance between white hats and black hats. In contrast to white hats, they do not ask for permission to hack systems but do not perform any other illegal activities like black hat hackers.

Grey hats have quite a controversial history. This makes them hard to really classify, especially if their moral compass goes a little haywire down the line or what they did seems more black hat-ish than white hat-ish. Some even end up in jail for what they do.

But there are some that rise to be the heroes of the people and the enemy of the government and big organizations.

Some (in)famous examples of grey hat hackers are:

1. Anonymous (World famous hacktivist group)
2. HD Moore (Creator of Metasploit)
3. Adrian Lamo (aka the homeless hacker)
4. Khalil Shreateh (Hacked the facebook account of Mark Zuckerburg 🤣)

Black Hat Hackers

The Joker | Credit: Wallpapersden.com

Time to introduce the harmful lot 🃏. The Joker and Black Hats are like peas in a pod. They perform illegal activities for financial gain, the challenge, or simply for the fun of it.

They look for computers that are vulnerable over the internet, exploit them, and use them to whatever advantage they can.

Black Hats use techniques for getting into systems just like white hats. However, they don’t use their defensive skills – rather, they up their game on the attack by doing things such as:

1. Installing backdoors
2. Maintaining access to compromised systems
3. Performing privilege escalation
4. Downloading private/sensitive/intellectual data
5. Installing malware such as ransomware
6. Creating phishing emails and links

Examples of infamous black hats include:

1. Kevin Mitnick (Most wanted cybercriminal in U.S history)
2. Julian Assange aka Mendax (Creator of Wikileaks)
3. Hamza Bendelladj aka Bx1 (Latter owner of the ZeuS Banking Malware)
4. Kevin Poulsen (Dark Dante)
5. Robert Tappan Morris (Creator of the morris worm)

Mitnick, Poulsen, and Morris were criminally charged, served their sentences, and are good guys now. Mitnick founded a cybersecurity company. Poulsen created SecureDrop. And Morris became a professor at MIT (Don’t you just love a happy ending? 🤧).

Green Hat Hackers

Ms Marvel | Credit: Wallpapercave.com

Ms Marvel and Green hats are a match made in heaven 🌟. They are both young, enthusiastic, inexperienced and have the tendency to take risks and learn from their mistakes. Green hats are hackers that are new to the industry but are willing to learn to become great hackers.

Because of the availability and easy of use of hacking tools these days, it's pretty easy for a green hat to end up in trouble as they may not fully understand the full workings of the tool or target. But, they learn from their errors to gather experience.

Green hats may upgrade to White, Grey, or Black Hat hackers as they continue to move up the ranks.

Blue Hat Hackers

John Wick | Credit: Wallpaperswide.com

Okay, I know. John Wick isn’t a part of either DC or Marvel but Dynamite Comics’ greatest hitman is a favourite of any fan 🐶.

Mr Wick and Blue hat hackers share the same ideology: Revenge. You kill John Wicks dog, he’ll come after you. You bully or threaten a blue hat, they will also come after you, except it's your digital life on the gallows.

But due to what I can only guess to be cultural differences, a blue hat could also mean an external security professional brought in to test software for vulnerabilities prior to its release.

Red Hat Hackers

The Punisher | Credit: Wallpaperflare.com

I think the character says it all ☠. The Punisher is a ruthless anti-hero that stands up for what is right but is never ever (and I mean ever 😬) going to give criminals second chances.

Red hats are the same. They target cybercriminals and damage whatever they can to disable criminal activities, permanently.

Red hats are hackers no one wants to mess with, not even a black hat. Other hackers usually attack Microsoft Windows computers but these hackers, they hack Linux computers.

They have no regrets, don’t think twice, and make black hats pay rather severely for their crimes by taking justice into their hands. They do this by destroying all data and backups of their target, and usually render the system useless.

Conclusion

And on that terrifying note, we have come to the end of this article. I hope you enjoyed it. And as I always say, Happy hacking! 🙃

Acknowledgements

Thanks to Chinaza Nwukwa, Holumidey Mercy, Georgina Awani, and my family for the inspiration, support and knowledge used put this post together. You guys are amazing.

Helpful Resources

1. What is a honeypot?
2. Many more classifications of hats

It’s basically an ethical hacker's dream operating system, because it has most of the tools you'll ever need built-in. From Metasploit to JohntheRipper to the one and only Aircrack-ng, this OS has it all.

But enough of the history lesson. Let’s jump right in and learn how to install Kali Linux on your computer.

Requirements

Before we carry on, you should know that this is the process for installing on the bare system itself and you should do this with extreme caution.

If you wish to dual boot your machine, you will need to partition your hard drive to give Kali at least 20 GB of hard disk space and then install it on that partition.

Now you are going to need some ingredients for this masterpiece:

1. A Computer (Minimum Requirements: 20GB Hard Disk space, 2GB RAM, Intel Core i3 or AMD E1 equivalent)
2. A USB stick (6 GB or more)
3. A Kali .iso file
4. Rufus (To create a bootable drive)
5. A really cool head (Trust me, you’ll need it 🥶)

How to Install Kali Linux on Your Computer – Step by Step

Step 1: Download the iso file

Go to kali.org and hit the download button.

The Kali Homepage | Credit: kali.org

What you're trying to get is an iso file, which is just a way of packaging software. Operating systems are usually packed like this (but also malicious software, so be careful where you get them💀).

Here you are given a lot of options, but go for the ‘Bare Metal’. There are options for 64-bit, 32-bit, and Apple M1 here (though I have no clue why the last one exists). Choose the tab applicable to your system, and download the Installer. For torrent lovers, the torrent is also available.

The Installer option | Credit: kali.org

Step 2: Create a bootable drive

You can download Rufus from rufus.ie (Rufus 3.18 as at the time of writing). In order to make the stick bootable, we are going to run Rufus and make a few changes.

Connect the stick and select it under the ‘Device’ options. Under ‘Boot selection’ select your newly downloaded Kali iso file. Now for the tricky part.

The Rufus Software | Credit: Mercury

Before we proceed, a quick lesson: a partition scheme/table is the format in which a hard disk saves data. Think of it like your video files saved in .mp4 or .mkv – they are both videos but different formats.

Most computers have one of the following formats: GPT (GUID Partition Table) or MBR (Master Boot Record). You may not be able to boot your drive if you pick the wrong option here.

Summary of it all: Pick the MBR option if the computer is old or using a legacy BIOS. Pick GPT if it is a newer computer and using a UEFI BIOS. If the drive doesn’t show up in the boot menu, change to the other option and try again.

You could also go to the advanced drive properties and check the box with ‘Add fixes for old BIOSes’. This should make the drive more compatible with your computer if it is a very old one. And by old, I mean ancient 👴.

How to prepare the USB stick | Credit: Mercury

Back to easier ground now, you can leave the default format options. Hit the Start Button and wait for the image to be written to the stick (This takes some time so, relax 😌).

Step 3: Access the Kali Installer Menu

To boot the computer from the new Kali USB stick, you’ll need to disable secure boot if it is enabled in the BIOS settings.

You may need to do a little research into how to access your BIOS and boot menu. It usually involves spamming (continuously pressing) a key on your keyboard when the computer starts to boot.

As mentioned before, if you are dual booting, take note of the partition size you made for Kali so you don’t overwrite your other OS (been there, done that 😢).

A Legacy BIOS | Credit: VMware

After disabling secure boot, we can finally boot to the drive. At startup, you’ll have to access the boot menu and then choose the stick you just made. You should be welcomed with the Kali Installer Menu.

The Kali Installer Menu | Credit: Mercury

Note: You can also edit the boot menu configuration in the BIOS menu, but that is permanent and may need to be changed post-installation. It is usually preferred to find a way to access the boot menu when starting up the computer, as this will only be a temporary configuration.

The installer menu only allows the keyboard for input so you’ll have to use the arrow keys, Enter, and Esc to navigate it.

Step 4: Begin the installation

Select graphical install, and you can now use your mouse. Select your preferred language, region, and keyboard layout in the following menus:

Language Menu | Credit: Mercury

Region Menu | Credit: Mercury

You computer will attempt to make some network configurations, but you can easily skip that as it won’t be needed for an offline install.

Fill in a hostname as this will identify your computer on a public network. You can skip the domain name part as this isn’t necessary. Next, type in your full name for your new user account.

Full Name setup | Credit: Mercury

Quick lesson: On the terminal, Linux allows you to send and receive emails with commands. However, Gmail and Yahoo make sending a lot easier these days. You may never have to use this feature in your lifetime.

Next type, in the username for your account (This could be your hacker alias 😎).

Username setup | Credit: Mercury

Choose a strong password/passphrase to input in the next menu.

Password setup | Credit: Mercury

Select your time zone. This is important as it could affect your network configurations post-installation.

Time zone setup | Credit:

Step 5: Set up the storage

Next would be to select the partitioning method. Now for the cool head mentioned earlier. If you want to format the entire hard drive for Kali, the Guided options will be best.

LVM (Logic Volume Management) is a feature that allows you to have relatively flexible partitions. This means that you can extend, shrink or even merge partitions while the OS is being run. It's a pretty nifty feature.

The encrypted LVM feature keeps your data safe if someone unauthorized gets access to your hard drive. Just note that there is a trade-off here: your hard drive will tend to be slower than if it wasn’t encrypted. So most people go with the ‘Guided -use entire disk’ option.

Partitioning method setup | Credit: Mercury

If you are dual-booting, though, you will need to choose the manual option and make the necessary configurations. I’ll go with the use entire disk option here.

Choose the hard drive you want to install Kali on. I’m using a virtual machine so my only option is a small 21 GB drive.

Hard Disk selection | Credit: Mercury

Choose how you want your files to be partitioned. Each option differs by separating certain important directories in separate partitions (More on that in a later post).

Partitioning Scheme | Credit: Mercury

Finish up the partitioning changes.

Partition changes info | Credit: Mercury

Select ‘Yes’ to write the changes to the disk.

Partition Changes verification | Credit: Mercury

Step 5: Chose software and a desktop look

Now, choose the software you wish to install. Check the desktop environment and collection of tools options, as these will help you avoid having to install a lot of things later.

Desktop environments are basically the way the desktop looks to the user. Kali offers Xfce (most common), Gnome, and KDE. I’m a sucker for Gnome so I went with that option. You can still install all three and later configure your computer to choose the one you’d like.

Software Installation Menu | Credit: Mercury

You can check the sixth box to install the top 10 most popular tools on Kali. These are:

1. Aircrack-ng
2. Burpsuite
3. Crackmapexec
4. Hydra
5. Johntheripper (jtr)
6. Metasploit
7. Nmap (Network Mapper)
8. Responder
9. Sqlmap
10. Wireshark

As a hacker, you’re definitely going to need one of these sooner or later, so it’s best if you check that box. You can check the ‘default — recommended tools’ box if you want a whole bunch of tools on your system, but note that this will take a lot of time and space. Hit continue and wait.

Quick tip: It is generally recommended that you only have the tools you absolutely need on your computer. This is because additional tools could slow your computer down, you could waste data updating tools you never use, and you are likely to be more vulnerable if there is an active exploit on the loose.

Step 6: Install the GRUB bootloader

The GRUB boot loader is a piece of software that allows you to pick which OS to boot from when the computer starts up. For both single boot readers and dual boot readers, the best option here is ‘Yes’.

Grub Bootloader setup | Credit: Mercury

Select the your hard drive.

Grub Bootloader setup | Credit: Mercury

Mission Accomplished 🎉🥂. You have successfully installed your Kali Linux OS. Hit continue to clean up and reboot your computer.

Grub Bootloader setup | Credit: Mercury

Note: If you performed dual boot, you may need to change the boot menu to load Kali first before Windows so you have the option of choosing which OS to use.

Once booted up, your screen should be like the one below.

Login screen | Credit: Mercury

If you installed the xfce desktop environment, you will have to put in your username, enter your password, and you should have a nice looking desktop.

Kali Linux Desktop | Credit: Mercury

Conclusion

Alright so let's do a quick recap of what we did:

1. Downloaded the iso file
2. Created a bootable drive
3. Accessed the Kali Installer Menu
4. Began the installation
5. Set up the Storage
6. Installed the GRUB bootloader

And finally, enjoy your new OS. Happy hacking! 🙃

Helpful Resources

1. Kali website: kali.org
2. You can read about the difference between MBR and GPT in this freeCodeCamp article.
3. Here's an article from Kali Linux about how to change your desktop environment

Acknowledgements

Thanks to Chinaza Nwukwa, Holumidey Mercy, Georgina Awani, and my family for the inspiration, support and knowledge used to put this article together. You’re the real MVPs.