Interview of Kali Linux

What is Kali Linux - Kali Linux is the new generation of the industry-leading BackTrack Linux penetration testing and security auditing Linux distribution. Kali Linux is a complete re-build of BackTrack from the ground up, adhering completely to Debian development standards. It is maintained and funded by Offensive Security Ltd. It was developed by Mati Aharoni and Devon Kearns of Offensive Security through the rewriting BackTrack, their previous forensics Linux distribution. Users may run Kali Linux from a hard disk, live CD, or live USB. Kali Linux is distributed in 32- and 64-bit images for use on hosts based on the x86 instruction set, as well as an image for the ARM architecture for use on the Raspberry Pi computer and on Samsung's ARM Chromebook. Kali Linux is also known as Backtrack 6.

How to Download Kali Linux ISO - 

1. Open This link Download Kali Linux

2. After Opening the Official Download Website of Kali Linux you will find out download links. I advice you If you are feeling confuse which one should you choose for downloading, choose Kali Linux 32 Bit ISO. It supports mostly all System. So for starting download click on Kali Linux 1.0.6 32 Bit ISO (Version may update in the future just focus on 32 Bit ISO)

3. So, If you have Internet Download Manager in your system. You will see a pop up like this. If not then as per your browser it will start to download.

4. After finishing your download check your download save path. You will find your Kali Linux 32 Bit ISO there.

How to Make Kali Linux Bootable Pendrive - Visit Our this post Make Kali Linux Bootable Pendrive

What is VMware Workstation ? - VMware Workstation is a hypervisor that runs on x64 computers; it enables users to set up multiple virtual machines (VMs) and use them simultaneously along with the actual machine. Each virtual machine can execute its own operating system, such as Microsoft Windows, Linux or BSD variants. As such, VMware Workstation allows one physical machine to run multiple operating systems simultaneously. Workstation is developed and sold by VMware, Inc., a division of EMC Corporation.

VMware Workstation supports bridging existing host network adapters and share physical disk drives and USB devices with a virtual machine. In addition, it can simulate disk drives. It can mount an existing ISO image file into a virtual optical disc drive so that the virtual machine sees it as a real one. Likewise, virtual hard disk drives are made via .vmdk files.

VMware Workstation can save the state of a virtual machine in one point of time. These saved states, known as a "snapshots", can later be restored, effectively returning the virtual machine to the saved state.

VMware Workstation includes the ability to designate multiple virtual machines as a team which can then be powered on, powered off, suspended or resume as a single object, making it particularly useful for testing client-server environments.

How to Download VMware - Visit official Website of VMware Click Here then use below serial key to make it full version. 

Update: We removed all software and serial keys from this website because of Google T&C meanwhile you can mail us your request we will surly help you regarding this issue.

How to install VMware - VMware installation is not a big deal. just open downloaded vmware setup file and follow the instruction.

Q. - Any Freeware Software like VMware because i am unable to download this ?

Ans - Yes, There are many software like this but VMware has more features then other but as you are unable to download so Here are your alternate option Choose one of them.

• Virtual Box - Download Me
• VMware Player - Download Me

How to Install Kali Linux on VMware - Visit Our this Post Install Kali Linux on VMware

How to Install Kali Linux with Windows -  Visit Our this Post Install Kali Linux on Hard Disk 

Additional Information - 

Grub Rescue - Sometime for different reason we can face this problem so visit our How to Fix Grub Rescue error Post for solution 

Q. - I also want to download Kali Linux through Internet Download Manager (IDM). Where I can get it for Free ?

Ans - Download from Geekyshows its Free and Full version for life time. If you notice that download link has broken kindly report me Contact Us. 

Update: We removed all software and serial keys from this website because of Google T&C meanwhile you can mail us your request we will surly help you regarding this issue.

Like it ? Share it.

ISACA Security Certifications

ISACA is an international professional association focused on IT Governance. It is an affiliate member of IFAC. Previously known as the Information Systems Audit and Control Association, ISACA now goes by its acronym only, to reflect the broad range of IT governance professionals it serves.

ISACA Certifications

Certified Information Systems Auditor (CISA)
The CISA certification was established in 1978 for several reasons:

• Develop and maintain a tool that could be used to evaluate an individual's competency in conducting information system audits.
• Provide a motivational tool for information systems auditors to maintain their skills, and monitor the success of the maintenance programs.
• Provide criteria to help aid management in the selection of personnel and development.

The first CISA examination was administered in 1981, and registration numbers have grown each year. As of 2010, over 79,000 candidates worldwide have earned the CISA designation since its inception. It is one of the few certifications formally approved by the US Department of Defense in their Information Assurance Technical category (DoD 8570.01-M). In 2009, SC Magazine named the CISA designation winner of the Best Professional Certification Prog

ram.
In 2011, the CISA examination underwent its most significant update in a decade. The exam was revised from 6 domains to 5. All domains were revised and updated in this process.




Certified Information Security Manager (CISM)
        Certified Information Security Manager (CISM) is a certification for information security managers awarded by ISACA (formerly the Information Systems Audit and Control Association). To gain the certifications, individuals must pass a written examination and have at least five years of information security experience with a minimum three years of information security management work experience in particular fields.

The intent of the certification is to provide a common body of knowledge for information security management. The CISM focuses on information risk management as the basis of information security. It also includes material on broader issues such as how to govern information security as well as on practical issues such as developing and managing an information security program and managing incidents.

The point of view in the certification is that of widely accepted cross-industry best practices, where information security gets its justification from business needs. The implementation includes information security as an autonomous function inside wider corporate governance.

The CISM certifications tends to be sought after by both CISA and CISSP certification communities. ISACA created the CISM to help foster a better fusion between IT auditing and information security perspectives.

In principle, the CISM certification is related in nature to the Information Systems Security Management Professional certification from the International Information Systems Security Certification Consortium.

In 2005, the United States Department of Defense listed CISM, CISA and CISSP as "approved" certifications for its "Information Assurance Workforce Improvement Program".

Certified in the Governance of Enterprise IT (CGEIT)
Certified in Risk and Information Systems Control (CRISC)

Certified in Risk and Information Systems Control (CRISC) is a certification for information technology professionals with experience in managing IT risks, awarded by ISACA. To gain this certification, candidates must pass a written examination and have at least eight years of information technology or business experience, with a minimum of three years work experience in at least three CRISC domains.

The intent of the certification is to provide a common body of knowledge for information technology/systems risk management, and to recognize the knowledge of enterprise and IT risk that a wide range of IT and Business practitioners have acquired, as well as the capability to: design, implement and maintain information system (IS) controls, to mitigate IS/IT risks.

The CRISC requires demonstrated knowledge in five functional areas or ‘domains’ of IT risk management:

• Risk identification, assessment and evaluation
• Risk response
• Risk monitoring
• Information systems control, design and implementation
• IS control, monitoring and maintenance

Official Website : Click Here

Like it ? Share it.

COMPTIA SECURITY CERTIFICATIONS

The Computing Technology Industry Association (CompTIA), a non-profit trade association, was created in 1982 as the Association of Better Computer Dealers, Inc. (ABCD) by representatives of five microcomputer dealerships. Over the course of a decade, ABCD laid the groundwork for many of CompTIA’s initiatives and member benefits.

ABCD later changed its name to the Computing Technology Industry Association to reflect the association's evolving role in the computer industry and in the U.S. business landscape at large.

CompTIA is a provider of professional certifications for the information technology (IT) industry.




Security+
       Security+ is a certification dealing with computer security topics such as cryptography and access control, as well as business-related topics such as disaster recovery and risk management. It was developed in 2002 to address the rise of security issues. A new and updated version, SY0-301, was released in 2011. According to CompTIA, there are currently more than 45,000 people around the world who have earned this certification. It is recommended that candidates have two years of security-related work experience (although not a requirement) and pass the 100 question multiple choice exam.

CompTIA Security+ is an international, vendor-neutral certification that demonstrates competency in:

• Network security
• Compliance and operational security
• Threats and vulnerabilities
• Application, data and host security
• Access control and identity management
• Cryptography

The Security+ exam can be applied as an elective to the MCSA: Security and the MCSE: Security specializations from Microsoft. For United States Department of Defense employees, DoDD 8570, IAT Level II certification guidelines lists Security+ as one of four choices (the others being GIAC Security Essentials Certification (GSEC), Security Certified Network Professional (SCNP), and Systems Security Certified Practitioner (SSCP)).

CompTIA Advanced Security Practitioner [CASP]

CompTIA released the CompTIA Advanced Security Practitioner certification on September 15, 2011. "The CompTIA Advanced Security Practitioner (CASP) Certification is a vendor-neutral credential. The CASP certification is intended to follow CompTIA Security+. The CompTIA Advanced Security Practitioner certification was accredited by the International Organization for Standardization (ISO) and the American National Standards Institute (ANSI) on Dec. 13, 2011. The CASP exam will certify that the successful candidate has the technical knowledge and skills required to conceptualize, design, and engineer secure solutions across complex enterprise environments. The CompTIA Advanced Security Practitioner (CASP) Certification is aimed at an IT security professional who has a minimum of 10 years’ experience in IT administration including at least 5 years of hands-on technical security experience.

Official Website : Click Here

Like it ? Share it.

Funny manpages in Kali linux

I am going to show you some funny man pages.

1. How to Install Funny Manpages – Open terminal, type apt-get install funny-manpages and Press Enter.

(Click on image for large view)

2. Now use man command for opening the funny manpages. I am giving you some funny manpages. This could be for 18+ people.

Syntax – man <topic>

Topics:

baby

celibacy

condom

date

echo

flame

flog

gong

grope, egrope, fgrope

party

rescrog

rm

rtfm

tm

uubp

woman (undocumented)

xkill

xlart

sex

strfry

As Result you will see the documentary. Just read this funny documentary and enjoy. 

(Click on image for large view)

Like it ? Share it.

Toilet in Kali linux

Toilet Prints text using large characters made of smaller characters. It is similar in many ways to FIGlet with additional feature such as Unicode handling, color fonts, filters and various export formats.

1. How to install – Open Terminal, type apt-get install toilet and Press Enter

(Click image for large view)

2. Open toilet with Help Commands

    Syntax – toilet –h

3. Toilet with a simple example
    Syntax – toilet Merry Christmas

4. In this example I am going to show you advance toilet feature where you can change your font, filter etc.

Syntax – toilet –f <fontname> -F <filtername> Message

 Ex-    toilet –f letter –F metal Merry Christmas

Here, I am giving you font list as well filter list

Font:

ascii9

ascii12

bigascii9

bigascii12

bigmono9

bigmono12

circle

emboss

emboss2

future

letter

mono9

mono12

pagga

smascii9

smacii12

smblock

smbraille

smmono9

smmono12

wideterm

Filter:

metal

gay 

 

(Click image for large view)

Like it ? Share it.

Share Folders between Windows 7 and Vmware OSs

Whenever we work in Vmware, we need to transfer some data from Windows (Host Computer) to Other OS which installed in Vmware. In this tutorial I will share with you how easy it is to share files or folder between Host Computer and VMware. If you have some basic knowledge about sharing file or folder between LANs then it will be more easiest for you. If you do not know don't worry your all concept will be clear which are require for this work.


Before starting tutorial lets see what we are covering in this tutorial.

• How to Create Admin Password in Windows 7
• How to enable share option in Vmware
• How to share file/folder between windows 7 (host computer) and Kali Linux (VMware)
• How to copy paste from windows 7 (Host Computer) to kali linux (Vmware)

1. First of all create password for your windows 7 operating system. Without creating Password you can not share. So Let's Create Password Go to Control Panel → User Accounts
Select Your Administrator account then Click on 'Create a password for your account'

(Click image for large view)

2. Write Password and click on Create Password  

3. You will notice that your administrator account is now password protect.

4. Right Click on the Folder which one you want to share with Vmware then click on Properties 

5. Select Sharing Tab then Click on Advance Sharing

6. Check Share this folder Box then click on Permissions

7. Check all Boxes then Click OK

8. Click OK

9. You will notice Now you have a Network path. Click Close

10. Now, Open Your VMware. Select your OS then go to VM → Settings..

11. Go to Option Tab. Select Shared Folders then Select Always enabled afterthat click Add

12. Click Next

13. Here we are going to select a particular folder which we had shared in our windows 7 OS. Click Browse..

14. Select Folder which one we shared in windows 7 then click OK

15. Now you have a Host Path as well Name. Click Next

16. Click Finish

17. You will notice your windows host path and name. Click OK

18. Now, Turn ON Your VMware OS (Here my OS is Kali Linux). Right Click on Computer then Click Open

19. Go → Network

20. After sometime You will see your windows 7 PC username appears in your VMware Kali Linux Network.

21. Right Click on Your Windows 7 PC username then Click Open

22. Write your windows 7 username and password and Click on Connect.

23. If everything is cool then soon you will able to see your Windows 7's all Drive as well shared Folder. Here I shared 'New Folder'

24. Now time to mount your shared folder. Right Click on 'New Folder' then Click 'Open with Files'

25. Write your windows 7 username and password and Click on Connect. 

26. Here is your all New Folder's Data. Now your are read to copy and paste.

27. You will also notice that a folder named as your shared folder appears in your kali linux desktop.

(Click image for large view)

Like it ? Share it.

Code Execution

In computer security, Code Execution is used to describe an attacker's ability to execute any commands of the attacker's choice on a target machine or in a target process. It is commonly used in arbitrary code execution vulnerability to describe a software bug that gives an attacker a way to execute arbitrary code.
A program that is designed to exploit such a vulnerability is called an arbitrary code execution exploit. Most of these vulnerabilities allow the execution of machine code and most exploits therefore inject and execute shellcode to give an attacker an easy way to manually run arbitrary commands.
The ability to trigger arbitrary code execution from one machine on another (especially via a wide-area network such as the Internet) is often referred to as remote code execution.
It is the worst effect a bug can have because it allows an attacker to completely take over the vulnerable process. From there the attacker can potentially take complete control over the machine the process is running on.
Arbitrary code execution vulnerabilities are commonly exploited by malware to run on a computer without the owner's consent or by an owner to run homebrew software on a device without the manufacturer's consent.


Arbitrary code execution is commonly achieved through control over the program counter (also known as the instruction pointer) of a running process. The instruction pointer points to the next instruction in the process that will be executed. Control over the value of the instruction pointer therefore gives control over which instruction is executed next.
In order to execute arbitrary code, many exploits inject code into the process (for example by sending input to it which gets stored in an input buffer) and use a vulnerability to change the instruction pointer to have it point to the injected code. The injected code will then automatically get executed.
This type of attack exploits the fact that Von Neumann architecture computers do not make a general distinction between code and data, so that malicious code can be camouflaged as harmless input data. Many newer CPUs have mechanisms to make this harder, such as a no-execute bit.
Once the invader can execute arbitrary code directly on the OS, there is often an attempt at a privilege escalation exploit in order to gain additional control. This may involve the kernel itself or an account such as Administrator, SYSTEM, or root. With or without this enhanced control, exploits have the potential to do severe damage or turn the computer into a zombie - but privilege escalation helps with hiding the attack from the legitimate administrator of the system.
An arbitrary remote code execution with privilege escalation vulnerability in widely-deployed software is thus the worst vulnerability sub-type of them all. If bugs of this kind become known, fixes are usually made available within a few hours.
A lesser kind of vulnerability is the denial of service vulnerability, where the target machine can be prevented from doing what it's supposed to do, but can't be made to positively do something the attacker wants it to do.

Preventing Code Execution Vulnerabilities
It is never advisable to utilize user supplied input for system calls. In cases where it is absolutely necessary it is vital to sanitize user input whenever passing values to system calls.
Any application that utilizes system calls should be suspect, as it is a good indicator that the web application is attempting to do something for which another solution is probably more appropriate. If user input is allowed to be passed to system calls it should be strictly controlled and limited to a predefined set of values.

Like it ? Share it.