Category: Uncategorized

Hello aspiring ethical hackers. In our previous article on Data Link layer attacks, you have learnt what is a LAN, what is a Network Hub and network Switch and their uses, what is a MAC address, what is a CAM table and various types of attacks that take place in LAN. In this article, you will learn about one of the attacks taking place on the LAN known as ARP poisoning.

What is ARP Poisoning?

ARP poisoning or ARP spoofing or ARP cache poisoning is an hacking attack in which malicious ARP reply packets are sent to the default gateway. This packets are sent to change the MAC address value corresponding to a specific IP address.

ARP protocol translates IP addresses to MAC addresses. ARP spoofing is usually performed by sending a malicious ARP reply to the network gateway, asking it to associate its MAC address with the IP address of the machine the hacker wants to target. Once the default gateway saves this message and broadcasts it to all the machines on the network, all the traffic of the target system passes through the attacker controlled machine.

This allows hacker to perform packet sniffing, password sniffing and other MiTM attacks after successful ARP spoofing attack. ARP poisoning attack is performed after the hacker has finished gaining access on the target network. This attack is very difficult to detect as the common users will not find anything suspicious while the attack is going on.

Real-world examples of ARP spoofing

In 2008, a Chinese hacker performed ARP spoofing attack and redirected the website of none other than Metasploit to a Chinese forum where he kept on sale an exploit for a zero-day vulnerability. It is assumed he did this by targeting a router at the Internet Service Provider (ISP) level.

Hello, aspiring ethical hackers. In our previous blogpost on data link layer attacks, you learnt what is a hub, What is a switch, how they both work, what is a MAC address, what is a CAM table and different types of LAN attacks etc. In this blogpost, you will learn about one of the LAN attacks, MAC Spoofing.

What is MAC spoofing?

MAC Spoofing is a technique in which a factory assigned Media Access Control (MAC) address of a network interface is changed or altered. As communication between devices in a single LAN takes place using the MAC address of the device, changing the MAC address to that of another device will make all the traffic belonging to that device visible to the attacker.

For example, let’s say there are two devices A and B. An attacker changed the MAC address of the device “A” to that of “B”. Then all the traffic belonging to “B” will be coming to “A” and the attacker can sniff this traffic. MAC spoofing attack can be performed after gaining access on the target network.

How can MAC address be changed?

MAC address of a network interface card can be changed either manually or using a tool. Let’s see how to change the MAC address of a Linux machine manually. For this, I will be using Kali Linux. The first method we can use to change MAC address in a Linux machine is the “ifconfig” command. Ifconfig is a command line tool in UNIX operating systems that is used to configure network interfaces.

To change the MAC address of the network interface, we need to first disable the network interface. This can be done with “ifconfig” using the command below.

sudo ifconfig <network interface> down

Then we can change the MAC address using the command shown below.

sudo ifconfig <network interface> hw ether <new MAC address>

For example, let’s assign a MAC address ee:12:ee:ff:45:54 to the interface eth0.

Then all we have to do is enable the network interface as shown below.

Let’ see use the ifconfig command again to see if the MAC address has changed.

It has changed. There is another way in which we can change the MAC address using ip command of Linux too. Even for this, you have to disable the network interface. This can be done with “ip” as shown below.

To change the MAC address with ip utility, the command is given below.

sudo ip link set <network interface> address <new MAC address>

For example,

Then all we have to do is enable the network interface as shown below.

We can also use tools to change MAC addresses. one such tool is mac changer. See the complete guide to change MAC addresses with macchanger tool.

Learn how to change the MAC address of a Windows machine manually here.

Hello, aspiring ethical hackers. In our previous blogpost, you learn what is steganography, its significance and types of steganography to cybersecurity. In this blogpost you will learn in detail about image steganography. But first, let’s see its significance in cybersecurity.

In April 2024, a hacker group being tracked as TA558 has widely used image steganography to deliver malware such as Agent Tesla, FormBook, Remcos RAT, LokiBOT, GuLoader, Snake keylogger and Xworm etc. The malware code embedded in the images contained VBS, PowerShell.

Now that you have understood the importance of image steganography, its time to learn about various images steganography techniques. In cybersecurity, It is a very good thing to learn about various image steganography techniques used to hide data in an image.

Types of image steganography

Image steganography techniques can be primarily divided into Spatial Domain techniques and Transform Domain techniques.

Spatial Domain techniques

Let’s study about various Spatial Domain steganography techniques first.

1. Least Significant Bit (LSB) steganography technique:

In this type of steganographic technique, the secret data is stored in pixels of an image. This is done by replacing the least significant bit of the image.

2. Pixel Value Differencing (PVD) steganography technique:

Pixel Value Differencing (PVD) is a steganography techniques in which secret data is embedded into images using the differences in pixel Value between adjacent pixels.

3. Exploiting Modification Direction (EMD) steganography technique:

In this type of steganographic technique, the secret data is embedded into a group of pixels of an image.

Transform Domain techniques

Now let’s learn about various Transform Domain image steganography techniques. In Transform Domain image steganography techniques, secret data is hidden in the transform domain coefficient of an image.

1. Discrete Cosine Transform (DCT) steganography technique:

In this steganographic technique, 8*8 blocks of an image are transformed into 64 DCT coefficients. Then, the LSB of each DCT coefficient is replaced with a bit of secret data.

2. Discrete Wavelet Transform (DWT) steganography technique:

In this steganographic technique, secret data is hidden by modifying the wavelet coefficient of the image.

3. Fast Fourier Transform (FWT) steganography technique:

In this steganography technique, the secret data is expressed as a Fourier series and then coefficients are added to the images.

Learn how to hide secret data in an image using steghide.

Hello, aspiring ethical hackers. In our previous blogpost on data link layer attacks, you learnt what is a hub, What is a switch, how they both work, what is a MAC address, what is a CAM table and different types of LAN attacks etc. In this blogpost, you will learn about one such attack, MAC flooding attack.

What is MAC flooding?

MAC flooding attack is an attack on the network switch that floods the network switch with fake MAC addresses. The purpose of this attack is to consume memory of the network switch. Once the CAM table of the network switch becomes full, the MAC addresses of the legitimate devices are purged out of the CAM table.

The network switch can no longer save new MAC addresses sent to the switch and it soon falls into a fail-open mode in which it will broadcast the incoming data to all the ports of the switch instead of transferring it to the intended device. Typically, the switch here functions like a network hub.

Since the data is now being broadcast to all the devices connected to the network, hackers can sniff on data belonging to all the devices in the network.

There are many ways to perform MAC flooding. One such method is to using a too named macof. Macof is a tool that comes with dsniff package. macof is used to flood the local network with random MAC addresses. It is installed by default in Kali Linux. The default way to flood the switch with macof is to specify the interface as shown below.

sudo macof -i eth0

This will create multiple random MAC addresses. You can even specify the number of packets you want to create as shown below.

sudo macof -i <interface> -n <number of packets to create>

You can even specify the source IP address from where these random MAC address should originate from.

sudo macof -i <interface> -s <IP address> -n <number of packets to create>

You can also specify the MAC address or physical address of the target device you want to flood with random MAC addresses.

sudo macof -i <interface> -e <Physical address of target> 

Hello, aspiring ethical hackers. In this blogpost, you will learn about DNS spoofing attack. Also known as DNS poisoning or DNS cache poisoning, in this attack a fake or wrong value are entered into the DNS cache. To understand this in detail, you have to first understand what is DNS, DNS server and DNS cache etc.

What is DNS?

Domain Name System (DNS) is a system that associates domain names with their IP addresses. For example, you want to go to a website named Alkapulka.com. When you open the browser and enter the domain name in the URL, your query first goes to a server that keeps a record of domain names and their IP addresses. Then this server takes you to the IP address associated with the alkapulka.com. This server is called the Domain Name System (DNS) server. A DNS server stores domain names and the IP addresses associated with these domain names in a cache known as DNS cache. Hence it is also known as DNS cache poisoning.

What is DNS spoofing?

Just imagine the IP address of the website alkapulka.com is xyx.xyz.xyx.xyz. Somehow the hacker takes control of the DNS server and registers the IP address of alkapulka.com to xyz.xyz.xyz.xyz where I am hosting a different website that looks similar to that of alkapulka.com. Now, when someone tries to visit alkapulka.com, instead of going to the original website, he will be redirected to the duplicate website controlled by the hacker.

Impact of DNS Spoofing

A hacker performs DNS spoofing to make unsuspecting users visit a malicious website. Once the user is one the malicious website, a lot of hacking attacks are possible. Some of them are,

1. Phishing:

Hackers may take unsuspecting users to a phishing website. Phishing is an act of presenting a fake page resembling the original webpage you intend to visit with the sole intention of stealing your credentials. Learn more about phishing.

2. Infecting with malicious software :

The website the users are redirected to may contain malware that can infect the user systems. Malware or malicious software is any software that performs malicious actions on a computer or mobile.

3. Gaining initial access:

Hackers can use multiple techniques to gain initial access on the system of the user. Learn more about gaining access.

How DNS spoofing attack can take place?

DNS spoofing can be achieved using many techniques like

1. Man in the Middle attack:

When attacker gets between the web browser and the DNS Server, he can perform DNS spoofing. Learn more about MiTM attack.

2. DNS server compromise:

If the DNS Server is compromised due to any vulnerability, then attacker gains access to the DNS cache, which he can manipulate as he want.