Saturday, 12 January 2019

Information gathering with whois

Information Gathering with Whois
As I have mentioned earlier, our goal in the information gathering and enumeration phase is to
gather as much information as possible about the target. Whois holds a huge database that contains information regarding almost every website that is on the web, most common information
are “who owns the website” and “the e-mail of the owner,” which can be used to perform social
engineering attacks.
Whois database is accessible on whois.domaintools.com. It’s also available in BackTrack. but
you would need to issue the following command from BackTrack to enable it:
apt-get install whois
In order to perform a Whois search on a website, you would need to type Whois <domainname>
from the command line:
whois www.whois.com

OWASP

OWASP
As you may have detected, each the methodologies targeted additional on activity a network penetration check instead of one thing specifically engineered for testing internet applications. The OWASP
testing methodology is what we have a tendency to follow for all “application penetration tests” we have a tendency to do here at the
RHA InfoSEC. The OWASP testing guide essentially contains nearly everything that you just would
test an online application for. The methodology is comprehensive and is intended by a number of the most effective
web application security researchers.

The OWASP Testing Guide includes a "best practice" penetration testing framework that users will implement in their own organizations and a "low level" penetration testing guide that describes techniques for testing most typical internet application and internet service security problems. Version four was printed in September 2014, with input from sixty people.

What Is a Penetration Test?

What Is a Penetration Test?
A penetration test is a subclass of ethical hacking; it comprises a set of methods and procedures
that aim at testing/protecting an organization’s security. The penetration tests prove helpful in
finding vulnerabilities in an organization and check whether an attacker will be able to exploit
them to gain unauthorized access to an asset.

What is SQL Injection?

Sql injection

SQL injection and buffer overflows area unit similar exploits therein they’re each typically delivered via a user-input field. The input field is wherever a user could enter a username and positive identification on a

website, add knowledge to a address, or perform a probe for a keyword in another application.

Both SQL server injection and buffer overflow vulnerabilities area unit caused by an equivalent issue:

invalid parameters. If programmers don’t take the time to validate the variables a user will enter

into a variable field, the results are often serious and unpredictable. subtle hackers will

exploit this vulnerability, inflicting associate degree execution fault and closing of the system or application,

or a command shell to be dead for the hacker

What is session Hijacking?

Session Hijacking
Session hijacking is when a hacker takes control of a user session after the user has successfully
authenticated with a server. Session hijacking involves an attack identifying the current session
IDs of a client/server communication and taking over the client’s session. Session hijacking is
made possible by tools that perform sequence-number prediction.

What is Smurf Attack?

Smurf” Attack?
A smurf attack sends a large amount of ICMP echo (ping) traffic to a broadcast IP address with
the spoofed source address of a victim. Each secondary victim’s host on that IP network replies
to the ICMP echo request with an echo reply, multiplying the traffic by the number of hosts
responding. On a multiaccess broadcast network, hundreds of machines might reply to each
packet. This creates a magnified DoS attack of ping replies, flooding the primary victim. IRC
servers are the primary victim of smurf attacks on the Internet.

How BOTs/BOTNETs Work

How BOTs/BOTNETs Work
A BOT is short for web robot and is an automated software program that behaves intelligently. Spammers often use BOTs to automate the posting of spam messages on newsgroups or the sending of emails. BOTs can also be used as remote attack tools. Most often,
BOTs are web software agents that interface with web pages. For example, web crawlers
(spiders) are web robots that gather web-page information

Denial of Service

Denial of Service
A DoS attack is an attempt by a hacker to flood a user’s or an organization’s system. As a
CEH, you need to be familiar with the types of DoS attacks and to understand how DoS and
DDoS attacks work. You should also be familiar with robots (BOTs) and robot networks
(BOTNETs), as well as smurf attacks and SYN flooding. Finally, as a CEH, you need to be
familiar with various DoS and DDoS countermeasures.

What is ARP Poisioning?

Arp poisoning

ARP allows the network to translate IP addresses into MAC addresses. When one host using
TCP/IP on a LAN tries to contact another, it needs the MAC address or hardware address
of the host it’s trying to reach. It first looks in its ARP cache to see if it already has the MAC
address; if it doesn’t, it broadcasts an ARP request asking, “Who has the IP address I’m
looking for?” If the host that has that IP address hears the ARP query, it responds with its
own MAC address, and a conversation can begin using TCP/IP.

Sniffer Concept

Sniffers concept

A sniffer can be a packet-capturing or frame-capturing tool. It
intercepts traffic on the network and displays it in either a
command-line or GUI format for a hacker to view. Some
sophisticated sniffers interpret the packets and can reassemble the packet stream into the
original data, such as an e-mail or a document.
Sniffers are used to capture traffic sent between two systems. Depending on how the
sniffer is used and the security measures in place, a hacker can use a sniffer to discover usernames, passwords, and other confidential information transmitted on the network

What is CCNP

A Cisco certified network professional (CCNP) is someone in the IT industry who has achieved a Cisco career certification, which is a type of IT professional certification created by Cisco Systems to prove that a person is duly qualified and properly equipped to handle Cisco networking products and systems.

This makes the professional highly employable in any organization using Cisco’s networking products.

Cisco certified network professional has achieved one of the many Cisco career certifications that are on offer.

Certification can be achieved through study and training, then by passing the corresponding exam of the chosen certification.

There are five certification levels:

Entry - Serves as the starting point for becoming a Cisco certified professional. Certified Cisco Technician (CCT) and Certified Cisco Entry Network technician (CCENT) belong in this category.

Associate - This is the foundation level for network specification and has various kinds of Cisco Certified Network Associate (CCNA) branches depending on chosen field such as data center, routing and switching, and security.

Professional - This is the advanced certification level where you can get the Certified Cisco Design Professional (CCDP) and Certified Cisco Network Professional (CCNP) and all of its variants.

Expert - As the name suggests, this is the expert tier where applicants can get Cisco Certified Design Expert (CCDE) and Certified Cisco Internetwork Expert (CCIE) and all of its variants.

Architect - The highest level of certification will give the professional the level of Architect which recognizes the candidate’s architectural expertise of network design to be able to support increasingly complex global networks.

What is viruses and worms

Viruses and Worms
Viruses and worms can be used to infect a system and modify a system to allow a hacker to
gain access. Many viruses and worms carry Trojans and backdoors. In this way a virus or
worm is a carrier and allows malicious code such as Trojans and backdoors to be transferred
from system to system much in the way that contact between people allows germs to spread.

What is Footprinting?

Footprinting
Footprinting is part of the preparatory pre-attack phase and involves accumulating data regarding a target's environment and architecture, usually for the purpose of finding ways to intrude
into that environment. Footprinting can reveal system vulnerabilities and identify the ease with
which they can be exploited. This is the easiest way for hackers to gather information about
computer systems and the companies they belong to. The purpose of this preparatory phase is
to learn as much as you can about a system, its remote access capabilities, its ports and services,
and any specific aspects of its security.

Cisco CCNA Certification Exams

Cisco CCNA Certification Exams

You have 2 testing choices to become CCNA certified: Take the inclusive CCNA dance band examination, or take ICND1 (CCENT) and ICND2 singly. Here the present take a look at versions (released in 2016):

CCNA dance band exam: #200-125 CCNA | Interconnecting Cisco Networking Devices: Accelerated (CCNA)

Two separate exams: #100-105 | Interconnecting Cisco Networking Devices half one (ICND1 v3, CCENT)
and #200-105 | Interconnecting Cisco Networking Devices half two (ICND2 v3)

CCNA examination Format: Cisco certification exams area unit comprised of multiple testing formats as well as multiple alternative, drag-and-drop, fill-in-the-blank, testlet, simlet, and simulations. Explore the interactive Cisco Certification examination Tutorial from Cisco.com to acquaint yourself with these distinctive question varieties.

CCNA Time Limit: 200-125 (ICND1 & ICND2) is ninety minutes long.
Exam Length: 200-125 (ICND1 & ICND2) contains 50-60 queries.
Exam Cost: 200-125 (ICND1 & ICND2) prices $325 USD.
Passing Score: or so seventy fifth correct; Cisco doesn't publish examination passing scores as a result of
test queries and spending scores area unit subject to vary rapidly. (Source: Cisco.com)

What is Trojan)?

Trojan

Trojans and backdoors are two ways a hacker can gain access to
a target system. They come in many different varieties, but they
all have one thing in common: They must be installed by another
program, or the user must be tricked into installing the Trojan or backdoor on their system.
Trojans and backdoors are potentially harmful tools in the ethical hacker’s toolkit and should
be used judiciously to test the security of a system or network.

What is meant by Null Session?

What Is Meant by Null Sessions?
A null session occurs when you log in to a system with no username or password. NetBIOS
null sessions are a vulnerability found in the Common Internet File System (CIFS) or SMB,
depending on the operating system.

What is Enumeration?

What Is Enumeration?
The objective of enumeration is to identify a user account or system account for potential
use in hacking the target system. It isn’t necessary to find a system administrator account,
because most account privileges can be escalated to allow the account more access than was
previously granted.

Common NMAP Commands

Common nmap commands

-sT TCP connect scan
-sS SYN scan
-sF FIN scan
-sX XMAS tree scan
-sN Null scan
-sP Ping scan
-sU UDP scan
-sO Protocol scan
-sA ACK scan
-sW Windows scan
-sR RPC scan
-sL List / DNS scan
-sI Idle scan
-Po Don’t ping
-PT TCP ping
-PS SYN ping
-PI ICMP ping
-PB TCP and ICMP ping
-PB ICMP timestamp
-PM ICMP netmask

What is Network Scanning?

Network scanning Network scanning is a procedure for identifying active hosts on a network, either to attack them or as a network security assessment. Hosts are identified by their
individual IP addresses. Network-scanning tools attempt to identify all the live or responding
hosts on the network and their corresponding IP addresses.

What is Scanning?

Scanning
During scanning, the hacker continues to gather information regarding the network and its
individual host systems. Data such as IP addresses, operating system, services, and installed
applications can help the hacker decide which type of exploit to use in hacking a system. Scanning is the process of locating systems that are alive and responding on the network. Ethical
hackers use it to identify target systems’ IP addresses.

What is Phishing Attacks?

Phishing Attacks
Phishing involves sending an e-mail, usually posing as a bank, credit-card company, or other
financial organization. The e-mail requests that the recipient confirm banking information or
reset passwords or PIN numbers. The user clicks the link in the e-mail and is redirected to a
fake website. The hacker is then able to capture this information and use it for financial gain
or to perpetrate other attacks. E-mails that claim the senders have a great amount of money
but need your help getting it out of the country are examples of phishing attacks

What is Social Engineering?

What Is Social Engineering?
Social engineering is the use of influence and persuasion to deceive people for the purpose of
obtaining information or persuading a victim to perform some action. A social engineer commonly uses the telephone or Internet to trick people into revealing sensitive information or to
get them to do something that is against the security policies of the organization.

What is Email Tracking Concept?

Email tracking concept

E-mail–tracking programs allow the sender of an e-mail to know whether the recipient
reads, forwards, modifies, or deletes an e-mail. Most e-mail–tracking programs work by
appending a domain name to the e-mail address, such as readnotify.com. A single-pixel
graphic file that isn’t noticeable to the recipient is attached to the e-mail. Then, when an
action is performed on the e-mail, this graphic file connects back to the server and notifies
the sender of the actio

Skills Measured by CCNA Certification

Skills Measured by CCNA Certification

Key data areas and ability sets coated by the Cisco CCNA certification examination embrace the subsequent. Cisco Certified Network Associates can:

Understand however totally different network topologies move to make a secure IT network

Explain however a electronic network works and the way it interacts with networked devices

Configure, verify and troubleshoot a switch with VLAN & interswitch communications

Implement Associate in Nursing information science addressing theme and information science Services to satisfy specific network necessities

Configure, verify and troubleshoot routing and router operations on current Cisco devices

Identify network security threats and describe threat mitigation ways & countermeasures

Describe and perform the suitable tasks for wireless native space network (WLAN) administration

Setup and verify WAN links and execute the right ways for connecting to a large space network

Implement & support Network Address Translation (NAT) and Access management Lists (ACLs) in branch workplace networks

What is CCNA?

CCNA (Cisco Certified Network Associate) is Associate in Nursing info technology (IT) certification from Cisco. CCNA certification is Associate in Nursing associate-level Cisco Career certification.

Associate (CCNA) certification validates your ability to put in, configure, operate and troubleshoot routed & switched networks. CCNA certified professionals will build connections to remote sites via a large space network (WAN), mitigate basic network security threats, and perceive elementary networking ideas and language.

CCNA certification is Cisco’s most well-liked certification, and one among the technical school industry’s most sought-after career credentials. turning into CCNA certified may be a distinctive commencement toward a gratifying career as a network administrator or engineer. There area unit various Cisco coaching programs and specialised faculty degrees that includes work in Cisco networking. Compare CCNA coaching & certification programs

What Is Vulnerability Research?

What Is Vulnerability Research?
Vulnerability research is the process of discovering vulnerabilities and design weaknesses that
could lead to an attack on a system. Several websites and tools exist to aid the ethical hacker
in maintaining a current list of vulnerabilities and possible exploits for their systems or networks. It’s essential that a systems administrator keep current on the latest viruses, Trojans,
and other common exploits in order to adequately protect their systems and network. Also, by
becoming familiar with the newest threats, an administrator can learn how to detect, prevent,
and recover from an attac

What is Hactivism?

What Is Hacktivism?
Hacktivism refers to hacking for a cause. These hackers usually have a social or political
agenda. Their intent is to send a message through their hacking activity while gaining visibility
for their cause and themselves.
Many of these hackers participate in activities such as defacing websites, creating viruses,
DoS, or other disruptive attacks to gain notoriety for their cause. Hacktivism commonly targets government agencies, political groups, and any other entities these groups or individuals
perceive as “bad” or “wrong.”

Tips For Taking CEH Exam?

Tips for taking CEH exam

Here are some general tips for taking your exam successfully:
Bring two forms of ID with you. One must be a photo ID, such as a driver’s license. The
other can be a major credit card or a passport. Both forms must include a signature.
Arrive early at the exam center so you can relax and review your study materials, particularly tables and lists of exam-related information.
Read the questions carefully. Don’t be tempted to jump to an early conclusion. Make sure
you know exactly what the question is asking.
Don’t leave any unanswered questions. Unanswered questions are scored against you.
There will be questions with multiple correct responses. When there is more than one correct answer, a message at the bottom of the screen will prompt you to either “Choose
two” or “Choose all that apply.” Be sure to read the messages displayed to know how
many correct answers you must choose.
When answering multiple-choice questions you’re not sure about, use a process of elimination to get rid of the obviously incorrect answers first. Doing so will improve your odds
if you need to make an educated guess.
On form-based tests (non-adaptive), because the hard questions will eat up the most time,
save them for last. You can move forward and backward through the exam.
For the latest pricing on the exams and updates to the registration procedures, visit
EC-Council’s website at www.eccouncil.org.

What is CEH Certification?

What is CEH certification ?

The CEH certification was created to offer a wide-ranging certification, in the sense that
it’s intended to certify competence with many different makers/vendors. This certification is
designed for security officers, auditors, security professionals, site administrators, and anyone
who deals with the security of the network infrastructure on a day-to-day basis.
The goal of ethical hackers is to help organizations take preemptive measures against malicious attacks by attacking systems themselves, all the while staying within legal limits. This
philosophy stems from the proven practice of trying to catch a thief by thinking like a thief.
As technology advances organizations increasingly depend on technology, and information
assets have evolved into critical components of survival.
You need to pass only a single exam to become a CEH. But obtaining this certification doesn’t
mean you can provide services to a company—this is just the first step. By obtaining your CEH
certification, you’ll be able to obtain more experience, build on your interest in networks, and
subsequently pursue more complex and in-depth network knowledge and certifications

How to authentication in web application

Authentication in web application

The authentication mechanism is logically the most basic dependency in an
application’s handling of user access. Authenticating a user involves establishing
that the user is in fact who he claims to be. Without this facility, the application
would need to treat all users as anonymous — the lowest possible level of trust.
The majority of today’s web applications employ the conventional authentication model, in which the user submits a username and password, which the application check the validity

What is BACtrack?

BACtrack Professional Grade Breathalyzers utilize the same fuel cell sensor technology used by law enforcement, and therefore deliver to the consumer the same level of accuracy.
Blood Alcohol Content (BAC) describes the percentage of alcohol present in the blood. BAC testing enables law enforcement and medical professionals--as well as concerned individuals--to objectively estimate the level of a person’s alcohol intoxication. Put simply, the higher the BAC number, the greater the impairment.
How to know your BC
Alcohol rapidly absorbs into the bloodstream through the walls of the stomach and the small intestine, and travels throughout the body and brain. Your BAC can be measured shortly after you consume your first drink – in just 15 minutes.
How to determined your BC

BAC is usually determined by one of three tests: breath, urine, or blood. Blood testing is generally regarded as the most accurate method of estimating BAC, but requires a trained professional to draw blood, which can be painful, time consuming, and messy. Urine tests are considered the least accurate, and tend to be used only when other tests are not available.

Breath testing is the most convenient, easy, and painless method of estimating BAC. It is the most common test performed by law enforcement officials, who use handheld fuel cell sensor breathalyzers to conduct roadside tests. These tests are nearly as accurate as blood tests, and are considered admissible evidence in most court proceedings. The BACtrack Pro Series breathalyzers utilize this same fuel cell sensor technology and therefore deliver to the consumer the same level of accuracy used by the police.

What is nmap tool

Nmap tool

Nmap is an open source program released under the GNU General Public License
(see www.gnu.org/copyleft/gpl.html). It is an evaluable tool for network
administrators which can be used to discover, monitor, and troubleshoot TCP/IP
systems. Nmap is a free cross-platform network scanning utility created by Gordon
“Fyodor” Lyon and is actively developed by a community of volunteers.
A typical Nmap scan
Nmap’s award-winning suite of network scanning utilities has been in constant
development since 1997 and continually improves with each new release. Version
5.00 of Nmap (released in July of 2009) adds many new features and enhancements
including:
 Improved service and operating system version detection (see page 89)
 Improved support for Windows and Mac OS X
 Improved Nmap Scripting Engine (NSE) for performing complex scanning

Download from here
https://www.nmap.org

Top 10 command for window cmd

1.dir :- dir is use for listing directory in windows cmd
2.cd :- cd use for change directory from one to another
3.cls :- cls use for clearing screen
4.ipconfig :- display the local ip of the machine
5.netstat -a :- display all the incoming and outgoing connection
6.ping :- for ping the ip address for checking host
7.systeminfo :- display all configuration of the machine
8.shutdown :- shutdown machine in single command
9.reboot :- restart system using single command
10.hostname :- display the host name of the machine

How Hackers Hide Their Identity?

How hackers hide thier indentity ?

A professional hacker use proxies and vpn (Virtual Private Network) to #encrypt thier connection end to end. With help of vpn and proxy hackers access those website which are blocked by the government or internet service provider ... In india few days ago govt blocked the some #porn #website but hacker or some users still access these Websites

Proxy
Proxy servers are used for both legal and illegal purposes. In the enterprise, a proxy server is used to facilitate security, administrative control or caching services, among other purposes. In a personal computing context, proxy servers are used to enable user privacy and anonymous surfing

Vpn
A virtual private network (VPN) is a technology that creates a safe and encrypted connection over a less secure network, such as the internet

Some vpn and proxy
Hidemyass
Hola
Tor (famous browser)
Touch vpn

What is Bitcoin? How to earn Bitcoin

What is Bitcoin ? Why hackers use bitcoin ? Anonymous Money ??
Bitcoin (₿) is a cryptocurrency, a form of electronic cash. It is a decentralized digital currency without a central bank or single administrator that can be sent from user-to-user on the peer-to-peer bitcoin network without the need for intermediaries.

How to earn bitcoin using bitcoin mining ?
Bitcoin Mining is a peer-to-peer computer process used to secure and verify bitcoin transactions—payments from one user to another on a decentralized network it used to earn bitcoin

Top 10 programming language in 2019

In this post I'm going to talk about the best programming languages to learn in 2018.

JavaScript

JavaScript is a programming languagecommonly used in web development. It was originally developed by Netscape as a means to add dynamic and interactive elements to websites. While JavaScript is influenced by Java, the syntax is more similar to C and is based on ECMAScript, a scripting language developed by Sun Microsystems.

JavaScript is a client-side scripting language, which means the source code is processed by the client's web browserrather than on the web server. This means JavaScript functions can run after a webpage has loaded without communicating with the server. For example, a JavaScript function may check a web form before it is submitted to make sure all the required fields have been filled out. The JavaScript code can produce an error message before any information is actually transmitted to the server.

Python

Python is an interpreted, object-oriented programming language similar to PERL, that has gained popularity because of its clear syntax and readability. Python is said to be relatively easy to learn and portable, meaning its statements can be interpreted in a number of operating systems, including UNIX-based systems, Mac OS, MS-DOS, OS/2, and various versions of Microsoft Windows 98. Python was created by Guido van Rossum, a former resident of the Netherlands, whose favorite comedy group at the time was Monty Python's Flying Circus. The source code is freely available and open for modification and reuse. Python has a significant number of users.

C#

C# is a hybrid of C and C++, it is a Microsoft programming language developed to compete with Sun's Java language. C# is an object-oriented programming language used with XML-based Web services on the .NET platform and designed for improving productivity in the development of Web applications.

C# boasts type-safety, garbage collection, simplified type declarations, versioning and scalability support, and other features that make developing solutions faster and easier, especially for COM+ and Web services. Microsoft critics have pointed to the similarities between C# and Java

Java is a programming language that produces software for multiple platforms. When a programmer writes a Java application, the compiled code (known as bytecode) runs on most operating systems (OS), including Windows, Linux and Mac OS. Java derives much of its syntax from the C and C++ programming languages.

Java was developed in the mid-1990s by James A. Gosling, a former computer scientist with Sun Microsystems.

PHP (Hypertext Preprocessor)

PHP is a script language and interpreter that is freely available and used primarily on Linux Web servers. PHP, originally derived from Personal Home Page Tools, now stands for PHP: Hypertext Preprocessor, which the PHP FAQ describes as a "recursive acronym."

PHP executes on the server, while a comparable alternative, JavaScript, executes on the client. PHP is an alternative to Microsoft's Active Server Page(ASP) technology. As with ASP, the PHP script is embedded within a Web page along with its HTML. Before the page is sent to a user that has requested it, the Web server calls PHP to interpret and perform the operations called for in the PHP script.

An HTML page that includes a PHP script is typically given a file name suffix of ".php" ".php7," or ".phtml". Like ASP, PHP can be thought of as "dynamic HTML pages," since content will vary based on the results of interpreting the script.

Go is

Go

Now, Go is interesting. Why is Go so good here? Okay. So the usage on this was only 8%, but the people that were saying that it's going to be adopted or migrated too soon was 11%. It was actually one of the few languages that had a higher migration than it did have a current usage.

What does that mean? To me, that's simple. That means growth. That means that more and more companies are going to start using Go and are migrating to Go. That's a good one to learn for 2018, honestly. It's not the easiest language to learn, but it's a really good language. Like I said, I've taught a course on Go. I was an early adopter on Go. I really think that the technology is good and it's a language that is growing. There's a good opportunity here.

This is one of those languages where I think there's not enough Go developers and that ecosystem can be expanded a lot, especially if you want to create frameworks and things like that. If you're willing to invest some time and learn Go, and become an expert, you're going to be in high demand. There's not going to be as many jobs right now, but I think in 2018, you'll see more of them and you're going to see that there's not enough people to fill those positions. If all of these companies are migrating to Go and you don’t have enough Go developers, this is a good place to be.

Again, if you want just all out highest demand, C#, Java, JavaScript, PHP. Those are going to be high demand positions. Go is going to be more specialized, but it's an interesting language to learn. It's a good one and there's a lot of growth opportunities as I see it. I think Go has been around long enough that I can recommend it and say that it's going to continue to grow. It's not going to go down. Sometimes a language comes out and you're like, “Yeah, I'm not sure,” but in this case, I would recommend Go.

Swift

This is tough here. But I pick Swift. I pick Swift for a couple of reasons. One, iPhones. That's not going away anytime soon. Even though there's really good solutions like C# to do cross platform development using Xamarin and there's a lot of cross platform stuff, so many more apps are being developed on iOS and that's kind of the flagship. A lot of companies are developing that or they're basically getting to the point now where they're saying, “Hey, look. We're going to do iOS and Android. We're just going to do them and we're not going to worry about any other platforms. We don’t worry about a cross platform solution.” Swift is a go-to language, the winning language for iPhone, for iOS at this point.

Now, iOS is expanding. Obviously, you've got the watch now, the wearables. You've got iOS, the TV, and you've got obviously the phones and the iPads. There's a huge, huge market and this is the market that actually makes money. Every company now pretty much has to have an iOS app. That's why I think Swift is a good idea. I would not invest in Objective C, not at this point. It doesn’t make any sense. Swift is a better language overall and there's a lot of opportunities. When I look at the surveys, again, Swift is popping up for the first time. I mean it's a new language, but, again, it's one of those ones too on the Stack Overflow Survey. I'll tell you right here. Up with Go, Swift has 9% of developers that said they use it regularly, but it has 11% saying that they're going to adopt or migrate to it. That's another huge, huge growth opportunity. If you're going to learn a new programming language, you want to move into a growth opportunity. If you're going to do iOS development, bar none, I would recommend that you go to Swift.

Also, you know, the other good thing about it was that Swift was up there on the charts from one of the most beloved languages. It was actually number four which doesn’t seem very high, but when you look at this it was—number one was Rust. Number two is Smalltalk. I mean, really? Come on, Smalltalk? Number three is TypeScript which—that doesn’t really count and then number four was Swift. Again, see, this is one of those things with these surveys. It's just like, “Why is TypeScript on there?” You're not going to like—you're not going to be—TypeScript is not the language that you're going to learn like you're going to get a job with it. Not really. You got to know JavaScript in order to do TypeScript. I don’t understand some of this, but okay.

Rust

We're moving on. Next one is—this one might be a surprise as well. Rust. Now, why did I put Rust on here? Okay. If I look at the surveys, where is Rust falling? On some of these, it's not even showing up, but it does show up as the number one most loved language, again, on that Stack Overflow Survey. What does that tell me? What does that tell me here? It tells me that this is a really good language that developers like.

Again, this is a very small market. There's not a lot of companies using Rust. I haven’t seen it take off, but if developers like Rust the most, this is something to really consider, especially if you're thinking—if you already have some programming language and you're thinking about getting into a new programming language that you would like to learn. Maybe not for a beginner. If you're a beginner, maybe don't start with Rust. If you are an experienced programmer and you're looking for a new language in 2018, Rust is a pretty good choice because developers love this language. This reminds of Ruby back in the day when everyone was so in love with Ruby because it was a fun language to work in.

I've done a little bit of Rust work and I really liked the language. I'd like to dive into it more, but I'm not really doing technical stuff anymore except every once in a while. It's a good language to bet on. It's not one to like bet your career on, but I would say that if developers like this language so much that it's got a good chance of gaining some ground and popularity, and possibly at some point displacing C and C++ for a low-level type of language.

Again, I don’t know. I don’t have a crystal ball. Again, I wouldn't bet my whole career on this. If you're already an experienced developer, you already have some experience on your belt, it might make sense to try and go down the Rust path, trying to build some expertise there and see if you can get some highly paid consulting gigs doing Rust stuff, because it's going to be rare to find Rust developers.

Kotlin

Kotlin is the new kid on the block for Android. Again, I put this down on the list because I'm still not 100% sure. It looks like most Android development is going to go this direction like Objective C switched to Swift, but I'm not 100% sure on this. I think it's worth—if you're going to learn a new programming language, again, if you're going to give in the Android development, it's a lot better. It's easier to use than Java and it's basically got native Android support right now. It's fully supported in Android Studio (the Android development IDE) and there's a lot of really easy ways to get started with Kotlin to develop Android apps.

Again, it's that whole battle between iOS and Android. If you're going to go the Android route, I'm learning Kotlin, if I'm developing for iOS, I'm learning Swift. If you're just doing Android development you could go down the Java route, but it probably makes sense to just go with Kotlin. It's becoming really popular. It's one of those ones that could fade out but it's not looking that way. That's why I haven’t ranked it so high up there on the list, but I still think it's a good one. This is another one that if you're an experienced developer, you might take a risk and learn and see where it goes so you have that skill set. This is something you could freelance.

C & C++

I've done some videos where I've talked about how you shouldn’t learn C or C++, but I will say this, as a beginner, don’t. Start with Java or C# (or both) and then think about learning C and C++ later. As an experienced developer, if you are looking for a new language to learn in 2018, as much as I think that C++ and C is going to die, it's not. It's not going to die. There is so much going on. VR is “resurrecting” C and C++ development because VR games are very computationally intensive. A lot of mathematics, heavy mathematics. If you're going to go into the VR world, C and C++ might be a good choice for you, especially with the Unreal Engine to be able to learn how to do that, which is becoming popular in the VR stuff, Oculus Rift and whatnot. I don’t see that going away. I see the future going that direction and we need a lot of horsepower to be able to do this stuff.

Right now, Rust is not an option for doing this kind of stuff. C and C++ is. I've put them together. Again, they show up in the top of the surveys as well. It's really hard for me to deny it. Even though I have a personal bias and I would say that. Again, I used to love C++. I used to be an expert on that language, but I just feel like it's not a very good beginner language and I feel like there's other more efficient languages today. Like I said, I can't go against the grain just like—I may not like the language, but I have to say that it's a good one for 2018. But I would not recommend it if it were not for VR. I believe VR changes the game here and makes it so that I can actually recommend C and C++. Not for a beginner but for someone who is experienced.

Top 10 linux command

1. ls

The ls command - the list command - functions in the Linux terminal to show all of the major directories filed under a given file system. For example, the command:

ls /applications

...will show the user all of the folders stored in the overall applications folder.

The ls command is used for viewing files, folders and directories.

2. cd

The cd command - change directory - will allow the user to change between file directories. As the name command name suggest, you would use the cd command to circulate between two different directories. For example, if you wanted to change from the home directory to the Arora directory, you would input the following command:

cd/arora/applications

As you might have noted, the path name listed lists in reverse order. Logically cd/arora/applications reads change to the arora directory which is stored in the applications directory. All Linux commands follow a logical path.

3. mv

The mv command - move - allows a user to move a file to another folder or directory. Just like dragging a file located on a PC desktop to a folder stored within the "Documents" folder, the mv command functions in the same manner. An example of the mv command is:

mv/arora/applications/majorapps /arora/applications/minorapps

The first part of the command mv/arora/applications/majorapps lists the application to be moved. In this case, arora. The second part of the command /arora/applications/minorapps lists where arora will be moved to - from majorapps to minorapps.

4. man

The man command - the manual command - is used to show the manual of the inputted command. Just like a film on the nature of film, the man command is the meta command of the Linux CLI. Inputting the man command will show you all information about the command you are using. An example:

man cd

The inputting command will show the manual or all relevant information for the change directory command.

5. mkdir

The mkdir - make directory - command allows the user to make a new directory. Just like making a new directory within a PC or Mac desktop environment, the mkdir command makes new directories in a Linux environment. An example of the mkdir command

mkdir testdirectory

The example command made the directory "testdirectory".

6. rmdir

The rmdir - remove directory - command allows the user to remove an existing command using the Linux CLI. An example of the rmdir command:

rmdir testdirectory

The example command removed the directory "testdirectory".

It should be noted: both the mkdir and rmdir commands make and remove directories. They do not make files and they will also not remove a directory which has files in it. The mkdir will make an empty directory and the rmdir command will remove an empty

7. touch

The touch command - a.k.a. the make file command - allows users to make files using the Linux CLI. Just as the mkdir command makes directories, the touch command makes files. Just as you would make a .doc or a .txt using a PC desktop, the touch command makes empty files. An example of the touch command:

touch testfile.txt

The example touch command effectively created the file testfile.txt. As noted by the extension, the file created is a .txt or text file. To equate, a .txt file in Linux is akin to a .txt notebook file within a Windows or Mac OS.

8. rm

The rm command - remove - like the rmdir command is meant to remove files from your Linux OS. Whereas the rmdir command will remove directories and files held within, the rm command will delete created files. An example of the rm command:

rm testfile.txt

The aforementioned command removed testfile.txt. Interestingly, whereas the rmdir command will only delete an empty directory, the rm command will remove both files and directories with files in it. This said, the rm command carries more weight than the rmdir command and should be used with more specificity.

9. locate

The locate - a.k.a. find - command is meant to find a file within the Linux OS. If you don't know the name of a certain file or you aren't sure where the file is saved and stored, the locate command comes in handy. A locate command example:

locate -i *red*house**city*

The stated command will locate an file with the a file name containing "Red", "House" and "City". A note on the input: the use of "-i" tells the system to search for a file unspecific of capitalization (Linux functions in lower case). The use of the asterik "*" signifies searching for a wildcard. A wildcard tells the system to pull any and all files containing the search criteria.

By specifying -i with wildcards, the locate CLI command will pull back all files containing your search criteria effectivley casting the widest search net the system will allow.

10. clear

The clear command does exactly what it says. When your Linux CLI gets all mucked up with various readouts and information, the clear command clears the screen and wipes the board clean. Using the clear command will take the user back to the start prompt of whatever directory you are currently operating in. To use the clear command simply type clear.

Introduction of kali linux

Kali linux is a Debian-based Linux distribution aimed at advanced Penetration Testing and Security Auditing. Kali contains several hundred tools which are geared towards various information security tasks, such as Penetration Testing, Security research, Computer Forensics and Reverse Engineering. Kali Linux is developed, funded and maintained by Offensive Security, a leading information security training company.

Kali Linux was released on the 13th March, 2013 as a complete, top-to-bottom rebuild of BackTrack Linux, adhering completely to Debian development standards.

More than 600 penetration testing tools included: After reviewing every tool that was included in BackTrack, we eliminated a great number of tools that either simply did not work or which duplicated other tools that provided the same or similar functionality. Details on what’s included are on the Kali Tools site.

Free (as in beer) and always will be: Kali Linux, like BackTrack, is completely free of charge and always will be. You will never, ever have to pay for Kali Linux.

Open source Git tree: We are committed to the open source development model and our development tree is available for all to see. All of the source code which goes into Kali Linux is available for anyone who wants to tweak or rebuild packages to suit their specific needs.

FHS compliant: Kali adheres to the Filesystem Hierarchy Standard, allowing Linux users to easily locate binaries, support files, libraries, etc.

Wide-ranging wireless device support: A regular sticking point with Linux distributions has been supported for wireless interfaces. We have built Kali Linux to support as many wireless devices as we possibly can, allowing it to run properly on a wide variety of hardware and making it compatible with numerous USB and other wireless devices.

Custom kernel, patched for injection: As penetration testers, the development team often needs to do wireless assessments, so our kernel has the latest injection patches included.

Developed in a secure environment: The Kali Linux team is made up of a small group of individuals who are the only ones trusted to commit packages and interact with the repositories, all of which is done using multiple secure protocols.

GPG signed packages and repositories: Every package in Kali Linux is signed by each individual developer who built and committed it, and the repositories subsequently sign the packages as well.

Multi-language support:Although penetration tools tend to be written in English, we have ensured that Kali includes true multilingual support, allowing more users to operate in their native language and locate the tools they need for the job.

Completely customizable: We thoroughly understand that not everyone will agree with our design decisions, so we have made it as easy as possible for our more adventurous users to customize Kali Linux to their liking, all the way down to the kernel.

ARMEL and ARMHF support:Since ARM-based single-board systems like the Raspberry Pi and BeagleBone Black, among others, are becoming more and more prevalent and inexpensive, we knew that Kali’s ARM supportwould need to be as robust as we could manage, with fully working installations for both ARMEL and ARMHF systems. Kali Linux is available on a wide range of ARM devices and has ARM repositories integrated with the mainline distribution so tools for ARM are updated in conjunction with the rest of the distribution.

Kali Linux is specifically tailored to the needs of penetration testing professionals, and therefore all documentation on this site assumes prior knowledge of, and familiarity with, the Linux operating system in general. Please see Should I Use Kali Linux? for more details on what makes Kali unique.