Thursday, 6 April 2017

Install Visual Studio 2015:

 

Updated: November 16, 2016
For the latest documentation on Visual Studio 2017, see Visual Studio 2017 Documentation.
This page includes detailed information to help you with installing Visual Studio, our integrated suite of productivity tools for developers. We've also included links to get you quickly to information about features, editions, system requirements, downloads, and more.
(To view installation information about previous versions of Visual Studio, click the "Other Versions" link at the top of this page. And, to view installation information about the next version of Visual Studio, see our Install Visual Studio 2017 page.
https://www.baltihub.com
Before we dig in to the details, here's a list of our most frequently requested links.


Learn more about featuresFeatures: To learn more about new or updated features in Visual Studio 2015, see the release notes for RTM, Update 1, Update 2, and Update 3.
Find out what's in each SKUSKUs: To find out what's available in each edition of Visual Studio 2015, see our Compare Visual Studio Offerings page.
View system requirementsSystem Requirements: To view the system requirements for each edition of Visual Studio 2015, see the Visual Studio 2015 Compatibility page.
Download Visual StudioDownloads: To install Visual Studio, you can download the web installer from the Visual Studio Downloads page, or you can download a product executable file from the My.VisualStudio.com page (subscription required), or use the installation media from the boxed product.
Locate your Product KeyProduct Keys: To locate your product key, see the How to: Locate the Visual Studio Product Key topic.
Find out about licensingLicensing: To find out about licensing options for both individuals or enterprise customers, see the Visual Studio and MSDN Licensing white paper.
When you install Visual Studio 2015, you can include or exclude components that you'd use on a daily basis. This means that a Default installation will often be smaller and install faster than a Custom installation. It also means that many components that were installed by default in previous versions now are considered Custom components that you must explicitly select in this version.
Visual Studio 2015 Setup Dialog
Custom components include Visual C++, Visual F#, SQL Server Data Tools, Cross-platform mobile tools and SDKs, and third-party SDKs and extensions. You can install any of the custom components at a later time if you don't select them during the initial setup.
System_CAPS_ICON_note.jpg Note
A Custom installation automatically includes the components that are in a Default installation.
The complete list of Custom components is as follows:
Feature SetsComponents
UpdatesVisual Studio 2015 Update 3
Programming LanguagesVisual C++
Visual F#
Python Tools for Visual Studio
Windows and Web DevelopmentClickOnce Publishing Tools
LightSwitch
Microsoft Office Developer Tools
Microsoft SQL Server Data Tools
Microsoft Web Developer Tools
PowerShell Tools for Visual Studio (3rd Party)
Silverlight Development Kit
Universal Windows App Development Tools
Windows 10 Tools and SDKs
Windows 8.1 and Windows Phone 8.0/8.1 Tools
Windows 8.1 Tools and SDKs
Cross Platform Mobile DevelopmentC#/.NET (Xamarin)
HTML/JavaScript (Apache Cordova)
Visual C++ Mobile Development for iOS / Android
Clang with Microsoft CodeGen
Common Tools and Software Development KitsAndroid Native Development Kit (3rd Party)
Android SDK [3rd Party]
Android SDK Setup APIs (3rd Party)
Apache Ant (3rd Party)
Java SE Development Kit (3rd Party)
Joyent Node.js (3rd Party)
Common ToolsGit for Windows (3rd Party)
GitHub Extension for Visual Studio (3rd Party)
Visual Studio Extensibility Tools
You can install Visual Studio by using installation media (DVDs), by using your Visual Studio subscription service from the My.VisualStudio.com website, by downloading a web installer from the Visual Studio Downloads website, or by creating an offline installation layout (see the Create an Offline Installation of Visual Studio page for more details).
System_CAPS_ICON_important.jpg Important
You need administrator credentials to install Visual Studio. However, you don't need them to use Visual Studio after you install it.
Your local administrator account must have the following privileges enabled to install everything in Visual Studio.
Local Policy Object Display NameUser Right
Backup Files and directoriesSeBackupPrivilege
Debug programsSeDebugPrivilege
Manage auditing and security logSeSecurityPrivilege
For more information on this local administrator account requirement, see the Knowledge Base article, SQL Server installation fails if the Setup account does not have certain user rights.

Using installation media

To install Visual Studio, in the root directory on the Visual Studio installation media, run the installation file for the edition you want:
EditionInstallation File
Visual Studio Enterprisevs_enterprise.exe
Visual Studio Professionalvs_professional.exe
Visual Studio Communityvs_community.exe

Downloading from the product website

Visit the Visual Studio Downloads page, and select the edition of Visual Studio that you want.

Downloading from your subscription service

Visit the My.VisualStudio.com page, and select the edition of Visual Studio that you want.

Creating an offline installation layout

If you do not have the Visual Studio installation media, or you do not have a Visual Studio subscription, or you do not want to install Visual Studio by using the web installer, you can perform a "disconnected" installation by creating what is known as an offline installation layout. For more information, see the Create an Offline Installation of Visual Studio page.
For information about how to deploy Visual Studio over a network, see the Visual Studio Administrator Guide.

Installing Visual Studio in a virtualized environment

Video Issues with Hyper-V
If you run Windows Server 2008 R2 with Hyper-V enabled and an accelerated graphics adapter, you may experience system slowdowns.
For more information, see the following page on the Microsoft website: Video performance may decrease when a Windows Server 2008 or Windows Server 2008 R2 based computer has the Hyper-V role enabled and an accelerated display adapter installed.
Emulating Devices with Hyper-V
When you install Visual Studio 2015 on real hardware without virtualization, you can choose features that enable emulation of Windows and Android devices using Hyper-V. When you install into Hyper-V, you will not be able to emulate the Windows or Android devices. This is because the emulators are themselves virtual machines, and you cannot currently host a VM inside another VM. The workaround is to have real Windows or Android devices to which you can directly deploy and debug your application.
https://www.baltihub.com
If you want to install components that you might not have selected during your original installation, use the following procedure.

To install optional components

  1. In Control Panel, on the Programs and Features page, choose the product edition to which you want to add one or more components, and then choose Change.
  2. In the Setup wizard, choose Modify, and then choose the components that you want to install.
  3. Choose Next, and then follow the remaining instructions.
After you install Visual Studio, you can download additional Help content so that it will be available offline.

To install or uninstall Help content

  1. On the Visual Studio menu bar, choose Help, Add and Remove Help Content.
  2. On the Manage Content tab of the Microsoft Help Viewer, select the installation source for your Help content.
  3. If you're looking for a specific Help collection, enter the name or a keyword in the Search text box, and then press Enter.
  4. Next to the name of the Help collection you want, choose the Add or Remove link.
  5. Click the Update button.
For more information about how to install or deploy offline Help, see the Help Viewer Administrator Guide.
Because not all extensions are compatible, Visual Studio doesn't automatically upgrade extensions when you upgrade from previous versions. You must reinstall the extensions from the Visual Studio Gallery or from the software publisher.

To automatically check for service releases

  1. On the menu bar, choose Tools, Options.
  2. In the Options dialog box, expand Environment, and then select Extensions and Updates. Make sure the Automatically check for updates check box is selected, and then choose OK.
  1. On the menu bar, choose Help, About.
    The About dialog box shows the product identification number (PID). You'll need the PID and Windows Account credentials (such as a Hotmail or Outlook.com email address and password) to register the product.
  2. On the menu bar, choose Help, Register Product.

To repair Visual Studio

  1. In Control Panel, on the Programs and Features page, choose the product edition that you want to repair, and then choose Change.
  2. In the Setup wizard, choose Repair, choose Next, and then follow the remaining instructions.

To repair Visual Studio in silent or passive modes (that is, to repair from source)

  1. On the computer where Visual Studio is installed, open the Windows command prompt.
  2. Enter the following parameters:
    DVDRoot \<Installation File> </quiet|/passive> [/norestart]/Repair
Use these resources to get help for setup and installation issues:
  • Visual Studio Setup and Installation forum. Review questions and answers from others in the Visual Studio community. If you don't find what you need, ask your own questions.
  • Microsoft Support for Visual Studio website. Read knowledge base (KB) articles and learn how to contact Microsoft Support for information about issues with Visual Studio installation.
  • For releases of Visual Studio 2015, you can report your issue by using the Connect site at https://connect.microsoft.com/visualstudio.
    It’s best if your issue includes the installation logs. You can prepare your logs for the issue report by using the Microsoft Visual Studio and .NET Framework Log Collection Tool, as described in the following steps.
    1. Download the installation diagnostic tool from http://aka.ms/vscollect.
    2. From an elevated command prompt, run the collect.exe program.
    3. After the collect.exe program completes, fetch the vslogs.cab file from your Temp directory and upload that into the issue report.
TitleDescription
Create an Offline Installation of Visual StudioDescribes how to install Visual Studio when you are not connected to the Internet.
Install Visual Studio Versions Side-by-SideProvides information about how to install multiple versions of Visual Studio on the same computer.
Use Command-Line Parameters to Install Visual StudioLists the command-line parameters that you can use when you install Visual Studio from a command prompt.
Uninstall Visual StudioDescribes how to uninstall Visual Studio.
Visual Studio Administrator GuideProvides information about deployment options for Visual Studio.
The Visual Studio Image LibraryProvides information about how to install graphics that you can use in Visual Studio applications.
Get Started Developing with Visual StudioIncludes information and links that can help you use Visual Studio more effectively.


 

Tuesday, 14 February 2017

Certified Ethical Hacker:

Certified Ethical Hacker (CEH) is a qualification obtained by assessing the security of computer systems, using penetration testing techniques. The code for the CEH exam is 312-50, and the certification is in Version 9 as of 2016.
Penetration tests are employed by organizations that hire certified ethical hackers to penetrate networks and computer systems with the purpose of finding and fixing security vulnerabilities. While unauthorized hacking, also known as Black Hat hacking, is illegal, penetration testing done at the request of the owner of the targeted systems is not.
The EC-Council offers another certification, known as Certified Network Defense Architect (CNDA). This certification is designed for United States Government agencies and is available only to members of selected agencies

Examination

Certification is achieved by taking the CEH examination after having either attended training at an Accredited Training Center (ATC). or completed through self-study. If a candidate opts for self-study, an application must be filled out and proof submitted of two years of relevant information security work experience. Those without the required two years of information security related work experience can request consideration of educational background. The current version of the CEH is V9 which uses the EC-Council's exam 312-50, as the earlier versions did. Although the new version V8 has recently been launched, this exam has 125 multiple-choice questions, with a 4-hour time limit, and requires at least a score of 70% to pass. The test delivery will be web based, via Prometric prime. The exam code varies at different testing centers. The 312-50 exam proctored at Accredited Training Centers (ATC). The earlier v7 had 150 multiple-choice questions and a four-hour time limit. The version 7 and version 8 exams cost US$500 for the actual test and $100 as a non-refundable fee for registration.Prices apply in the United States (prices in other countries may be different), and is administered via computer at an EC-Council Accredited Training Center, Pearson VUE, or Prometric testing center (in the United States). The V9 has been released with very few changes in its modules.
The EC-Council and various ATCs (Authorized Training Center) administer the CEH examination. Members holding the CEH/CNDA designation (as well as other EC-Council certifications) must seek re-certification under this program every three years, for a minimum of 120 credits.

Controversy

The CEH certification had drawn criticism shortly after inception due to higher than average preparation costs, low-tech exam registration procedures, and limited technical content within the exam itself. As the CEH program has matured, such complaints have been largely addressed by EC Council via changes to certification requirements, exam registration process, and exam content itself.Some computer security professionals have objected to the term "ethical hacker" as a "contradiction in terms". Part of the controversy may arise from the older, less stigmatized, definition of hacker, which has since become synonymous with the computer criminal. According to the EC-Council, there has been an increase of careers where CEH and other ethical hacking certifications are preferred or required.The US government accepts this association and requires CEH accreditation for some jobs, per DoD 8570.01-M guidelines.been take a part in Certified Ethical Hacker visit this Site for Leran More>>
https://www.cybrary.it/course/ethical-hacking/
https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/
where you can take free penetration Testing for your own hacking Lab.
written by _baltis

Monday, 12 December 2016

How scammers can take over your computer:
Scams are schemes to con you out of your money. They can arrive by post, phone call, text message, email, or a scammer may turn up at your home.

Computer hackers use computer viruses to gain access to your computer details, to steal your money and identity, then scam you.  They may also get into your wireless (Wi-Fi) network for the same reason.


Fake emails and websites can trick you into buying something bogus or handing over personal details. For example websites that appear to sell event tickets. You pay for the tickets but they never arrive.

This page tells you more about ways fraudsters can get into your computer to steal your money, personal information or identity and what you can do to protect yourself.

Ways your computer can be taken over

Computer viruses

Computer viruses are small computer programs that are designed to try and infect other computers, tablets and smartphones. They break into your computer and spread  from one device to the next as you communicate with other people. They are also known as malware.

How computer viruses spread

Viruses can spread through:

computer programs or files that appear to be harmless but actually do damage. These are called trojan viruses. For example, you may download a file with a harmless looking picture of a celebrity, which is actually hiding the virus
email attachments. The virus then finds new people in your email address book to attack
programs you download from websites
documents. These are known as macro viruses
the internet. This is known as a worm. The worm scans for other computers that are vulnerable to attack and sends a copy of itself across networks. A worm can eat up memory or network bandwidth, which will make your computer slow down or stop responding.
What viruses can do when they reach your computer

Viruses can leave unwanted software on your computer that:

secretly monitors your computer activity
scans for private information, such as passwords
gives scammers control of your computer
send out spam email
display unwanted advertising
hijack your web browser
use your computer to host illegal websites to con other people.  
They can also switch off your computer’s security defences, leaving it vulnerable to more viruses. And they can track what information you put into your computer by monitoring your keyboard strokes.

Spyware

Spywarecan track users through advertising that might pop up on your computer. When you click on the advertising link you may be taken to a website which can install a virus onto your computer without you realising it.

The virus can take over your web browser, scan your computer for private information and slow down your computer. It can be difficult to remove spyware.

Wi-fi eavesdropping

If you use a wireless network to access the internet, the signal that lets you connect to the internet uses a radio link with a range of several hundred feet. This is called a Wi-Fi network. If your network isn’t secure, other people can also access your internet link if they are within range.

Scammers can also set up access to fake Wi-Fi networks in public places. If you log onto the network, they can try to capture personal details, such as passwords and credit card information.

Other computer scams

Ransomware

Ransomware copies personal files or photos from your computer. When a scammer has control of them, they send a demand for money in return for the files or photos. If you don’t hand over the money, they threaten you with the release of images and files to others, to embarrass you.

Scareware

Scareware is rogue security software, such as antivirus software, that protects your computer. It hides in pop up adverts or alerts that advertise security software updates.

If you click on the adverts or alerts, thinking you are downloading legitimate security software, you may inadvertently start to download scareware onto your computer.

When the scareware is installed it may fail to report viruses or say you have a virus when your computer is clean. Sometimes it will download a virus or spyware onto your computer, which steals your personal information or slows down your computer. You may also be asked to pay for these fake updates.

Phone calls pretending to be from computer companies

Callers pretend to be employees of well-known computer companies who have discovered problems or viruses on your computer. They persuade you to give them access to your computer with passwords and security information and then ask for payment and bank details.

Genuine computer companies will never do this. If you need technical help, always call or email your internet service provider's support line or talk to a computer repair company locally.

Thursday, 27 October 2016

Cybercrime:

Cybercrime, or computer crime, is crime that involves a computer and a network. The computer may have been used in the commission of a crime, or it may be the target.Debarati Halder and K. Jaishankar define cybercrimes as: "Offences that are committed against individuals or groups of individuals with a criminal motive to intentionally harm the reputation of the victim or cause physical or mental harm, or loss, to the victim directly or indirectly, using modern telecommunication networks such as Internet (Chat rooms, emails, notice boards and groups) and mobile phones (SMS/MMS)".Such crimes may threaten a nation's security and financial health.Issues surrounding these types of crimes have become high-profile, particularly those surrounding hacking, copyright infringement, child pornography, and child grooming. There are also problems of privacy when confidential information is intercepted or disclosed, lawfully or otherwise. Debarati Halder and K. Jaishankar further define cybercrime from the perspective of gender and defined 'cybercrime against women' as "Crimes targeted against women with a motive to intentionally harm the victim psychologically and physically, using modern telecommunication networks such as internet and mobile phones". Internationally, both governmental and non-state actors engage in cybercrimes, including espionage, financial theft, and other cross-border crimes. Activity crossing international borders and involving the interests of at least one nation state is sometimes referred to as cyberwarfare. The international legal system is attempting to hold actors accountable for their actions through the International Criminal Court.


A report (sponsored by McAfee) estimates that the annual damage to the global economy is at $445 billion;however, a Microsoft report shows that such survey-based estimates are "hopelessly flawed" and exaggerate the true losses by orders of magnitude. Approximately $1.5 billion was lost in 2012 to online credit and debit card fraud in the US. In 2016, a study by Juniper Research estimated that the costs of cybercrime could be as high as 2.1 trillion by 2019.


Most measures show that the problem of cybercrime continues to worsen. However, Eric Jardine argues that the frequency, cost and severity of cybercrime cannot be well understood as counts expressed in absolute terms. Instead, these numbers need to be normalized around the growing size of cyberspace, in the same way that crime statistics in the physical world are expressed as a proportion of a population (i.e., 1.5 murders per 100,000 people). Jardine argues that, since cyberspace has been rapidly increasing in size each year, absolute numbers (i.e., a count saying there are 100,000 cyberattacks in 2015) present a worse picture of the security of cyberspace than numbers normalized around the actual size of the Internet ecosystem (i.e., a rate of cybercrime). His proposed intuition is that if cyberspace continues to grow, you should actually expect cybercrime counts to continue to increase because there are more users and activity online, but that as a proportion of the size of the ecosystem crime might actually be becoming less of a problem.


Classification:
Computer crime encompasses a broad range of activities.

Fraud and financial crimes
Main article: Internet fraud
Computer fraud is any dishonest misrepresentation of fact intended to let another to do or refrain from doing something which causes loss. In this context, the fraud will result in obtaining a benefit by:

Altering in an unauthorized way. This requires little technical expertise and is common form of theft by employees altering the data before entry or entering false data, or by entering unauthorized instructions or using unauthorized processes;
Altering, destroying, suppressing, or stealing output, usually to conceal unauthorized transactions. This is difficult to detect;
Altering or deleting stored data;
Other forms of fraud may be facilitated using computer systems, including bank fraud, carding, identity theft, extortion, and theft of classified information.

A variety of internet scams, many based on phishing and social engineering, target consumers and businesses.

Cyber terrorism
Main article: Cyberterrorism
Government officials and information technology security specialists have documented a significant increase in Internet problems and server scans since early 2001. But there is a growing concern among federal officials[who?] that such intrusions are part of an organized effort by cyberterrorists, foreign intelligence services, or other groups to map potential security holes in critical systems. A cyberterrorist is someone who intimidates or coerces a government or organization to advance his or her political or social objectives by launching a computer-based attack against computers, networks, or the information stored on them.

Cyberterrorism in general, can be defined as an act of terrorism committed through the use of cyberspace or computer resources (Parker 1983). As such, a simple propaganda in the Internet, that there will be bomb attacks during the holidays can be considered cyberterrorism. There are also hacking activities directed towards individuals, families, organized by groups within networks, tending to cause fear among people, demonstrate power, collecting information relevant for ruining peoples' lives, robberies, blackmailing etc.

Cyberextortion
Main article: Extortion
Cyberextortion occurs when a website, e-mail server, or computer system is subjected to or threatened with repeated denial of service or other attacks by malicious hackers. These hackers demand money in return for promising to stop the attacks and to offer "protection". According to the Federal Bureau of Investigation, cyberextortionists are increasingly attacking corporate websites and networks, crippling their ability to operate and demanding payments to restore their service. More than 20 cases are reported each month to the FBI and many go unreported in order to keep the victim's name out of the public domain. Perpetrators typically use a distributed denial-of-service attack.

An example of cyberextortion was the attack on Sony Pictures of 2014.

Cyberwarfare

Sailors analyze, detect and defensively respond to unauthorized activity within U.S. Navy information systems and computer networks
Main article: Cyberwarfare
The U.S. Department of Defense (DoD) notes that the cyberspace has emerged as a national-level concern through several recent events of geo-strategic significance. Among those are included, the attack on Estonia's infrastructure in 2007, allegedly by Russian hackers. "In August 2008, Russia again allegedly conducted cyberattacks, this time in a coordinated and synchronized kinetic and non-kinetic campaign against the country of Georgia. Fearing that such attacks may become the norm in future warfare among nation-states, the concept of cyberspace operations impacts and will be adapted by warfighting military commanders in the future.

Computer as a target
These crimes are committed by a selected group of criminals. Unlike crimes using the computer as a tool, these crimes require the technical knowledge of the perpetrators. As such, as technology evolves, so too does the nature of the crime. These crimes are relatively new, having been in existence for only as long as computers have—which explains how unprepared society and the world in general is towards combating these crimes. There are numerous crimes of this nature committed daily on the internet:

Crimes that primarily target computer networks or devices include:

Computer viruses
Denial-of-service attacks
Malware (malicious code)
Computer as a tool
Main articles: Internet fraud, Spamming, Phishing, and Carding (fraud)
When the individual is the main target of cybercrime, the computer can be considered as the tool rather than the target. These crimes generally involve less technical expertise. Human weaknesses are generally exploited. The damage dealt is largely psychological and intangible, making legal action against the variants more difficult. These are the crimes which have existed for centuries in the offline world. Scams, theft, and the likes have existed even before the development in high-tech equipment. The same criminal has simply been given a tool which increases his potential pool of victims and makes him all the harder to trace and apprehend.

Crimes that use computer networks or devices to advance other ends include:

Fraud and identity theft (although this increasingly uses malware, hacking and/or phishing, making it an example of both "computer as target" and "computer as tool" crime)
Information warfare
Phishing scams
Spam
Propagation of illegal obscene or offensive content, including harassment and threats
The unsolicited sending of bulk email for commercial purposes (spam) is unlawful in some jurisdictions.

Phishing is mostly propagated via email. Phishing emails may contain links to other websites that are affected by malware. Or, they may contain links to fake online banking or other websites used to steal private account information.

Obscene or offensive content
The content of websites and other electronic communications may be distasteful, obscene or offensive for a variety of reasons. In some instances these communications may be legal.

The extent to which these communications are unlawful varies greatly between countries, and even within nations. It is a sensitive area in which the courts can become involved in arbitrating between groups with strong beliefs.

One area of Internet pornography that has been the target of the strongest efforts at curtailment is child pornography.

Harassment

Various aspects needed to be considered when understanding harassment online.

The examples and perspective in this section may not represent a worldwide view of the subject. You may improve this article, discuss the issue on the talk page, or create a new article, as appropriate. (March 2016) (Learn how and when to remove this template message)
See also: Cyberbullying, Online predator, Cyberstalking, and Internet troll
Whereas content may be offensive in a non-specific way, harassment directs obscenities and derogatory comments at specific individuals focusing for example on gender, race, religion, nationality, sexual orientation. This often occurs in chat rooms, through newsgroups, and by sending hate e-mail to interested parties. Harassment on the internet also includes revenge porn.

There are instances where committing a crime using a computer can lead to an enhanced sentence. For example, in the case of United States v. Neil Scott Kramer, Kramer was served an enhanced sentence according to the U.S. Sentencing Guidelines Manual §2G1.3(3)for his use of a cell phone to "persuade, induce, entice, coerce, or facilitate the travel of, the minor to engage in prohibited sexual conduct." Kramer argued that this claim was insufficient because his charge included persuading through a computer device and his cellular phone technically is not a computer. Although Kramer tried to argue this point, U.S. Sentencing Guidelines Manual states that the term computer "means an electronic, magnetic, optical, electrochemically, or other high speed data processing device performing logical, arithmetic, or storage functions, and includes any data storage facility or communications facility directly related to or operating in conjunction with such device."

Connecticut was the U.S. state to pass a statute making it a criminal offense to harass someone by computer. Michigan, Arizona, and Virginia and South Carolina have also passed laws banning harassment by electronic means.

Harassment as defined in the U.S. computer statutes is typically distinct from cyberbullying, in that the former usually relates to a person's "use a computer or computer network to communicate obscene, vulgar, profane, lewd, lascivious, or indecent language, or make any suggestion or proposal of an obscene nature, or threaten any illegal or immoral act," while the latter need not involve anything of a sexual nature.

Although freedom of speech is protected by law in most democratic societies (in the US this is done by the First Amendment), it does not include all types of speech. In fact spoken or written "true threat" speech/text is criminalized because of "intent to harm or intimidate", that also applies for online or any type of network related threats in written text or speech. The US Supreme Court definition of "true threat" is "statements where the speaker means to communicate a serious expression of an intent to commit an act of unlawful violence to a particular individual or group".

Drug trafficking
Darknet markets are used to buy and sell recreational drugs online. Some drug traffickers use encrypted messaging tools to communicate with drug mules. The dark web site Silk Road was a major online marketplace for drugs before it was shut down by law enforcement (then reopened under new management, and then shut down by law enforcement again). After Silk Road 2.0 went down, Silk Road 3 Reloaded emerged. However it was just an older marketplace named Diabolus Market, that used the name for more exposure from the brand's previous success.

Documented cases
One of the highest profiled banking computer crime occurred during a course of three years beginning in 1970. The chief teller at the Park Avenue branch of New York's Union Dime Savings Bank embezzled over $1.5 million from hundreds of accounts.

A hacking group called MOD (Masters of Deception), allegedly stole passwords and technical data from Pacific Bell, Nynex, and other telephone companies as well as several big credit agencies and two major universities. The damage caused was extensive, one company, Southwestern Bell suffered losses of $370,000 alone.

In 1983, a nineteen-year-old UCLA student used his PC to break into a Defense Department international communications system.

Between 1995 and 1998 the Newscorp satellite pay to view encrypted SKY-TV service was hacked several times during an ongoing technological arms race between a pan-European hacking group and Newscorp. The original motivation of the hackers was to watch Star Trek re-runs in Germany; which was something which Newscorp did not have the copyright to allow.

On 26 March 1999, the Melissa worm infected a document on a victim's computer, then automatically sent that document and a copy of the virus spread via e-mail to other people.

In February 2000, an individual going by the alias of MafiaBoy began a series denial-of-service attacks against high-profile websites, including Yahoo!, Amazon.com, Dell, Inc., E*TRADE, eBay, and CNN. About fifty computers at Stanford University, and also computers at the University of California at Santa Barbara, were amongst the zombie computers sending pings in DDoS attacks. On 3 August 2000, Canadian federal prosecutors charged MafiaBoy with 54 counts of illegal access to computers, plus a total of ten counts of mischief to data for his attacks.

The Russian Business Network (RBN) was registered as an internet site in 2006. Initially, much of its activity was legitimate. But apparently the founders soon discovered that it was more profitable to host illegitimate activities and started hiring its services to criminals. The RBN has been described by VeriSign as "the baddest of the bad". It offers web hosting services and internet access to all kinds of criminal and objectionable activities, with an individual activities earning up to $150 million in one year. It specialized in and in some cases monopolized personal identity theft for resale. It is the originator of MPack and an alleged operator of the now defunct Storm botnet.

On 2 March 2010, Spanish investigators arrested 3 in infection of over 13 million computers around the world. The "botnet" of infected computers included PCs inside more than half of the Fortune 1000 companies and more than 40 major banks, according to investigators.

In August 2010 the international investigation Operation Delego, operating under the aegis of the Department of Homeland Security, shut down the international pedophile ring Dreamboard. The website had approximately 600 members, and may have distributed up to 123 terabytes of child pornography (roughly equivalent to 16,000 DVDs). To date this is the single largest U.S. prosecution of an international child pornography ring; 52 arrests were made worldwide.

On March 1, 2011 at Lassiter High School, two students were accused of impersonation of a staff member via cybercrime, but both claimed they were uninvolved. The offense was made a felony in the Cobb County School District two months after the impersonation had happened. Shortly afterwards, the head of the LHS School Board said "The teacher just wouldn't do this at all". The case ended on May 9, and no evidence was found.

In June 2012 LinkedIn and eHarmony were attacked, compromising 65 million password hashes. 30,000 passwords were cracked and 1.5 million EHarmony passwords were posted online.

December 2012 Wells Fargo website experienced a denial of service attack. Potentially compromising 70 million customers and 8.5 million active viewers. Other banks thought to be compromised: Bank of America, J. P. Morgan U.S. Bank, and PNC Financial Services.

In January 2012 Zappos.com experienced a security breach after as many as 24 million customers' credit card numbers, personal information, billing and shipping addresses had been compromised.

April 23, 2013 saw the Associated Press' Twitter account's hacking to release a hoax tweet about fictional attacks in the White House that left President Obama injured.This erroneous tweet resulted in a brief plunge of 130 points from the Dow Jones Industrial Average, removal of $136 billion from S&P 500 index, and the temporary suspension of their Twitter account. The Dow Jones later restored its session gains.

Combating computer crime
This section needs expansion. You can help by adding to it. (January 2015)
Diffusion of cybercrime
The broad diffusion of cybercriminal activities is an issue in computer crimes detection and prosecution. According to Jean-Loup Richet (Research Fellow at ESSEC ISIS), technical expertise and accessibility no longer act as barriers to entry into cybercrime. Indeed, hacking is much less complex than it was a few years ago, as hacking communities have greatly diffused their knowledge through the Internet. Blogs and communities have hugely contributed to information sharing: beginners could benefit from older hackers' knowledge and advice. Furthermore, Hacking is cheaper than ever: before the cloud computing era, in order to spam or scam one needed a dedicated server, skills in server management, network configuration and maintenance, knowledge of Internet service provider standards, etc. By comparison, a mail software-as-a-service is a scalable, inexpensive, bulk, and transactional e-mail-sending service for marketing purposes and could be easily set up for spam.Jean-Loup Richet explains that cloud computing could be helpful for a cybercriminal as a way to leverage his attack – brute-forcing a password, improve the reach of a botnet, or facilitating a spamming campaign.

Investigation
A computer can be a source of evidence (see digital forensics). Even where a computer is not directly used for criminal purposes, it may contain records of value to criminal investigators in the form of a logfile. In most countries[citation needed] Internet Service Providers are required, by law, to keep their logfiles for a predetermined amount of time. For example; a European wide Data Retention Directive (applicable to all EU member states) states that all E-mail traffic should be retained for a minimum of 12 months.

Legislation
Due to easily exploitable laws, cybercriminals use developing countries in order to evade detection and prosecution from law enforcement. In developing countries, such as the Philippines, laws against cybercrime are weak or sometimes nonexistent. These weak laws allow cybercriminals to strike from international borders and remain undetected. Even when identified, these criminals avoid being punished or extradited to a country, such as the United States, that has developed laws that allow for prosecution. While this proves difficult in some cases, agencies, such as the FBI, have used deception and subterfuge to catch criminals. For example, two Russian hackers had been evading the FBI for some time. The FBI set up a fake computing company based in Seattle, Washington. They proceeded to lure the two Russian men into the United States by offering them work with this company. Upon completion of the interview, the suspects were arrested outside of the building. Clever tricks like this are sometimes a necessary part of catching cybercriminals when weak legislation makes it impossible otherwise.

President Barack Obama released in an executive order in April 2015 to combat cybercrime. The executive order allows the United States to freeze assets of convicted cybercriminals and block their economic activity within the United States. This is some of the first solid legislation that combats cybercrime in this way.

The European Union adopted directive 2013/40/EU. All offences of the directive, and other definitions and procedural institutions are also in the Council of Europe's Convention on Cybercrime.

Penalties
Penalties for computer related crimes in New York State can range from a fine and a short period of jail time for a Class A misdemeanor such as unauthorized use of a computer up to computer tampering in the first degree which is a Class C felony and can carry 3 to 15 years in prison.

However, some hackers have been hired as information security experts by private companies due to their inside knowledge of computer crime, a phenomenon which theoretically could create perverse incentives. A possible counter to this is for courts to ban convicted hackers from using the Internet or computers, even after they have been released from prison – though as computers and the Internet become more and more central to everyday life, this type of punishment may be viewed as more and more harsh and draconian. However, nuanced approaches have been developed that manage cyberoffender behavior without resorting to total computer and/or Internet bans. These approaches involve restricting individuals to specific devices which are subject to computer monitoring and/or computer searches by probation and/or parole officers.

Awareness

As technology advances and more people rely on the internet to store sensitive information such as banking or credit card information, criminals are going to attempt to steal that information. Cyber-crime is becoming more of a threat to people across the world. Raising awareness about how information is being protected and the tactics criminals use to steal that information is important in today's world. According to the FBI's Internet Crime Complaint Center in 2014 there were 269,422 complaints filed. With all the claims combined there was a reported total loss of $800,492,073. But yet cyber-crime doesn't seem to be on the average person's radar. There are 1.5 million cyber-attacks annually, that means that there are over 4,000 attacks a day, 170 attacks every hour, or nearly three attacks every minute. Anybody who uses the internet for any reason can be a victim, which is why it is important to be aware of how one is being protected while online.

Tuesday, 25 October 2016

Black Hat Briefings:
https://www.blackhat.com/upcoming.html

Black Hat Briefings is a computer security conference that brings together a variety of people interested in information security. Representatives of government agencies and corporations attend, along with hackers. The Briefings take place regularly in Las Vegas, Barcelona, Amsterdam, Abu Dhabi and, occasionally, Tokyo.An event dedicated to the US federal agencies is organized in Washington, D.C.


History
Black Hat was founded in 1997 by Jeff Moss, who also founded DEF CON. Today, Moss is the Conference Chair of the Black Hat Review Board. These are considered[by whom?] the premier information security conferences in the world. Black Hat started as a single annual conference in Las Vegas, Nevada and is now held in multiple locations around the world.

The conference
The conference is composed of two major sections, the Black Hat Briefings, and Black Hat Trainings. Training is offered by various computer security vendors, in effort to keep the conference vendor-neutral. The conference has hosted the National Security Agency's information assurance manager course, and various courses by Cisco Systems, Offensive Security, and others.

The Briefings are composed of tracks, covering various topics including reverse engineering, identity and privacy, and hacking. The briefings also contain keynote speeches from leading voices in the information security field, including Robert Lentz Chief Security Officer, United States Department of Defense; Michael Lynn; Amit Yoran, former Director of the National Cyber Security Division of the Department of Homeland Security;and General Keith B. Alexander, former Director of the National Security Agency and former commander of the United States Cyber Command.

Conference's topics
USA :

July - August 2009 : MCS-ATL vulnerabilities // attack against MD2 - Breaking SSL ... validation certificate ...

July - August 2010 : Cloudcracker ... such as (wpacracker.com service)

July 27 - August 1, 2013 : Android hacking : application and root

New conference goals[edit]
There is now more focus on tools that can be used or protected, so a new type of conferences called Black Hat Arsenal Briefings has been added since 2011.See here Blackhat Arsenal Archives since 2011 on ToolsWatch website.

Antics and disclosures
Black Hat is known for the antics of its hacker contingent, and the disclosures brought in its talks. Conference attendees have been known to hijack wireless connections of the hotels, hack hotel TV billing systems, and even hack the automated teller machine in a hotel lobby. In 2009, web sites belonging to a handful of security researchers and groups were hacked and passwords, private e-mails, IM chats, and sensitive documents were exposed on the vandalized site of Dan Kaminsky, days before the conference. During Black Hat 2009, a USB thumb drive that was passed around among attendees was found to be infected with the Conficker virus, and in 2008, three men were expelled for packet sniffing the press room local area network.

In the past, companies have attempted to ban researchers from disclosing vital information about their products. At Black Hat 2005, Cisco Systems tried to stop Michael Lynn from speaking about a vulnerability that he said could let hackers virtually shut down the Internet. However, in recent years, researchers have worked with vendors to resolve issues, and some vendors have challenged hackers to attack their products.
More No. https://www.baltihub.com
Kali Linux
 https://www.kali.org/

Developer Offensive Security
OS family Unix-like
Working state Active
Latest release 2016.2[1] / August 31, 2016; 43 days ago
Platforms x86, x86-64, armel, armhf
Kernel type Monolithic kernel
Default user interface GNOME 3
License Various
Official website www.kali.org
Kali Linux is a Debian-derived Linux distribution designed for digital forensics and penetration testing. It is maintained and funded by Offensive Security Ltd. Mati Aharoni, Devon Kearns and Raphaël Hertzog are the core developers.

Contents  [hide] 
1 Development
2 Supported platforms
3 Features
4 Tools
5 Popular culture
6 See also
7 References
8 External links
Development
Kali Linux is preinstalled with over 300 penetration-testing programs, including Armitage (a graphical cyber attack management tool), nmap (a port scanner), Wireshark (a packet analyzer), John the Ripper (a password cracker), Aircrack-ng (a software suite for penetration-testing wireless LANs), Burp suite and OWASP ZAP (both web application security scanners). Kali Linux can run natively when installed on a computer's hard disk, can be booted from a live CD or live USB, or it can run within a virtual machine. It is a supported platform of the Metasploit Project's Metasploit Framework, a tool for developing and executing security exploits.

It was developed by Mati Aharoni and Devon Kearns of Offensive Security through the rewrite of BackTrack, their previous forensics Linux distribution based on Ubuntu. The third core developer Raphaël Hertzog joined them as Debian expert.

Kali Linux is based on Debian Testing. Most packages Kali uses are imported from the Debian repositories.

Kali Linux is developed using a secure environment with only a small number of trusted people that are allowed to commit packages, with each package being signed by the developer. Kali also has a custom-built kernel that is patched for injection. This was primarily added because the development team found they needed to do a lot of wireless assessments.

Supported platforms
Kali Linux is distributed in 32-bit and 64-bit images for use on hosts based on the x86 instruction set and as an image for the ARM architecture for use on the BeagleBoard computer and on Samsung's ARM Chromebook.

The developers of Kali Linux aim to make Kali Linux available for ARM devices.

Kali Linux is already available for BeagleBone Black, HP Chromebook, CubieBoard 2, CuBox, CuBox-i, Raspberry Pi, EfikaMX, Odroid U2, Odroid XU, Odroid XU3, Samsung Chromebook, Utilite Pro, Galaxy Note 10.1, and SS808.

Features
Kali Linux has a dedicated project set-aside for compatibility and porting to specific Android devices, called Kali Linux NetHunter.

It is the first Open Source Android penetration testing platform for Nexus devices, created as a joint effort between the Kali community member “BinkyBear” and Offensive Security. It supports Wireless 802.11 frame injection, one-click MANA Evil Access Point setups, HID keyboard (Teensy like attacks), as well as Bad USB MITM attacks.

BackTrack (Kali's predecessor) contained a mode known as forensic mode. This capability was carried over to Kali via live boot. This mode is very popular for many reasons such as many Kali users already have a bootable Kali USB drive or CD, and this option makes it easy to apply Kali to a forensic job. There are however some changes to forensic mode over the regular operation of the system, such as forensic mode doesn't touch the hard drive or swap space and auto mounting is disabled. However, it is recommended by the developers that if Kali is going to be used for real world forensics that these things be tested in that environment.

Tools
Kali Linux includes many well known security tools, including:

Nmap
Aircrack-ng
Kismet
Wireshark
Metasploit Framework
Burp suite
John the Ripper
Social Engineering Toolkit
Airodump-ng
Popular culture
The logo of Kali Linux appears on the background in the TV series Mr. Robot (2015) in episode 5 of season one. The Kali Linux logo also appears again as wallpaper in scenes from episode 1, episode 9 and more prominently in the episode 6, season 2 of the same series, when it is used by two of the main characters, Angela and Darlene. The operating system is also shown to be downloaded and installed at episode 10 of season 2.
Most Other Famous Hacking Tools:
*BackTrack
*Security-focused operating system
*Metasploit Project
*Nmap
*BackBox
*OpenVAS
*Kismet (software)
*Aircrack-ng
*dSploit
Hacking tool:

A hacking tool is a program designed to assist with hacking, or a piece of software which can be used for hacking purposes.

Examples include Nmap, Nessus, John the Ripper, p0f, and Winzapper.[unreliable source] Bribes have also been described as among the most potent hacking tools, due to their potential exploitation in social engineering attacks.Occasionally, common software such as ActiveX is exploited as a hacking tool as well.


Hacking tools such as Cain and Abel, however, are well known as Script Kiddie Tools. Script kiddies are people 
who follow instructions from a manual, without realising how it happens. These Script Kiddies have been an enormous threat to computer security as there are many hacking tools and keyloggers up for download which are free.

Worms:
Main article: Computer worm
Another example of a hacking tool is a computer worm. These malicious programs detect vulnerabilities in operating systems. Not all worms, however, are malicious. The Nachi Worms have actually fixed operating system vulnerabilities by downloading and installing security patches from the Microsoft website.

Port Scanners:
Main article: Port scanner
Port scanners detect vulnerabilities in firewalls, and are able to find a great deal about the computer system, such as the operating system, ISP, wireless routers and how long the system has been online. However, port scanners are the best security auditing tools.

Hacking Linux:

Although not much is said about threats to the Linux system, they do exist and could increase in the future. One of the biggest threats to the Linux system is given by the so-called Rootkits. These are programs that have special privileges and are able to hide to the system administrator.

OWASP ZAP 
(short for Zed Attack Proxy) is an open-source web application security scanner. It is intended to be used by both those new to application security as well as professional penetration testers.

It is one of the most active OWASP projects and has been given Flagship status.It is also fully internationalized and is being translated into over 25 languages.

When used as a proxy server it allows the user to manipulate all of the traffic that passes through it, including traffic using https.

It can also run in a ‘daemon’ mode which is then controlled via a REST Application programming interface.

This cross-platform tool is written in Java and is available in all of the popular operating systems including Microsoft Windows, Linux and Mac OS X.


ZAP was added to the ThoughtWorks Technology Radar in May 2015 in the Trial ring.


Install Visual Studio 2015:   Updated: November 16, 2016 For the latest documentation on Visual Studio 2017, see Visual Studio 2017 Do...