Skip to main content


Showing posts from October, 2017

Apple Camera Security Flaw ???

Your iPhone has a serious privacy concern that allows iOS app developers to take your photographs and record your live video using both front and back camera—all without any notification or your consent. This alarming privacy concern in Apple's mobile operating system was highlighted by an Austrian developer and Google engineer, Felix Krause, who detailed the issue in his blog post published Wednesday.The issue, Krause noted, is in the way Apple's software handles camera access.Apparently, there is a legitimate reason for many apps, such as Facebook, WhatsApp, and Snapchat, to request access to your camera, in an effort to take a photo within the app. So, this permissions system is not a bug or a flaw instead it is a feature, and it works exactly in the way Apple has designed it, but Krause said any malicious app could take advantage of this feature to silently record users activities. iPhone Apps Can Silently Turn On Cameras at Any Time Krause explained that that granting came

Bad Rabbit - Latest Ransomeware Attack

A new widespread ransomware attack is spreading like wildfire around Europe and has already affected over 200 major organizations, primarily in Russia, Ukraine, Turkey, and Germany, in the past few hours. Dubbed "Bad Rabbit," is reportedly a new Petya-like targeted ransomware attack against corporate networks, demanding 0.05 bitcoin (~ $285) as ransom from victims to unlock their systems. According to an initial analysis provided by the Kaspersky, the ransomware was distributed via drive-by download attacks, using fake Adobe Flash players installer to lure victims' in to install malware unwittingly. "No exploits were used, so the victim would have to manually execute the malware dropper, which pretends to be an Adobe Flash installer. We’ve detected a number of compromised websites, all of which were news or media websites." Kaspersky Lab said . However, security researchers at ESET have detected Bad Rabbit malware as 'Win32/Diskcoder.D' — a new variant

The Younger Brother of Mirai BotNet(IOT Botnet) on Action

Just a year (20 September 2016)   after Mirai—biggest IoT-based malware that caused vast Internet outages by launching massive DDoS attacks—completed its first anniversary, security researchers are now warning of a brand new rapidly growing IoT botnet. Dubbed 'IoT_reaper,' first spotted in September by researchers at firm Qihoo 360, the new malware no longer depends on cracking weak passwords; instead, it exploits vulnerabilities in various IoT devices and enslaves them into a botnet network. IoT_reaper malware currently includes exploits for nine previously disclosed vulnerabilities in IoT devices from following manufacturers: Dlink (routers) Netgear (routers) Linksys (routers) Goahead (cameras) JAWS (cameras) AVTECH (cameras) Vacron (NVR) Researchers believe IoT_reaper malware has already infected nearly two million devices and growing continuously at an extraordinary rate of 10,000 new devices per day.This is extremely worrying because it took only 100,000 infected devices f

Basics of Firewall

A firewall is a software-defined product. Which is also installed into a physical device with necessary peripherals like a cooling fan, power console, Physical Ethernet interfaces (I/O). A firewall is a network security device and gateway level device. Basically, it is used to deny unauthorized access or unauthorized TCP/UDP packets . TECHNICAL ABSTRACT  A firewall is used to inspect the incoming and outgoing TCP/UPD packets with service Ports by User-defined rules called Access Control Rules (ACL). All firewall has a pre-defined policy called 'Implicit policy ' to deny all inbound and outbound traffic. To access the internet or different network through firewalls, we have to write an ACL with Source IP address, Destination IP Address and service number (ports, ex: HTTP, SSH). In the above picture, each brick is a user-defined ACL to access/allow specific network traffic.  Firewall packet inspection methods: Stateless and Stateful Stateless inspection  In this method firewall o


DEVELOPERS            Offensive Security LINUX BASE               Debian Base LATEST VERSION    2017.2 Download :  Kali ISO   Follow the Images for better understanding. 1)OPEN Virtual Machine > click 'Create New Virtual machine > chose 'Typical' and click Nex t 2)Now Chose  'Installer Disk  image File (ISO)'  and click  Browse  button and chose downloaded Kali ISO file from your PC 3)Click 'Next' >Chose Linux and Find (Version) Other Linux 3.x Kernel 64-bit from drop-down menu (If you downloaded 64-bit kali) 4)Provide a name for your virtual machine (anything)    VM default directory is 'Documents' Folder'.So, No need to change. 5)click 'Next' and allocate virtual storage size to install Kali in VM.25GB is more enough.    Chose 'Store Virtual disk as a single file'.Click 'Next'. 6)Now click ' finish' button.Once you click Finish button VM will build the virtual files then final Kali virtual machine me

Best for Pen-Test

Hi Folks!!! In this article, we going to discuss which one is the best platform to practice penatration tests. NOTE : Windows lovers please go back, it will hurt you. TOP 3 Operating Systems : (numbers only for reference)  1)Kali 2)Black Arch 3)Parrot Security OS KALI DEVELOPERS            Offensive Security LINUX BASE              Debian Base LATEST VERSION    2020.2 Kali has 600+ preinstalled tools inside.Which is best for beginners who starting penetration testing.For a forensic job, this top hacking operating system comes with a live boot capability that provides a perfect environment for vulnerability detection. Official Website : HTTPS:// DOWNLOAD  :      Kali ISO     Kali VM,VirtualBox,Hyper-V BLACK ARCH DEVELOPERS          Arch Linux Community LINUX BASE             Arch Linux LATEST VERSION    2020.06.01   Black Arch repository contains 1908 tools.Arch Linux installation different from normal installation.Which is best for Linux Professionals and w

ROCA the ATTACK on Encription

While we were still finding it difficult to forget the Krack attack , a five-year-old bug has resurfaced in a new form to haunt Google and Microsoft. Known as ROCA (Return of Coppersmith’s Attack), the encryption key-related exploit is named after the Coppersmith’s attack. The ROCA hack: Vulnerable RSA Generation (CVE-2017-15361), developed by the researchers at Centre for Research on Cryptography and Security, Masaryk University,  Enigma Bridge and Ca’ Foscari University targets the weakness in the cryptography tech in chips made by Infineon Technologies. The range of affected devices – released as early as – includes a large number of Chromebooks, and Windows laptops manufactured by Fujitsu, HP, and Lenovo which feature the hardware chips created by Infineon. The problem lies in the way the manufacturers implement the widely-used RSA encryption. This makes it possible to figure out the private key if the public key is available which isn’t a big deal. “The currently confirmed number

KRACK - A WPA2 vulneability

SUMMARY            We discovered serious weaknesses in WPA2, a protocol that secures all modern protected Wi-Fi networks. An attacker within range of a victim can exploit these weaknesses using key reinstallation attacks (KRACKs). Concretely, attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted.    This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on. The attack works against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites. The weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations. Therefore, any correct implementation of WPA2 is likely affected. To prevent the attack, users must update affected products as soon as security updates become

BASICS OF computer Kernel

The kernel is the central module of an operating system (OS). It is the part of the operating system that loads first, and it remains in main memory. Because it stays in memory, it is important for the kernel to be as small as possible while still providing all the essential services required by other parts of the operating system and applications. The the kernel code is usually loaded into a protected area of memory to prevent it from being overwritten by programs or other parts of the operating system. The critical code of the kernel is usually loaded into a protected area of memory, which prevents it from being overwritten by applications or other, more minor parts of the operating system. The kernel performs its tasks, such as running processes and handling interrupts, in kernel space. In contrast, everything a user does is in user space: writing text in a text editor, running programs in a GUI , etc. This separation prevents user data and kernel data from interfering with each oth

Linux for Beginners

Linux is just like Windows XP, Windows 7, Windows 8, and Mac OS X, Linux is an operating system. An operating system is software that manages all of the hardware resources associated with your desktop or laptop. To put it simply – the operating system manages the communication between your software and your hardware. Without the operating system (often referred to as the “OS”) , the software wouldn’t function. The OS is comprised of a number of pieces:     The Bootloader: The software that manages the boot process of your computer. For most users, this will simply be a splash screen that pops up and eventually goes away to boot into the operating system.     The kernel: This is the one piece of the whole that is actually called “Linux”. The kernel is the core of the system and manages the CPU, memory, and peripheral devices. The kernel is the “lowest” level of the OS.     Daemons: These are background services (printing, sound, scheduling, etc) that either start up during boot, or aft