Bug Bounty pinned «#Learn360 #Day 2 About Network Topologies :- I have convered here about 1.Network Types 2.Network Topologies 3.Types of Network Topologies To Read About It More Check Out my Learn360 days of series https://www.jewkoiyie.com/learn360…»
#CYBERSECURITY #LEARN360 #LEARNCYBERSECURITY
LEARN OSI MODEL AND IMPORTANCE OF OSI MODEL IN NETWORKING
If you want to Read More In Detail About it :- https://www.jewkoiyie.com/learn360-osi-model/
-> OSI stands for Open System Interconnection, which was published in 1984 by ISO (International Organization for Standardization).
-> It is a reference model that describes how information from software applications in a computer travels from one physical medium to software applications in another computer. OSI has seven layers, and each layer performs a specific network function.
It Contain 7 Layer in OSI Model :-
7. Physical Layer
6. Data Link Layer
5. Network Layer
4. Transport Layer
3. Session Layer
2. Presentation Layer
1. Application Layer
LEARN OSI MODEL AND IMPORTANCE OF OSI MODEL IN NETWORKING
If you want to Read More In Detail About it :- https://www.jewkoiyie.com/learn360-osi-model/
-> OSI stands for Open System Interconnection, which was published in 1984 by ISO (International Organization for Standardization).
-> It is a reference model that describes how information from software applications in a computer travels from one physical medium to software applications in another computer. OSI has seven layers, and each layer performs a specific network function.
It Contain 7 Layer in OSI Model :-
7. Physical Layer
6. Data Link Layer
5. Network Layer
4. Transport Layer
3. Session Layer
2. Presentation Layer
1. Application Layer
Bug Bounty pinned «#CYBERSECURITY #LEARN360 #LEARNCYBERSECURITY LEARN OSI MODEL AND IMPORTANCE OF OSI MODEL IN NETWORKING If you want to Read More In Detail About it :- https://www.jewkoiyie.com/learn360-osi-model/ -> OSI stands for Open System Interconnection, which was published…»
COMPUTER NETWORKING | LEARN360
What is TCP/IP And UDP and Why TCP/IP and UDP
TCP stands for Transmission Control Protocol which works in the transport layer of both the models. TCP protocol is used in transferring data or packet from source to destination and this protocol is connection oriented.
Three way Handshake :-
Three way handshake is nothing but the process of establish a connection between two devices before transmitting the data. So, now let’s see the process.
UDP Protocol :-
UDP stands for User Datagram Protocol , it is a connectionless protocol , this protocol doesn’t care whether packet is reached or not to the destination but TCP protocol does.
Read my Full Article to read about it in detail :-
https://www.jewkoiyie.com/learn360-computer-network-tcp.../
What is TCP/IP And UDP and Why TCP/IP and UDP
TCP stands for Transmission Control Protocol which works in the transport layer of both the models. TCP protocol is used in transferring data or packet from source to destination and this protocol is connection oriented.
Three way Handshake :-
Three way handshake is nothing but the process of establish a connection between two devices before transmitting the data. So, now let’s see the process.
UDP Protocol :-
UDP stands for User Datagram Protocol , it is a connectionless protocol , this protocol doesn’t care whether packet is reached or not to the destination but TCP protocol does.
Read my Full Article to read about it in detail :-
https://www.jewkoiyie.com/learn360-computer-network-tcp.../
Bug Bounty pinned «COMPUTER NETWORKING | LEARN360 What is TCP/IP And UDP and Why TCP/IP and UDP TCP stands for Transmission Control Protocol which works in the transport layer of both the models. TCP protocol is used in transferring data or packet from source to destination…»
COMPUTER NETWORKING | LEARN360
Computer Networking – What is Network Security and Devices used in iT.
Network Security :-
Network security is basically used to protect our computer from Unsecure IPs or from Attacker that wants to take over our access, and In Todays world Network Security is very important for all of us. You should know what services is running on your machine so that you will get to aware from remote access shells, trojans, viruses and etc...
Firewall :-
So, Firewall is nothing but a software or you can say hardware networking device which monitors the traffic and block the suspicious or malicious traffic between internal private network and the outside internet.
Types of Firewall :-
1. Host Based Firewall.
2. Network Based Firewall.
3. Next Generation Firewall.
If you really like this post So, please go threw my full post link here:-
https://www.jewkoiyie.com/learn360-what-is-network.../
Computer Networking – What is Network Security and Devices used in iT.
Network Security :-
Network security is basically used to protect our computer from Unsecure IPs or from Attacker that wants to take over our access, and In Todays world Network Security is very important for all of us. You should know what services is running on your machine so that you will get to aware from remote access shells, trojans, viruses and etc...
Firewall :-
So, Firewall is nothing but a software or you can say hardware networking device which monitors the traffic and block the suspicious or malicious traffic between internal private network and the outside internet.
Types of Firewall :-
1. Host Based Firewall.
2. Network Based Firewall.
3. Next Generation Firewall.
If you really like this post So, please go threw my full post link here:-
https://www.jewkoiyie.com/learn360-what-is-network.../
Critical Samba flaw presents code execution threat
Urgent patching of file-sharing technology urged
A newly discovered critical vulnerability in Samba could allow remote attackers to execute arbitrary code as root on affected installations.Face with monocleFace with monocleFace with monocleFace with monocle
Urgent patching of file-sharing technology urged
A newly discovered critical vulnerability in Samba could allow remote attackers to execute arbitrary code as root on affected installations.Face with monocleFace with monocleFace with monocleFace with monocle
COMPUTER NETWORKING | LEARN360
Computer Network – What is Domain Name System ( DNS ).
Domain Name Server :-
DNS stands for Domain Name System, as it is basically used to access resources from the server. As we know every devices is connected to the internet and every device has IPv4 or IPv6 address, similarly server also has IP address again n again, as IP addresses are numbers and numbers are not easy to remember, that's why Domain Name System is introduced which is readable and easy to remember for humans.
Working of DNS :-
1. When we enter any web address like example.com in our browser then our computer firsts checks its local cache if we have visited that particular website recently, if visited then fine if not then a request to the Recursive DNS Server or DNS Resolver is made.
2. ipconfig /displaydns will show you DNS details in windows.
3. The recursive server then queries a DNS root server (.).
4. If we find result at root server then process ends up here.
If we don’t get results here then root server send that particular request to the TLD server who is handing that particular TLD, in
this case it is .com.
5. The TLD server then responds with the IP address of the domain’s name server, example.com .
6. Lastly recursive DNS server sends request to the authoritative nameserver of example.com.
7. Then IP address is returned to recursive DNS server from the authoritative name server.
8. Recursive DNS Server then responds to the web browser with the IP address of the domain requested initially.
Read my full Article By Given Link :-
https://www.jewkoiyie.com/computer-network-what-is-domain-name-system-dns/
Computer Network – What is Domain Name System ( DNS ).
Domain Name Server :-
DNS stands for Domain Name System, as it is basically used to access resources from the server. As we know every devices is connected to the internet and every device has IPv4 or IPv6 address, similarly server also has IP address again n again, as IP addresses are numbers and numbers are not easy to remember, that's why Domain Name System is introduced which is readable and easy to remember for humans.
Working of DNS :-
1. When we enter any web address like example.com in our browser then our computer firsts checks its local cache if we have visited that particular website recently, if visited then fine if not then a request to the Recursive DNS Server or DNS Resolver is made.
2. ipconfig /displaydns will show you DNS details in windows.
3. The recursive server then queries a DNS root server (.).
4. If we find result at root server then process ends up here.
If we don’t get results here then root server send that particular request to the TLD server who is handing that particular TLD, in
this case it is .com.
5. The TLD server then responds with the IP address of the domain’s name server, example.com .
6. Lastly recursive DNS server sends request to the authoritative nameserver of example.com.
7. Then IP address is returned to recursive DNS server from the authoritative name server.
8. Recursive DNS Server then responds to the web browser with the IP address of the domain requested initially.
Read my full Article By Given Link :-
https://www.jewkoiyie.com/computer-network-what-is-domain-name-system-dns/
Bug Bounty pinned «COMPUTER NETWORKING | LEARN360 Computer Network – What is Domain Name System ( DNS ). Domain Name Server :- DNS stands for Domain Name System, as it is basically used to access resources from the server. As we know every devices is connected to the internet…»
COMPUTER NETWORKING | LEARN360
Computer Networking – Every Info about http, https and http Request Headers
What is http ?
DNS HTTPS stands for Hyper Text Transfer Protocol, this protocol is used by client and web server to perform communication between them or sending web pages, data, images, videos etc.
What is HTTPS ?
HTTPS is next version of HTTP, here S indicated Secure. When we use HTTPS then all the data whatever you send and receiving from the web server, it gets encrypted and no any other third person can see what you're sending and receiving.
What is HTTP Request ?
Whenever browser wants to interact with server , it sends the server an HTTP request. There are different types of HTTP Requests , but two most commons are: GET and POST
To read More about it check out my Article from here :-
https://www.jewkoiyie.com/computer-networking-every-info-about-http-https-and-http-request-headers/
Computer Networking – Every Info about http, https and http Request Headers
What is http ?
DNS HTTPS stands for Hyper Text Transfer Protocol, this protocol is used by client and web server to perform communication between them or sending web pages, data, images, videos etc.
What is HTTPS ?
HTTPS is next version of HTTP, here S indicated Secure. When we use HTTPS then all the data whatever you send and receiving from the web server, it gets encrypted and no any other third person can see what you're sending and receiving.
What is HTTP Request ?
Whenever browser wants to interact with server , it sends the server an HTTP request. There are different types of HTTP Requests , but two most commons are: GET and POST
To read More about it check out my Article from here :-
https://www.jewkoiyie.com/computer-networking-every-info-about-http-https-and-http-request-headers/
COMPUTER NETWORKING | LEARN360
Computer Networking – Internet Security Controls
All about internet Security ??
Network security controls are used to ensure the confidentiality, integrity and availability of network services.
Content Encoding ??
DNS Encoding is the process of converting the data or a given sequence of characters, symbols, alphabets etc., into a specified format, for the secured transmission of data.
Why Padding ?
In Base64 encoding, the length of an input String must be a multiple of three. If not then encoder adds one or two padding characters 😊) at the end of the output as needed in order to meet this requirement. Upon decoding, the decoder discards these extra padding characters.
Check Out
Please check out my full detailed Article on this topic by given below link :-
https://www.jewkoiyie.com/learn360-internet-security-controls/
Computer Networking – Internet Security Controls
All about internet Security ??
Network security controls are used to ensure the confidentiality, integrity and availability of network services.
Content Encoding ??
DNS Encoding is the process of converting the data or a given sequence of characters, symbols, alphabets etc., into a specified format, for the secured transmission of data.
Why Padding ?
In Base64 encoding, the length of an input String must be a multiple of three. If not then encoder adds one or two padding characters 😊) at the end of the output as needed in order to meet this requirement. Upon decoding, the decoder discards these extra padding characters.
Check Out
Please check out my full detailed Article on this topic by given below link :-
https://www.jewkoiyie.com/learn360-internet-security-controls/
Bug Bounty pinned «COMPUTER NETWORKING | LEARN360 Computer Networking – Internet Security Controls All about internet Security ?? Network security controls are used to ensure the confidentiality, integrity and availability of network services. Content Encoding ?? DNS Encoding…»
INFORMATION GATHERING | LEARN360 | PENETRATION TESTING
An Brief Introduction On Penetration Testing
What Penteration Testing Is ?
Penetration Testing is the process of finding vulnerabilities or weakness in the web application or the computer system with permission of owner or in other words we can say , finding vulnerabilities ethically not unethically. It basically means we should have prior permission of resource person to test any web application or system.
Types of Testing Methods :
White Box Testing: In this type of testing, tester known about the internal architecture of the system or web application also he has access of databases, codes and other some secret paths in web application.
Black Box Testing: In this type of testing, tester doesn’t know about any internal structure of the system or web application, they are just provided with one or two domain names and after that tester do testing on it.
Check out Full Article on the Brief introduction to it :
https://www.jewkoiyie.com/an-brief-introduction-on-penetration-testing/
An Brief Introduction On Penetration Testing
What Penteration Testing Is ?
Penetration Testing is the process of finding vulnerabilities or weakness in the web application or the computer system with permission of owner or in other words we can say , finding vulnerabilities ethically not unethically. It basically means we should have prior permission of resource person to test any web application or system.
Types of Testing Methods :
White Box Testing: In this type of testing, tester known about the internal architecture of the system or web application also he has access of databases, codes and other some secret paths in web application.
Black Box Testing: In this type of testing, tester doesn’t know about any internal structure of the system or web application, they are just provided with one or two domain names and after that tester do testing on it.
Check out Full Article on the Brief introduction to it :
https://www.jewkoiyie.com/an-brief-introduction-on-penetration-testing/
INFORMATION GATHERING | PENETRATION TESTING
Penetration Testing : Setting Up BurpSuite Proxy Environment For Penetration testing
What Penteration Testing Is ?
Penetration Testing is the process of finding vulnerabilities or weakness in the web application or the computer system with permission of owner or in other words we can say , finding vulnerabilities ethically not unethically. It basically means we should have prior permission of resource person to test any web application or system.
Setting up proxy ??
we’ll set up proxy with firefox. Here question will come in mind ,
What is Proxy ?
Proxy is nothing but a software or program that sits between client and server , similar to VPN. All the traffic from client to server goes through proxy and from server to client goes through proxy.
We’ll use BURP Proxy to intercept the request and response and we’ll do setup for it :
1. First install foxy proxy extension in your firefox in linux
2. FoxyProxy : options page will open then click on add on top left.
Now enter the following details as shown below in fig.
Now click on save.
3. Now to open burpsuite , click on top left icon of kali linux and then search for burpsuite.
4. Burpsuite: Burpsuite is very powerful automated tool and also it can be used manually , mostly for web application testing. It comes in two versions one is community version and other is paid version. We get community version as pre installed in linux. To use paid version you’ll need to buy it.
5. Now we have configured firefox , now we’ll set up burp.
6. After clicking on Burp Suite, click Next, then Start Burp. You should see a window as shown in below fig.
This Post becoming so lengthy in Reading here ->
Check Out Complete Article ( with Pictures by Step By Step ) if Are Really Setting Proxy with your Burp Suiteite :
https://www.jewkoiyie.com/penetration-testing-setting-up-burpsuite-proxy-environment-for-penetration-testing/
Penetration Testing : Setting Up BurpSuite Proxy Environment For Penetration testing
What Penteration Testing Is ?
Penetration Testing is the process of finding vulnerabilities or weakness in the web application or the computer system with permission of owner or in other words we can say , finding vulnerabilities ethically not unethically. It basically means we should have prior permission of resource person to test any web application or system.
Setting up proxy ??
we’ll set up proxy with firefox. Here question will come in mind ,
What is Proxy ?
Proxy is nothing but a software or program that sits between client and server , similar to VPN. All the traffic from client to server goes through proxy and from server to client goes through proxy.
We’ll use BURP Proxy to intercept the request and response and we’ll do setup for it :
1. First install foxy proxy extension in your firefox in linux
2. FoxyProxy : options page will open then click on add on top left.
Now enter the following details as shown below in fig.
Now click on save.
3. Now to open burpsuite , click on top left icon of kali linux and then search for burpsuite.
4. Burpsuite: Burpsuite is very powerful automated tool and also it can be used manually , mostly for web application testing. It comes in two versions one is community version and other is paid version. We get community version as pre installed in linux. To use paid version you’ll need to buy it.
5. Now we have configured firefox , now we’ll set up burp.
6. After clicking on Burp Suite, click Next, then Start Burp. You should see a window as shown in below fig.
This Post becoming so lengthy in Reading here ->
Check Out Complete Article ( with Pictures by Step By Step ) if Are Really Setting Proxy with your Burp Suiteite :
https://www.jewkoiyie.com/penetration-testing-setting-up-burpsuite-proxy-environment-for-penetration-testing/
CYBER SECURITY | INFORMATION GATHERING | PENETRATION TESTING
Penetration Testing – Learn All About BurpSuite in here
What Basically BurpSuite is
Burp Suite is a set of tools used for penetration testing of web applications. It is developed by a company named Portsviger, which is also the surname of its founder, Dafid Stuart.
It is the most popular tool among professional web app security researchers and bug bounty hunters.
WHAT IS INTRUDER IN BURPSUITE :
Now moving forward let’s talk about intruder,intruder just automates the request sending,
but in community version of burp, it works slow but no matter we’ll see how it works.
WHAT IS REPEATER IN BURPSUITE :
We can use repeater to modify the request and examine server responses in detail.
But you’ll think intruder all also help us to manipulate request , but in case of intruder it’s automatically but in repeater we do manually.
Now intercept any request and right click in proxy tab and then select send to repeater. Then in repeater left side windows will show you req and right side windows will show you response.
WHAT IS DECODER IN BURPSUITE :
The decode can be used to encode or decode some part of requests which you want.
WHAT IS COMPARER IN BURPSUITE:
We can use compare to check difference between requests or response.
SO, IF YOU REALLY WANTS TO READ ABOUT BURPSUITE :-
Do check out my website for more practical View
https://jewkoiyie.com/penetration-testing-learn-all.../
Penetration Testing – Learn All About BurpSuite in here
What Basically BurpSuite is
Burp Suite is a set of tools used for penetration testing of web applications. It is developed by a company named Portsviger, which is also the surname of its founder, Dafid Stuart.
It is the most popular tool among professional web app security researchers and bug bounty hunters.
WHAT IS INTRUDER IN BURPSUITE :
Now moving forward let’s talk about intruder,intruder just automates the request sending,
but in community version of burp, it works slow but no matter we’ll see how it works.
WHAT IS REPEATER IN BURPSUITE :
We can use repeater to modify the request and examine server responses in detail.
But you’ll think intruder all also help us to manipulate request , but in case of intruder it’s automatically but in repeater we do manually.
Now intercept any request and right click in proxy tab and then select send to repeater. Then in repeater left side windows will show you req and right side windows will show you response.
WHAT IS DECODER IN BURPSUITE :
The decode can be used to encode or decode some part of requests which you want.
WHAT IS COMPARER IN BURPSUITE:
We can use compare to check difference between requests or response.
SO, IF YOU REALLY WANTS TO READ ABOUT BURPSUITE :-
Do check out my website for more practical View
https://jewkoiyie.com/penetration-testing-learn-all.../
INFORMATION GATHERING | PENETRATION TESTING
Web Reconnaissance Or Information Gathering – Part 1
WHAT'S INFORMATION GATHERING IS ?
Information gathering is the first phase of penetration testing in which we collect publicly available information or internal information about target while performing active reconnaissance as well as passive reconnaissance which we can use it our further testing phases.
Target: Our target is nothing but web application on which we’ll perform testing.
Active Reconnaissance: It means whenever we engage with target to get information is called active reconnaissance.
Passive Reconnaissance: It means when we collect publicly available information about target without engaging with target is known as passive reconnaissance.
Vulnerability: Vulnerability is nothing but the weakness or lack of security which we found in the target.
In this blog we have talked about How to gather information about your target like - Active Reconnaissance, Passive Reconnaissance and about Google Dork
To Read Full Article And take Practical Knowledge From Given Link Below :
https://www.jewkoiyie.com/web-reconnaissance-or-information-gathering-part-1/
Web Reconnaissance Or Information Gathering – Part 1
WHAT'S INFORMATION GATHERING IS ?
Information gathering is the first phase of penetration testing in which we collect publicly available information or internal information about target while performing active reconnaissance as well as passive reconnaissance which we can use it our further testing phases.
Target: Our target is nothing but web application on which we’ll perform testing.
Active Reconnaissance: It means whenever we engage with target to get information is called active reconnaissance.
Passive Reconnaissance: It means when we collect publicly available information about target without engaging with target is known as passive reconnaissance.
Vulnerability: Vulnerability is nothing but the weakness or lack of security which we found in the target.
In this blog we have talked about How to gather information about your target like - Active Reconnaissance, Passive Reconnaissance and about Google Dork
To Read Full Article And take Practical Knowledge From Given Link Below :
https://www.jewkoiyie.com/web-reconnaissance-or-information-gathering-part-1/
INFORMATION GATHERING | PENETRATION TESTING
Web Reconnaissance Or Information Gathering — Part 2 ( Whois Lookup, tools, site)
SSL Certificate Parsing
SSL Certificate Parsing is another way to find different domain names related to the target. But before that what SSL certificate is, SSL stands for Secure Socket Layer, it is used to encrypt web traffic, because of SSL we see HTTPS in the url field instead of HTTP in maximum websites.
Subdomain Enumeration
Subdomain enumeration is the process of finding subdomains of a target.
What is Whois Lookup?
Whois is a widely used Internet record listing that identifies who owns a domain and how to get in contact with them. The Internet Corporation for Assigned Names and Numbers (ICANN) regulates domain name registration and ownership.
Take a look To my Article on This :-
https://jewkoiyie.com/web-reconnaissance-or-information-gathering-part-2-whois-lookup-tools-site/
Web Reconnaissance Or Information Gathering — Part 2 ( Whois Lookup, tools, site)
SSL Certificate Parsing
SSL Certificate Parsing is another way to find different domain names related to the target. But before that what SSL certificate is, SSL stands for Secure Socket Layer, it is used to encrypt web traffic, because of SSL we see HTTPS in the url field instead of HTTP in maximum websites.
Subdomain Enumeration
Subdomain enumeration is the process of finding subdomains of a target.
What is Whois Lookup?
Whois is a widely used Internet record listing that identifies who owns a domain and how to get in contact with them. The Internet Corporation for Assigned Names and Numbers (ICANN) regulates domain name registration and ownership.
Take a look To my Article on This :-
https://jewkoiyie.com/web-reconnaissance-or-information-gathering-part-2-whois-lookup-tools-site/
👍1
Bug Bounty pinned «INFORMATION GATHERING | PENETRATION TESTING Web Reconnaissance Or Information Gathering — Part 2 ( Whois Lookup, tools, site) SSL Certificate Parsing SSL Certificate Parsing is another way to find different domain names related to the target. But before…»
INFORMATION GATHERING | PENETRATION TESTING
Directory Brute Forcing – Web Reconnaissance Or Information Gathering – Part 3
Directory Brute-Forcing : Directory Brute-Forcing is a technique of finding hidden directories which are available on the web server. There are many cases in which hackers find directories which contains very sensitive information like admin panels, password files, outdated functionalities , database copies etc.
Main 2 Type of Tool To Find Hidden Directory :
Dirbuster and Gobuster
Dirb :
Dirbuster is another gui based tool , simply enter dirbuster in terminal and hit enter then after that enter the url and select the path of wordlist as shown in fig or you can your own also if you want, but in this you should compulsory give the file extension, so here I have given .php. Then after that just click on attack and side by side check your terminal you’ll get the name of files and directories whatever this tool has found.
Gobuster :
Gobuster is another tool which can be used to find the same.
Check out My Full Article :
https://jewkoiyie.com/directory-brute-forcing-web-reconnaissance-or-information-gathering-part-3/
Directory Brute Forcing – Web Reconnaissance Or Information Gathering – Part 3
Directory Brute-Forcing : Directory Brute-Forcing is a technique of finding hidden directories which are available on the web server. There are many cases in which hackers find directories which contains very sensitive information like admin panels, password files, outdated functionalities , database copies etc.
Main 2 Type of Tool To Find Hidden Directory :
Dirbuster and Gobuster
Dirb :
Dirbuster is another gui based tool , simply enter dirbuster in terminal and hit enter then after that enter the url and select the path of wordlist as shown in fig or you can your own also if you want, but in this you should compulsory give the file extension, so here I have given .php. Then after that just click on attack and side by side check your terminal you’ll get the name of files and directories whatever this tool has found.
Gobuster :
Gobuster is another tool which can be used to find the same.
Check out My Full Article :
https://jewkoiyie.com/directory-brute-forcing-web-reconnaissance-or-information-gathering-part-3/
❤2