WHAT IS BAIT & SWITCH ?
The bait and switch hacking technique leverages internet
clickable ads to divert a user to malicious websites.This
largely depends on the advertiser who accepts ads: the
larger the host site (like Facebook or Google), the more
safeguards they have in place to prevent something this technique.If a bait and switch is successful, the malicious site could either steal your credentials or install malware on your computer, which will help the hacker gain access to your
computer and network.
How to avoid this technique:
📌Don’t click on ads while browsing the web –
especially if it’s solicited to you
📌 Use a secure browser plug-in that blocks pop-ups
📌Use a browser or solution that recognizes known
malicious sites.
@geekcode
The bait and switch hacking technique leverages internet
clickable ads to divert a user to malicious websites.This
largely depends on the advertiser who accepts ads: the
larger the host site (like Facebook or Google), the more
safeguards they have in place to prevent something this technique.If a bait and switch is successful, the malicious site could either steal your credentials or install malware on your computer, which will help the hacker gain access to your
computer and network.
How to avoid this technique:
📌Don’t click on ads while browsing the web –
especially if it’s solicited to you
📌 Use a secure browser plug-in that blocks pop-ups
📌Use a browser or solution that recognizes known
malicious sites.
@geekcode
Detailed report on new Android banker - S.O.V.A.
⚡Discovered in August 2021
⚡Includes a new feature - stealing session cookies
S.O.V.A in WebView displays legit targeted website for user to login and then steals account cookies
https://www.threatfabric.com/blogs/sova-new-trojan-with-fowl-intentions.html
@geekcode
⚡Discovered in August 2021
⚡Includes a new feature - stealing session cookies
S.O.V.A in WebView displays legit targeted website for user to login and then steals account cookies
https://www.threatfabric.com/blogs/sova-new-trojan-with-fowl-intentions.html
@geekcode
ThreatFabric
S.O.V.A. - A new Android Banking trojan with fowl intentions
A new Android trojan was advertised on hacking forums, featuring overlays, keylogging and with intentions of adding Ransomware attacks and DDoS
Cyber Kill Chain ?
The cyber kill chain CKC is a classic cybersecurity model developed by the computer security incident response (CSIRT) team at Lockheed Martin. The purpose of the model is to better understand the stages an attack must go through to conduct an attack, and help security teams stop an attack at each stage.
The kill chain model describes an attack by an external attacker attempting to gain access to data or assets inside the security perimeter. The attacker performs reconnaissance, intrusion of the security perimeter, exploitation of vulnerabilities, gaining and escalating privileges, lateral movement to gain access to more valuable targets, attempts to obfuscate their activity, and finally exfiltrate data from the organization.
@geekcode
The cyber kill chain CKC is a classic cybersecurity model developed by the computer security incident response (CSIRT) team at Lockheed Martin. The purpose of the model is to better understand the stages an attack must go through to conduct an attack, and help security teams stop an attack at each stage.
The kill chain model describes an attack by an external attacker attempting to gain access to data or assets inside the security perimeter. The attacker performs reconnaissance, intrusion of the security perimeter, exploitation of vulnerabilities, gaining and escalating privileges, lateral movement to gain access to more valuable targets, attempts to obfuscate their activity, and finally exfiltrate data from the organization.
@geekcode
A Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis – AndroL4b.
AndroL4b is an android security virtual machine in view of ubuntu-mate incorporates the accumulation of most recent framework, instructional exercises and labs from various security nerds and researchers for figuring out and malware analysis.
🟩 What’s new in Androl4b v.3?
1️⃣ Tools are updated
2️⃣ New tools and lab included
3️⃣ Upgraded to Ubuntu mate 17.04
4️⃣ Some cleanup
https://github.com/sh4hin/Androl4b
@geekcode
AndroL4b is an android security virtual machine in view of ubuntu-mate incorporates the accumulation of most recent framework, instructional exercises and labs from various security nerds and researchers for figuring out and malware analysis.
🟩 What’s new in Androl4b v.3?
1️⃣ Tools are updated
2️⃣ New tools and lab included
3️⃣ Upgraded to Ubuntu mate 17.04
4️⃣ Some cleanup
https://github.com/sh4hin/Androl4b
@geekcode
What is Web Fuzzing?
Fuzzing is generally finding bugs/issues using automated scanning with supplying unexpected data into an application then monitoring it for exceptions/errors/stacktraces.
The motive is to supply superfluous data to trigger exceptions and see if it could lead to issue.
Web application fuzzing is basically fuzzing web applications to expose common web vulnerabilities which are mentioned in Owasp Top 10.
Tools:
•FFUF
•Wfuzz
•Owasp ZAP
•Burp suite
•boofuzz
@geekcode
Fuzzing is generally finding bugs/issues using automated scanning with supplying unexpected data into an application then monitoring it for exceptions/errors/stacktraces.
The motive is to supply superfluous data to trigger exceptions and see if it could lead to issue.
Web application fuzzing is basically fuzzing web applications to expose common web vulnerabilities which are mentioned in Owasp Top 10.
Tools:
•FFUF
•Wfuzz
•Owasp ZAP
•Burp suite
•boofuzz
@geekcode
What is C Language?
C is an essential general-purpose computer programming language that supports structural programming, typical machine instructions, recursion, and variables with a static system. Besides, the C programming language allows programmers to handle addresses, bits, and bytes and gives swift control over development.
Dennis M. Ritchie developed the C programming language in 1972 to implement in the UNIX operating system. Initially, programmers used the C language to design systems, primarily the operating systems. It was gradually applied in the compiler, assemblers, text editor, database, utilizer, and more.
Example:
#include<stdio.h>
int main () {
printf (“Hello, geekcode!/n”);
return 0;
}
@geekcode
C is an essential general-purpose computer programming language that supports structural programming, typical machine instructions, recursion, and variables with a static system. Besides, the C programming language allows programmers to handle addresses, bits, and bytes and gives swift control over development.
Dennis M. Ritchie developed the C programming language in 1972 to implement in the UNIX operating system. Initially, programmers used the C language to design systems, primarily the operating systems. It was gradually applied in the compiler, assemblers, text editor, database, utilizer, and more.
Example:
#include<stdio.h>
int main () {
printf (“Hello, geekcode!/n”);
return 0;
}
@geekcode
What is C++ programming?
C++ is an enhanced version of the C programming developed by Bjarne Stroustrup back in 1986. It adds up every part of C, including object-oriented programming. Likewise, C++ is used in game development, software infrastructure, and application.It can significantly handle hardware and run code in any environment. As a result, C++ is one of the leading choices to create dynamic and agile software that operates system resources and critical tasking.Like other programming languages, C++ also has some terminologies, such as class, method, object, polymorphism, subclass, superclass, and more. Additionally, it has its own file extension that uses ".cpp" , ".cxx", ".c++", and ".h", ".hpp", ".hxx", ".h++" for headers.
Example:
#includes <iostream.h>
using namespace std;
int main () {
cout << “ Hello, geekcode!” <<endl;
return 0;
}
@geekcode
C++ is an enhanced version of the C programming developed by Bjarne Stroustrup back in 1986. It adds up every part of C, including object-oriented programming. Likewise, C++ is used in game development, software infrastructure, and application.It can significantly handle hardware and run code in any environment. As a result, C++ is one of the leading choices to create dynamic and agile software that operates system resources and critical tasking.Like other programming languages, C++ also has some terminologies, such as class, method, object, polymorphism, subclass, superclass, and more. Additionally, it has its own file extension that uses ".cpp" , ".cxx", ".c++", and ".h", ".hpp", ".hxx", ".h++" for headers.
Example:
#includes <iostream.h>
using namespace std;
int main () {
cout << “ Hello, geekcode!” <<endl;
return 0;
}
@geekcode
Forwarded from Chit-Chat Sec 2.0🔎
Anonymous Poll
71%
Python
5%
Ruby
8%
Rust
1%
Perl
15%
Go Language
#CyberTalks #CyberAwareness
How to protect Systems from Ransomware?
• Audit events and take inventory. Audit both event and incident logs to spot suspicious behavior. Take note of all assets and data. Identify authorized and unauthorized devices and programs.
• Configure and monitor. Manage hardware and software configurations. Only grant administrative privileges when necessary.
• Patch and update. Conduct regular vulnerability assessments and patching or virtual patching for operating systems and programs. Update software and applications.
• Protect systems and recover data. Administer data protection, backup, and recovery measures. Implement multifactor authentication (MFA).
• Secure and defend layers: Perform sandbox analysis to filter malicious emails. Employ security solutions to all layers of the system such as email, endpoint, web, and network.
• Train and test. Conduct regular training and security skills assessment for employees. Perform red-team exercises and penetration tests.
@geekcode
How to protect Systems from Ransomware?
• Audit events and take inventory. Audit both event and incident logs to spot suspicious behavior. Take note of all assets and data. Identify authorized and unauthorized devices and programs.
• Configure and monitor. Manage hardware and software configurations. Only grant administrative privileges when necessary.
• Patch and update. Conduct regular vulnerability assessments and patching or virtual patching for operating systems and programs. Update software and applications.
• Protect systems and recover data. Administer data protection, backup, and recovery measures. Implement multifactor authentication (MFA).
• Secure and defend layers: Perform sandbox analysis to filter malicious emails. Employ security solutions to all layers of the system such as email, endpoint, web, and network.
• Train and test. Conduct regular training and security skills assessment for employees. Perform red-team exercises and penetration tests.
@geekcode