Why we need cryptography?
Without encryption communications over the internet will be very insecure, and it would be very easy for someone to see your data. Fortunately this isn't true, and almost all of the data you get/send over the internet is encrypted and cannot be seen in plain text by someone who got access to it.
@geekcode
Without encryption communications over the internet will be very insecure, and it would be very easy for someone to see your data. Fortunately this isn't true, and almost all of the data you get/send over the internet is encrypted and cannot be seen in plain text by someone who got access to it.
@geekcode
Types of Cryptographic Techniques?
Cryptography is used in many applications like banking transactions cards, computer passwords, and e- commerce transactions.
There are Three types of cryptographic techniques used in general-:
1. Symmetric-key cryptography
2. Hash functions.
3. Public-key cryptography
Symmetric-key Cryptography: Both the sender and receiver share a single key. The sender uses this key to encrypt plaintext and send the cipher text to the receiver. On the other side the receiver applies the same key to decrypt the message and recover the plain text.
Public-Key Cryptography: This is the most revolutionary concept in the last 300-400 years. In Public-Key Cryptography two related keys (public and private key) are used. Public key may be freely distributed, while its paired private key, remains a secret. The public key is used for encryption and for decryption private key is used.
Hash Functions: No key is used in this algorithm. A fixed-length hash value is computed as per the plain text that makes it impossible for the contents of the plain text to be recovered. Hash functions are also used by many operating systems to encrypt passwords.
@geekcode
Cryptography is used in many applications like banking transactions cards, computer passwords, and e- commerce transactions.
There are Three types of cryptographic techniques used in general-:
1. Symmetric-key cryptography
2. Hash functions.
3. Public-key cryptography
Symmetric-key Cryptography: Both the sender and receiver share a single key. The sender uses this key to encrypt plaintext and send the cipher text to the receiver. On the other side the receiver applies the same key to decrypt the message and recover the plain text.
Public-Key Cryptography: This is the most revolutionary concept in the last 300-400 years. In Public-Key Cryptography two related keys (public and private key) are used. Public key may be freely distributed, while its paired private key, remains a secret. The public key is used for encryption and for decryption private key is used.
Hash Functions: No key is used in this algorithm. A fixed-length hash value is computed as per the plain text that makes it impossible for the contents of the plain text to be recovered. Hash functions are also used by many operating systems to encrypt passwords.
@geekcode
WHAT IS BAIT & SWITCH ?
The bait and switch hacking technique leverages internet
clickable ads to divert a user to malicious websites.This
largely depends on the advertiser who accepts ads: the
larger the host site (like Facebook or Google), the more
safeguards they have in place to prevent something this technique.If a bait and switch is successful, the malicious site could either steal your credentials or install malware on your computer, which will help the hacker gain access to your
computer and network.
How to avoid this technique:
📌Don’t click on ads while browsing the web –
especially if it’s solicited to you
📌 Use a secure browser plug-in that blocks pop-ups
📌Use a browser or solution that recognizes known
malicious sites.
@geekcode
The bait and switch hacking technique leverages internet
clickable ads to divert a user to malicious websites.This
largely depends on the advertiser who accepts ads: the
larger the host site (like Facebook or Google), the more
safeguards they have in place to prevent something this technique.If a bait and switch is successful, the malicious site could either steal your credentials or install malware on your computer, which will help the hacker gain access to your
computer and network.
How to avoid this technique:
📌Don’t click on ads while browsing the web –
especially if it’s solicited to you
📌 Use a secure browser plug-in that blocks pop-ups
📌Use a browser or solution that recognizes known
malicious sites.
@geekcode
Detailed report on new Android banker - S.O.V.A.
⚡Discovered in August 2021
⚡Includes a new feature - stealing session cookies
S.O.V.A in WebView displays legit targeted website for user to login and then steals account cookies
https://www.threatfabric.com/blogs/sova-new-trojan-with-fowl-intentions.html
@geekcode
⚡Discovered in August 2021
⚡Includes a new feature - stealing session cookies
S.O.V.A in WebView displays legit targeted website for user to login and then steals account cookies
https://www.threatfabric.com/blogs/sova-new-trojan-with-fowl-intentions.html
@geekcode
ThreatFabric
S.O.V.A. - A new Android Banking trojan with fowl intentions
A new Android trojan was advertised on hacking forums, featuring overlays, keylogging and with intentions of adding Ransomware attacks and DDoS
Cyber Kill Chain ?
The cyber kill chain CKC is a classic cybersecurity model developed by the computer security incident response (CSIRT) team at Lockheed Martin. The purpose of the model is to better understand the stages an attack must go through to conduct an attack, and help security teams stop an attack at each stage.
The kill chain model describes an attack by an external attacker attempting to gain access to data or assets inside the security perimeter. The attacker performs reconnaissance, intrusion of the security perimeter, exploitation of vulnerabilities, gaining and escalating privileges, lateral movement to gain access to more valuable targets, attempts to obfuscate their activity, and finally exfiltrate data from the organization.
@geekcode
The cyber kill chain CKC is a classic cybersecurity model developed by the computer security incident response (CSIRT) team at Lockheed Martin. The purpose of the model is to better understand the stages an attack must go through to conduct an attack, and help security teams stop an attack at each stage.
The kill chain model describes an attack by an external attacker attempting to gain access to data or assets inside the security perimeter. The attacker performs reconnaissance, intrusion of the security perimeter, exploitation of vulnerabilities, gaining and escalating privileges, lateral movement to gain access to more valuable targets, attempts to obfuscate their activity, and finally exfiltrate data from the organization.
@geekcode
A Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis – AndroL4b.
AndroL4b is an android security virtual machine in view of ubuntu-mate incorporates the accumulation of most recent framework, instructional exercises and labs from various security nerds and researchers for figuring out and malware analysis.
🟩 What’s new in Androl4b v.3?
1️⃣ Tools are updated
2️⃣ New tools and lab included
3️⃣ Upgraded to Ubuntu mate 17.04
4️⃣ Some cleanup
https://github.com/sh4hin/Androl4b
@geekcode
AndroL4b is an android security virtual machine in view of ubuntu-mate incorporates the accumulation of most recent framework, instructional exercises and labs from various security nerds and researchers for figuring out and malware analysis.
🟩 What’s new in Androl4b v.3?
1️⃣ Tools are updated
2️⃣ New tools and lab included
3️⃣ Upgraded to Ubuntu mate 17.04
4️⃣ Some cleanup
https://github.com/sh4hin/Androl4b
@geekcode
What is Web Fuzzing?
Fuzzing is generally finding bugs/issues using automated scanning with supplying unexpected data into an application then monitoring it for exceptions/errors/stacktraces.
The motive is to supply superfluous data to trigger exceptions and see if it could lead to issue.
Web application fuzzing is basically fuzzing web applications to expose common web vulnerabilities which are mentioned in Owasp Top 10.
Tools:
•FFUF
•Wfuzz
•Owasp ZAP
•Burp suite
•boofuzz
@geekcode
Fuzzing is generally finding bugs/issues using automated scanning with supplying unexpected data into an application then monitoring it for exceptions/errors/stacktraces.
The motive is to supply superfluous data to trigger exceptions and see if it could lead to issue.
Web application fuzzing is basically fuzzing web applications to expose common web vulnerabilities which are mentioned in Owasp Top 10.
Tools:
•FFUF
•Wfuzz
•Owasp ZAP
•Burp suite
•boofuzz
@geekcode
What is C Language?
C is an essential general-purpose computer programming language that supports structural programming, typical machine instructions, recursion, and variables with a static system. Besides, the C programming language allows programmers to handle addresses, bits, and bytes and gives swift control over development.
Dennis M. Ritchie developed the C programming language in 1972 to implement in the UNIX operating system. Initially, programmers used the C language to design systems, primarily the operating systems. It was gradually applied in the compiler, assemblers, text editor, database, utilizer, and more.
Example:
#include<stdio.h>
int main () {
printf (“Hello, geekcode!/n”);
return 0;
}
@geekcode
C is an essential general-purpose computer programming language that supports structural programming, typical machine instructions, recursion, and variables with a static system. Besides, the C programming language allows programmers to handle addresses, bits, and bytes and gives swift control over development.
Dennis M. Ritchie developed the C programming language in 1972 to implement in the UNIX operating system. Initially, programmers used the C language to design systems, primarily the operating systems. It was gradually applied in the compiler, assemblers, text editor, database, utilizer, and more.
Example:
#include<stdio.h>
int main () {
printf (“Hello, geekcode!/n”);
return 0;
}
@geekcode
What is C++ programming?
C++ is an enhanced version of the C programming developed by Bjarne Stroustrup back in 1986. It adds up every part of C, including object-oriented programming. Likewise, C++ is used in game development, software infrastructure, and application.It can significantly handle hardware and run code in any environment. As a result, C++ is one of the leading choices to create dynamic and agile software that operates system resources and critical tasking.Like other programming languages, C++ also has some terminologies, such as class, method, object, polymorphism, subclass, superclass, and more. Additionally, it has its own file extension that uses ".cpp" , ".cxx", ".c++", and ".h", ".hpp", ".hxx", ".h++" for headers.
Example:
#includes <iostream.h>
using namespace std;
int main () {
cout << “ Hello, geekcode!” <<endl;
return 0;
}
@geekcode
C++ is an enhanced version of the C programming developed by Bjarne Stroustrup back in 1986. It adds up every part of C, including object-oriented programming. Likewise, C++ is used in game development, software infrastructure, and application.It can significantly handle hardware and run code in any environment. As a result, C++ is one of the leading choices to create dynamic and agile software that operates system resources and critical tasking.Like other programming languages, C++ also has some terminologies, such as class, method, object, polymorphism, subclass, superclass, and more. Additionally, it has its own file extension that uses ".cpp" , ".cxx", ".c++", and ".h", ".hpp", ".hxx", ".h++" for headers.
Example:
#includes <iostream.h>
using namespace std;
int main () {
cout << “ Hello, geekcode!” <<endl;
return 0;
}
@geekcode