Articles

One Link Facebook
Can Facebook accounts be hacked? Is it be possible to access your account without your permission and without knowing your username and password? Unfortunately “YES” is the answer.


GSM
In this article we will describe the various tools, software, hardware and techniques, that can be employed to attack the GSM. All these are described in brief and corresponding references are given so that you will able to go and read more about the tool from the provided link.


Looking Into the Eye of the Bits
During the past three years I've been developing tools for research and implementation of a new type of software analysis, which I will introduce in this paper. This new type of reverse engineering allows recovering internal implementation details using only passive memory analysis, and without requiring any disassembly.


Low Profile Botnets
The term ‗Botnet‘ was sited frequently in headline news last year. It continues to dominate the ever changing threat landscape of cyberspace. Whether it is Conficker, Aurora, NightDragon or the latest ShadyRAT attacks, Botnets continue to haunt cyberspace.


Rootkits are Back with the Boot Infection
Windows rootikits have been around since year 2005 and have become a buzzword in the security industry over recent years. While rootkits have traditionally been used by sophisticated attackers to hide their presence on compromised machines, recent malwares with rootkit capabilities have started using them to complicate efforts to detect and clean the infections.


Gonna' Break It On Down Gonna' Kick It Root Down
What is ‘Rooting’? ‘Rooting’ is the process in which you get root and unrestricted access to your android phone and software. ‘Rooting’ is essentially “hacking” your Android device.


Using Metasploit with Nessus Bridge on Ubuntu
Ever wondered how to use the autopwn feature in Metasploit on Ubuntu? Want to run nessus from within metasploit? What database should I use; sqlite3 or postgres? I will explain the benefits of both. The concept will allow you to do various tasks with your nessus server and nmap from within the msf command line.


Pentesting your own Wireless Network
IEEE 802.11 is a set of protocols used for implementing wireless LAN. IEEE Protocol standards are created and maintained by IEEE LAN/MAN Standard Committee. WLANs operate in 3 different frequency ranges that is2.4Ghz (802.11b/g/n), 3.6Ghz (802.11y) and 4.9/5.0Ghz (802.11a/h/j/n). Each of these Frequencies are further divided in to multiple channels. Every country has permissible channels and maximum power levels.


Exposing the Password Secrets of “Apple Safari”
Safari is one of the top 5 browsers known for its innovative look and feel reflected in every product of Apple! It offers one of the best ways to browse online, greater support for HTML5, and other new features that make the web even better experience. Like other browsers, Safari also comes with built-in „password manager‟ feature for securely storing and managing the user's web login passwords.


Mozilla Firefox Internals & Attack Strategies
Firefox is a trusted browsing platform used by millions across the globe. It is a platform that is used by experts and novices. One of the biggest advantages and reason for massive success of Mozilla is an extensible plug-in model which allows the developers add additional features to the Mozilla Firefox environment than what was perceived by the original writers.


Remote Thread Execution in System Process using NtCreateThreadEx for Vista & Windows 7
Windows provides API function called, CreateRemoteThread [Reference 2] which allows any process to execute thread in the context of remote process. This method has been mainly used to inject DLL into remote process, this technique is popularly known as 'DLL Injection'. Especially malware programs exploited this mechanism to evade their detection by injecting their DLL into legitimate processes ...


Effectiveness of Antivirus in Detecting Web Application Backdoors
considering the increased number of attacks on Web Applications and defacement statistics on Web Servers, it’s high time to review the security of Web Servers and protection mechanism aided to prevent them.


JavaScript Botnets
Botnets are a group of computers compromised and controlled by an attacker, these computers or zombies would perform any actions that the attacker commands them to do. Botnets are usually created by compromising the victims' systems with some remote code execution exploits and then installing backdoors on them.


Android Reverse Engineering - A Kick Start
It seems a lot of people are getting crazy about the Android platform these days (everyone is trying to buy an Android phone!). I don‘t have an Android cell phone but still, I did manage to learn a few tricks on this Linux + java clean room engineered platform.


Network Attacks
Any method, technique or process used to attack and compromise the security of the network can be termed as a Network attack. There can be a number of motives behind the attacks like fame, terrorism, greed, etc. A few types of various malicious attacks are covered in this article.


Fake Antivirus
While surfing the Web you must have seen the above pop-up message or similar advertisements. A free PC scan or an offer to clean your computer which it claims to be infected, is usually an attempt by fraudulent person to install malicious software(malware) such as Trojan horse, keylogger , or spyware.


Cloud Security & Threat
Cloud Computing is an outsourced multi-tenanted IT Service model. The security concerns & threats applicable to cloud computing environment are same as applicable to any other IT environment. Only significant difference is that in the Cloud environment organizations lose control over the security measures required to protect their data and Information assets...


Advance XSS Attacks, DOM Based
DOM-based is unique form of XSS, used very similarly to non-persistent, but where the JavaScript malware payload doesn’t need to be sent or echoed by the Web site to exploit auser. Consider our eCommerce Web site example, where a feature on the Website is used to display sales promotions.The following URL queries the backend database for the information specified by the product_id value which is shown to the user.


Honeypot
A Honeypot or a honey trap is an exciting technology with great potential for security community. It is an information system resource (a monitored decoy) used to attract attackers away from critical resources as well as a tool to analyse an attacker‟s method and characteristics ....


Data Loss Prevention
Information=Money! Information can be anything –financial statements, health records of patients, source codes, intellectual property (IP), trade secrets, design specifications, price lists - anything from which an organization generates profits. Information is one of the business’s most important assets.


What is CSRF?
A cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The attack basically uses the session of an authenticated user and is also known as Session riding.


Phishing
Phishing term originates from the word “fishing” and the well known pre-fix ”ph” like in “Phreaks” traces back to early hackers who were involved in “phreaking”- The hacking of telephone systems. Phishing, also referred to as brand spoofing or carding, is a variation on "fishing," the idea being that bait is thrown out with the hope that while most will ignore the bait, some will be tempted into biting.


Steganography
Steganography is the art of hiding information in images. In Greek, Steganography means “covered writing”. In steganography, confidential data is hidden in images to protect it from unauthorized users. So basically it means, hiding a secret message within a cover-medium in such a way that others cannot detect the presence of the hidden message. In contemporary terms, steganography has evolved into a digital strategy of hiding a file in some form of multimedia, such as an image, an audio file (like a .wav or mp3) or even a video file.


Forensic Analysis of Windows XP Registry
Windows stores configuration data in registry. The registry is a hierarchical database, which you can describe it as s configuration database. Configuration database is the data which makes the operating system work. The registry is introduced to replace most text-based configuration files used in earlier versions of Windows operating systems, such as .ini files, autoexec.bat and config.sys files. The registry contains most of Windows XP’s settings for all the hardware, operating system software, non-operating system software, users, etc. Whenever a user makes changes to Control Panel settings, system policies, or installed software, the changes are reflected and stored in registry.