Posts

CROSS SITE SCRIPTING | WEBSITE VULNERABILITY

WHAT IS CROSS SITE SCRIPTING? xss is a client-side code vulnerability which allows an attacker to inject code which can execute malicious scripts.this type of attack can be used to obtain cookies,session tokens,or other sensitive information used with a compromise site. xss is the most common vulnerability discovered ans exploit in websites.this come sin 3 flavors which are persistent,reflected,and dom based.xss can present a serious concern for websites which contain sensitive user data. TYPES OF ATTACK  The 3 different types of xss are persistent,reflected,and dom-based. 1)persistent this form of xss is the most dangerous saves code to the server and permanently delivers the attack this can most commonly be found in forms and sites which allow users to post HTML formatted data. 2)reflected this is the most common types of xss  commonly found in HTTP  query parameters or in HTML form submissions   this type of attack is most commonly used with a

BUG BOUNTING | HEAVEN FOR HACKERS

Image
what is bug bounty ? A hacker who is paid to find vulnerabilities in software and website.if the vulnerabilities are found in your website or software simply they have to report them.in order to patch the bug in our site or software.in simple word we get paid for the hacking.most of the hackers do this things and earn.you can also earn. who can do bug bunting ? anyone with computer skill and  high degree of curiosity can become a successful finder of vulnerabilities. the main thing is you need to keep learning continuously. how can i learn bug bounty? if you are not comfortable with the basics of website developing or software developing get more comfortable.it is necessary to have good understanding of IP,TCP and HTTP. to become a successful bug bounty hunter on the web. i'd suggest you check out the following resources. 1)the web application hacker's handbook. 2)hackerone submit valuable bugs successful hackers spend a lot of time describing the issue as

LEAKERLOCKER | TARGETING ANDROID USERS

Image
after   wannacry and petya ransomare the new ransomware found and this time this ransomware targets the android mobile users called as leakerlocker. what is leakerlocker ? this ransomware do not encrypt file on victim's like other ransomware but it collect the android users personal information like images ,messages and browsing history and demand for ransom to victim if they don't pay it so  the information will  send to every person on your telephone and email contacts list. according to researchers at security firm McAfee found the leakerlocker ransomware in at least two apps - Booster & Cleaner pro and wallpepar Blur Hd- in the google paly store.  how leakerlocker works? once the victim install the apps the apps contain malicious code which control by the other server and collect the information form the user's device. the user do not have any idea about the whenever they install app the give permissions to control server during installation. like

MALWARE

Image
what is malware ? malware is a software,that perform  victim  malicious action on victims computer or any device. the term is a combination of the words malicious and software.the ultimate goal of hackers to install malware on your computers or any device any how.once they install malware on your computer or device they can access your computer. the malware are not only targeted to only some specific system like windows ,while windows is widely used ,thus a big target,malware can infect any computing device.every one is a target, including you. the more computer or devices cyber criminal infect,the more money they earn.  who is developing malware and why? malware is created by sophisticated cyber criminals to help them achieve specific goals.the main goal is to steal important information , user id passwords, to send spam  emails,launching denial of service attacks. the malware known as petya is used by criminals to infect and encrypt hard disk of your computer.once infe

HOW TO CRACK PASSWORD | TYPES OF PASSWORD CRACKING TECHNIQUE

Image
what is password cracking? security analysts and experts suggest different approaches when it comes to password cracking the attack selection depends on the hashing algorithm used and the speed of the hash calculation. the time that will take for the attack to compute and try one password.usually passwords have an expiry date therefore an attack that takes too much time will not be considered. the amount of resources that the attacker has in the case of organised crime and industrial espionage, the attacker might have the ability to use multiple processors,data centers or botnets for the attacker . there are two main categories of password cracking techniques : online and offline attacks . online attacks are attacks that are performed on a live host or system be either using exhaustive search (brute-force) or word list  attack again a login form,session,or any type of authentication technique used. online attacks are not as popular as offline attacks because they are o

Nmap for scanning networks

Image
what is Nmap? Nmap ("Network Mapper") is a free open source tool for scanning the network.you can download from from here nmap.org Nmap  uses raw IP packets in novel ways to determine what hosts are available on the network,what services (application name and version) those hosts are offering ,what operating system (os version) they are running,what type of packets filters/firewalls are in use,and dozens of other characteristics. firewalls,routers,proxy servers and other security devices can skew the results of and Nmap scan.scanning remote hosts that are not on your local network may provide misleading information because of this  what is illegal with Nmap? scanning networks that you do not have permission to scan can get you in trouble with your internet service provider,the police,and possibly even the government. don't go off scanning the FBI of secret service website unless you want to get in trouble. aggressively scanning some systems may cause

copycat malware targets the rooted devices

Image
                                                         what is copycat malware? new piece of adware dubbed copycat malware has capabilities to root infected device, establish persistence and inject malicious code into Zygote- a daemon responsible for launching apps on android and providing full access to the devices.according to research at security firm check point  it has infected 14 M android devices around the world. how many devices infected from this malware ? copycat malware has infected 14 million device ,nearly 8 million of them are rooted and device serve ads, and 4.4 million of  them were used to steal credit for installing apps on google play. the malware uses two tactics to abuse the zygote process and steal ad revenue .it displays fraudulent pop-up ads on a user's screen and steal app installation credits. it also installs fraudulent apps directly on to the device. how copycats works? as check point explained, advertisers are paid for display a