CYBER WORLD

WHAT IS CROSS SITE SCRIPTING? xss is a client-side code vulnerability which allows an attacker to inject code which can execute malicious scripts.this type of attack can be used to obtain cookies,session tokens,or other sensitive information used with a compromise site. xss is the most common vulnerability discovered ans exploit in websites.this come sin 3 flavors which are persistent,reflected,and dom based.xss can present a serious concern for websites which contain sensitive user data. TYPES OF ATTACK  The 3 different types of xss are persistent,reflected,and dom-based. 1)persistent this form of xss is the most dangerous saves code to the server and permanently delivers the attack this can most commonly be found in forms and sites which allow users to post HTML formatted data. 2)reflected this is the most common types of xss  commonly found in HTTP  query parameters or in HTML form submissions   this type of attack is most commonly used with a

what is bug bounty ? A hacker who is paid to find vulnerabilities in software and website.if the vulnerabilities are found in your website or software simply they have to report them.in order to patch the bug in our site or software.in simple word we get paid for the hacking.most of the hackers do this things and earn.you can also earn. who can do bug bunting ? anyone with computer skill and  high degree of curiosity can become a successful finder of vulnerabilities. the main thing is you need to keep learning continuously. how can i learn bug bounty? if you are not comfortable with the basics of website developing or software developing get more comfortable.it is necessary to have good understanding of IP,TCP and HTTP. to become a successful bug bounty hunter on the web. i'd suggest you check out the following resources. 1)the web application hacker's handbook. 2)hackerone submit valuable bugs successful hackers spend a lot of time describing the issue as

after   wannacry and petya ransomare the new ransomware found and this time this ransomware targets the android mobile users called as leakerlocker. what is leakerlocker ? this ransomware do not encrypt file on victim's like other ransomware but it collect the android users personal information like images ,messages and browsing history and demand for ransom to victim if they don't pay it so  the information will  send to every person on your telephone and email contacts list. according to researchers at security firm McAfee found the leakerlocker ransomware in at least two apps - Booster & Cleaner pro and wallpepar Blur Hd- in the google paly store.  how leakerlocker works? once the victim install the apps the apps contain malicious code which control by the other server and collect the information form the user's device. the user do not have any idea about the whenever they install app the give permissions to control server during installation. like

what is malware ? malware is a software,that perform  victim  malicious action on victims computer or any device. the term is a combination of the words malicious and software.the ultimate goal of hackers to install malware on your computers or any device any how.once they install malware on your computer or device they can access your computer. the malware are not only targeted to only some specific system like windows ,while windows is widely used ,thus a big target,malware can infect any computing device.every one is a target, including you. the more computer or devices cyber criminal infect,the more money they earn.  who is developing malware and why? malware is created by sophisticated cyber criminals to help them achieve specific goals.the main goal is to steal important information , user id passwords, to send spam  emails,launching denial of service attacks. the malware known as petya is used by criminals to infect and encrypt hard disk of your computer.once infe

what is password cracking? security analysts and experts suggest different approaches when it comes to password cracking the attack selection depends on the hashing algorithm used and the speed of the hash calculation. the time that will take for the attack to compute and try one password.usually passwords have an expiry date therefore an attack that takes too much time will not be considered. the amount of resources that the attacker has in the case of organised crime and industrial espionage, the attacker might have the ability to use multiple processors,data centers or botnets for the attacker . there are two main categories of password cracking techniques : online and offline attacks . online attacks are attacks that are performed on a live host or system be either using exhaustive search (brute-force) or word list  attack again a login form,session,or any type of authentication technique used. online attacks are not as popular as offline attacks because they are o

what is Nmap? Nmap ("Network Mapper") is a free open source tool for scanning the network.you can download from from here nmap.org Nmap  uses raw IP packets in novel ways to determine what hosts are available on the network,what services (application name and version) those hosts are offering ,what operating system (os version) they are running,what type of packets filters/firewalls are in use,and dozens of other characteristics. firewalls,routers,proxy servers and other security devices can skew the results of and Nmap scan.scanning remote hosts that are not on your local network may provide misleading information because of this  what is illegal with Nmap? scanning networks that you do not have permission to scan can get you in trouble with your internet service provider,the police,and possibly even the government. don't go off scanning the FBI of secret service website unless you want to get in trouble. aggressively scanning some systems may cause

                                                         what is copycat malware? new piece of adware dubbed copycat malware has capabilities to root infected device, establish persistence and inject malicious code into Zygote- a daemon responsible for launching apps on android and providing full access to the devices.according to research at security firm check point  it has infected 14 M android devices around the world. how many devices infected from this malware ? copycat malware has infected 14 million device ,nearly 8 million of them are rooted and device serve ads, and 4.4 million of  them were used to steal credit for installing apps on google play. the malware uses two tactics to abuse the zygote process and steal ad revenue .it displays fraudulent pop-up ads on a user's screen and steal app installation credits. it also installs fraudulent apps directly on to the device. how copycats works? as check point explained, advertisers are paid for display a

what is proxychain? in our day to day life the privacy is very important part. the person's information is very sensitive thing in today's world if our personal  information is on wrong hands, this information could result in various problems.data collected could be used to hack bank account, social account etc. due to this reason , people choose to be anonymous while using internet, using a proxy or a VPN . a proxy could be explained as a gateway between user computer and the destination webpage. normally while browsing through the website, your original ip is identified by the website,which could compromise your privacy. by the use of proxy chaining we bounce through a number of proxy servers and reach the destination . you can check by this way, if you check the ip without using the proxy chain then then it will display the ISP IP. but when you use proxy chain it will display the last used proxy server's IP in the chain. user ------->proxy----------->webpage

      what is petya ransomware? after wannacry ransomware the new ransomware spread all over the world it is called as petya. now , when the use becomes infected by a cypto-ransomware , the infected targets and encrypts the files on the victims hard drives. this leaves the operating system working properly, but with the user unable  to encrypted documents. but the petya ransomware take it to the next level by encrypting portions of the hard drive itself that you are unable to access anything on the drive including windows. and if you want to decrypt your drives you have to pay ransom around ~9 . and if you successfully, pay it you drives become free to use. why is it called 'petya'? the malware appears to share a significant amount of code with older piece of ransomware that really was called petya. petya is family of encrypting ransomware that was first discovered in 2016.the malware targets microsoft windows-based systems,infecting the master boot record to ex