Posts

Showing posts from 2019

OWASP TOP 10 APPLICATION SECURITY

OWASP TOP 10 APPLICATION SECURITY
The Open Web Application Security Project (OWASP) is a non-profit community helps organizations to develop secured applications. The OWASP Top 10 Web Application Security Risks was updated in 2017 to provide guidance to developers and security professionals on the most critical vulnerabilities that are commonly found in web applications, which are mostly found in web application.The list is usually refreshed in every 3-4 years.They come up with standards, freeware tools and conferences that help organizations as well as researchers.


The following identifies each of the OWASP Top 10 Web Application Security

1. Injection

Injection attacks occur when the user is able to input untrusted data tricking the application to execute unintended commands without proper authorization. Injections flaws can be – SQL injection, PHP injection, LDAP injection, Code injection and OS injection.

With a successful attack, an attacker can gain:
1. Unauthorized access to an …

Beginner's Guide: How to install a wireless adapter into kali linux?

Image
So, after buying a wireless adapter for hacking networks, you are probably thinking how to use it in kali linux. Fear not we are here to get you started.

Open your virtual box and select  your virtual machine.

Go into the settings.

Go into the usb option on the left hand side.
A page will open like this-


Now, press on the right most button which  looks like this-                  a usb with green plus sign.

Now insert your usb wireless adapter, you will see the name of the adapter appear in the box.

Select it .

Voila your usb wireless adapter is now added.

Remember: Always insert the wireless adapter into the usb after kali has been fully loaded. Sometimes when you insert before, the wireless adapter will not work because of system-system run error.


-Dhruv

BEST OS FOR HACKING!! (TOP 5)

BEST OS FOR HACKING!!

1-KALI LINUX.
     -Kali Linux is a Debian-derived Linux distribution designed for digital forensics and penetration testing, originally forked from Backtrack Linux by the Offensive Security team.

2-PARROT SECURITY OS.
     -Parrot is a GNU/Linux distribution based on Debian Testing and designed with Security, Development, and Privacy in mind.

3-BLACKARCH.
     -BlackArch Linux is an Small Arch Linux iconArch Linux -based distribution for penetration testers and security researchers.

4-BACKBOX LINUX.
     -BackBox is a Linux distribution based on Ubuntu developed to perform penetration tests and security assessments. Designed to be fast, easy to use and to provide a minimal yet complete desktop environment thanks to its own software repositories always been updated to the last stable version of the most known and used ethical hacking tools.

5-BLACKBUNTU.
     -Designed to be fast, easy to use and provide a minimal yet complete desktop environment. BlackBuntu Li…

WHAT IS NMAP USED FOR?

WHAT IS NMAP USED FOR?

-Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packetfliters/firewalls are in use, and dozens of other characteristics.

Making Firefox faster

Yes, firefox is already fast but did you know that you can tweak it and improve the speed even more?

That's the beauty of this program being open source.
Here's what you do:


In the URL bar, type “about:config” and press enter. This will bring up the configuration “menu” where you can change the parameters of Firefox.

Note:These are what I’ve found to REALLY speed up my Firefox significantly.These settings are optimized for broadband connections

Double Click on the following settings and put in the numbers below - for the true / false booleans - they’ll change when you double click.

Code:
browser.tabs.showSingleWindowModePrefs – true
network.http.max-connections – 48
network.http.max-connections-per-server – 16
network.http.max-persistent-connections-per-proxy – 8
network.http.max-persistent-connections-per-server – 4
network.http.pipelining – true
network.http.pipelining.maxrequests – 100
network.http.proxy.pipelining – true
network.http.request.timeout – 300


One more thing… R…

Ransomware

Image
RANSOMWARE

 An example lock screen


Please note that some of the terms used in this blog are made-up(they are only used for a better understanding of the user)
A ransomware is a type of a virus which locks a user out of his data until the user pays the creator of the ransomware.
Types of ransomware Scareware
The ransomware will show fake pop ups and will make you pay by giving false pop ups.Your data is normally safe,but you may be loaded with many pop ups.

Screen lockers
The ransomware will keep you away from your data until the ransom is paid.
Encryptors The ransomware will encrypt your data and not decrypt it until the ransom is paid .


Types of locks of the ransomware: Simple lock In this type of a lock, the user is locked out of its data by a plain lock page only. Once the lock page is bypassed, the user gets access to its data and can use it. Simple encryption lock In this type of a lock, the user is locked out of its data by a lock page and his data is encrypted. Once the lock is by…

Making a ransomware

How to build Ransomware?  I will show you how to build a ransomware using Hidden-Cry
Hidden-Cry is a script to generate a Windows Encrypter/Decrypter using AES encryption with a random 256-bit key. AES- Adanced Encryption Standard, it uses a symmetric-key algorithm, means the same key is used for encrypting and decrypting the data.  Hidden-Cry encrypts all personal files from Home directory (,txt, .doc, .xls, .mp3, .mp4, .pdf, .png and etc.)  It's Fully Undetectable (FUD) by Antiviruses. Works with Windows 10(requires Powershell 5)
NOTE- Don't Upload it on Virustotal, because they share results. 
Installing it on Kali Linux. >
$git clone https://github.com/thelinuxchoice/hidden-cry

$ cd hidden-cry
$ sudo apt-get update & apt-get install mingw-w64 -y
$ sudo chmod +x hidden-cry
$ sudo ./hidden-cry
And your done!! You have successfully installed it. 
Thank you for reading. Comment down your views and share it with everyone you can, so that even they should know about it. 

By…