Want to reread the above stat? 18 minutes. I drink my morning coffee longer than that. . Post Credits : @yashpatil_ . Follow @womenof_secarmy . Join @sec_army for Daily Hacktivity & Knowledge Dose. . . #cybersecurityawareness #cybersecuritytraining #ethicalhacking #hacking #hackingtools #learnhacking #kalilinux #kalilinuxtools #cyberhunter #cyberattack #cybersecurity #cyberarmy #instacybersecurity #wearesecarmy https://www.instagram.com/p/B4r0z89AnvY/?igshid=18w4d651yhseu

Go Now and Check If your E-mail got Indexed Somewhere. . Link : haveibeenpwned.com . Follow @womenof_secarmy Join @sec_army for Daily Hacktivity & Knowledge Dose. . . . #cybersecurityawareness #cybersecuritytraining #ethicalhacking #hacking #hackingtools #learnhacking #kalilinux #kalilinuxtools #cyberhunter #cyberattack #cybersecurity #cyberarmy #instacybersecurity #wearesecarmy https://www.instagram.com/p/B4pPpMBgLqo/?igshid=f88xgfloz46r

Do you Know??? Please comment below if you found anything related . Follow @womenof_secarmy . Join @sec_army for Daily Hacktivity & Knowledge Dose. . #cybersecurityawareness #cybersecuritytraining #ethicalhacking #hacking #hackingtools #learnhacking #kalilinux #kalilinuxtools #cyberhunter #cyberattack #cybersecurity #cyberarmy #instacybersecurity #wearesecarmy https://www.instagram.com/p/B4mwuErgaBN/?igshid=72tvkoigcchs

Have you seen any similar tool?? Comment below . . . Credits : @yashpatil_ Follow @womenof_secarmy . Join @sec_army for Daily Hacktivity & Knowledge Dose. #cybersecurityawareness #cybersecuritytraining #ethicalhacking #hacking #hackingtools #learnhacking #kalilinux #kalilinuxtools #cyberhunter #cyberattack #cybersecurity #cyberarmy #instacybersecurity #wearesecarmy https://www.instagram.com/p/B4kHmL7Aoxl/?igshid=jbksf9zemsoz

Find Details here https://github.com/CISOfy/lynis Credits : @yashpatil_ Join @sec_army for Daily Hacktivity & Knowledge Dose. #cybersecurityawareness #lynis #cybersecuritytraining #ethicalhacking #hacking #hackingtools #learnhacking #kalilinux #kalilinuxtools #cyberhunter #cyberattack #cybersecurity #cyberarmy #instacybersecurity #wearesecarmy https://www.instagram.com/p/B4hjqBxgTBq/?igshid=uscw1i87x23h

Find Details here https://github.com/codebutler/firesheep Credits : @yashpatil_ Join @sec_army for Daily Hacktivity & Knowledge Dose. #hacker #instacybersecurity #ethicalhacking #cybersecurity #infosec #technology #instahackers #bugbounty #bughunting #mobilesecurity #cybersafe #follow #instacyber#kali #bugcrowd #ctf #ethicalhacking #entrepreneurlife #webdeveloper #programmer #wearesecarmy https://www.instagram.com/p/B4fAKiDAqiu/?igshid=5659k3d7iple

Comment Down Below What Do You Think About ANONYMOUS GROUP ?? Who are they?? What are They?? Credits : @yashpatil_ Join @sec_army for Daily Hacktivity & Knowledge Dose. #cybersecurityawareness #cybersecuritytraining #ethicalhacking #hacking #hackingtools #learnhacking #kalilinux #kalilinuxtools #cyberhunter #cyberattack #cybersecurity #cyberarmy #instacybersecurity #wearesecarmy https://www.instagram.com/p/B4cX3lvAOmd/?igshid=199jgk1an5ked

This tool will look for interesting lines in the code which can contain: Hardcoded credentials API keys URL's of API's Decryption keys Major coding mistakes Credits : @yashpatil_ Join @sec_army for Daily Hacktivity & Knowledge Dose. #cybersecurityawareness #cybersecuritytraining #ethicalhacking #hacking #hackingtools #learnhacking #kalilinux #kalilinuxtools #cyberhunter #cyberattack #cybersecurity #cyberarmy #instacybersecurity #wearesecarmy https://www.instagram.com/p/B4Xc_ZBgyAW/?igshid=1mrwesyqu4g2p

OS command injection (also known as shell injection) is a web security vulnerability that allows an attacker to execute arbitrary operating system (OS) commands on the server that is running an application, and typically fully compromise the application and all its data. Very often, an attacker can leverage an OS command injection vulnerability to compromise other parts of the hosting infrastructure, exploiting trust relationships to pivot the attack to other systems within the organization. . Many instances of OS command injection are blind vulnerabilities. This means that the application does not return the output from the command within its HTTP response. Blind vulnerabilities can still be exploited, but different techniques are required. . How to Perform A variety of shell metacharacters can be used to perform OS command injection attacks. A number of characters function as command separators, allowing commands to be chained together.Command Separators such as & && | || eg - address=8.8.8.8%7Cwhoami ( where %7C means | ) . Prevention: If it is considered unavoidable to call out to OS commands with user-supplied input, then strong input validation must be performed. Some examples of effective validation include: . •Validating against a whitelist of permitted values. •Validating that the input is a number. •Validating that the input contains only alphanumeric characters, no other syntax or whitespace. Never attempt to sanitize input by escaping shell metacharacters. Credits : @yashpatil_ Join @sec_army for Daily Hacktivity & Knowledge Dose. #cybersecurityawareness #cybersecuritytraining #ethicalhacking #hacking #hackingtools #learnhacking #kalilinux #kalilinuxtools #cyberhunter #cyberattack #cybersecurity #cyberarmy #instacybersecurity #wearesecarmy https://www.instagram.com/p/B4SJL1egg36/?igshid=1gtzsl31tnpv1

We're here with an exquisite offer for you. On the occasion of Halloween, we present you a monstrous offer with a bundle of Bug Bounty and Python Programming courses at just 10$. Now, this is what we call "Double-Trouble". HURRY! SIGN UP NOW! LIMITED PERIOD OFFER! Link: https://academy.sec.army/p/halloween #infosec #hacking #bughead #ethicalhacker #ethicalhacking #cyberpunk #cybersecurity #cyber #halloween #spookyseason #programming #development #developer https://www.instagram.com/p/B4NDARLAs_D/?igshid=1u0oderxhjpxi

Applications frequently fail to encrypt network traffic when it is necessary to protect sensitive communications. Encryption (usually TLS) must be used for all authenticated connections, especially Internet-accessible web pages. Backend connections should be encrypted as well. Otherwise, the application will expose an authentication or session token to malicious actors on the same network as the application host. These backend connections may represent a lower likelihood of exploitation than a connection over the external internet; however, in the case of exploitation they can result in compromise of user accounts or worse. Encryption should be used whenever sensitive data, such as credit card or health information, is transmitted. Applications that fall back to plaintext or are otherwise forced out of an encrypting mode can be abused by attackers. •How To Find? >Is SSL is used to protect all traffic related authentication? >On all private pages and services is SSL is used for all resources? >Is the ‘secure’ flag set on session cookies? >Are legitimate server certificates in use and configured properly? >Are certificates issued from an authorized source? >Are server certificates in use expired? •Prevention :- >Implementing SSL for the entire site. >Setting the ‘secure’ flag on for sensitive cookies. >Insuring that a server certificate is valid, is not expired, is not revoked, and that it correctly matches all domains for which it is used. >And certifying that backend and other connections also use SSL or other encryption mechanisms. Credits : @yashpatil_ Join @sec_army for Daily Hacktivity & Knowledge Dose. #cybersecurityawareness #cybersecuritytraining #ethicalhacking #hacking #hackingtools #learnhacking #kalilinux #kalilinuxtools #cyberhunter #cyberattack #cybersecurity #cyberarmy #instacybersecurity #wearesecarmy https://www.instagram.com/p/B4FOOJ3AgaJ/?igshid=13bot8y1vabud

Insufficient randomness results when software generates predictable values when unpredictability is required. When a security mechanism relies on random, unpredictable values to restrict access to a sensitive resource, such as an initialization vector (IV), a seed for generating a cryptographic key, or a session ID, then use of insufficiently random numbers may allow an attacker to access the resource by guessing the value. There are various steps in cryptography that call for the use of random numbers. Generating a nonce, initialization vector or cryptographic keying materials all require a random number. The strength of a cryptographic system depends heavily on the properties of these CSPRNGs. Depending on how the generated pseudo-random data is applied, a CSPRNG might need to exhibit some (or all) of these properties: •It appears random •Its value is unpredictable in advance •It cannot be reliably reproduced after generation. The potential consequences of using insufficiently random numbers are data theft or modification, account or system compromise, and loss of accountability – i.e., non-repudation. #Solution When using random numbers in a security context, use cryptographically secure pseudo-random number generators (CSPRNG). Credits : @yashpatil_ Join @sec_army for Daily Hacktivity & Knowledge Dose. #cybersecurityawareness #bug #cybersecuritytraining #ethicalhacking #hacking #hackingtools #learnhacking #kalilinux #kalilinuxtools #cyberhunter #cyberattack #crypto #cyberarmy #instacybersecurity #wearesecarmy https://www.instagram.com/p/B39yklSASHa/?igshid=15gi8qain25

The application makes use of untrusted data in conjunction with the creation and or use of an interpreter. #Untrusted #data is retrieved from the attacker and utilized as an argument to a dangerous interpreter access method. Failure to properly validate or encode data utilized by an interpreter increases the risk of injection attacks. Such injection typically results in the attacker's ability to execute arbitrary code in the context of the #program consuming the interpreter results. The nature of a Injection Attack is that the attacker tricks the application into running some code statements that are not part of the intended functions of that application. This means there has to be some mechanism to parse and execute the malicious code contained in the attacker's payload before the owner of the application can stop it. In theory, an application could compile code and run it automatically, but it's much more common for this type of attack to use malicious code that is not compiled, but is interpreted at runtime. ¶Your other examples, XML, XPath, HTTP, are not typically associated with code injection. •XML is not code, it's a data format. •HTTP is not code, it's a protocol. •XPath is sort of like code, but a very specialized type of code. It's an expression language to identify elements in an XML document. It's limited in what it can do, so it's not a common vector for code injection attacks. #Solution Define and enforce a strict set of criteria defining what the application will accept as valid input, and contextually encode all untrusted data passed to the interpreter prior to execution. Credits : @yashpatil_ Join @sec_army for Daily Hacktivity & Knowledge Dose. #cybersecurityawareness #cybersecuritytraining #ethicalhacking #hacking #hackingtools #learnhacking #kalilinux #kalilinuxtools #cyberhunter #cyberattack #cybersecurity #cyberarmy #instacybersecurity #wearesecarmy https://www.instagram.com/p/B37L4moFojh/?igshid=144b8x4l0utqp

This application is not utilizing an access control strategy for one or more components. Failure to utilize access control can lead to exposure of sensitive functionality to unintended users. Malicious users seek out this type of functionality to cause harm to users of the application, or the application itself. In Websphere, if you enable servlets by class name, then this is performing the same act as Android in that it allows you to invoke by the class. If the following snippet exists or the variable is not declared, this allows you to invoke servlets without any permissions: enable-serving-servlets-by-class-name value="true" Utilize an access control strategy for all components of the application where sensitive functionality may reside. Prevent servlets from serving by classname by adding the following line: enable-serving-servlets-by-class-name value="false" Credits : @yashpatil_ Join @sec_army for Daily Hacktivity & Knowledge Dose. #cybersecurityawareness #cybersecuritytraining #ethicalhacking #hacking #hackingtools #learnhacking #kalilinux #kalilinuxtools #cyberhunter #cyberattack #cybersecurity #cyberarmy #instacybersecurity #wearesecarmy https://www.instagram.com/p/B34Y6qxA6xX/?igshid=1esfar9pujvmy

#Hashing is an algorithm that calculates a fixed-size bit string value from a file. A file basically contains blocks of data. Hashing transforms this data into a far shorter fixed-length value or key which represents the original string. The hash value can be considered the distilled summary of everything within that file. A good hashing #algorithm would exhibit a property called the avalanche effect, where the resulting hash output would change significantly or entirely even when a single bit or byte of data within a file is changed. A hash function that does not do this is considered to have poor randomization, which would be easy to break by hackers. A hash is usually a hexadecimal string of several characters. Hashing is also a unidirectional process so you can never work backwards to get back the original data. #Types Of Hashing: MD5 - Used as a checksum to verify data integrity. SHA 2 - A cryptographic hash function. CRC32 - cyclic redundancy check is an error-detecting code often used for detection of accidental changes to data. Credits : @yashpatil_ Join @sec_army for Daily Hacktivity & Knowledge Dose. #cybersecurityawareness #hash #cybersecuritytraining #ethicalhacking #hacking #hackingtools #learnhacking #kalilinux #kalilinuxtools #cyberhunter #cyberattack #cybersecurity #cyberarmy #instacybersecurity #wearesecarmy https://www.instagram.com/p/B3w-Vhjg1QJ/?igshid=1ioxk12xcn3ky

#Insecure Deserialization is a vulnerability which occurs when untrusted data is used to abuse the logic of an application, inflict a denial of service (DoS) attack, or even execute arbitrary code upon it being deserialized. Object and data structure related attacks where the attacker modifies application logic or achieves arbitrary remote code execution if there are classes available to the application that can change behavior during or after deserialization. Typical data tampering attacks, such as access-control-related attacks, where existing data structures are used but the content is changed. Serialization may be used in applications for: -Remote- and inter-process communication (RPC/IPC) -Wire protocols, web services, message brokers -Caching/Persistence -Databases, cache servers, file systems -HTTP cookies, HTML form parameters, API authentication tokens The only safe architectural pattern is not to accept serialized objects from untrusted sources or to use serialization mediums that only permit primitive data types. If that is not possible, consider one of more of the following: #Implementing integrity checks such as digital signatures on any serialized objects to prevent hostile object creation or data tampering. #Enforcing strict type constraints during deserialization before object creation as the code typically expects a definable set of classes. Bypasses to this technique have been demonstrated, so reliance solely on this is not advisable. #Isolating and running code that deserializes in low privilege environments when possible. #Logging deserialization exceptions and failures, such as where the incoming type is not the expected type, or the deserialization throws exceptions. #Restricting or monitoring incoming and outgoing network connectivity from containers or servers that deserialize. #Monitoring deserialization, alerting if a user deserializes constantly. Credits : @kishorkumar3854 Join @sec_army for Daily Hacktivity & Knowledge Dose. #cybersecurityawareness #cybersafety #ethicalhacking #hacking #hackingtools #learnhacking #kalilinux #cyberhunter #cyberattack #cybersecurity #cyberarmy #instacybersecurity #wearesecarmy https://www.instagram.com/p/B3rovp-gaBA/?igshid=1glrjbsyy07yr

Source code Disclosure : Source code intended to be kept server-side can sometimes end up being disclosed to users. Such code may contain sensitive information such as database passwords and secret keys, which may help malicious users formulate attacks against the application. A server vulnerability can be exploited to read arbitrary files. This vulnerability can be used to reveal the source code of application files as well as display configuration files. Source code disclosure exposes sensitive application information such as input validation filters, database connection strings and queries, or hard-coded passwords. An attacker with information about input validation filters may be able to craft a specific request that would bypass the filter. Information about database connection strings exposes the user name and password used to access the database. Information about how database queries are constructed can help attackers create SQL injection exploits that pull specific information from the database. Hard-coded passwords within configuration files or application source code may enable an attacker to access portions of the application that are otherwise restricted. Remediation: Source code disclosure Server-side source code is normally disclosed to clients as a result of typographical errors in scripts or because of misconfiguration, such as failing to grant executable permissions to a script or directory. Review the cause of the code disclosure and prevent it from happening. Credits : @_anishkashukla_ Join @sec_army for Daily Hacktivity & Knowledge Dose. #cybersecurityawareness #cybersecuritytraining #ethicalhacking #hacking #hackingtools #learnhacking #kalilinux #kalilinuxtools #cyberhunter #cyberattack #cybersecurity #cyberarmy #instacybersecurity #wearesecarmy https://www.instagram.com/p/B3o_QbngpVC/?igshid=1oygzgs16i0sc