#multiple choice question on cyber forensic | Explore Tumblr posts and blogs

aryacollegeofengineering · 2 years ago

Text

What is the Criterion for a Successful Career in Ethical Hacking?

Criterion for a Successful Career in Ethical Hacking

Best Engineering College in Rajasthan says In the 1960s, the term "hacker" was developed to characterize professionals who used their expertise to re-develop computer systems, by increasing their productivity and being able to multitask. Malicious actors who utilize their expertise to exploit computer system vulnerabilities to gain unauthorized access are referred to as black hat hackers When employed for malicious purposes, a hacker's skills can damage network services and business operations also On the other hand, ethical hackers use the same technical skills to improve a company's security infrastructure.

Ethical Hackers

Cybercrime is the second most documented financial crime, impacting 32% of businesses According to Varonis, hackers target someplace in the globe every 39 seconds, with the estimated damages of a hack being $3.92 million, also from employees also Ethical hacking is an allowed procedure of circumventing system defenses and safety protocols to find potential flaws and vulnerabilities that pose a network danger So black hat hackers obtain classified information and cause harm, whereas ethical hackers are interested in using their skills to increase overall network protection so In the cyber security field, the old age "attack is the best form of defense" undoubtedly holds, which is why ethical hackers are well compensated, To be proficient in their professions, ethical hackers must understand how to detect and resolve network vulnerabilities by studying the attitude and practices of black hat hackers and testers and The variety of knowledge necessary to operate as an ethical hacker is wide, as it necessitates mastery of network processes, elements, and computer languages also White hat hackers specialize by enrolling in CEH training courses to work in organizations and ensure a comprehensive review of potential exploits.

Certified Ethical Hacker (CEH)

CEH is a certification that acknowledges a person's knowledge about systems and network safety also particularly in preventing unauthorized access and other assaults through proactive measures. The CEH certificate goes a step further by asking recipients to sign a written agreement promising to follow the law and adhere to ethical standards also The International Council of E-Commerce Consultants (EC-Council) is a member-supported professional body that sponsors the credential so Its mission is to build and promote ethical hacking with professional standards, who are qualified IT experts and To complement the CEH certification, the EC-Council presents many other certificates related to network security occupations, including secure coding, e-business, and digital forensics also The levels of certification proficiency range from beginner to expert.

How To Become A Certified Ethical Hacker?

One must clear the CEH test, which comprises 125 MCQs(multiple-choice questions) with a time limit of four hours The certification tests' integrity is maintained through the EC-provision Council's various question sets also Under the guidance of security specialists, these question banks are assessed through beta testing for an appropriate sample set, so It assists in guaranteeing that the exam questions are real-world relevant and fit the academic standards and The regulatory body determines the cutoff, which establishes the difficulty rating of every issue.

Ethical hacking techniques: - It can be used to test the security of systems and networks. By simulating real-world attacks, ethical hackers can help organizations find vulnerabilities and take steps to mitigate them Common ethical hacking techniques include password cracking, social engineering, denial of service attacks, and SQL injection also Password cracking involves using specialized software to guess passwords, often using a dictionary of common words or permutations thereof, So social engineering relies on tricking people into revealing sensitive information, such as passwords or credit card numbers and Denial of service attacks overload systems with requests, preventing legitimate users from accessing them. SQL injection inserts malicious code into web forms to access databases containing sensitive information.

Careers for Ethical Hackers:- The world increasingly relies on technology, the need for ethical hackers grows and Ethical hackers are responsible for testing systems and identifying vulnerabilities before they can be exploited by malicious actors also There are many different career paths open to ethical hackers, So Some work as independent consultants, while others are employed by companies or government organizations, So many ethical hackers also choose to specialize in a particular area, such as web security or network security and The demand for ethical hacking services is expected to continue to grow in the coming years and This is due to the ever-evolving nature of cyber threats and the need for organizations to protect their systems from attack.

Different Types Of Hackers

There are many different types of hackers, each with its own unique skill set and motivations Here is a brief overview of some of the most common types of hackers:

Black hat hackers

White hat hackers

Gray hat hackers

Script kiddies

Hacktivists

Cybercriminals

Conclusion

Best Private Engineering College in Rajasthan says Employers want certified ethical hackers, also known as white hat hackers, and Experienced IT workers are exploring this career as an economically beneficial choice, with a CEH certificate one can earn a huge income The major tech businesses in the industry prefer to support ethical hacking, praising and rewarding the hackers that strengthen their systems also Companies such as Apple, Google, and Amazon have a record of asking CEHs to crack their security measures to assist them in identifying security flaws and promoting their service, So cyber security and ethical hacking have never been more crucial than they are now and The demand for ethical hackers and cyber security specialists is increasing also Enroll in Knowledge Hut Certified Ethical Hacker certification online certified ethical hacker certification program today to remain current on crucial cyber security topics and industry trends.

Source: Click here

#best engineering college in jaipur #Best Engineering College in Rajasthan #Best BTech College in Rajasthan #Top Engineering College in Jaipur #Best Private Engineering College in Jaipur

1 note · View note

forensicfield · 3 years ago

Text

MCQs On Cyber Forensics

MCQs On Cyber Forensics Enhance your Knowledge of Cyber Forensics by taking this test. This Test contains 100+ MCQs and every time you will get a series of 10 new objectives after attempting one series or refreshing this page. #cyberforensic #forensic

View On WordPress

#computer forensic mcq #cyber forensic mcq #mcq on cyber forensics #mcq on digital forensics #mobile forensic mcq #multiple choice question on cyber forensic #net jrf mcq on cyber forensic #objective on cyber forensic #objectives on forensic science

0 notes

milescpareview · 4 years ago

Text

How Can You Incentivize Your Skills As a CPA

Now, you probably are thinking, how does it even matter?

I am already a CPA with a well-paid job and life is in a ship-shape, what else could I have left out, to fend off the odds. Well, earning a CPA is like earning another accounting degree in accounting and it does not mean that your accounting education has come to a stop. There are a few more to stay invincible in the market. This makeover would ask you to take a deep dive into your skills and your domain of expertise and carving your own niche to excel at your CPA career.

If you are comfortable working in the audit segment, consider taking a step towards financial risk management or data-driven financial analytics or you can advance your career to the organizational management roles as well. AICPA has specially developed the curriculum to prepare students to work- ready for varied accounting disciplines- from auditing in public accounting firms to ruling the management position or running an independent consultancy.

This helps CPAs to stand and opens a window of opportunity to explore and prepare for exclusive roles in the world of accounting.

The Speciality Credentials

Do all those letters offer anything more than a feather in your cap? Yes, if accounting is your career choice, graduate-level work can open the door to opportunities and higher salary expectations.

Let’s start with some of the common questions and answers with regard to accounting education.

The Accredited in Business Valuation (ABV) credential- The accreditation is exclusive for the AICPA members to CPA professionals. This credential gives the accountants an extra advantage by presenting with the knowhow them with the tools and resources needed to provide the best service to their clients and employers.

Certified Information Technology Professional (CITP) Credential- The Certified Information Technology Professional (CITP) credential represents the intersection of technology and finance. The CITP acknowledges CPAs and recognized equivalents who specialize and demonstrate specific skills, expertise, and experience in areas that include:

Information security and cyber risks

Business Intelligence, data management, and analytics

IT governance, risks, and controls

CITPs understand the impact of these areas on financial reporting and overall business operations, positioning them as trusted advisers for clients and employers alike.

Certified in Financial Forensics (CFF)- The Certified in Financial Forensics (CFF) credential positions forensic accounting professionals for increased demand in one of the fastest-growing specialty areas for CPAs. To become a CFF credential holder, the CFF Roadmap serves as a step-by-step guide illustrating how a CPA, at any level of expertise, can utilize the resources provided to FVS Section members to embark on the journey of obtaining the AICPA's CPA-exclusive forensic accounting credential.

Personal Financial Specialist (PFS) - The Personal Financial Specialist (PFS) credential allows CPAs to demonstrate their knowledge and expertise in personal financial planning. Whether a CPA specializes in personal financial planning with their clients or interacts with other financial planning professionals, the CPA/PFS credential adds credibility. CPA/PFS credential holders have specific experience, education, and examination requirements that set them apart from other CPAs and financial planners.It is more critical than ever that CPAs serving individual clients formalize financial planning services. Long-term trends in client demographics (needs and expectations), technology, and competitive pressures, are now compounded with valid concerns about the drastic impact on the financial markets because of the COVID-19 pandemic. With multiple stimulus packages and a myriad of questions, clients need the professional, objective, and trusted advice of the CPA/PFS more than ever to sort things out.

Certified in Entity and Intangible Valuations (CEIV)- With a proven track record of leadership in the full accounting ecosystem - from financial reporting to the audit, it recognizes the need for increased competence and improved quality, consistency, and transparency in the performance of fair value measurements.As a result, the Certified in Entity and Intangible Valuations (CEIV) credential was introduced for CPAs and Finance Professionals who perform fair value measurements for entities and intangible assets for financial reporting purposes. This includes business combinations, testing goodwill, and other long-lived assets for impairment, estimating the fair value of intangible assets such as customer relationships, patents, and more.

Certified in the Valuation of Financial Instruments (CVFI)- With a proven track record of leadership in the full accounting ecosystem - from financial reporting to the audit, recognize the need to increase competency, quality, consistency, and transparency in the performance of fair value measurements for financial instruments.

As a result, there was an introduction of the Certified in the Valuation of Financial Instruments™ (CVFI™) credential. The CFVI credential is granted by the AICPA to CPAs and valuation professionals who demonstrate considerable expertise in performing and/or reporting on fair value estimates of financial instruments for financial reporting purposes. This includes estimating the fair value of derivatives, structured products, securitized debts, and more.

About Miles Education

Miles Education is a premiere skilling & training institute for finance & accounting professionals to earn US CPA/CMA credentials. The focus for Miles Education has always been to up-skill students and professionals to help them be future-ready and enable their career progression through the US CPA/CMA qualification Committed to achieving this goal, today, Miles is India’s largest and #1 CPA review course! It has been instrumental in building the CPA/CMA ecosystem in India holding offices in 9 cities and partnerships with 100+ MNCs, including all of the Big 4s. Miles Education provides student/professional-centric services while keeping concept-based learning at its core which has helped it climb to the top ranks when it comes to the US CPA/CMA certification in India.

#finance #mileseducation #cpa #accounting #accountant #certified public accountant #accounting courses #course

2 notes · View notes

ledxlaw · 3 years ago

Text

Best online law certification courses in India

LedX provides best online law certification courses in India. All courses are designed by LedXperts. LedX offers 45+ free as well as paid courses.

Courses offered by LedXpertz

1. Civil Law

2. CLAT Law

3. Criminal Law

4. Cyber Law,

5. Environmental Law

6. Corporate Law

7. Forensic Law

8. Intellectual Property Law

9. International Law

10. Interactive Courses,

11. Law and Technology

12. Law for Professionals and many more.

LedX provides a platform for law learners and offers a number of Bootcamps, webinars and live classes, and online law courses with certificates that are designed to enrich our understanding of law by examining the idea of law. We are building an ecosystem of legal experts and working professionals providing first-hand guidance and assistance to the mentee, where the learning experience of every legal enthusiast is optimised.

LedX also provides a highly interactive interface platform to the online law certification course learners with H5P technology. H5p technology makes learning easy where students experience a new way of learning. Our interactive law courses contain explanations, extra pictures, tables, Fill in the Blank, multiple-choice questions, Drag and Drop Questions, and interactive summaries.

Ledx is a learning platform where education, ideas, challenges, skill development, can be imparted to law aspirants, graduates, professionals, and academicians for the upgrading of the legal community. LedX organises various competitions like MUN competition, Ledx debate competition, Ledx drafting ADR competition, etc. LedX aims to provide the different legal systems related to almost every aspect of human lives, ranging from business, economics, human rights, international relations, politics, amongst others. If you want to be a success in law, you need to have a knowledge of the law system of your country.

Why is legal education important nowadays?

Legal education is important for a society as it provides a norm of conduct for its citizens. Legal education gives the society by parting law students general and cultural education, making them good law for citizens. Legal education inculcates the significance and relevance of democratic culture in the students.

Law, legal education, and development have become interrelated topics in modern developing societies, which are struggling to grow into social welfare states and which are seeking to ameliorate the socio-economic condition of the people by peaceful means. The same is true for our country. It is a crucial function of legal education to produce lawyers with a social vision for the growth of the country.

If you want to learn online law courses with certificates visit our website and start learning today with paid as well as free courses. LedX offers advanced online law certification courses that are specially designed by experienced law experts, helping you to crack difficult competitive exams and to get the best jobs, and to serve your clients.

#Free online law courses with certificates #online law courses #best law certification courses online

0 notes

marymosley · 5 years ago

Text

Social Factors Leading to Juvenile Delinquency in Indian Context

Juvenile Delinquency is the demonstration of taking an interest in unlawful conduct as minor, it is a crime committed by kids under the period of 18 years and cannot abide by the law known as Juvenile Delinquency.

It is a combination of two words, Juvenile and Delinquent. The word delinquency has extracted from the Latin word “Delinquere” which intends to leave or to surrender. Age group: Boy child 7 years to 16 years and Girl child 7 years to 18 years. It cannot charge any child lesser than 7 years with a crime, no matter how strong the case. Under section 82 of the Indian Penal Code 1860 (IPC), a child under the age of 7 cannot say to have committed an offence CITATION Ram18 l 16393 (Devgan, 2018).

According to the Juvenile Justice Act 2015, the child between the age group of 16-18 years and commit any heinous crime, it will consider as an adult crime. The treatment for juveniles and adults differs from each other. Juvenile delinquency is a colossal issue in India by which the greater part of the young ruins their lives. Because of adolescent wrongdoing and related issues, youth, their families and suffer multiple consequences. Not only does the issue influence the survivors of the crime; it likewise influences the adolescent reprobate’s family, their future, and the public. The most significant outcome of wrongdoings submitted by adolescents conveys because of financial and mental issues that think about their relatives and the public. Because of the mental issues, now and again adolescents engaged with thefts, assaults, and attacks additionally are noteworthy, with these crimes the adolescents habituate to devour liquor or other drugs. The adolescent who carries out genuine wrongdoings challenges their future to fight apparent maltreatment that has executed against them. This makes them mental despondency and thus reflects to carry out more wrongdoings.

In 2003, out of all the juvenile delinquency 466 cases related to the rape case, in 2013 it has increased the number to 1737. By this, we can infer that juvenile delinquency is exploding. According to the 2016 report, the cases related to kidnapping and abduction committed by children are nearly 1485, out of which 817 cases are because of marriage.

Reasons for Juvenile Delinquency

Family: A reliable example of family risk elements relate to the improvement of reprobate conduct in youngsters. These family hazard factors incorporate an absence of appropriate parental supervision, less surveillance on the child, progressing parental clash, disregard, and misuse like emotional, psychological or physical. Guardians who exhibit an absence of regard for the law and social standards will probably have youngsters who think. At long last, those kids that show the most vulnerable connection to their folks and families are unequivocally similar adolescents who take part in wrong exercises, including reprobate lead.

The misnomer is the child who doesn’t have a home or broken family they commit more crime, but according to National Crime Records Bureau (NCRB), 2016 report out of all juvenile delinquency cases only 3.5% cases are homeless child committed crimes CITATION Kir17 l 1033 (Phogat, 2017).

Lack of Finances: Youthful or grown-up, may prompt an off-base way to improve their budgetary conditions. Adolescents become adolescent delinquents because of the absence of accounts. At the point when they experience poor financial conditions, they take part in an inappropriate exercise. To become rich in a short time, they may begin selling drugs or take things to improve their monetary conditions and to gain maximum pleasure.

Societal: As the kid develops more established, the individual in question goes into the neighbourhood and turns into an individual from the playgroup or companion gathering. That by chance he joins the gathering or the posse that cultivates reprobate mentalities he is additionally liable to turn into a reprobate. Much wrongdoing springs up from the pervasive mentalities in the gatherings inside which the adolescent has quick contacts. That is why it maintained that “delinquency is a product of community forces”

Others: Because of lack of education, we need to get that; it is uncommon that a youngster would have the choice to recognize good and bad.

According to the NCRB report, the child above 16 years nearly 45% have taken their primary education but they have not cleared their matriculation. By this, we can conclude that lack of education is also a reason for juvenile delinquency CITATION Ane19 l 16393 (Bedi, 2019).

Poverty: It is one of the significant purposes behind juvenile delinquency, a huge extent of reprobate youngsters originates from poor homes. It is notwithstanding how not recognized by proficient understudies of adolescent misconduct; the vast majority of delinquents originate from the lower class. They submit their offences as an individual from packs.

Poverty compels sometimes both of the guardians to be outside the home for a very extensive stretch to gain their everyday bread, to full fill basic needs, hunger. They will neglect the youngsters. Such youngsters may deliberately or unwittingly hold hands with hoodlums and become delinquents. This occurs in slum zones and regions in which most regular workers individuals live.

Preventive Measures

Any juvenile crime, how small or big it is, the child is not the one to blame; it is surrounding there could be many reasons but not the child. When it is not the child, making a strict law will not bring change and will not stop juvenile delinquency. Because it is a social problem.

Adolescent misconduct is one that has drawn the consideration of Indian society too. It realized that the reprobate kid today may end up being an interminable criminal tomorrow. Conversations, discussions, and studies have made at the national and international levels by researchers to search out a viable solution for this issue. I have recommended two strategies to manage this issue: Preventive strategy, and Rehabilitation CITATION Kas l 1033 (Kashishmathur, n.d.).

Juvenile Delinquency is exploding, the number of child house, child court, rehabilitation centre has to increase.

The Borstal home will take children below 15 years, it has to accept children from 15 to 18 years as well because the maximum crime committed by children comes under the age of 15-18 years.

Integration of NGO with Self-Help group and proper Rehabilitation.

In child court, the judges have to take from criminology, sociology, psychology background.

Establishment of Child Advice Centre in Slum areas.

Keep children away from sexual content.

References

Bedi, A. (2019, October 24). The Print. Retrieved from Juveniles Crime: https://ift.tt/2Jik6De

Chatterjee, D. (2018, November 17). Juvenile Delinquency in India – A Legal Analysis – By Debalina Chatterjee. Retrieved from Legal Bites: https://ift.tt/2AmbHNw

Devgan, R. (2018, August 15). IPC Section. Retrieved from Devgan.in: https://ift.tt/3dfqXKu

Kashishmathur. (n.d.). Juvenile Delinquency in India Causes and Prevention. Retrieved from Legal Service India: https://ift.tt/2ZQ890B

Phogat, K. (2017). Juvenile Delinquency in India Causes and Prevention. Journal of Advances and Scholarly Researches in Allied Education, 5.

Author :- Afrozulla Khan Z , Intern at Legal Desire (2020)

He has completed Masters in Criminology & Forensic Science, he is a Certified Cyber Warrior, self-taught Cyber-Crime Investigator, and Researcher.

He has published research and review papers in peer review International Forensic Science Journals. He serves as a Research paper reviewer of the International Journal of Forensic Sciences (IJFSC), and Editorial Board Member for the Journal of Forensic Sciences and Criminal Investigation (JFSCI).

He developed two android applications called “Forensic Science” and “Forensic Science News and Info” and both the apps are available in Google Play Store.

The post Social Factors Leading to Juvenile Delinquency in Indian Context appeared first on Legal Desire.

Social Factors Leading to Juvenile Delinquency in Indian Context published first on https://immigrationlawyerto.tumblr.com/

0 notes

coolmenmike · 5 years ago

Text

New CompTIA A+ Exam Objectives (220-1001 & 220-1002) Will Be Released This Winter

As it is generally known, CompTIA is constantly updating its certifications to reflect the evolutions in the industry. It is that time again when such an update takes place. In January 2019, there is going to be a significant change to the popular CompTIA A+ credential. The two certification exams: 220-901 and 220-902 will be updated in line with the new regulations and modern technology that have evolved in the industry from the last time the tests were updated. The A+ exams will have new codes: 220-1001 and 220-1002

Overview of new CompTIA A+ exams CompTIA 220-1001 is the first of two exams that covers networking, PC hardware and peripherals, troubleshooting, and etc. The new update focuses on the system memory in addition to storage devices such as SSDs. There is also a prominence on computer gaming systems. This test will also evaluate your knowledge across the scope of 3D printing. It is important to mention that the candidates should not expect a huge change in the overall concepts and design of the exam questions as it is more of an improved test than a rewritten one. In other words, the questions are tweaked here and there to accommodate the new update.

The CompTIA 220-1002 exam entails updates to the operating system aspects covering Windows 7, 8, and 10. The update also includes update limitations and end of life for older systems. The new test also features changes in various security topics, which gives the candidates the opportunity to demonstrate their knowledge and skills of modern cyber threat landscape. In a new version of this certification exam, there are two totally new topics that one will be evaluated on. One of the topics measures the knowledge and skills of regulatory compliance and operational procedures, which cover areas such as incident response and General Data Protection Regulation (GDPR). The second topic focuses on script basics Batch, Java, Virtual Basic, and Python. The students are required to study loops, integers, and strings. This exam is highly recommended for the professionals planning to move into the roles of a developer.

Let us look at the exam objectives for these new certification tests in detail:

CompTIA A+ Core 1 (220-1001) The Core 1 exam evaluates the required skills for the entry-level IT professionals. The candidates who pass the test will be equipped with the knowledge needed to configure, maintain, and install PCs, mobile devices, as well as software for users. They will know how to gather components based on the requirements of customers; understand the fundamentals of networking and security forensics; offer appropriate support for customers; apply troubleshooting skills; safely and accurately diagnose, resolve, and document general software and hardware issues; understand the fundamentals of scripting, desktop imaging, virtualization, and deployment. The 220-1001 certification exam is made up of about 90 performance-based and multiple-choice questions. The time allotted for the completion of the test is 90 minutes. The applicants are required to have a minimum work experience of 9 months working as an IT support specialist.

There are specific skills that the exam is designed to measure. They include mobile devices (14%); networking (20%); hardware (27%); virtualization and cloud computing (12%); hardware and networking troubleshooting (27%). The percentage reflects the weight of questions that can be expected from each of the topic area.

CompTIA A+ Core 2 (220-1002) The Core 2 exam is also designed to measure the required skills for an entry-level IT specialist. Those individuals who pass this certification test will obtain the knowledge and skills necessary to assemble various components based on the requirements of customers; configure, maintain, and install PCs, software, and mobile devices for end users; apply troubleshooting skills; and understand the fundamentals of basics of scripting, desktop imaging, deployment, and virtualization, among others. Technically, the skills to be learnt in this exam are about the same as the Core 1 test cover but on a higher scale. The 220-1002 exam is made up of 90 questions. The candidates have a period of 90 minutes for the completion of the test. Before you attempt this A+ exam, CompTIA recommends that you have a minimum of 12-month experience working as an IT support specialist.

There are some specific skills that will be measured in this exam, and you are expected to understand these areas and focus on the topics during the preparation. The topic areas include operating systems (27%); security (24%); software troubleshooting (26%); operational procedures (23%). It is important to mention that each skill area also has sub topics that concretize what candidates are required to cover for each of them.

What will this mean for your current certification status? Those individuals who currently have CompTIA A+ will still maintain their certifications as long as they are still valid. However, after the three-year validity period of your certificate, you will be required to recertify it. At this point, you will have to take the exam. If you have already scheduled your test for this year, there is no point cancelling it or waiting for the new one. You should just go ahead and write the test. Writing the old exam this year doesn’t mean your certification will be invalid. The new exam objectives will take effect from around January 2019, but the old test (220-901 and 220-902) will be available for a six-month grace period. This means you can still write the old ones till about May of 2019. However, you can also choose to write the new exam as soon as its objectives are released. Actually, the decision to write the new or the old test will largely depend on your knowledge and training at the time you sit for it. If at the time of preparing for the exam, you have trained for the CompTIA 220-901 and CompTIA 220-902 tests, then there is no doubt about the version of exam to write; you will definitely opt for the old versions. However, if you start preparing for the test in 2019 with the new exam objectives for 220-1001 and 220-1002, you will take the new test. If you are planning to write the CompTIA A+ certification exam in 2019, it is recommended that you go with the new syllabus in order to avoid the stress of the hard deadline during the 2019 summer when the 220-901 and 220-902 tests will be retired. This is especially critical if you fail the exam at the first attempt close to the retirement deadline for the old test. If this happens, that means you will have to start your study afresh with the new syllabus. One thing you need to bear in mind though is that your CompTIA A+ certification is valid for a period of three years, irrespective of whether you write the old exams or the new ones.

Summary The current CompTIA A+ exams (220-901 and 220-902) are going to be replaced with the new tests (220-1001 and 220-1002) in January 2019. If you have registered for the old one, you can go ahead to prepare and write it. The difference in exams will not affect your certification. Even if you earn you’re A+ credential in 2019 with the old tests, your certificate will still be valid for a period of three years. The old exam will still be available for six months, which means you can still write it within the next six months. However, it is recommended that if you have not registered or started preparing for your test, you should consider registering with the new exam in order to avoid getting stressed by a hard headline.

#comptia #certification #engineer

0 notes

spotoccie-blog · 6 years ago

Text

CISSP official ISC 2 practice tests

Introduction: The CISSP Official (ISC) 2 Practice Tests is a companion volume to the CISSP (ISC)2 or the Certified Information Systems Security Professional Official Study Guide. If you’re looking forward to testing your knowledge before commencing the CISSP exam, this book will help you as it provides you with a combination of 1,300 questions that would be covering the CISSP Common Body of Knowledge and easily understandable explanations of both correct as well as wrong answers.

If you’re just starting to prepare for the CISSP exam, we would highly recommend that you should use the CISSP (ISC) 2 Certified Information Systems Security Professional Official Study Guide, so as to help you learn about each of the domains which would be covered by the CISSP exam. Once you’re ready to test your knowledge, you could use this book in order to help to find places where you may need to study more or to practice for the exam itself.

Since this is the book is considered as a companion to the CISSP Study Guide, this book is designed to be similar to taking the CISSP exam. It may contain multipart scenarios and standard multiple-choice questions which would be similar to those you may encounter in the certification exam itself. The book itself is again broken into 10 chapters: 8 chapters domain-centric with 100 questions about each domain, and 2 chapters that contain 250-question practice tests so as to simulate taking the exam itself.

CISSP Certification: The CISSP certification is going to be offered by the International Information System Security Certification Consortium, or (ISC) 2, is a global non-profit. The mission of (ISC) 2 is to provide and support constituents and members with resources, credentials, and leadership to address cyber, infrastructure security and information, software to deliver value to society. They achieve this mission by delivering the world’s leading certification program in information security. The CISSP is the flagship credential in this series and is going to be accompanied by several other (ISC) 2 programs: • Certified Authorization Professional (CAP) • Certified Cloud Security Professional (CCSP) • Certified Cyber Forensics Professional (CCFP) • Certified Secure Software Lifecycle Professional (CSSLP) • HealthCare Information Security Privacy Practitioner (HCISPP) • Systems Security Certified Practitioner (SSCP) There are also other three advanced CISSP certifications for those who are willing to move on from the base credential to demonstrate the advanced expertise in the domain of information security: • Information Systems Security Engineering Professional (CISSP-ISSEP) • Information Systems Security Management Professional (CISSP-ISSMP) • Information Systems Security Architecture Professional (CISSP-ISSAP) The CISSP certification would be covering eight domains of information security knowledge. These domains are meant to serve the candidates as the broad knowledge foundation which would be required to succeed in the information security profession. They are mentioned below: • Asset Security • Communication and Network Security • Identity and Access Management • Security and Risk Management • Security Assessment and Testing • Security Engineering • Security Operations • Software Development Security

The CISSP Official ISC 2 Practice Tests would be composed of 10 chapters. Each of the first eight chapters is going to cover a domain, within a variety of questions that can help you to test your knowledge of the real-world scenario, and best practices-based security knowledge. The final two chapters would be consisting of complete practice exams that can serve as timed-based practice tests in order to help the candidates determine if they’re ready for the CISSP exam.

We would like to recommend you take the first practice exam in order to help you to identify where you may need to spend more time to study, and then using the domain-specific chapters in order to test your domain knowledge where it is weak. Once you’re ready, take the second practice exam to make sure that you’ve covered all of the material and are ready to attempt the CISSP exam. If this practice is also not enough, you could gain more knowledge by joining the CISSPTOP Services.

0 notes

thetechnologyguy-blog1 · 6 years ago

Text

Metadata: What is it and why is it important?

“We kill people based on metadata,” said Michael Hayden, former NSA and CIA director, in 2014. But what is it and why should you care about it?

Although it was coined in the 60’s, experts in digital forensics believe that the term “metadata” became public domain until the 21st century, due to the leaks of Edward Snowden. In 2014, Snowden explained that metadata might reveal “who you’re talking to, when you’re talking to someone, or even where you usually travel.”

What is metadata?

Metadata is a part of everyday life. Each file you send or receive has metadata. Metadata reveals information that might be contained in the data — the goal is to make connections and provide context to the data, show relationships, and help understand them. According to specialists in digital forensics from the International Institute of Cyber Security, metadata responds to questions such as:

Who?

What?

Where?

When?

Why?

For example, a chocolate bar. The information we find in the wrapper, such as the brand name, the barcode, etc., is metadata. A song’s name, the artist’s name, the music genre, the listening frequency, is also metadata. When someone uses Youtube with automatic playing enabled, the metadata of your previous choices helps determine what will be played next.

In social networks, metadata is used to group posts, track user interests, and help create a context around user data. Imagine sending a selfie, the data reveals the content of the selfie, while metadata can contain location data, time, even the person’s exposure time in front of the camera.

What the metadata reveals about us

In short, metadata reveal too much. Metadata could reveal our innermost personal details, such as political inclinations, health status, financial situation, family relationships, etc.

For example, researchers Deepak Jagdish and Daniel Smilkov developed a tool designed to contextualize email metadata. Analyzing only the information fields From, To, Cc and Timestamp of their emails, researchers were able to make amazing discoveries about their social interactions, relationships, social circle, even their sleep cycles.

They could calculate, for example, how many people they knew in a certain time period, more productive moments of their day, etc.

The long-range surveillance of telephone metadata was demonstrated by Stanford University researchers who found that the National Security Agency’s massive collection of telephone records can provide a lot more learning about the private lives of people that the government wills to admit to. By just getting the number of two people participating in a phone call, the serial number of the phones involved, the time and duration of the calls and possibly the location of each person during the call, the investigators managed to isolate data up to a certain identity.

Although a website is secure, metadata is not protected

The HTTPS protocol indicates that a website is secure, this is a fact that many people know. A somewhat less well-known fact is that, although HTTPS encrypts the content, the site still leaks metadata. Here is a brief explanation:

The content of the Hypertext Transfer Protocol is not encrypted, so it cannot be considered secure by itself, so the information contained may be stolen. The ‘s’ in HTTPS stands for ‘safe’. This protocol was designed to improve privacy on the Internet when sending personal information, which could still be stolen, but this is now more difficult. HTTPS is widely used in sites like Google, Facebook or Twitter, or anywhere else.

To achieve HTTP-to-HTTPS conversion, the website owner must purchase more secure certificates, such as TLS or SSL. These protocols prove that a website is legitimate. The thing is that no one can see the information we send over the Internet, but anyone can intuit the content of the information sent, like guessing that inside an envelope there is a postcard or a letter.

USA, the home of metadata surveillance

The NSA could be the most intrusive and creative metadata spy organization we know.

Political, social and technological organizations have enabled the NSA to raise the levels of metadata collection. Although the Freedom Act of 2015 limited the NSA’s ability to collect phone records and contacts of terrorist activity suspects, in May, the agency revealed a massive increase in the amount of telephone call metadata collected in the report titled “Call Details Logs”, going from 151 million of call logs to 2016 to more than 534 million in 2017. Despite this increase, there were only 40 terrorism suspects in 2017.

At the end of June, the NSA issued a statement announcing that it began a process of erasing these records, as agency officials discovered technical irregularities.

Is there anything we can do?

Unfortunately, specialists in ethical hacking and digital forensics believe that there is no definitive solution to protect our metadata. Maybe, as Henry David Thoreau says, you can begin a new life in the forest, isolated from the world.

Despite this pessimistic statement, there are some useful tips for minimizing risks:

Do not share information in excess. Remember that every time you share something on the Internet, it will stay there forever

Install an operating system with multiple security layers (such as Linux)

Disable the GPS of your devices when not in use

Disable JavaScript

#cybersecurity

0 notes

jennifersnyderca90 · 7 years ago

Text

4 Years After Target, the Little Guy is the Target

Dec. 18 marked the fourth anniversary of this site breaking the news about a breach at Target involving some 40 million customer credit and debit cards. It has been fascinating in the years since that epic intrusion to see how organized cyber thieves have shifted from targeting big box retailers to hacking a broad swath of small to mid-sized merchants.

In many ways, not much has changed: The biggest underground shops that sell stolen cards still index most of their cards by ZIP code. Only, the ZIP code corresponds not to the legitimate cardholder’s billing address but to the address of the hacked store at which the card in question was physically swiped (the reason for this is that buyers of these cards tend to prefer cards used by people who live in their geographic area, as the subsequent fraudulent use of those cards tends to set off fewer alarm bells at the issuing bank).

Last week I was researching a story published here this week on how a steep increase in transaction fees associated with Bitcoin is causing many carding shops to recommend alternate virtual currencies like Litecoin. And I noticed that popular carding store Joker’s Stash had just posted a new batch of cards dubbed “Dynamittte,” which boasted some 7 million cards advertised as “100 percent” valid — meaning the cards were so fresh that even the major credit card issuers probably didn’t yet know which retail or restaurant breach caused this particular breach.

An advertisement for a large new batch of stolen credit card accounts for sale at the Joker’s Stash Dark Web market.

Translation: These stolen cards were far more likely to still be active and useable after fraudsters encode the account numbers onto fake plastic and use the counterfeits to go shopping in big box stores.

I pinged a couple of sources who track when huge new batches of stolen cards hit the market, and both said the test cards they’d purchased from the Joker’s Stash Dynamittte batch mapped back to customers who all had one thing in common: They’d all recently eaten at a Jason’s Deli location.

Jason’s Deli is a fast casual restaurant chain based in Beaumont, Texas, with approximately 266 locations in 28 states. Seeking additional evidence as to the source of the breach, I turned to the Jason’s Deli Web site and scraped the ZIP codes for their various stores across the country. Then I began comparing those ZIPs with the ZIPs tied to this new Dynamittte batch of cards at Joker’s Stash.

Checking my work were the folks at Mindwise.io, a threat intelligence startup in California that monitors Dark Web marketplaces and tries to extract useful information from them. Mindwise found a nearly 100 percent overlap between the ZIP codes on the “Blasttt-US” unit of the Dynamittte cards for sale and the ZIP codes for Jason’s Deli locations.

Reached for comment, Jason’s Deli released the following statement:

“On Friday, Dec. 22, 2017, our company was notified by payment processors – the organizations that manage the electronic connections between Jason’s Deli locations and payment card issuers – that MasterCard security personnel had informed it that a large quantity of payment card information had appeared for sale on the ‘dark web,’ and that an analysis of the data indicated that at least a portion of the data may have come from various Jason’s Deli locations.”

“Jason’s Deli’s management immediately activated our response plan, including engagement of a leading threat response team, involvement of other forensic experts, and cooperation with law enforcement. Among the questions that investigators are working to determine is whether in fact a breach took place, and if so, to determine its scope, the method employed, and whether there is any continuing breach or vulnerability.”

“The investigation is in its early stages and, as is typical in such situations, we expect it will take some time to determine exactly what happened. Jason’s Deli will provide as much information as possible as the inquiry progresses, bearing in mind that security and law enforcement considerations may limit the amount of detail we can provide.”

It’s important to note that the apparent breach at Jason’s Deli almost certainly does not correspond to 7 million cards; typically, carding shop owners will mix cards stolen from multiple breaches into one much larger batch (Dynamittte), and often further subdivide the cards by region (US vs. European cards).

As run-of-the-mill as these card breaches have become, it’s still remarkable even in smaller batches of cards like those apparently stolen from Jason’s Deli customers just how many financial institutions are impacted with each breach.

Banks impacted by the apparent breach at Jason’s Deli, sorted by Bank ID Number (BIN) — i.e. the issuer identified by the first six digits in the card number.

Mindwise said it was comfortable concluding that at least 170,000 of the cards for put up for sale this past week on Joker’s Stash map back to Jason’s Deli locations. That may seem like a drop in the bucket compared to the 40 million cards that thieves hauled away from Target four years ago, but the cards stolen from Jason’s Deli customers were issued by more than 250 banks and credit unions, most of which will adopt differing strategies on how to manage fraud on those cards.

In other words, by moving down the food chain to smaller but far more plentiful and probably less secure merchants (either by choice or because the larger stores became a harder target) — and by mixing cards stolen from multiple breaches — the fraudsters have made it less likely that breaches at chain stores will be detected and remediated quickly, thereby prolonging the value and use of the stolen cards put up for sale in underground marketplaces.

All that said, it’s really not worth it to spend time worrying about where your card number may have been breached, since it’s almost always impossible to say for sure and because it’s common for the same card to be breached at multiple establishments during the same time period.

Just remember that although consumers are not liable for fraudulent charges, it may still fall to you the consumer to spot and report any suspicious charges. So keep a close eye on your statements, and consider signing up for text message notifications of new charges if your card issuer offers this service. Most of these services also can be set to alert you if you’re about to miss an upcoming payment, so they can also be handy for avoiding late fees and other costly charges.

Related reading (i.e., other breach stories confirmed with ZIP code analysis):

Breach at Sonic Drive-in May Have Impacted Millions of Credit, Debit Cards

Zip Codes Show Extent of Sally Beauty Breach

Data: Nearly All U.S. Home Depot Stores Hit

Cards Stolen in Target Breach Flood Underground Markets

from https://krebsonsecurity.com/2017/12/4-years-after-target-the-little-guy-is-the-target/

0 notes

nedsvallesny · 7 years ago

Text

4 Years After Target, the Little Guy is the Target

An advertisement for a large new batch of stolen credit card accounts for sale at the Joker’s Stash Dark Web market.

Reached for comment, Jason’s Deli released the following statement:

Banks impacted by the apparent breach at Jason’s Deli, sorted by Bank ID Number (BIN) — i.e. the issuer identified by the first six digits in the card number.

Related reading (i.e., other breach stories confirmed with ZIP code analysis):

Breach at Sonic Drive-in May Have Impacted Millions of Credit, Debit Cards

Zip Codes Show Extent of Sally Beauty Breach

Data: Nearly All U.S. Home Depot Stores Hit

Cards Stolen in Target Breach Flood Underground Markets

from Technology News https://krebsonsecurity.com/2017/12/4-years-after-target-the-little-guy-is-the-target/

0 notes

amberdscott2 · 7 years ago

Text

4 Years After Target, the Little Guy is the Target

An advertisement for a large new batch of stolen credit card accounts for sale at the Joker’s Stash Dark Web market.

Reached for comment, Jason’s Deli released the following statement:

Banks impacted by the apparent breach at Jason’s Deli, sorted by Bank ID Number (BIN) — i.e. the issuer identified by the first six digits in the card number.

Related reading (i.e., other breach stories confirmed with ZIP code analysis):

Breach at Sonic Drive-in May Have Impacted Millions of Credit, Debit Cards

Zip Codes Show Extent of Sally Beauty Breach

Data: Nearly All U.S. Home Depot Stores Hit

Cards Stolen in Target Breach Flood Underground Markets

from Amber Scott Technology News https://krebsonsecurity.com/2017/12/4-years-after-target-the-little-guy-is-the-target/

0 notes

gilbertineonfr2 · 8 years ago

Text

TROOPERS 2017 Day #2 Wrap-Up

This is my wrap-up for the 2nd day of “NGI” at TROOPERS. My first choice for today was “Authenticate like a boss” by Pete Herzog. This talk was less technical than expected but interesting. It focussed on a complex problem: Identification. It’s not only relevant for users but for anything (a file, an IP address, an application, …). Pete started by providing a definition. Authentication is based on identification and authorisation. But identification can be easy to fake. A classic example is the hijacking of a domain name by sending a fax with a fake ID to the registrar – yes, some of them are still using fax machines! Identification is used at any time to ensure the identity of somebody to give access to something. It’s not only based on credentials or a certificate.

Identification is extremely important. You have to distinguish the good and bad at any time. Not only people but files, IOC’s, threat intelligence actors, etc. For files, metadata can help to identify. Another example reported by Pete: the attribution of an attack. We cannot be 100% confident about the person or the group behind the attack.The next generation Internet needs more and more identification. Especially with all those IoT devices deployed everywhere. We don’t even know what the device is doing. Often, the identification process is not successful. How many times did you send a “hello” to somebody that was not the right person on the street or while driving? Why? Because we (as well as objects) are changing. We are getting older, wearing glasses, etc… Every interaction you have in a process increases your attack surface the same amount as one vulnerability. What is more secure? Let a user choose his password or generate a strong one for him? He’ll not remember ours and write it down somewhere. In the same way, what’s best? a password or a certificate? An important concept explained by Pete is the “intent”. The problem is to have a good idea of the intent (from 0 – none – to 100% – certain).

Example: If an attacker is filling your firewall state table, is it a DoS attack? If somebody is performed a traceroute to your IP addresses, is it a foot-printing? Can be a port scan automatically categorized as hunting? And a vulnerability scan will be immediately followed by an attempt to exploit? Not always… It’s difficult to predict specific action. To conclude, Pete mentioned machine learning as a tool that may help in the indicators of intent.

After an expected coffee break, I switched to the second track to follow “Introduction to Automotive ECU Research” by Dieter Spaar. ECU stands for “Electronic Control Unit”. It’s some kind of brain present in modern cars that helps to control the car behaviour and all its options. The idea of the research came after the problem that BMW faced with the unlock of their cars. Dieter’s Motivations were multiple: engine tuning, speedometer manipulation, ECU repair, information privacy (what data are stored by a car?), the “VW scandal” and eCall (Emergency calls). Sometimes, some features are just a question of ECU configuration. They are present but not activated. Also, from a privacy point of view, what infotainment systems collect from your paired phone? How much data is kept by your GPS? ECU’s depend on the car model and options. In the picture below, yellow blocks are ECU activated, others (grey) are optional (this picture is taken from an Audi A3 schema):

Interaction with the ECU is performed via a bus. They are different bus systems: the most known is CAN (Controller Area Network), MOST (Media Oriented System Transport), Flexray, LIN (Local Interconnected Network), Ethernet or BroadR-Reach. Interesting fact, some BMW cars have an Ethernet port to speed up the upgrades of the infotainment (like GPS maps). Ethernet provides more bandwidth to upload big files. ECU hardware is based on some typical microcontrollers like Renesas, Freescale or Infineon. Infotainment systems are running on ARM sometimes x86. QNX, Linux or Android. A special requirement is to provide a fast response time after power on. Dieter showed a lot of pictures with ECU where you can easily identify main components (Radio, infotainment, telematics, etc). Many of them are manufactured by Peiker. This was a very quick introduction but this demonstrated that they are still space for plenty of research projects with cars. During the lunch break, I had an interesting chat with two people working at Audi. Security is clearly a hot topic for car manufacturers today!

For the next talk, I switched again to the other track and attended “PUF ’n’ Stuf” by Jacob Torrey & Anders Fogh. The idea behind this strange title was “Getting the most of the digital world through physical identities”. The title came from a US TV show popular in the 60’s. Today, within our ultra-connected digital world, we are moving our identity from a physical world and it becomes difficult to authenticated somebody. We are losing the “physical” aspect. Humans can quickly spot an imposter just by having a look at a picture and after a simple conversation. Even if you don’t personally know the person. But to authenticate people via a simple login/password pair, it becomes difficult in the digital world. The idea of Jacob & Anders was to bring a strong physical identification in the digital world. The concept is called “PUF” or “Physically Uncloneable Function“. To achieve this, they explained how to implement a challenge-response function for devices that should return responses as non-volatile as possible. This can be used to attest the execution state or generate device-specific data. They reviewed examples based on SRAM, EEPROM or CMOS/CCD. The latest example is interesting. The technique is called PRNU and can be used to uniquely identify image sensors. This is often used in forensic investigation to link a picture to a camera. You can see this PUF as a dual-factor authentication. But there are caveats like a lack of proper entropy or PUF spoofing. Interesting idea but no easy to implement in practical cases.

After the lunch, Stefan Kiese had a two-hours slot to present “The Hardware Striptease Club”. The idea of the presentation was to briefly introduce some components that we can find today in our smart houses and see how to break them from a physical point of view. Stefan briefly explained the methodology to approach those devices. When you do this, never forget the impact (loss of revenue, theft of credentials, etc… or worse life (pacemakers, cars). Some reviewed victims:

TP-Link NC250 (Smart home camera)

Netatmo weather station

BaseTech door camera

eQ-3 home control access point

Easy home wifi adapter

Netatmo Welcome

It made an electronic crash course but also insisted on the risks to play with electricity powered devices! Then, people were able to open and disassemble the devices to play with them.

I didn’t attend the second hour because another talk looked interesting: “Metasploit hardware bridge hacking” by Craig Smith. He is working at Rapid7 and is playing with all “moving” things from cars to drones. To interact with those devices, a lot of tools and gadgets are required. The idea was to extend the Metasploit framework to be able to pentest these new targets. With an estimation of 20.8 billions of IoT devices connected (source: Gartner), pentesting projects around IoT devices will be more and more frequent. Many tools are required to test IoT devices: RF Transmitters, USB fuzzers, RFID cloners, JTAG devices, CAN bus tools, etc. The philosophy behind Metasploit remains the same: based on modules (some exploits, some payload, some shellcodes). New modules are available to access relays which talk directly to the hardware module. Example:

msf> use auxililary/server/local_hwbridge

A Metasploit relay is a lightweight HTTP server that just makes JSON translations between the bridge and Metasploit.

Example: ELM327 diagnostic module can be used via serial USB or BT. Once connected all the classic framework features are available as usual:

./tools/hardware/elm327_relay.rb

Other supported relays are RF transmitter or Zigbee. This was an interesting presentation.

For the last time slot, there was two talks: one about vulnerabilities in TP-Link devices and one presented as “Looking through the web of pages to the Internet of Things“. I chose the second one presented by Gabriel Weaver. The abstract did not describe properly the topic (or I did not understand it) but the presentation was a review of the research performed by Gabriel: “CTPL” or “Cyber Physical Topology Language“.

That’s close the 2nd day. Tomorrow will be dedicated to the regular tracks. Stay tuned for more coverage.

[The post TROOPERS 2017 Day #2 Wrap-Up has been first published on /dev/random]

from Xavier

#TROOPERS 2017 Day 2 Wrap-Up

0 notes

forensicfield · 4 years ago

Text

Quiz on Cyber Forensics

Quiz on Cyber Forensics This Quiz Test consist Multiple Choice Questions With Answers, but you have to attempt questions and then submit your answer in last, and, then you will get your score and correct answers of each questions.

This Quiz Test consist Multiple Choice Questions With Answers, but you have to attempt questions and then submit your answer in last, and, then you will get your score and correct answers of each questions. Retake the test to do better if you haven’t scored well so you will memorize all the answers at last. Click the Link given below; Start Quiz Best of luck.

View On WordPress

#cyber forensic #cyber forensic mcq #fact mcq on cyber forensic #mcq on cyber forensics #mcq on digital forensics #net jrf mcq on cyber forensic #objective on cyber forensic #question answer on cyber forensic

2 notes · View notes

news-wars-blog · 8 years ago

Text

WikiLeaks Vault7 Leaked CIA Files

RELEASE: CIA Vault 7 Year Zero decryption passphrase: SplinterItIntoAThousandPiecesAndScatterItIntoTheWinds

Download here: https://t.co/gpBxJAoYD5

Today, Tuesday 7 March 2017, WikiLeaks begins its new series of leaks on the U.S. Central Intelligence Agency. Code-named „Vault 7“ by WikiLeaks, it is the largest ever publication of confidential documents on the agency.

The first full part of the series, „Year Zero“, comprises 8,761 documents and files from an isolated, high-security network situated inside the CIA’s Center for Cyber Intelligence in Langley, Virgina. It follows an introductory disclosure last month of CIA targeting French political parties and candidates in the lead up to the 2012 presidential election.

Recently, the CIA lost control of the majority of its hacking arsenal including malware, viruses, trojans, weaponized „zero day“ exploits, malware remote control systems and associated documentation. This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA. The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive.

„Year Zero“ introduces the scope and direction of the CIA’s global covert hacking program, its malware arsenal and dozens of „zero day“ weaponized exploits against a wide range of U.S. and European company products, include Apple’s iPhone, Google’s Android and Microsoft’s Windows and even Samsung TVs, which are turned into covert microphones.

Since 2001 the CIA has gained political and budgetary preeminence over the U.S. National Security Agency (NSA). The CIA found itself building not just its now infamous drone fleet, but a very different type of covert, globe-spanning force — its own substantial fleet of hackers. The agency’s hacking division freed it from having to disclose its often controversial operations to the NSA (its primary bureaucratic rival) in order to draw on the NSA’s hacking capacities.

By the end of 2016, the CIA’s hacking division, which formally falls under the agency’s Center for Cyber Intelligence (CCI), had over 5000 registered users and had produced more than a thousand hacking systems, trojans, viruses, and other „weaponized“ malware. Such is the scale of the CIA’s undertaking that by 2016, its hackers had utilized more code than that used to run Facebook. The CIA had created, in effect, its „own NSA“ with even less accountability and without publicly answering the question as to whether such a massive budgetary spend on duplicating the capacities of a rival agency could be justified.

In a statement to WikiLeaks the source details policy questions that they say urgently need to be debated in public, including whether the CIA’s hacking capabilities exceed its mandated powers and the problem of public oversight of the agency. The source wishes to initiate a public debate about the security, creation, use, proliferation and democratic control of cyberweapons.

Once a single cyber ‚weapon‘ is ‚loose‘ it can spread around the world in seconds, to be used by rival states, cyber mafia and teenage hackers alike.

Julian Assange, WikiLeaks editor stated that „There is an extreme proliferation risk in the development of cyber ‚weapons‘. Comparisons can be drawn between the uncontrolled proliferation of such ‚weapons‘, which results from the inability to contain them combined with their high market value, and the global arms trade. But the significance of „Year Zero“ goes well beyond the choice between cyberwar and cyberpeace. The disclosure is also exceptional from a political, legal and forensic perspective.“

Wikileaks has carefully reviewed the „Year Zero“ disclosure and published substantive CIA documentation while avoiding the distribution of ‚armed‘ cyberweapons until a consensus emerges on the technical and political nature of the CIA’s program and how such ‚weapons‘ should analyzed, disarmed and published.

Wikileaks has also decided to redact and anonymise some identifying information in „Year Zero“ for in depth analysis. These redactions include ten of thousands of CIA targets and attack machines throughout Latin America, Europe and the United States. While we are aware of the imperfect results of any approach chosen, we remain committed to our publishing model and note that the quantity of published pages in „Vault 7“ part one (“Year Zero”) already eclipses the total number of pages published over the first three years of the Edward Snowden NSA leaks.

Analysis

CIA malware targets iPhone, Android, smart TVs

CIA malware and hacking tools are built by EDG (Engineering Development Group), a software development group within CCI (Center for Cyber Intelligence), a department belonging to the CIA’s DDI (Directorate for Digital Innovation). The DDI is one of the five major directorates of the CIA (see this organizational chart of the CIA for more details).

The EDG is responsible for the development, testing and operational support of all backdoors, exploits, malicious payloads, trojans, viruses and any other kind of malware used by the CIA in its covert operations world-wide.

The increasing sophistication of surveillance techniques has drawn comparisons with George Orwell’s 1984, but „Weeping Angel“, developed by the CIA’s Embedded Devices Branch (EDB), which infests smart TVs, transforming them into covert microphones, is surely its most emblematic realization.

The attack against Samsung smart TVs was developed in cooperation with the United Kingdom’s MI5/BTSS. After infestation, Weeping Angel places the target TV in a ‚Fake-Off‘ mode, so that the owner falsely believes the TV is off when it is on. In ‚Fake-Off‘ mode the TV operates as a bug, recording conversations in the room and sending them over the Internet to a covert CIA server.

As of October 2014 the CIA was also looking at infecting the vehicle control systems used by modern cars and trucks. The purpose of such control is not specified, but it would permit the CIA to engage in nearly undetectable assassinations.

The CIA’s Mobile Devices Branch (MDB) developed numerous attacks to remotely hack and control popular smart phones. Infected phones can be instructed to send the CIA the user’s geolocation, audio and text communications as well as covertly activate the phone’s camera and microphone.

Despite iPhone’s minority share (14.5%) of the global smart phone market in 2016, a specialized unit in the CIA’s Mobile Development Branch produces malware to infest, control and exfiltrate data from iPhones and other Apple products running iOS, such as iPads. CIA’s arsenal includes numerous local and remote „zero days“ developed by CIA or obtained from GCHQ, NSA, FBI or purchased from cyber arms contractors such as Baitshop. The disproportionate focus on iOS may be explained by the popularity of the iPhone among social, political, diplomatic and business elites.

A similar unit targets Google’s Android which is used to run the majority of the world’s smart phones (~85%) including Samsung, HTC and Sony. 1.15 billion Android powered phones were sold last year. „Year Zero“ shows that as of 2016 the CIA had 24 „weaponized“ Android „zero days“ which it has developed itself and obtained from GCHQ, NSA and cyber arms contractors.

These techniques permit the CIA to bypass the encryption of WhatsApp, Signal, Telegram, Wiebo, Confide and Cloackman by hacking the „smart“ phones that they run on and collecting audio and message traffic before encryption is applied.

CIA malware targets Windows, OSx, Linux, routers

The CIA also runs a very substantial effort to infect and control Microsoft Windows users with its malware. This includes multiple local and remote weaponized „zero days“, air gap jumping viruses such as „Hammer Drill“ which infects software distributed on CD/DVDs, infectors for removable media such as USBs, systems to hide data in images or in covert disk areas ( „Brutal Kangaroo“) and to keep its malware infestations going.

Many of these infection efforts are pulled together by the CIA’s Automated Implant Branch (AIB), which has developed several attack systems for automated infestation and control of CIA malware, such as „Assassin“ and „Medusa“.

Attacks against Internet infrastructure and webservers are developed by the CIA’s Network Devices Branch (NDB).

The CIA has developed automated multi-platform malware attack and control systems covering Windows, Mac OS X, Solaris, Linux and more, such as EDB’s „HIVE“ and the related „Cutthroat“ and „Swindle“ tools, which are described in the examples section below.

CIA ‚hoarded‘ vulnerabilities („zero days“)

In the wake of Edward Snowden’s leaks about the NSA, the U.S. technology industry secured a commitment from the Obama administration that the executive would disclose on an ongoing basis — rather than hoard — serious vulnerabilities, exploits, bugs or „zero days“ to Apple, Google, Microsoft, and other US-based manufacturers.

Serious vulnerabilities not disclosed to the manufacturers places huge swathes of the population and critical infrastructure at risk to foreign intelligence or cyber criminals who independently discover or hear rumors of the vulnerability. If the CIA can discover such vulnerabilities so can others.

The U.S. government’s commitment to the Vulnerabilities Equities Process came after significant lobbying by US technology companies, who risk losing their share of the global market over real and perceived hidden vulnerabilities. The government stated that it would disclose all pervasive vulnerabilities discovered after 2010 on an ongoing basis.

„Year Zero“ documents show that the CIA breached the Obama administration’s commitments. Many of the vulnerabilities used in the CIA’s cyber arsenal are pervasive and some may already have been found by rival intelligence agencies or cyber criminals.

As an example, specific CIA malware revealed in „Year Zero“ is able to penetrate, infest and control both the Android phone and iPhone software that runs or has run presidential Twitter accounts. The CIA attacks this software by using undisclosed security vulnerabilities („zero days“) possessed by the CIA but if the CIA can hack these phones then so can everyone else who has obtained or discovered the vulnerability. As long as the CIA keeps these vulnerabilities concealed from Apple and Google (who make the phones) they will not be fixed, and the phones will remain hackable.

The same vulnerabilities exist for the population at large, including the U.S. Cabinet, Congress, top CEOs, system administrators, security officers and engineers. By hiding these security flaws from manufacturers like Apple and Google the CIA ensures that it can hack everyone &mdsh; at the expense of leaving everyone hackable.

‚Cyberwar‘ programs are a serious proliferation risk

Cyber ‚weapons‘ are not possible to keep under effective control.

While nuclear proliferation has been restrained by the enormous costs and visible infrastructure involved in assembling enough fissile material to produce a critical nuclear mass, cyber ‚weapons‘, once developed, are very hard to retain.

Cyber ‚weapons‘ are in fact just computer programs which can be pirated like any other. Since they are entirely comprised of information they can be copied quickly with no marginal cost.

Securing such ‚weapons‘ is particularly difficult since the same people who develop and use them have the skills to exfiltrate copies without leaving traces — sometimes by using the very same ‚weapons‘ against the organizations that contain them. There are substantial price incentives for government hackers and consultants to obtain copies since there is a global „vulnerability market“ that will pay hundreds of thousands to millions of dollars for copies of such ‚weapons‘. Similarly, contractors and companies who obtain such ‚weapons‘ sometimes use them for their own purposes, obtaining advantage over their competitors in selling ‚hacking‘ services.

Over the last three years the United States intelligence sector, which consists of government agencies such as the CIA and NSA and their contractors, such as Booze Allan Hamilton, has been subject to unprecedented series of data exfiltrations by its own workers.

A number of intelligence community members not yet publicly named have been arrested or subject to federal criminal investigations in separate incidents.

Most visibly, on February 8, 2017 a U.S. federal grand jury indicted Harold T. Martin III with 20 counts of mishandling classified information. The Department of Justice alleged that it seized some 50,000 gigabytes of information from Harold T. Martin III that he had obtained from classified programs at NSA and CIA, including the source code for numerous hacking tools.

Once a single cyber ‚weapon‘ is ‚loose‘ it can spread around the world in seconds, to be used by peer states, cyber mafia and teenage hackers alike.

U.S. Consulate in Frankfurt is a covert CIA hacker base

In addition to its operations in Langley, Virginia the CIA also uses the U.S. consulate in Frankfurt as a covert base for its hackers covering Europe, the Middle East and Africa.

CIA hackers operating out of the Frankfurt consulate ( „Center for Cyber Intelligence Europe“ or CCIE) are given diplomatic („black“) passports and State Department cover. The instructions for incoming CIA hackers make Germany’s counter-intelligence efforts appear inconsequential: „Breeze through German Customs because you have your cover-for-action story down pat, and all they did was stamp your passport“

Your Cover Story (for this trip) Q: Why are you here? A: Supporting technical consultations at the Consulate.

Two earlier WikiLeaks publications give further detail on CIA approaches to customs and secondary screening procedures.

Once in Frankfurt CIA hackers can travel without further border checks to the 25 European countries that are part of the Shengen open border area — including France, Italy and Switzerland.

A number of the CIA’s electronic attack methods are designed for physical proximity. These attack methods are able to penetrate high security networks that are disconnected from the internet, such as police record database. In these cases, a CIA officer, agent or allied intelligence officer acting under instructions, physically infiltrates the targeted workplace. The attacker is provided with a USB containing malware developed for the CIA for this purpose, which is inserted into the targeted computer. The attacker then infects and exfiltrates data to removable media. For example, the CIA attack system Fine Dining, provides 24 decoy applications for CIA spies to use. To witnesses, the spy appears to be running a program showing videos (e.g VLC), presenting slides (Prezi), playing a computer game (Breakout2, 2048) or even running a fake virus scanner (Kaspersky, McAfee, Sophos). But while the decoy application is on the screen, the underlaying system is automatically infected and ransacked.

How the CIA dramatically increased proliferation risks

In what is surely one of the most astounding intelligence own goals in living memory, the CIA structured its classification regime such that for the most market valuable part of „Vault 7“ — the CIA’s weaponized malware (implants + zero days), Listening Posts (LP), and Command and Control (C2) systems — the agency has little legal recourse.

The CIA made these systems unclassified.

Why the CIA chose to make its cyberarsenal unclassified reveals how concepts developed for military use do not easily crossover to the ‚battlefield‘ of cyber ‚war‘.

To attack its targets, the CIA usually requires that its implants communicate with their control programs over the internet. If CIA implants, Command & Control and Listening Post software were classified, then CIA officers could be prosecuted or dismissed for violating rules that prohibit placing classified information onto the Internet. Consequently the CIA has secretly made most of its cyber spying/war code unclassified. The U.S. government is not able to assert copyright either, due to restrictions in the U.S. Constitution. This means that cyber ‚arms‘ manufactures and computer hackers can freely „pirate“ these ‚weapons‘ if they are obtained. The CIA has primarily had to rely on obfuscation to protect its malware secrets.

Conventional weapons such as missiles may be fired at the enemy (i.e into an unsecured area). Proximity to or impact with the target detonates the ordnance including its classified parts. Hence military personnel do not violate classification rules by firing ordnance with classified parts. Ordnance will likely explode. If it does not, that is not the operator’s intent.

Over the last decade U.S. hacking operations have been increasingly dressed up in military jargon to tap into Department of Defense funding streams. For instance, attempted „malware injections“ (commercial jargon) or „implant drops“ (NSA jargon) are being called „fires“ as if a weapon was being fired. However the analogy is questionable.

Unlike bullets, bombs or missiles, most CIA malware is designed to live for days or even years after it has reached its ‚target‘. CIA malware does not „explode on impact“ but rather permanently infests its target. In order to infect target’s device, copies of the malware must be placed on the target’s devices, giving physical possession of the malware to the target. To exfiltrate data back to the CIA or to await further instructions the malware must communicate with CIA Command & Control (C2) systems placed on internet connected servers. But such servers are typically not approved to hold classified information, so CIA command and control systems are also made unclassified.

A successful ‚attack‘ on a target’s computer system is more like a series of complex stock maneuvers in a hostile take-over bid or the careful planting of rumors in order to gain control over an organization’s leadership rather than the firing of a weapons system. If there is a military analogy to be made, the infestation of a target is perhaps akin to the execution of a whole series of military maneuvers against the target’s territory including observation, infiltration, occupation and exploitation.

Evading forensics and anti-virus

A series of standards lay out CIA malware infestation patterns which are likely to assist forensic crime scene investigators as well as Apple, Microsoft, Google, Samsung, Nokia, Blackberry, Siemens and anti-virus companies attribute and defend against attacks.

„Tradecraft DO’s and DON’Ts“ contains CIA rules on how its malware should be written to avoid fingerprints implicating the „CIA, US government, or its witting partner companies“ in „forensic review“. Similar secret standards cover the use of encryption to hide CIA hacker and malware communication (pdf), describing targets & exfiltrated data (pdf) as well as executing payloads (pdf) and persisting (pdf) in the target’s machines over time.

CIA hackers developed successful attacks against most well known anti-virus programs. These are documented in AV defeats, Personal Security Products, Detecting and defeating PSPs and PSP/Debugger/RE Avoidance. For example, Comodo was defeated by CIA malware placing itself in the Window’s „Recycle Bin“. While Comodo 6.x has a „Gaping Hole of DOOM“.

CIA hackers discussed what the NSA’s „Equation Group“ hackers did wrong and how the CIA’s malware makers could avoid similar exposure.

Examples

The CIA’s Engineering Development Group (EDG) management system contains around 500 different projects (only some of which are documented by „Year Zero“) each with their own sub-projects, malware and hacker tools.

The majority of these projects relate to tools that are used for penetration, infestation („implanting“), control, and exfiltration.

Another branch of development focuses on the development and operation of Listening Posts (LP) and Command and Control (C2) systems used to communicate with and control CIA implants; special projects are used to target specific hardware from routers to smart TVs.

Some example projects are described below, but see the table of contents for the full list of projects described by WikiLeaks‘ „Year Zero“.

UMBRAGE

The CIA’s hand crafted hacking techniques pose a problem for the agency. Each technique it has created forms a „fingerprint“ that can be used by forensic investigators to attribute multiple different attacks to the same entity.

This is analogous to finding the same distinctive knife wound on multiple separate murder victims. The unique wounding style creates suspicion that a single murderer is responsible. As soon one murder in the set is solved then the other murders also find likely attribution.

The CIA’s Remote Devices Branch’s UMBRAGE group collects and maintains a substantial library of attack techniques ’stolen‘ from malware produced in other states including the Russian Federation.

With UMBRAGE and related projects the CIA cannot only increase its total number of attack types but also misdirect attribution by leaving behind the „fingerprints“ of the groups that the attack techniques were stolen from.

UMBRAGE components cover keyloggers, password collection, webcam capture, data destruction, persistence, privilege escalation, stealth, anti-virus (PSP) avoidance and survey techniques.

Fine Dining

Fine Dining comes with a standardized questionnaire i.e menu that CIA case officers fill out. The questionnaire is used by the agency’s OSB (Operational Support Branch) to transform the requests of case officers into technical requirements for hacking attacks (typically „exfiltrating“ information from computer systems) for specific operations. The questionnaire allows the OSB to identify how to adapt existing tools for the operation, and communicate this to CIA malware configuration staff. The OSB functions as the interface between CIA operational staff and the relevant technical support staff.

Among the list of possible targets of the collection are ‚Asset‘, ‚Liason Asset‘, ‚System Administrator‘, ‚Foreign Information Operations‘, ‚Foreign Intelligence Agencies‘ and ‚Foreign Government Entities‘. Notably absent is any reference to extremists or transnational criminals. The ‚Case Officer‘ is also asked to specify the environment of the target like the type of computer, operating system used, Internet connectivity and installed anti-virus utilities (PSPs) as well as a list of file types to be exfiltrated like Office documents, audio, video, images or custom file types. The ‚menu‘ also asks for information if recurring access to the target is possible and how long unobserved access to the computer can be maintained. This information is used by the CIA’s ‚JQJIMPROVISE‘ software (see below) to configure a set of CIA malware suited to the specific needs of an operation.

Improvise (JQJIMPROVISE)

‚Improvise‘ is a toolset for configuration, post-processing, payload setup and execution vector selection for survey/exfiltration tools supporting all major operating systems like Windows (Bartender), MacOS (JukeBox) and Linux (DanceFloor). Its configuration utilities like Margarita allows the NOC (Network Operation Center) to customize tools based on requirements from ‚Fine Dining‘ questionairies.

HIVE

HIVE is a multi-platform CIA malware suite and its associated control software. The project provides customizable implants for Windows, Solaris, MikroTik (used in internet routers) and Linux platforms and a Listening Post (LP)/Command and Control (C2) infrastructure to communicate with these implants.

The implants are configured to communicate via HTTPS with the webserver of a cover domain; each operation utilizing these implants has a separate cover domain and the infrastructure can handle any number of cover domains.

Each cover domain resolves to an IP address that is located at a commercial VPS (Virtual Private Server) provider. The public-facing server forwards all incoming traffic via a VPN to a ‚Blot‘ server that handles actual connection requests from clients. It is setup for optional SSL client authentication: if a client sends a valid client certificate (only implants can do that), the connection is forwarded to the ‚Honeycomb‘ toolserver that communicates with the implant; if a valid certificate is missing (which is the case if someone tries to open the cover domain website by accident), the traffic is forwarded to a cover server that delivers an unsuspicious looking website.

The Honeycomb toolserver receives exfiltrated information from the implant; an operator can also task the implant to execute jobs on the target computer, so the toolserver acts as a C2 (command and control) server for the implant.

Similar functionality (though limited to Windows) is provided by the RickBobby project.

See the classified user and developer guides for HIVE.

Frequently Asked Questions

Why now?

WikiLeaks published as soon as its verification and analysis were ready.

In Febuary the Trump administration has issued an Executive Order calling for a „Cyberwar“ review to be prepared within 30 days.

While the review increases the timeliness and relevance of the publication it did not play a role in setting the publication date.

Redactions

Names, email addresses and external IP addresses have been redacted in the released pages (70,875 redactions in total) until further analysis is complete.

Over-redaction: Some items may have been redacted that are not employees, contractors, targets or otherwise related to the agency, but are, for example, authors of documentation for otherwise public projects that are used by the agency.

Identity vs. person: the redacted names are replaced by user IDs (numbers) to allow readers to assign multiple pages to a single author. Given the redaction process used a single person may be represented by more than one assigned identifier but no identifier refers to more than one real person.

Archive attachments (zip, tar.gz, …) are replaced with a PDF listing all the file names in the archive. As the archive content is assessed it may be made available; until then the archive is redacted.

Attachments with other binary content are replaced by a hex dump of the content to prevent accidental invocation of binaries that may have been infected with weaponized CIA malware. As the content is assessed it may be made available; until then the content is redacted.

The tens of thousands of routable IP addresses references (including more than 22 thousand within the United States) that correspond to possible targets, CIA covert listening post servers, intermediary and test systems, are redacted for further exclusive investigation.

Binary files of non-public origin are only available as dumps to prevent accidental invocation of CIA malware infected binaries.

Organizational Chart

The organizational chart corresponds to the material published by WikiLeaks so far.

Since the organizational structure of the CIA below the level of Directorates is not public, the placement of the EDG and its branches within the org chart of the agency is reconstructed from information contained in the documents released so far. It is intended to be used as a rough outline of the internal organization; please be aware that the reconstructed org chart is incomplete and that internal reorganizations occur frequently.

Wiki pages

„Year Zero“ contains 7818 web pages with 943 attachments from the internal development groupware. The software used for this purpose is called Confluence, a proprietary software from Atlassian. Webpages in this system (like in Wikipedia) have a version history that can provide interesting insights on how a document evolved over time; the 7818 documents include these page histories for 1136 latest versions.

The order of named pages within each level is determined by date (oldest first). Page content is not present if it was originally dynamically created by the Confluence software (as indicated on the re-constructed page).

What time period is covered?

The years 2013 to 2016. The sort order of the pages within each level is determined by date (oldest first).

WikiLeaks has obtained the CIA’s creation/last modification date for each page but these do not yet appear for technical reasons. Usually the date can be discerned or approximated from the content and the page order. If it is critical to know the exact time/date contact WikiLeaks.

What is „Vault 7“

„Vault 7“ is a substantial collection of material about CIA activities obtained by WikiLeaks.

When was each part of „Vault 7“ obtained?

Part one was obtained recently and covers through 2016. Details on the other parts will be available at the time of publication.

Is each part of „Vault 7“ from a different source?

Details on the other parts will be available at the time of publication.

What is the total size of „Vault 7“?

The series is the largest intelligence publication in history.

How did WikiLeaks obtain each part of „Vault 7“?

Sources trust WikiLeaks to not reveal information that might help identify them.

Isn’t WikiLeaks worried that the CIA will act against its staff to stop the series?

No. That would be certainly counter-productive.

Has WikiLeaks already ‚mined‘ all the best stories?

No. WikiLeaks has intentionally not written up hundreds of impactful stories to encourage others to find them and so create expertise in the area for subsequent parts in the series. They’re there. Look. Those who demonstrate journalistic excellence may be considered for early access to future parts.

WikiLeaks Vault7 Leaked CIA Files was originally published on Alternative News und Medien

#classified information #intelligence #manufacturers #United States

0 notes

marymosley · 5 years ago

Text

Social Factors Leading to Juvenile Delinquency in Indian Context

Reasons for Juvenile Delinquency

Others: Because of lack of education, we need to get that; it is uncommon that a youngster would have the choice to recognize good and bad.

Preventive Measures

Juvenile Delinquency is exploding, the number of child house, child court, rehabilitation centre has to increase.

The Borstal home will take children below 15 years, it has to accept children from 15 to 18 years as well because the maximum crime committed by children comes under the age of 15-18 years.

Integration of NGO with Self-Help group and proper Rehabilitation.

In child court, the judges have to take from criminology, sociology, psychology background.

Establishment of Child Advice Centre in Slum areas.

Keep children away from sexual content.

References

Bedi, A. (2019, October 24). The Print. Retrieved from Juveniles Crime: https://ift.tt/2Jik6De

Chatterjee, D. (2018, November 17). Juvenile Delinquency in India – A Legal Analysis – By Debalina Chatterjee. Retrieved from Legal Bites: https://ift.tt/2AmbHNw

Devgan, R. (2018, August 15). IPC Section. Retrieved from Devgan.in: https://ift.tt/3dfqXKu

Kashishmathur. (n.d.). Juvenile Delinquency in India Causes and Prevention. Retrieved from Legal Service India: https://ift.tt/2ZQ890B

Phogat, K. (2017). Juvenile Delinquency in India Causes and Prevention. Journal of Advances and Scholarly Researches in Allied Education, 5.

Author :- Afrozulla Khan Z , Intern at Legal Desire (2020)

He has completed Masters in Criminology & Forensic Science, he is a Certified Cyber Warrior, self-taught Cyber-Crime Investigator, and Researcher.

He developed two android applications called “Forensic Science” and “Forensic Science News and Info” and both the apps are available in Google Play Store.

The post Social Factors Leading to Juvenile Delinquency in Indian Context appeared first on Legal Desire.

Social Factors Leading to Juvenile Delinquency in Indian Context published first on https://immigrationlawyerto.tumblr.com/

0 notes

marymosley · 5 years ago

Text

Social Factors Leading to Juvenile Delinquency in Indian Context

Reasons for Juvenile Delinquency

Others: Because of lack of education, we need to get that; it is uncommon that a youngster would have the choice to recognize good and bad.

Preventive Measures

Juvenile Delinquency is exploding, the number of child house, child court, rehabilitation centre has to increase.

The Borstal home will take children below 15 years, it has to accept children from 15 to 18 years as well because the maximum crime committed by children comes under the age of 15-18 years.

Integration of NGO with Self-Help group and proper Rehabilitation.

In child court, the judges have to take from criminology, sociology, psychology background.

Establishment of Child Advice Centre in Slum areas.

Keep children away from sexual content.

References

Bedi, A. (2019, October 24). The Print. Retrieved from Juveniles Crime: https://ift.tt/2Jik6De

Chatterjee, D. (2018, November 17). Juvenile Delinquency in India – A Legal Analysis – By Debalina Chatterjee. Retrieved from Legal Bites: https://ift.tt/2AmbHNw

Devgan, R. (2018, August 15). IPC Section. Retrieved from Devgan.in: https://ift.tt/3dfqXKu

Kashishmathur. (n.d.). Juvenile Delinquency in India Causes and Prevention. Retrieved from Legal Service India: https://ift.tt/2ZQ890B

Phogat, K. (2017). Juvenile Delinquency in India Causes and Prevention. Journal of Advances and Scholarly Researches in Allied Education, 5.

Author :- Afrozulla Khan Z , Intern at Legal Desire (2020)

He has completed Masters in Criminology & Forensic Science, he is a Certified Cyber Warrior, self-taught Cyber-Crime Investigator, and Researcher.

He developed two android applications called “Forensic Science” and “Forensic Science News and Info” and both the apps are available in Google Play Store.

The post Social Factors Leading to Juvenile Delinquency in Indian Context appeared first on Legal Desire.

Social Factors Leading to Juvenile Delinquency in Indian Context published first on https://immigrationlawyerto.tumblr.com/

0 notes