Career Technology Cyber Security INDIA

Ghost Phisher - Phishing Attack Ghost Phisher is a Wireless and Ethernet security auditing and attack software program written using the Python Programming Language and the Python Qt GUI library, the program is able to emulate access points and deploy. The tool comes with a fake DNS server, fake DHCP server, fake HTTP server and also has an integrated area for automatic capture and logging of HTTP form method credentials to a database. It could be used as a honey pot and could be used to service DHCP requests, DNS requests or phishing attacks. Ghost Phisher Features: HTTP Server Inbuilt RFC 1035 DNS Server Inbuilt RFC 2131 DHCP Server Webpage Hosting and Credential Logger (Phishing) Wifi Access point Emulator Session Hijacking (Passive and Ethernet Modes) ARP Cache Poisoning (MITM and DOS Attacks) Penetration using Metasploit Bindings Automatic credential logging using SQlite Database Prerequisites: The Program requires the following to run properly: The fo...

AI, quantum computing and 5G network can make Criminals more dangerous 1.As today's we know the technology has given a boost in development ,but with that is brings new dangerous then ever. 2.Today is all about AI ( Artificial Intelligence ),Quantum Computing,the network is about to bring 5G network for more better connections. 3.This report is published by Europol (European Police Office) requesting to law enforcement to quickly innovate new method to fight against this cyber criminals. 4.Cyber criminals already started using AI for their own benefits ,deepfake audios is an AI method  to commit crimes,AI  can also  be used for high level of phishing attacks. 5.Quantum computing can be used to crack the encryption of machines,if it can int wrong hands warns Europol. Here is a detailed report ;   Click Here

LaZagne – Password Recovery Tool For Windows & Linux Description: The LaZagne project is an open source password recovery tool used to retrieve passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext, APIs, custom algorithms, databases and so on). This tool has been developed for the purpose of finding these passwords for the most commonly-used software. At this moment, it supports 22 Programs on Microsoft Windows and 12 on a Linux/Unix-Like operating systems. It supports a whole bunch of software including things like CoreFTP, Cyberduck, FileZilla, PuttyCM, WinSCP, Chrome, Firefox, IE, Opera, Jitsi, Pidgin, Outlook, Thunderbird, Tortoise, Wifi passwords and more. Usage: Launch all modules     laZagne.exe all Launch only a specific module     laZagne.exe browsers Launch only a specific software script     laZagne.exe browsers -firefox Write all passwords...

Is AI is a Cyber threat or Security against CYber threat?? There is been a recent studied of how AI attacks could look like by "Mikko Hypponen" (chief research officer at IT security company F-Secure) AI is developing in a large scale and taking technology to a different level. Cyber Criminals are trying to use AI against the cyber security by conducting cyber attack's. "There has been academic research into what AI attacks could look like, but we have not seen any in the real world”-Mikko Hypponen There has been attacks against the machine learning programs by cyber criminals to corrupt the machine learning programs,but there is no clue of attack to make AI vulnerable against the security. Is Artificial Intelligence is able to keep safe us from cyber attack or it may be cyber threat against the cyber security?? Here is the detail report by "Mikko Hypponen"  Click Here

RandIP – Network Mapper To Find Servers RandIP is a nim-based network mapper application that generates random IP addresses and uses sockets to test whether the connection is valid or not with additional tests for Telnet and SSH. RandIP – Network Mapper Features 1.HTTP and HTTPS enumeration 2.Python enumeration exploits 3.SSH enumeration exploits 4.Logger and error-code handler 5.SSH and Telnet Timeouts to prevent blocking 6.SSH Enumerations work in tandem Download tool here : Click Here

Australia's NAB says 13,000 customers' personal data breached National Australia Bank (NAB) made a statement that 13,000 customers details has been leaked. NAB says that "it's not an Cyber Security breach or hack and added that no LOG-IN information has been leaked" this Friday made the statement. "the data uploaded or beached contains user name,identity numbers,date of birth, contact number" the said that it was an human error and not an hack by criminal. The NAB also said that "they have been no proof of copying details or any other disclosed the leaked data will be deleted within 2 hours NAB makes the statement". for detail information about report Click here

CHIPSEC – Platform Security Assessment Framework For Firmware Hacking CHIPSEC is a platform security assessment framework for PCs including hardware, system firmware (BIOS/UEFI), and platform components for firmware hacking. It includes a security test suite, tools for accessing various low-level interfaces, and forensic capabilities. It can be run on Windows, Linux, Mac OS X and UEFI shell. You can use CHIPSEC to find vulnerabilities in firmware, hypervisors and hardware configuration, explore low-level system assets and even detect firmware implants. What does CHIPSEC Platform Security Assessment Framework Do? CHIPSEC has a bunch of modules focusing on areas such as Secure Boot, System Management Mode (SMM/SMRAM), BIOS and Firmware security, BIOS write protection etc. Modules such as: – SMRAM Locking – BIOS Keyboard Buffer Sanitization – SMRR Configuration – BIOS Protection – SPI Controller Locking – BIOS Interface Locking – Access Control for Secure Boot Keys...

Microsoft Office 365 webmail exposes IP addresses while sending    emails 1. Microsoft Office 365 webmail, inject additional header containing IP address of the sender called "X-originating-ip". 2. The header injected by MS Office 365 look's like this “authentication-results: spf=none (sender IP is )smtp.mailfrom=test@example.comx-originating-ip: [23.xx.xx.xx]x-ms-publictraffictype: Email" 3. Comparing other Emails provider services like Google,Yahoo,Outlook,the Microsoft Office 365,are found out that only office 365 webmail inject user's local IP address. 4.The only way came out till now for this problem is while sending mails user should use VPN or TOR. 5.If you have been using the Microsoft Office 365 webmail interface to hide your IP address while sending out emails, remember that you are not hiding anything.

Enumall – Sub-domain Discovery Using Recon-ng & AltDNS Enumall is a Python-based tool that helps you do subdomain discovery using only one command by combining the abilities of Recon-ng and AltDNS. This gives you the ability to run multiple domains within the same session. The tool only has one module that needs an API key (/api/google_site) find instructions for that on the recon-ng wiki. you can prefer github for futher detail guide of ENUMALL : read more You can download Enumall here: Click Here

US Government Cyber Security Still Inadequate 1.The Well-Developed nation U.S has came out has the big security issues in their recent INTERNAL AUDIT,uncovered widespread weaknesses, poor adoption of cyber control ad tooling. 2.8 out of 8 agencies using end of life hardware or software that has been retired and is no longer supported. 3.Especially when one agency couldn’t account for how much of it’s $10 Billion budget was being spent on legacy systems, some having been around since 2005. This is something to be worried about. 4.The U.S nation and U.S government is a global target for terrorism and have been many high visibility breaches across key government agencies.

Detail information about Slurp--Amazon AWS S3 Bucket Enumerator Slurp is a blackbox/whitebox S3 bucket enumerator written in Go that can use a permutations list to scan from an external perspective or an AWS API to scan internally. There are two modes that this tool operates at; blackbox and whitebox mode. Whitebox mode (or internal) is significantly faster than blackbox (external) mode. Blackbox (external) In this mode, you are using the permutations list to conduct scans. It will return false positives and there is NO WAY to link the buckets to an actual AWS account. Whitebox (internal) In this mode, you are using the AWS API with credentials on a specific account that you own to see what is open. This method pulls all S3 buckets and checks Policy/ACL permissions. Your credentials should be in ~/.aws/credentials. Features: The main features of Slurp are: 1. Scan via domain(s); you can target a single domain or a list of domains 2. Scan via keyword(s); you ca...

The Biggest problem of 5G network for Europe....??? The news is came out a discussion of 5G network: 1.The recent news came from European Police about cyber criminals is if it came it will be difficult to trace the cyber criminals. 2. The European Agency's director "REUTER" says "they current lack tools that gave police the ability to eaves on criminals on 4G network. 3. Police forces joined discussions about 5G too late to ensure tracking abilities were preserved, it added. 4. The report warned about the threats of the 5G network like using Quantum Computers to crack encryption systems,terrorist attacks,etc.. For detail report from BBC news: Click here

PentesterLab  –  Learn Penetration Testing PentesterLab is an easy and straight forward resource on how to learn Penetration Testing with Pentesting Lab Exercises. It provides vulnerable systems in a virtual image and accompanying exercises that can be used to test and understand vulnerabilities. Just decide what course you want to follow, download the course and start learning. You can easily run the course using VMware, no Internet access is required. PentesterLab – Review So what do they provide actually? Hands-on – The only real way to learn web penetration testing is to get into it Real vulnerabilities – These are not simulated theories, the exercises are based on real system flaws Offline & Online – The system is available offline for both free and pro (downloadable ISO) Enterprise Solution – For whole teams Certificates of Completion – The online exercises support certification Support – Fast replies PentesterLab – How To Learn Penetration Testin...

Maharashtra Government to set up new Cyber University 1.  Maharashtra Government is setting up cyber university due to cyber threats. 2. This Cyber University will  provide cyber training like Cyber Forensic,Cyber Investigation,Block-  chain AI Cloud Computing. On top of this it will also impart training in 15 other Internet of Things(IoT) such as Data Analytics  Artificial Intelligence. 3. Cyber-attacks India are taking place every 10 minutes as opposed to 12 minutes previously. 4. The current demand of cyber professionals hovers around 30 lakh, but supply of is in about lakh. 5. The university will be remedy for this by providing required human resource and bridge skill gap. 6. Maharashtra Government is also in process of setting up its version of Indian Computer              Emergency Response Team (CERT-In) to ward off external cyber threats.

SHEEP WOLF – Exploit MD5 Collisions For Malware Detection Some security tools still stick to MD5 when identifying malware samples years after practical collisions were shown against the algorithm. This can be exploited  by first showing these tools a harmless sample (Sheep) and then a malicious one (Wolf) that have the same MD5 hash. Please use this code to test if the security products in your reach use MD5 internally to fingerprint binaries and share your results by issuing a pull request updating the contents of results !!              Dependencies: 1. 32-bit Windows (virtual) machine (64-bit    breaks stuff) 2. Visual Studio 2012 to compile the projects    (Express will do) 3. Fastcoll for collisions 4. Optional: Cygwin+MinGW to compile Evilize You can Download this tool from here: Click Here

INDIA AND MOROCCO agreed to enhance bilateral cooperation in the field of defense and security. 1.India and Morocco enhance bilateral cooperation in defense and security. 2.This decision is taken by both countries defense ministers ABDELTIF LOUDYI and NIRMALA SITARAMAN in south block in New Delhi. 3.There were 2 MoUs ( Memorandum of Understanding ) between this two nations: (i)  Cooperation in the area of Cyber Security’ between Computer Emergency Response Team                  ( CERT–IN ) and Moroccan Computer Response Team ( ma-CERT ). (ii) Cooperation in Peaceful Uses of Outer Space’ between Indian ISRO and Moroccan Center of              Remote Sensing.

What is Blind SQL Injection?  " Blind SQL Injection Tool" Blind SQL Injection is a type of SQL Injection (SQLi) attack that asks the database true or false questions and determines the answer based on the application’s response. This attack is often used when the web application is configured to show generic error messages but has not mitigated the code that is vulnerable to SQL injection. The most famous Blind SQL injection tool would definitely be sqlmap, which automates it. You can download BSQL injector here: click here

DELHI: A 40-year-old Romanian was arrested from South Delhi for Illegally withdrawing money by cloning ATM cards, police said on Friday. The accused has been identified as LUPOI EMIL , a native of Constanta in ROMANIA The Delhi police got deep into the case afer receiving several complaints aboout the unauthorized cash withdrawl of money from different ATM's in south delhi. After Arrest Mr Emil said that " revealed that he used to visit India to earn money by cloning ATM cards and was involved in cheating and cyber crimes to support his family's luxurious lifestyle". His associate had left before the police could reach, the DCP said: One ATM card skimming device, two key-pad of ATM used for copying PIN numbers, five unauthorized ATM cards, one cap to hide face from CCTV camera inside the ATM booth, one mobile phone and  R s.  18,220 were recovered from Mr Emil's possession, they added.

Deep-sound is an audio steganography tool and audio converter that hides secret data into audio files, the application also enables you to extract secret files directly from audio files or audio CD tracks HOW TO USE DEEP-SOUND AUDIO STEGANOGRAPHY TOOL 1.Click to ‘Open carrier files (F2)’ or drag and drop audio file (flac, wav, wma, mp3, ape) to Carrier audio files list. 2.Click to ‘Add secret files (F3)’ or drag and drop secret files into the Secret files list on the bottom side of application. 3.Press F4 key or click to ‘Encode secret files’ button. 4.You can choose output audio format (wav, flac or ape). DeepSound does not support wma output format. If you want to hide data into wma, hide secret data into wav file and then use external software such as Windows Media Encoder for convert wav to wma lossless audio format. 5.In ‘Encode secret files’ dialog window you can turn on/off AES-256 encryption. Modified audio file will be copied to output directory. If you want to chan...

BIG STEP BY ONE OF THE FAMOUS SOCIAL MEDIA APP INSTAGRAM INSTAGRAM now trying to release its new tool in the coming update which will ask bullies before posting a comment "Are you sure?" It will also soon offer the targets of bullying the ability to restrict interactions with users who are causing them distress. This huge step is taken by Instagram under pressure to deal with its bullying problem after high profile cases,"including suicide of BRITISH TEENAGER MOLLY RUSSELL" In a blog the firms chief executive ADAM MOSSERI said his firm "could do more" on the issue. more details about the update click here

ACUNETIX V12 --> MORE ACCURATE &2x FASTER "TOOLS FOR CYBER SECURITY" Acunetix, the pioneer in automated web application security software. It has announced the release of Acunetix v12. This new version provides support for JavaScript ES7 to better analyse sites which rely heavily on JavaScript such as SPAs. This coupled with a new AcuSensor for Java web applications, sets Acunetix ahead of the curve in its ability to comprehensively and accurately scan all types of websites. To download the tool  click here

MICROSOFT OUTLOOK VULNERABILITY The UNITED STATES cyber command rcently reported the discovery of a vulnerability in microsoft outlook older version. The report says microsoft this valnerbility patched by microsoft but due to user negligence updating it. The disclosure mentions "active malicious use", revealing the source of the malware's origin as well in its tweets. A quick check on the National Vulnerability Database in USA reveals the identity of the glitch, which is described as:  "Microsoft Outlook 2010 SP2, Outlook 2013 SP1 and RT SP1, and Outlook 2016 allow an attacker to execute arbitrary commands, due to how Microsoft Office handles objects in memory, aka "Microsoft Outlook Security Feature Bypass Vulnerability." In essence, the breach allows an attacker to bypass arbitrary security protocols to execute remote commands on a system, which in turn can corrupt data or block users out from accessing the data. detail report: click here ...

"THE LEGION GROUP"-HACKER'S NEW GROUP AGAINST CORRUPTION This group recently hacked congress leader RAHUL GANDHI, VIJAY MALLYA,RAVISH KUMAR's twitter accounts. Reason behind this hack is to come in public figure so they can reach to everyone to put their motive to the people. The next target of this group is to hack the government website which belongs to the parliament which contains lot of data of the nation. Legion said-"They hack the Parliament website sansad.nic.in and dump all the emails and sensitive data publicly to all the people of the nation For more details : https://aajtak.intoday.in/video/know-about-hacker-group-legion-and-their-next-target-sansad-website-1-901739.html

                                     "This is all about cyber technology"                         "Don't look for hackers be a hacker" We are organizing an free workshop for cyber security for you:        "WHAT YOU WILL LEARN IN THIS FREE WORKSHOP:" 1. Anyone can be hacker !! 2. Benefits of being a hacker? 3. How to protect your privacy the thing which matters a lot ? 4. What hackers do to attract you to get trapped? 5. How to be safe in this cyber world? 6. What is cyber security? 7. What are cyber crimes according to law? 8. What you can do to protect yourself and other and become a kind of hero!! 9. You'll get to know the attackers attack you live? 10. Want to learn about how hackers work or want to  work as hackers do? Date of Workshop: 14/07/2019 Any Query reg...

The vey famous application TRUECALLER is used to  cheat the Utter Pradesh police by 2 criminals for  there profit. MEEERUT a city in UP, a recent case where 2 criminals   cheated the police and the local people for there profit used DGP(DIRECTOR GENERAL OF POLICE) fake ID. police arrested and filed a FIR under IPC  section 419/468/471/506/120B. Be safe from such cyber crime do complain if you  found such illegal activity in your area's. for further case:  https://aajtak.intoday.in/crime/story/meerut-up-dgp-truecaller-fake-id-cheat-arrest-police-1-1071064.html