Sep 17

Some Mitigation Against Phishing and MITM

Regular phishing awareness should be done in the organization. Regular 2FA/MFA hacking awareness should be done in the organization. The Phishing campaign should be run internally in the organization to check the employee’s awareness. Reward the employees if they successfully pass the phishing internal check. So that all other employees remember it. Reward the employees who tell about the phishing email or any phishing activity. This creates a positive impact in the organization and the team.

Cybersecurity

1 min read

Cybersecurity

1 min read

Some Mitigation Against Phishing and MITM

Regular phishing awareness should be done in the organization.
Regular 2FA/MFA hacking awareness should be done in the organization.
The Phishing campaign should be run internally in the organization to check the employee’s awareness.
Reward the employees if they successfully pass the phishing internal check. So that all other employees remember it.
Reward the employees who tell about the phishing email or any phishing activity. This creates a positive impact in the organization and the team.
The common misconception people have with the standard form of MFA (SMS, Touch, Push) is that it prevents social engineering. Although it MFA protects against an attack, it’s commonly still vulnerable to a MITM phishing attack. Check the example of Uber Hack 2022
Take a regular quiz related to phishing and reward some of the employees who pass the quiz. This will motivate others.

Run Terminal Binaries in Burp: BurpBinaryRunner — (My 2nd Burp Extension in Jython)

This tool is used to run binaries through Burp, tools like SSLscan, Nmap, FFUF, etc. The binaries that give the output on the terminal can be used in this Burp extension. I am not sure if this Burp extender will make your life easy or not. I just made it for learning purposes. Download: https://lazyhacker22.blogspot.com/2022/08/BurpBinaryRunner.html

Burpsuite

1 min read

Run Terminal Binaries in Burp: BurpBinaryRunner — (My 2nd Burp Extension in Jython)

Burpsuite

1 min read

Run Terminal Binaries in Burp: BurpBinaryRunner — (My 2nd Burp Extension in Jython)

This tool is used to run binaries through Burp, tools like SSLscan, Nmap, FFUF, etc. The binaries that give the output on the terminal can be used in this Burp extension.

I am not sure if this Burp extender will make your life easy or not. I just made it for learning purposes.

Download: https://lazyhacker22.blogspot.com/2022/08/BurpBinaryRunner.html

BurpBinaryRunner

Aug 27

Why the Older & Vulnerable Version in use Vulnerability should be of HIGH severity

ATM Hack ATM is a jackpot for criminals, it is a metal box that contains lots of cash. ATM is just a computer often a windows computer with an input device like a touch screen and buttons. It also has cassettes which hold lots of cash. In older days and in today’s…

Cybersecurity

2 min read

Why the Older & Vulnerable Version in use Vulnerability should be of HIGH severity

Cybersecurity

2 min read

Aug 13

My First Burp Extension | Enable Tor Proxy By Burp

Hello Everyone, Finally, after one week of work, I learned many new things in Jython as well as in Java. …

Burpsuite

1 min read

My First Burp Extension | Enable Tor Proxy By Burp

Burpsuite

1 min read

Aug 3

What are serialization and deserialization? | What is insecure deserialization?

What is serialization? Serialization is the process of converting the state of an object into byte streams to save into the file. Why do we need Serialization? Let’s take an example of a computer game, when we start the game we get the option to resume it. Now think about, how it’s possible that the game starts from…

Insecure Deserialization

2 min read

Insecure Deserialization

2 min read

Jul 31

What is salting in cryptography? | Why do we need salting when saving passwords in the database? (Simple Explanation)

Salting is the concept of adding random data in the plaintext data (Example: Password) and then creating the hash of that combination this is called salting. By doing this, even if you are using the same plain text, it is possible to get different hashes.

Salting

1 min read

Salting

1 min read

What is salting in cryptography? | Why do we need salting when saving passwords in the database? (Simple Explanation)

Jul 14

Is your webcam exposed on the internet and everyone enjoying your personal moments? | How to check webcam or security camera is exposed on the internet or not?

Nowadays we start using many technology devices in our homes. Many people are installing CCTV or security cameras in their houses, private rooms, offices, private places, etc for security purposes and monitoring, but many of them don’t know how to configure that device securely. So let’s talk about CCTV and…

Webcam

2 min read

Webcam

2 min read

Jul 12

Fake Traffic By Proxy | Use proxy to send requests to the server | Send traffic from multiple free proxy

There are many ways to achieve this, one of the ways is here. I want a tool that sends requests to my website, but from different proxies. So I searched for some tools, but I faced the integration issue because I want to automate the whole process. That’s the reason I have created my own tool. I learned a new concept of proxies.

2 min read

Fake Traffic By Proxy | Use proxy to send requests to the server | Send traffic from multiple free…

2 min read

Fake Traffic By Proxy | Use proxy to send requests to the server | Send traffic from multiple free proxy

There are many ways to achieve this, one of the ways is here.

I want a tool that sends requests to my website, but from different proxies. So I searched for some tools, but I faced the integration issue because I want to automate the whole process. That’s the reason I have created my own tool. I learned a new concept of proxies.

Jul 10

JWT Vulnerabilities List (Simple Explanation)

JWT vulnerabilities: Tamper without modifying anything Modify algorithm to none Bruteforce weak signing key Privilege Escalation by JWK header injection (RS256 or asymmetric hashing algorithm attack) Privilege Escalation by JKU header injection (RS256 or asymmetric hashing algorithm attack) The exploitation of kid header in JWT (Directory Traversal and command Injection)…

Jwt

2 min read

JWT Vulnerabilities List (Simple Explanation)

Jwt

2 min read

Jun 23

What is JWT - JSON Web Tokens (Simple Explanation)

What is JWT? JWT token is a base64url encoded string that is used to transmit the information between server and client. JWT token mostly contains the user information which is used for authorization. JWT token can be sent through a URL, POST parameter, and HTTP header. The information that is sent…

Jwt

6 min read

What is JWT - JSON Web Tokens (Simple Explanation)

Jwt

6 min read