Showing posts with label Cyber Updates. Show all posts
Showing posts with label Cyber Updates. Show all posts
Tuesday, July 7, 2020
Overview of this BUG:A rate limiting is used to check if the user session has to be limited based on the information in the session
cache. If user make too many requests within a given time ,
HTTP-Servers has to respond with status code 429: Too Many Requests.
Description:-
I have identified that when Forgetting Password for account , the
request has no rate limit which then can be...
Sunday, July 5, 2020
Recon like a king for Bug Bounty
July 05, 2020 Davinder
As we all know , If we want to hunt bugs , we have to get more and more information. With Recon we can:Increase TargetUnpopular subdomains1. Tool: SubBrutehttps://github.com/TheRook/subbruteusage: ./subbrute.py target.com > subdomain.txtNow After having subdomains ,...
Tuesday, April 28, 2020
Open URL Redirection Vulnerability- Well Explained
April 28, 2020 Davinder
Overview:
What are Redirects?
Redirect means allowing a website to forward the request for the resources to another URL/endpoint. Let’s assume that you make a request to davindertutorials.com and davindertutorials.com can redirect you to another website(new-davindertutorials.com), so you’ll end up at new-davindertutorials.com even though the original request was made for davindertutorials.com....
Wednesday, March 27, 2019
How to Conduct Pentesting for any organisation (Complete Tutorial)
March 27, 2019 Davinder

Pentesting means finding vulnerabilities by using various techniques and methods .Organisations hire consultants who have team of complete auditors who perfrom the pentesting .Auditors are those who know how to find vulnerabilities and perform exploits as well to check...
Monday, March 18, 2019
Firewall, IDS, and IPS
March 18, 2019 Davinder
The three devices commonly used to provide security are the firewall, the IDS, and the IPS. Firewall A firewall is a network security system that actively monitors and regulates the inbound and outbound network traffic based on a predefined security ruleset. A firewall typically acts a barrier between a trusted, secure internal network and an outside network, such as the Internet, which may not...
Do you know where the passwords are stored in linux?
March 18, 2019 Davinder

Two important files in the Linux system are responsible for storing user credentials: /etc/passwd Is a text file that stores all the account information (except the password) required for user login. The following sample entry from an /etc/passwd file will help clarify...
Wednesday, March 13, 2019
Defensive measures for Protecting Exploitation in Organisational Environment
March 13, 2019 Davinder
Create a security policy that includes a section about password guidelines (key length, use of special characters, periodical expiration of keys, account blocking policy, etc.)Enable auditing services at the operating system level in end-user devices, servers and communications equipment and use log correlation software to perform event monitoring.Restrict access to the Administrator and root account...
Tuesday, March 12, 2019
Preventive Measures to Stop Enumeration
March 12, 2019 Davinder
Multiple protocols are susceptible of enumeration, we should ask our client which ones are really needed in the network. The obvious preventive measure is to disable those insecure protocols that are not required in the network.However, this is not always feasible, especially if there are legacy applications in the organization that depends on insecure protocols to operate and for which there is...
Monday, March 11, 2019
Defensive measures for Less exposure of Vulnerabilities during scanning
March 11, 2019 Davinder
Although the only 100% secure network is the one that is disconnected, we may take defensive measures that help us minimize security risks in our infrastructure during the scan.Here are some precautions that we can take:To start, you cannot scan an application that is not installed. This means that before putting a target on production we should do a “hardening” of the operating system, applications...
Sunday, March 10, 2019
How to conduct Professional Pentesting|Part-2 | Reconnaissance or footprinting
March 10, 2019 Davinder

Reconnaissance is the first phase in the implementation of a hacking. The aim of this phase is to discover as much relevant information as we can from the client’s organization or victim.Now, depending on whether the interaction with the target is direct or indirect, the...
Defensive measures to Prevent reconnaissance attacks
March 10, 2019 Davinder
Defensive measures Prevent reconnaissance attacks by 100% is virtually impossible, precisely because footprinting is based on finding publicly available information about the target organization. And this information it’s public for a good reason.For example, imagine the ABC organization which sells pet products through its website and through retail distribution stores.Would it make sense to keep...
Tuesday, March 5, 2019
ISO 27001 | Certification | Overview
March 05, 2019 Davinder

ISO/IEC 27001, also known as ISO 27001, is a security standard that outlines the suggested requirements for building, monitoring and improving an information security management system (ISMS). An ISMS is a set of policies for protecting sensitive information, e.g., financial...
Thursday, February 28, 2019
Phishing is taking a wider look by Spear or Whaling attacks
February 28, 2019 Davinder
WHAT IS SPEAR PHISHINGSpear phishing is a social engineering attack in which a perpetrator, disguised as a trusted individual, tricks a target into clicking a link in a spoofed email, text message or instant message. As a result, the target unwittingly reveals sensitive information, installs malicious programs (malware) on their network or executes the first stage of an advanced persistent...
Wednesday, February 27, 2019
Digital Signature - Detailed Explanation
February 27, 2019 Davinder

A digital signature is a mathematical technique used to validate the authenticity and integrity of a message, software or digital document.Key Generation Algorithms : Digital signature are electronic signatures, which assures that the message was sent by a particular...
Subscribe to:
Posts (Atom)