Hacking

Thu
12
Jan

Win a Career in TCS Cyber Security Team

Win a Career in TCS Cyber Security Team

Win a Career in TCS’ Cyber Security Team and grab a chance to be associated with the history of the contest as the Winner of the Inaugural Edition.

Welcome to HackQuest, TCS Ethical Hacking Contest for students passing out in 2017.
 
Eligibility Criteria: Open for Technical UG, PG & BCA students of 2017 batch with specialization in Computer Science, IT and Circuit Branches (Electronics & Electrical Engineering, Electronics & Communication, Electronics & Telecommunication, Electrical, Electronics, Electronics & Instrumentation and Instrumentation)
 
Why should you participate?
 
Mon
29
Aug

Hacking of the defense data - Impact of information leak of Scorpene

Hacking of the Defense data-Impact of information leak of Scorpene

Hacking defense data-Impact of information outpouring of Scorpene in this era of hacking and cyber-terrorism, a data stealing might be a great loss for a country rather than a war. The developed nations had been disbursement billions or Trillions for their defense sectors. The rivals rather than directly attacking the nations, began to compromise the security of their data. A few of day’s back Indian Defense sector were appalled once 22,400 pages of information on Scorpene Submarine were leaked.

Thu
16
Jun

Defense against Google Hacking

Google Hacking
For better understanding of the topic “Defense against Google hacking”, we will have a look into what exactly “Google Hacking” means.

Google Hacking:

Google Hacking or Google Dorking is a hacking technique, where Google search or Google applications are used to find the vulnerabilities in the configurations or source code of the website.
 
So here comes the question, “how Google search engine can be used to find such vulnerabilities?”
 
Answer would be: Google search engine provides support for a multitude of operators which gives more power to the normal Google search that we do on daily basis.
 
Now will have a glimpse on some examples of Google’s advanced operators:
  • Link: Sites that have a hyperlink to the URL specified will be returned in the search results.
Mon
13
Jun

Catch a Thief by Being One : Un-Scan It - Part III

Catch a Thief by Being One : Un-Scan It - Part III

In previous article, we understood the first phase of how an attack is launched. In this phase, attackers prepare for launching the attack by gathering as much information about the target as he can. This information may contain the OS details, DB version details, web server details and so on.

Now that attacker has all this data, he may try and identify if there are any vulnerabilities present in the environment, OS configuration details and Network architecture. This second phase of perpetrating an attack is known as Scanning.

Scanning

The objective of this phase is to find all live servers, open ports, OS and system architecture, services running on the OS and network architecture.

Mon
06
Jun

Catch a Thief by Being One : Control what you Reveal - Part II

Catch a Thief by Being One : Control what you Reveal - Part II

In previous article, we discussed about the major challenges posed to the Data Security of an organization. In global landscape, Hackers utilizes their skills, different tools, vulnerabilities and exploits to perform attacks. In this series, we will discuss about how an attacker performs the attacks.

Hacking any system is comprised of five phases:

Mon
09
May

Key Security Learnings from Bangladesh Bank hack !!!

Key security learning from Bangladesh Bank hack

About Bangladesh Bank hack -  The attackers who stole $81 million from the Bangladesh central bank probably hacked into software from the SWIFT financial platform that is at the heart of the global financial system

Key Security Learnings -  (can be easily mapped to OWASP Top 10 Attacks)

Fri
06
May

Is IRCTC website hacked?

IRCTC Website Hacked?

There were news reports that the Maharashtra cyber cell has informed IRCTC, India’s largest e-commerce websites and prime platform for booking railway tickets, about a potential data theft. Even though, IRCTC, the Indian Railway Catering and Tourism Corporation Limited, has denied news reports that its data had been hacked, panic is there among the users of the site. IRCTC PRO Sandip Dutta said: “There has been no hacking attempt on the site. A high-level committee has been formed to probe the matter.” However, most of the news agencies reported it as a case of hacking and with the news, many frantically went and changed their password, some others created new accounts. It was reported that the credit/debit card details, PAN card details, Aadhaar card details, email ids and mobile numbers, which were revealed by IRCTC users will now be used by the hackers.

Mon
11
Jan

2015 Mega Security Breaches - A Review

2015 Mega Security Breaches - A Review

Continuation to what I wrote last year, I am selecting some of the breaches I felt as interesting in 2015.

Ashley Madison breach                

Ashley Madison website, known for the wrong reasons was one of the major data breaches reported in 2015.

Mon
11
Jan

A quick thought on how good Sandboxing technologies are ?

A quick thought on how good Sandboxing technologies are?

These days we hear lot about Advanced Persistent Threat (APT) mitigation techniques and the solutions that could protect us from Zero Day Attacks. Last couple of years the main focus was on Sandboxing solutions. We normally place firewall, IPS/IDS, HIPS, Antivirus solutions as a part of Defence in Depth principle. The limitation in this is most IPS/IDS, HIPS or Antivirus solutions detect and block known malwares as most of them are signature based security solutions. If they don’t have a corresponding signature, then the attack will go unnoticed and will result in exploiting vulnerabilities. I always believe in a principle – Prevention is better than cure.

Tue
29
Dec

Beware of Salami !! It might be stealing your money online

Beware of Salami !! It might be stealing your money online

These days we are hearing a lot about different online wallets where we can add money to the wallet and can be used for online purchases or it can be for a taxi ride later. We are getting lot of advertisements and offers to add money to the wallet. Yes, I too agree that this is a good technology advancement. However, in case if they deduct One Rupee from this wallet without our knowledge, would you mind in contacting them to check about the details? If we contact them, for sure the telephone charges will be more than One Rupee if they do not have a toll free facility. Most of us wont mind loosing that One Rupee. How about the provider deducts One Rupee from One million customers a day without their knowledge.

Pages

Subscribe to RSS - Hacking