Kunal ramraje

What Is OWASP? OWASP, or the  Open Web Application Security Project , is a nonprofit organization focused on software security. Their projects include a number of open-source software development programs and toolkits, local chapters and conferences, among other things. One of their projects is the maintenance of the OWASP Top 10, a list of the top 10 security risks faced by web applications. OWASP Top 10 Vulnerabilities So, what are the top 10 risks   accordingly to OWASP?? 1. Injection Injection occurs when an attacker exploits insecure code to insert (or inject) their own code into a program. Because the program is unable to determine code inserted in this way from its own code, attackers are able to use injection attacks to access secure areas and confidential information as though they are trusted users. Examples of injection include SQL injection, command injections, CRLF injections, and LDAP injections.  Application security testing can reveal injection flaws and suggest remedia

USB Rubber ducky   is an HID device that looks similar to a USB Pen drive. It may be used to inject keystroke into a system, used to hack a system, steal victims essential and credential data can inject payload to the victim’s computers. The main important thing about USB Rubber ducky is that it cannot be detected by any Anti-Virus or Firewall as it acts as an HID device. Features:  USB Rubber ducky is a kind of key injection tool, can be used as malicious or non-malicious keystroke. It is one of the favorite devices of hackers penetration testers as it is very fast and did not detect by ant PC. USB Rubber Ducky can also be used for targeting vulnerable systems or programming processes and save times. Working: USB rubber ducky acts as a keyboard and has keystrokes installed in it When we connect it to PC the keystrokes run automatically. It has a high speed of approx. 1000 words per minute. So those works which can be done by keyboard can also be done by USB rubber ducky When ever it i

When a hacker has an unnoticed backdoor on your computer, anything is possible, but there are a few things you can do to minimize the risk of having your keys captured: 🔸 Use antivirus software. While there's not a catch-all solution, and antivirus software won't protect against sophisticated and cutting-edge keyloggers, there's still no excuse for not using antivirus software which protects against most known keylogger software. 🔸 Use on-screen keyboards when entering passwords.One of the limitations of most keyloggers is that they only capture actual keystrokes being pressed on the keyboard. The Windows on-screen keyboard will provide a virtual keyboard that may help circumvent keyloggers. 🔸 Use a firewall. It's possible lazy attackers won't go through the effort of disguising their payloads to appear as being normal DNS (port 53) or HTTP (port 80) transmissions. A firewall might catch suspicious packets leaving your computer on port 35357. 🔸 Protect your comp

  What is a Google Dork? Google dorking, also known as Google hacking, can return information that is difficult to locate through simple search queries. That description includes information that is not intended for public viewing but that has not been adequately protected.  A search parameter is a limitation applied to a search. Here are a few examples of advanced search parameters: site:  returns files located on a particular website or domain. filetype:  followed (without a space) by a file extension returns files of the specified type, such as DOC, PDF, XLS and INI. Multiple file types can be searched for simultaneously by separating extensions with “|”. inurl:  followed by a particular string returns results with that sequence of characters in the URL. intext:  followed by the searcher’s chosen word or phrase returns files with the string anywhere in the text. As a  passive attack  method, Google dorking can return usernames and passwords, email lists, sensitive documents, persona

🛑Cyber attacks most commonly involve the following: ⭕Malware in which malicious software is used to attack information systems. Ransomware, spyware and Trojans are examples of malware. Depending on the type of malicious code, malware could be used by hackers to steal or secretly copy sensitive data, block access to files, disrupt system operations or make systems inoperable. ⭕Phishing in which hackers socially engineer email messages to entice recipients to open them. The recipients are tricked into downloading the malware contained within the email by either opening an attached file or embedded link. ⭕Man-in-the-middle or MitM, where attackers secretly insert themselves between two parties, such as individual computer users and their financial institution. Depending on the details of the actual attack, this type of attack may be more specifically classified as a man-in-the-browser attack, monster-in-the-middle attack or machine-in-the-middle attack. It is also sometimes c