Kunal ramraje

How does 𝐆𝐨𝐨𝐠𝐥𝐞 𝐀𝐮𝐭𝐡𝐞𝐧𝐭𝐢𝐜𝐚𝐭𝐨𝐫 work? We use this authenticator a lot for logging into our accounts and transferring money online.  But how does it guarantee security? Google Authenticator is a software-based authenticator that implements two-step verification service. The diagram below provides detail.    There are two stages involved: 🔹 Stage 1 - The user enables Google two-step verification. 🔹 Stage 2 - The user uses the authenticator for logging in, etc.   Let’s look at these stages.   𝐒𝐭𝐚𝐠𝐞 1 Steps 1 and 2:  Bob opens the web page to enable two-step verification. The frontend requests a secret key. The authentication service generates the secret key for Bob and stores it in the database.   Step 3:  The authentication service returns a URI to the frontend. The URI is composed of key issuer, username and secret key. The URI is displayed in the form of a QR code on the web page.   Step 4:  Bob then uses Google Authenticator to scan the generated QR code. The s

What Is OWASP? OWASP, or the  Open Web Application Security Project , is a nonprofit organization focused on software security. Their projects include a number of open-source software development programs and toolkits, local chapters and conferences, among other things. One of their projects is the maintenance of the OWASP Top 10, a list of the top 10 security risks faced by web applications. OWASP Top 10 Vulnerabilities So, what are the top 10 risks   accordingly to OWASP?? 1. Injection Injection occurs when an attacker exploits insecure code to insert (or inject) their own code into a program. Because the program is unable to determine code inserted in this way from its own code, attackers are able to use injection attacks to access secure areas and confidential information as though they are trusted users. Examples of injection include SQL injection, command injections, CRLF injections, and LDAP injections.  Application security testing can reveal injection flaws and suggest remedia

USB Rubber ducky   is an HID device that looks similar to a USB Pen drive. It may be used to inject keystroke into a system, used to hack a system, steal victims essential and credential data can inject payload to the victim’s computers. The main important thing about USB Rubber ducky is that it cannot be detected by any Anti-Virus or Firewall as it acts as an HID device. Features:  USB Rubber ducky is a kind of key injection tool, can be used as malicious or non-malicious keystroke. It is one of the favorite devices of hackers penetration testers as it is very fast and did not detect by ant PC. USB Rubber Ducky can also be used for targeting vulnerable systems or programming processes and save times. Working: USB rubber ducky acts as a keyboard and has keystrokes installed in it When we connect it to PC the keystrokes run automatically. It has a high speed of approx. 1000 words per minute. So those works which can be done by keyboard can also be done by USB rubber ducky When ever it i

When a hacker has an unnoticed backdoor on your computer, anything is possible, but there are a few things you can do to minimize the risk of having your keys captured: 🔸 Use antivirus software. While there's not a catch-all solution, and antivirus software won't protect against sophisticated and cutting-edge keyloggers, there's still no excuse for not using antivirus software which protects against most known keylogger software. 🔸 Use on-screen keyboards when entering passwords.One of the limitations of most keyloggers is that they only capture actual keystrokes being pressed on the keyboard. The Windows on-screen keyboard will provide a virtual keyboard that may help circumvent keyloggers. 🔸 Use a firewall. It's possible lazy attackers won't go through the effort of disguising their payloads to appear as being normal DNS (port 53) or HTTP (port 80) transmissions. A firewall might catch suspicious packets leaving your computer on port 35357. 🔸 Protect your comp

  What is a Google Dork? Google dorking, also known as Google hacking, can return information that is difficult to locate through simple search queries. That description includes information that is not intended for public viewing but that has not been adequately protected.  A search parameter is a limitation applied to a search. Here are a few examples of advanced search parameters: site:  returns files located on a particular website or domain. filetype:  followed (without a space) by a file extension returns files of the specified type, such as DOC, PDF, XLS and INI. Multiple file types can be searched for simultaneously by separating extensions with “|”. inurl:  followed by a particular string returns results with that sequence of characters in the URL. intext:  followed by the searcher’s chosen word or phrase returns files with the string anywhere in the text. As a  passive attack  method, Google dorking can return usernames and passwords, email lists, sensitive documents, persona