Trinity is a Fuzz testing engine. One that has been done many times before on Linux, and on other operating systems, where Trinity differs is that the arguments it passes are not purely random. Trinity is slightly different from traditional fuzzing.
Trinity Fuzzer is really good at locating bugs in FS.
Trinity creates up a pool of file descriptors, from pipes, sysfs, procfs, /dev and sockets when a system call needs a file descriptor. Trinity also uses information about system calls to provide “something at least semi-sensible”.
Trinity supports Alpha, Aarch64, ARM, i386, IA-64, MIPS, PowerPC-32 etc.
Trinity adding support for additional architectures is a small amount of work mostly involving just defining the order of the syscall table. Trinity also has improved reproducibility so that, when a kernel oops occurs, Trinity records the last random seed used so a developer can use its value to recreate the problem.
Trinity is a system call fuzzer which employs some techniques to pass semi-intelligent arguments to the syscalls.
Trinity has a “syscalls group” dedicated to VFS syscalls.
The intelligence features include in Trinity:
If a system call expects a certain datatype as an argument (for example a file descriptor) Trinity gets passed one.
If a system call only accepts certain values as an argument, (for example a ‘flags’ field), Trinity has a list of all the valid flags that may be passed.
Trinity logs it’s output to files (1 for each child process), and fsync’s the files before Trinity actually makes the system call.
If one run Trinity without any arguments as a non-root user, it will scan for fd’s as mentioned above, then create a number of child processes.
With warning out of the way: Trinity has a neat feature called ‘victim files’.
There are almost always new kernel bugs being triggered by trinity.
Sometimes, trinity causes the oom-killer to trigger.
Malheur is a tool of automatic analysis malware behavior. Malheur has been designed to support the regular analysis of malicious software and the development of detection and defense measures. Malheur allows for identifying novel classes of malware with similar behavior and assigning unknown malware to discovered classes.
MALHEUR supports four basic actions for analysis:
Malheur permits for figuring out novel lessons of malware.
Malheur supports Extraction of prototypes: Malheur identifies a subset of prototypes representative for the full data set.
Malheur supports Clustering of behavior: Malheur automatically identifies groups (clusters) of reports containing similar behavior.
Malheur supports Classification of behavior: Malheur is able to assign unknown behavior to known groups of malware.
Malheur supports Incremental analysis: Malheur can be applied incrementally for analysis of large datasets. By processing reports in chunks, the run-time can be significantly reduced. This renders the application of Malheur feasible.
Analysis of malware behavior by Malheur:
Malware binaries are collected in the wild and executed in a sandbox, where behavior of Malheur is monitored during run-time. Malheur analyzes reports for discovery and discrimination of malware classes using machine learning. Malheur can be applied to recorded behavior of various format, for example as in reports generated by CWSandbox, Anubis, Norman Sandbox and Joebox.
Actions & Options of Malheur
Malheur supported different actions for analysis of a dataset. For all actions the reports of Malheur are first mapped to a high-dimensional vector space.
Droid Application Fuzz Framework (DAFF) helps to fuzz Android Browsers and PDF Readers for memory corruption bugs in real android devices. Everyone can use the inbuilt fuzzers or import fuzz files from one’s own custom fuzzers. DAFF consist of inbuilt fuzzers and crash monitor.
Droid-FF is the very first Android fuzzing framework which helps researchers find memory corruption bugs written in c /c ++ – It comes as a VM which is ready to go and easy to work with.
Native code for Droid-FF is preferred over JIT languages due to their memory efficiency and speed, but security bugs within native code can result in exploits that can take over the Android system . The goal of the fuzzer is help researchers find security bugs by fuzzing Android.
Droid Application Fuzz Framework currently supports fuzzing the following applications:
Adobe Acrobat Reader
Foxit PDF Reader
Google PDF Viewer
WPS Office + PDF
What does it do:
Currently includes Peach, with some pre-populated pit files, which helps in generating data be it “dex,ttf,png,avi,mp4” etc
a . Dumb fuzzing: From a large input section of valid data , the fuzzer generates new data with mutations in place.
Intelligent Fuzzing: File format representation of the target data and let the fuzzer generate data which is structurally valid, but has invalid data in sections.
The fuzzing system is an automated program which runs the dataset against the target program and deals with any error conditions that can possibly happen. It also maintains state so that we could resume the fuzzing from the right place in an event of a crash.
Advanced Triage System
In the event of a valid crash, the triage system collects the tombstone files which contains the dump of the registers and system state with detailed information. It also collects valid logs and the file responsible for the crash and moves it to the triage database. The triage database runs scripts on the data derived from crashes, like the type pf the crash, for eg : SIGSEGV, the PC address at this crash and checks for any duplicate, if found, the duplicate entry is removed and is moved to crashes for investigation.
Using during this lab:
The android system which we are going to fuzz is an Engineering build from AOSP which has symbols, thus in an event of a crash, it will be much easier to triage the crash. The system supports fuzzing real devices, emulators , and images running on virtual box.
Droid Application Fuzz Framework has three fuzzer modes:
Google Domato– Uses slightly modified version of Google Domato for generating fuzz files.
Dumb Fuzzer– As the the name suggests, a dumb fuzzer. (Only for PDF)
Pregenerated Files (3rd Party Fuzzer)– To use your private or custom fuzzer generated files.
MARA is a Mobile Application Reverse engineering and Analysis Framework. It is a tool that puts together commonly used mobile application reverse engineering and analysis tools, to assist in testing mobile applications against the OWASP mobile security threats. Its objective is to make this task easier and friendlier to mobile application developers and security professionals.
How it all started
For the past few months by digging into the Android Operating system to understand its inner workings and how different elements are pieced together. It is decided to start of with trying to understand how applications are developed.
The first step was to understand the components of an android application, then later how the operating system executes it, what data is stored, where its stored and who had access to it.
It soon started to become quite frustrating on having to run various tools to get different output. For example, running dex to jar to convert the android application (apk) into a jar file or converting the apk into smali bytecode using baksmali. This process was not only inconvenient and slow, but i could only reverse engineer and study one app at a time. At this point in time my good friend Chrispuswas also facing the same challenges on reverse engineering android apps.
After a bit of googling it came across MobSF. Its an awesome tool that performs both static and dynamic analysis of both Android and iOS applications. After downloading the tool from github and poking around in it, found the strings it was using to perform the static analysis, and that was when we had the light bulb moment.
It has figured, why don’t we use the same strings to perform the static analysis but dumping the identified matches to a text file for review. First thing first, was to ask Ajin, the creator of MobSF for permission to use the detection strings, of which he obliged. What crossed our minds next was the OWASP mobile top 10, which checks are supposed to be performed on an mobile application in accordance to OWASP mobile security threats. then it came across the list of mobile app checklist on the OWASP website for both static and dynamic analysis.
After a few months of bash scripting, the simple reverse engineering script morphed into the MARA framework. A tool that decompiles android application, java classes, dex file and class files into java class files, then proceeds to statically analyze them. Included androbugsto scan for potential vulnerabilities in the apk, alongside a number of other tools. There is also an integrated SSL scanner for scanning domains extracted from the resulting source code. This was nothing more than a script to make our work easier, faster and more efficient.
APK Reverse Engineering
Disassembling Dalvik bytecode to smali bytecode via baksmali and apktool
Disassembling Dalvik bytecode to java bytecode via enjarify
Decompiling APK to Java source code via jadx
APK deobfuscation via apk-deguard.com
Parsing smali files for analysis via smalisca
Dump apk assets,libraries and resources
Extracting certificate data via openssl
Extract strings and app permissions via aapt
Identify methods and classes via ClassyShark
Scan for apk vulnerabilities via androbugs
Analyze apk for potential malicious behaviour via androwarn
Identify compilers, packers and obfuscators via APKiD
Extract execution paths, IP addresses, URL, URI, emails via rege
APK Manifest Analysis
Extract exported activities
Extract exported receivers
Extract exported services
Check if apk is debuggable
Check if apk allows backups
Check if apk allows sending of secret codes
Check if apk can receive binary SMS
Domain SSL scan via pyssltest and testssl
Website fingerprinting via whatweb
Source code static analysis based on OWASP Top Mobile Top 10 and the OWASP Mobile Apps Checklist
MARA is capable of performing either single or mass analysis of apk, dex or jar files.
A multiple set of test tools will be necessary for a more thorough and comprehensive testing process .I have given an overview of the MARA Framework setup process and how it can expedite your android app reverse engineering and static analysis process.
BriskInfosec holds utmost experience in Mobile App Penetration Test to identify potential vulnerabilities and insure coding practises in android application.
A hash buster is a program that generates a string of text for insertion in a spam message so that, to a spam filter, the e-mail appears to be a different message each time it is sent. The text might appear in the Subject line, its From line, or after the message body, and might either be coherent text or gibberish. The latter is sometimes arranged in word-like formations to be less easily detected.
The hashing process, used by some spam filters, represents each message as a single number (known as a hash) to simplify comparison. Each number is then compared to those of other messages to determine if it matches a list of known spam messages or enough other messages to determine bulk e-mail status. However, a hash buster is only effective for spam filters that rely solely on hash comparison, and most such programs combine a number of approaches.
PTH is a one of the hash buster attack technique that allows an attacker to start lateral movement in the network over the NTLM protocol, without the need for the user password. We evaluated a number of legitimate and illegitimate scenarios for (PTH) NTLM connections to see the differences and how each of these can be distinguished. Based on our findings, CyberArk Labs created a freely available tool (Ketshash) that detects live PTH attempts.
MD5 has been deprecated for uses other than as a non-cryptographic checksum to verify data integrity and detect unintentional data corruption.
SHA – standing for secure hash algorithm used by certification authorities to sign certificates and CRL (certificates revocation list). Introduced in 1993 by NSA with SHA0, it is used to generate unique hash values from files. Developed as part of the U.S. Government’s Capstone project.
Since 2005 SHA-1 has not been considered secure against well-funded opponents, and since 2010 many organizations have recommended its replacement by SHA-2 or SHA-3. Microsoft, Google, Apple and Mozilla have all announced that their respective browsers will stop accepting SHA-1 SSL certificates by 2017.
According to Venafi, after January this kind of certificate use will cause major performance disruptions. For example, browsers will alert users that sites using SHA-1 are insecure and won’t display a green padlock or other symbol for secure HTTPS transactions. Browsers may even block access to sites that use the outdated certificates.
SHA-2 is a set of cryptographic hash functions which includes SHA-224, SHA-256, and SHA-512. The 256 in SHA-256 represents the bit size of the hash output or digest when the hash function is performed. Not all software supports every digest size within the SHA-2 family. Most browsers, platforms, mail clients, and mobile devices already support SHA-2. However, some older operating systems such as Windows XP pre-SP3 do not support SHA-2 encryption.
Many organizations will be able to convert to SHA-2 without running into user experience issues, and many may want to encourage users running older, less secure systems to upgrade.
Network Sniffing Tools were listed since 2014 from the web’s favorite hacking/ pentesting software hacker tools as used by hackers, geeks, ethical hackers and security engineers (as well as black hat hackers).
This list and resource sprung to life when we organized an online poll way back in 2013 that was very well received and the below are the recommended tools that all voted as the ‘Top Ten List of Hacking Tools’.
Nmap (Network Mapper)
Nmap is an abbreviation of ‘Network Mapper’, and it’s very well known free open source hackers tool. It is mainly used for network discovery and security auditing. As a tool uses raw IP packets in creative ways to determine what hosts are available on the network, what services (application name and version) those hosts are providing information about, what operating systems (fingerprinting) and what type and version of packet filters/ firewalls are being used by the target. It was designed to rapidly scan large networks, but works fine against single hosts.
Metasploit Penetration Testing Software
The Metasploit Project is a hugely popular pentesting or hacking framework. It is very essential network sniffing tools which provides the user with vital information regarding known security vulnerabilities and helps to formulate penetration testing and IDS testing plans, strategies and methodologies for exploitation. Most practical IT Security courses such as OSCP and CEH include a Metasploit component. It helps security teams do more than just verify vulnerabilities, manage security assessments, and improve security awareness; it empowers and arms defenders to always stay one step (or two) ahead of the game.
John The Ripper
John the Ripper is free and Open Source software which is famous network sniffing tools, distributed primarily in source code form. If you would rather use a commercial product tailored for your specific operating system, please consider John the Ripper Pro, which is distributed primarily in the form of “native” packages for the target operating systems and in general is meant to be easier to install and use while delivering optimal performance. This tool can also be used to perform a variety of alterations to dictionary attacks.
THC Hydra is a popular password cracker and has a very active and experienced development team. Essentially THC Hydra is a fast and stable Network sniffing Tools that will use dictionary or brute-force attacks to try various password and login combinations against an log in page. This hacking tool supports a wide set of protocols including Mail (POP3, IMAP, etc.), Databases, LDAP, SMB, VNC, and SSH.
The Zed Attack Proxy (ZAP) is one of the most popular network sniffing tools named as OWASP projects. The fact that you’ve reached this page means that you are likely already a relatively seasoned cybersecurity professional so it’s highly likely that you are very familiar with OWASP, not least the OWASP Top Ten Threats listing which is considered as being the ‘guide-book’ of web application security. This hacking and pentesting tool is a very efficient as well as being an ‘easy to use’ program that finds vulnerabilities in web applications.
Wireshark is the world’s foremost and widely-used network sniffing tools and very popular pentesting tool. It can locate what’s happening on your network at a microscopic level and is the de facto (and often de jure) standard across many commercial and non-profit enterprises, government agencies, and educational institutions.
Wireshark essentially captures data packets in a network in real time and then displays the data in human-readable format (verbose). The tool (platform) has been highly developed and it includes filters, color-coding and other features that lets the user dig deep into network traffic and inspect individual packets.
The Aircrack is a Wifi (Wireless) hacking or network sniffing tools. This network sniffing tool are very effective when used in the right hands. For those new to this wireless-specific hacking program, Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking hacking tool that can recover keys when sufficient data packets have been captured (in monitor mode). All tools are command line which allows for heavy scripting. A lot of GUIs have taken advantage of this feature. It works primarily Linux but also Windows, OS X, FreeBSD, OpenBSD, NetBSD, as well as Solaris and even eComStation 2.
Maltego is a unique network sniffing tools and it is an unique platform developed to deliver a clear threat picture to the environment that an organization owns and operates and is a platform that was designed to deliver an overall cyber threat picture to the enterprise or local environment in which an organization operates. It is an unique advantage is to demonstrate the complexity and severity of single points of failure as well as trust relationships that exist currently within the scope of your infrastructure.
One of the awesome things about Maltego which likely makes it so popular (and included in the Kali Linux Top Ten) is its’s unique perspective in offering both network and resource based entities is the aggregation of information sourced throughout the web.
Cain and Abel Hacking Tool
Cain and Abel is a password recovery tool which is a popular network sniffing tools for Microsoft Windows but it can be used off-label in a variety of uses, for example, white and black hat hackers use Cain to recover. Many types of passwords using methods such as network packet sniffing and by using the tool to crack password hashes.
Nikto Website Vulnerability Scanner
Nikto is a classic Network Sniffing Tool’ that a lot of pentesters like to use. Nickto is sponsored by Netsparker (which is yet one of the Network Sniffing Tools). It is an Open Source (GPL) web server scanner which is able to scan and detect web servers for vulnerabilities. It performs over 6000 tests against a website. The large number of tests for both security vulnerabilities and mis-configured web servers makes it a go to tool for many security professionals and systems administrators. It can find forgotten scripts and other hard to detect problems from an external perspective.
Cybersecurity Threats not to be ignored by SMB Etailers. Some small e-commerce website operators may think their relative obscurity offers protection, but the fact is that SMBs are especially vulnerable to cyberattacks and malware.
“Very often small businesses don’t feel vulnerable to cybersecurity threats because they assume cybercriminals prefer to launch attacks on large companies,” said Stephanie Weagle, VP of Corero.
“On the contrary, cybercriminals have greater success in targeting small businesses,” she told the E-Commerce Times.
The most obvious attacks involve the use of overt malware, such as ransomware, or redirection to potentially competitive websites, noted Chris Olson, CEO of The Media Trust.
Other attacks “may insert embarrassing language on the homepage or stealthily execute unwanted programs such as cryptominers, toolbars and fake surveys,” he told the E-commerce Times.
There are three major cybersecurity threats SMB etailers can address effectively.
Unvetted Open Source Code
SMBs that use open source software to keep down costs may increase their vulnerability to cyberattack, Olson suggested.
“There is no accountability for the developer community should a feature or plug-in be compromised,” he said.
“Thousands of retailers use open source platforms and tools to successfully launch their Web-based commerce operations,” Olson noted.
“These open source tools are compromised on a regular basis via extension corruptions or the creation of flawed versions,” he explained, “and as traffic and revenues grow, so does the attraction for criminals.”
Etailers should avoid using open source code that has not been thoroughly vetted, Olson recommended. “For a modest investment, etailers can identify all executing code, analyze its relevance to website functionality, and remediate anomalous activity that could propagate an attack.”
Risky Third-Party Web Components
Third-party Web components “are a significant problem for small businesses,” said Sam Curcuruto, technology evangelist at RiskIQ.
Their users employ “a lot of plugins and open source code which can be exploited downstream to give hackers access to any Web properties running them,” he told the E-Commerce Times.
Among such exploits are keylogger software, which steals credit card data when customers make purchases online.
Etailers can combat threats posed by third-party Web components by selecting a reputable website hosting provider or Web development company, and “making sure your contracts or agreements with them include routine and periodic security reviews,” Curcuruto said.
They also should include a patching service level agreement, or SLA, “that notes how quickly updates will be applied to their servers and machines that might run your website or payment processing,” he continued.
That would not only address security concerns, but also ensure compliance with regulations such as PCI-DSS, Curcuruto pointed out.
Most Popular Training Courses at Indian Cyber Security Solutions
Cyber Security in the digital dark age. Business leaders who recently convened in Davos for the annual World Economic Forum fretted over the various catastrophes that could hit the globe hard and – given the recent spate of cyber attacks – cyber security was high up on the agenda.
The end result was the launch of a Global Center for Cyber security (GCC) with a clear mission to “prevent a digital dark age”. It claims to be the first platform for cyber security coordination on a global scale, bringing together governments, business and law enforcement agencies. The importance of cyber security is growing not only for traditional computer networks but also for “artificial intelligence, robotics, drones, self-driving cars and the Internet of Things”.
Cyber attacks are like any other crime, except that the origins and reach can be global. Put simply, a cyber-criminal in one country can reach out to target victims at the other end of the world. Likewise, a gang of cyber criminals could organised themselves across several countries to target their victims.
It’s the unfortunate reality of the connected world we live in, where the internet doesn’t only provide connectivity but also anonymity and transient access, all of which serve to enable such attacks.
On top of that, parallel structures over the internet – known as the dark web – have emerged to facilitate cyber-attacks of all kinds, allowing a black economy to thrive and be marketed.
This year’s Global Risk Report places cyber attacks in the top five global risks, behind only extreme weather events and natural disasters. The World Economic Forum said:
Most attacks on critical and strategic systems have not succeeded – but the combination of isolated successes with a growing list of attempted attacks suggests that risks are increasing. And the world’s increasing interconnectedness and pace heightens our vulnerability to attacks that cause not only isolated and temporary disruptions, but radical and irreversible systemic shocks.
It’s clear that a globally coordinated approach to cyber security is essential.
While this is laudable, there have been similar efforts over the past decade or so – with mixed results. The Budapest Convention on Cyber crime, launched in 2001 by the Council of Europe, was one such attempt to align laws and to enable a key provision of securing digital evidence across jurisdictions to effectively resolve investigations. Harmonization, however, has been a challenge with competing regional efforts emerging in various parts of the world.
NATO’s Cooperative Cyber Defense Center of Excellence based in Tallinn, Estonia, is another such effort. It has played a major role in help producing the Tallinn Manual, which is the most comprehensive of international treaties for cyberspace law. Its impact is severely limited, however, because it is strictly an academic study and legally non-binding.
Most Popular Training Courses at Indian Cyber Security Solutions
Cyber Attacks and geopolitical events in Asia may go hand in hand, according to Comodo’s first annual Global Malware Report for 2017, particularly when it comes to North Korea and China.
Cyberespionage and cyber war preparation in Asia is nothing new, so it is no surprise that the region experiences significant Cyber Attacks spikes when significant events happen, the company surmises in the report.
The report shows that malware spikes occurred at the same time as geopolitical events last year – most notably on September 3 when North Korea conducted a nuclear test. China, Russia and the United States condemned the attacks, and at the same time Comodo detected more than 50,000 Trojan detection’s in China.
In early to mid-May, amid North Korea/China tensions, a meeting with Jared Kushner and China, and the Silk Road Summit in Beijing, cyber attacks reached more than 30,000.
Later in the year, Comodo saw even more Trojan spikes—totalling 40,000 after an Aug. 8 earthquake that killed 19 and a U.S./China naval spat on Aug. 8 in the South China Sea.
This is not the only example. On August 28 2017, North Korea fired missiles over Japan. The same week, there were almost 25,000 detections in Japan. Trojan activity dropped soon after.
“Nuclear activity of any type draws worldwide attention, as nations scramble to gather intelligence and prepare for possible military operations. The startling spike seen above demanded the creation of the more detailed chart below — especially since Comodo is likely one of the few commercial cybersecurity companies with visibility inside North Korea,” the report explains.
Worm detections in the Philippines also spiked in April when there was dispute about the South China Sea, and in May after conflict with ISIS in Mindanao.
Globally, Trojans and malicious applications caused the majority of malware damage to systems.
“Trojans dominated the malware landscape with 41.0% of Comodo detections. Applications exhibiting malicious, unsafe, or undesirable behavior came in second place at 24.7%. And backdoors were the third-most detected form of malware at 10.1%.”
Trojans can be delivered through a range of methods, including phishing emails to malicious advertising.
While Russia was the most popular country for Trojan detections (9.7%), China ranked sixth. The United States ranked top for malicious applications (2.7%), while India featured seventh in the list.
“Looking toward 2018, our malware trend-lines show that the detection rate for Trojans, worms, unsafe applications, and malware packers is currently down. Holding steady are applications, unwanted applications, and viruses. Most importantly for Q1 2018, backdoor are now on the rise, which means that for the moment, enterprises should shift some of their focus to the detection and mitigation of backdoor,” the report concludes.
Most Popular Training Courses at Indian Cyber Security Solutions
Hacking websites? Here are the six most popular ways. Hackers can hack a website or system or network, which would ultimately lead to the data theft, shutting down of the website, businesses experiencing big losses and so many other serious issues arising due to Hacking websites. Hackers can carry out their attacks in numerous ways to hack all sorts of websites, which is why we need to use all sorts of security systems in order to secure our websites .
Have a look at those six popular ways of hacking websites:
The DDoS (Distributed Denial of Service) Attack
By far this one is the most favourite practices that is popularly used by hackers. This one is all about denying services which means that a server’s or machine’s amenities are made inaccessible to its operators. Once the system is offline, hackers would compromise the entire website or specific functions of the website and take advantage of the same.
Hackers mostly carry out DDoS attacks by sending tons of URL requests to a website or webpage, all in a small span of time. Thus, there happens a bottlenecking for the server and the CPU would run out of resources.
The RCE (Remote Code Execution) Attack
Hackers exploit vulnerabilities to carry out attacks and execute malicious code remotely to take complete control of an affected system or website. Hackers could target vulnerable components of a website, including libraries, remote directories on a server which aren’t being monitored, frameworks, software modules etc and attack through scripts, malware, small command lines that extract information etc.
The Injection Attack
Injections attacks happen when hackers exploit security flaws that exist in the SQL Database, SQL libraries, or even the operating system itself. Users may unknowingly open files that seem to be credible and which would contain hidden commands (or “injections”) and thereby allow hackers gain unauthorized access to private data- credit card data, social security numbers, other financial data etc.
The XSS (Cross Site Scripting) Attack
A hacker sends an application, URL “get request” or file packet to the web browser window bypassing the validation processes and thereby triggers an XXS script, which makes the website users believe that the webpage which they are viewing is legitimate even though in reality it’s compromised. Thus, they would be made to enter personal details- credit card info or other sensitive personal info, which the hacker would steal and misuse.
DNS Cache Poisoning
Also known as DNS spoofing, DNS Cache Poisoning happens when attackers identify vulnerabilities in a DNS (Domain Name System) and exploit the same to divert traffic from the legit servers to a fake website and/or server. This kind of an attack involves old cache data which is “toxic” and which you think doesn’t exist any longer on your system. Such attacks can also spread and replicate themselves from DNS to DNS, thereby “poisoning” everything that comes in its path.
The Social Engineering Attack
Social engineering attacks are very common these days; using different methods hackers would trick users into divulging confidential information and then they would use the same to attack a website (or organization) or to cause harm to the person himself. The hacker could make use of common online interactions- emails, chats, calls, social media site interactions etc- to carry out such attacks.
Most Popular Training Courses at Indian Cyber Security Solutions