Snow
Forest
Mountains
Snow
Snow

Category Archives: Uncategorized

ICSS Saved Harvard University from Hackers.

Category : Uncategorized

ICSS Saved Harvard University from Hackers.

 

ICSS team member Pritam Mukherjee has founded a vulnerability on the website of Harvard University and it is resolved now from their end. It is a proud moment for ICSS.

 

What is cross-site scripting (XSS)

 

Cross-site scripting (also known as XSS) is a web security vulnerability that allows an attacker to compromise the interactions that users have with a vulnerable application. It allows an attacker to circumvent the same-origin policy, which is designed to segregate different websites from each other. Cross-site scripting vulnerabilities normally allow an attacker to masquerade as a victim user, to carry out any actions that the user is able to perform and to access any of the user’s data. If the victim user has privileged access within the application, then the attacker might be able to gain full control over all of the application’s functionality and data.

 

Cross-Site Scripting (XSS) attacks occur when:

 

  1. Data enters a Web application through an untrusted source, most frequently a web request.
  2. The data is included in dynamic content that is sent to a web user without being validated for malicious content.

 

The malicious content sent to the web browser often takes the form of a segment of JavaScript, but may also include HTML, Flash, or any other type of code that the browser may execute. The variety of attacks based on XSS is almost limitless, but they commonly include transmitting private data, like cookies or other session information, to the attacker, redirecting the victim to web content controlled by the attacker, or performing other malicious operations on the user’s machine under the guise of the vulnerable site.

 

How to find and test for XSS vulnerabilities

The vast majority of XSS vulnerabilities can be found quickly and reliably using any web vulnerability scanner.

Manually testing for reflected and stored XSS normally involves submitting some simple unique input (such as a short alphanumeric string) into every entry point in the application; identifying every location where the submitted input is returned in HTTP responses; and testing each location individually to determine whether suitably crafted input can be used to execute arbitrary JavaScript.

Manually testing for DOM-based XSS arising from URL parameters involves a similar process: placing some simple unique input in the parameter, using the browser’s developer tools to search the DOM for this input, and testing each location to determine whether it is exploitable. However, other types of DOM XSS are harder to detect. To find DOM-based vulnerabilities in non-URL-based input (such as document.cookie) or non-HTML-based sinks (like setTimeout), there is no substitute for reviewing JavaScript code, which can be extremely time-consuming. Any web vulnerability scanner combines static and dynamic analysis of JavaScript to reliably automate the detection of DOM-based vulnerabilities.

 

How to Protect Yourself

 

The primary defenses against XSS are described in the OWASP XSS Prevention Cheat Sheet.

Also, it’s crucial that you turn off HTTP TRACE support on all web servers. An attacker can steal cookie data via Javascript even when document.cookie is disabled or not supported by the client. This attack is mounted when a user posts a malicious script to a forum so when another user clicks the link, an asynchronous HTTP Trace call is triggered which collects the user’s cookie information from the server, and then sends it over to another malicious server that collects the cookie information so the attacker can mount a session hijack attack. This is easily mitigated by removing support for HTTP TRACE on all web servers.

 

How to Determine If You Are Vulnerable

 

 

XSS flaws can be difficult to identify and remove from a web application. The best way to find flaws is to perform a security review of the code and search for all places where input from an HTTP request could possibly make its way into the HTML output. Note that a variety of different HTML tags can be used to transmit a malicious JavaScript. Nessus, Nikto, and some other available tools can help scan a website for these flaws, but can only scratch the surface. If one part of a website is vulnerable, there is a high likelihood that there are other problems as well.

 

 

 

 

 


Are You Secure While Watching Smart T.V?

Category : Uncategorized

 

 

Are You Secure While Watching Smart  T.V

You might enjoy watching your smart TV, but what if your smart TV is watching you back? And it’s not just about tracking what you watch. Your TV might actually be listening to your conversations. Or maybe even watching you through its camera. That’s scary!

 

The TV manufacturer might be getting your information and using it for targeted advertising. But that’s not all. Research has found out that smart TVs can be hacked, thanks to their security flaws. So if someone needs to gain access to your personal life, all they have to do is hack your smart TV and learn all about you.

 

Even if you turn off the mic or camera of the smart TV, there are security vulnerabilities that can let hackers spy on you. To make sure this doesn’t happen, follow these tips. If you already have a smart TV, just stop its supply of connectivity. It won’t be able to send your data to its manufacturers, ad companies, or hackers if you just disconnect it from the internet. Because honestly, you rarely use the voice commands. Sure, when the TV is new, everyone wants to use voice commands. But over the time, you just switch back to remotes since the TV doesn’t interpret voice commands correctly anyway. So to disconnect the TV, just visit the settings and turn off its Wi-Fi capabilities. But you do need Netflix on your TV, right? No problem at all. Just get a streaming box. Google Chromecast will play Netflix, Hulu, YouTube, and several other channels.

smart tv hacked

But smart TV spying has gotten much more sophisticated. The latest scandal involves a company called Samba TV, an app included in smart TVs made by Sony, TCL, Philips, and other major manufacturers. Samba is a seemingly harmless app that offers recommendations on what to watch, and that sounds awfully handy in a world where we may spend hours scrolling through Netflix to pick a show. It’s handy enough that most people (around 90%) just click “accept” when their new TV asks if they want to enable Samba.

The trouble is that by clicking accept you’re giving Samba access to a lot more than your viewing information. Samba also checks out devices connected to the same Wi-Fi network as your television, tracking not only what you’re watching on TV, but when you watch, where you go, and what you’re doing in other apps — which it can share with others for marketing purposes.

Even if you turn off the mic or camera of the smart TV, there are security vulnerabilities that can let hackers spy on you. To make sure this doesn’t happen, follow these tips. If you already have a smart TV, just stop its supply of connectivity. It won’t be able to send your data to its manufacturers, ad companies, or hackers if you just disconnect it from the internet. Because honestly, you rarely use the voice commands. Sure, when the TV is new, everyone wants to use voice commands. But over the time, you just switch back to remotes since the TV doesn’t interpret voice commands correctly anyway. So to disconnect the TV, just visit the settings and turn off its Wi-Fi capabilities. But you do need Netflix on your TV, right? No problem at all. Just get a streaming box. Google Chromecast will play Netflix, Hulu, YouTube, and several other channels.

I want to bring in the context the recent incident occurred in the Surat about a couple which has lead to crime smart tv made that couple private videos.

Rajesh Kumar* was in the habit of watching porn on his smart TV in his bedroom and often visited adult websites. Recently, the married man got the shock of his life when he discovered a video of intimate moments he had shared with his wife, on one such website. The cybersecurity experts that Rajesh* contacted eventually found out that the smart TV in his room had been hacked into and that its camera functionality was remotely used to capture footage – all without Rajesh’s* knowledge.

Rajesh*, a resident of a posh locality in Surat, was both stunned and extremely disturbed when he had discovered the video of him and his wife on a porn site. While he did not contact cops owing to fear of public humiliation, he got in touch with certain cybersecurity experts with knowledge of crimes using high-end technology. These experts reportedly investigated Rajesh’s* room where the video was shot but did not find any hidden camera anywhere. For a considerable period of time, even the experts were apparently flummoxed by how the video could have been recorded and then uploaded online. Then, eyes fell on the smart TV in the room.

Subsequent investigations revealed that because Rajesh* used to visit porn sites, a hacker on one such site could have easily broken into the TV – just like computers are hacked into – and used the in-built camera remotely to capture the live feed. Because the TV was WiFi-enabled, the recorded video was also uploaded online – all without the knowledge of Rajesh* and his wife. –about this incident let us see what

 

 

Pritam Mukherjee (ICSS Senior IT Security Analysis)-  icss it security analysis

Actually there are two processes through which this device could be hacked that are as followed:

1. When there is a device connected with the internet and that device is having the loophole (vulnerabilities access) then that device can easily be hacked.

  1. In smart tv, there could be browser and email sender both so if someone browses any the malicious website then the file is download from the website and it can access to the system and can also send email in the malicious file then it could be hacked easily.

                                  So looking to these points we can say that the incident took place in Surat was really hacked through smart tv


Noriben: Portable, Simple, Malware Analysis Sandbox

Category : Uncategorized

Noriben

Noriben   is a Python-based script that works in conjunction with Sysinternals Procmon to automatically collect, analyze, and report on runtime indicators of malware. In a nutshell, it allows you to run your malware, hit a keypress, and get a simple text report of the sample’s activities.

Noriben allows you to not only run malware similar to a sandbox but to also log system-wide events while you manually run malware in ways particular to make it run. For example, it can listen as you run malware that requires varying command line options, or user interaction. Or, to watch the system as you step through malware in a debugger.

Noriben solely requires Sysinternals procmon.exe (or procmon64.exe) to function. It requires no pre-filtering (although it might tremendously assist) because it incorporates quite a few white record gadgets to scale back undesirable noise from system exercise.

Noriben

 

Cool Features of Noriben:

If  you will have a folder of YARA signature information, you’ll be able to specify it with the –yara choice. Every new file create shall be scanned towards these signatures with the outcomes displayed within the output outcomes.

If you will have a VirusTotal API, place it right into a file named “virustotal.api” (or embed immediately within the script) to auto-submit MD5 file hashes to VT to get the variety of viral outcomes.

You can add lists of MD5s to auto-ignore (resembling your entire system information). Use md5deep and throw them right into a textual content file, use –hash to learn them.

You can automate the script for sandbox-utilization. Using -t to automate execution time, and –cmd “pathexe” to specify a malware file, you’ll be able to routinely run malware, copy the outcomes off, after which revert to run a brand new pattern.

YARA

 

Bypassing Anti-Sandboxing

One   common instance to use Noriben is with malware that is VM and Sandbox aware. Throwing the sample into any existing sandbox will most likely result in a report with no artifacts as the malware didn’t run. Some applications look for manual user activity, such as mouse movement and clicking. Other malware may infect the WinHTTP stack and only trigger when a web browser is used. By just launching Noriben in the background, all of the system behavior is logged as the analyst manually controls the system to give the impression of a normal user. Once the file has been detonated, the results can be reviewed as a standard sandbox report.

sandbox

 

Command Line-Based Applications

 

In   rarer cases are malware samples that require command line options in order to run. Launching these executables within a sandbox would immediately fail as the malware does not have the arguments to operate. However, an analyst manually controlling the malware while Noriben is running can quickly gather all system artifacts from various command line options.

command

 

General Attack Artifacts

Even   more interesting, Noriben has been used by pentesters to determine what system artifacts exist when launching an attack against a system or service. By monitoring files created or registry entries modified, a security analyst can determine all artifacts that result from running an attack, a PowerShell command, or a Javascript-based web page.

Javascript

 

Perfect for Malware Analysis on the Road

It’s    commonly a scenario where an analyst may have a proper sandbox environment in a home lab but on the road has only a laptop. In working with various Sales Engineers and Support individuals from security companies, there were many times where they needed an immediate malware answer out of their hotel room. Noriben was designed to be used with little effort, little setup, and little maintenance. Even if you don’t have a dedicated malware VM, any Windows VM will do! Even <a snapshot copy of> your corporate environment!

VM

 

 

Highest Selling Technical Courses of Indian Cyber Security Solutions:

Certified Ethical Hacker Training in Bhubaneswar

Certified Ethical Hacker Training in Bangalore

Ethical Hacking Training in Bangalore

Ethical Hacking Training in Hyderabad

Certified Ethical Hacker Certification – C | EH v10

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Testing training

Ethical Hacking  training

Python Programming training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 

Cybersecurity services that can protect your company:

Web Security | Web Penetration Testing

Network Penetration Testing – NPT

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery

 

Other Location for Online Courses:

Bhubaneswar

Bangalore

Hyderabad