HACKERV!LLE

Cross-Site Request Forgery (CSRF)  Cross-Site Request Forgery (CSRF) is a type of attack that occurs when a malicious web site, email, blog, instant message, or program causes a user’s web browser to perform an unwanted action on a trusted site for which the user is currently authenticated. The impact of a successful CSRF attack is limited to the capabilities exposed by the vulnerable application. For example, this attack could result in a transfer of funds, changing a password, or purchasing an item in the user's context. In effect, CSRF attacks are used by an attacker to make a target system perform a function via the target's browser without knowledge of the target user, at least until the unauthorized transaction has been committed. Impacts of successful CSRF exploits vary greatly based on the privileges of each victim. When targeting a normal user, a successful CSRF attack can compromise end-user data and their associated functions. If the targeted end user is an

Cross-Site Request Forgery (CSRF)  Cross-Site Request Forgery (CSRF) is a type of attack that occurs when a malicious web site, email, blog, instant message, or program causes a user’s web browser to perform an unwanted action on a trusted site for which the user is currently authenticated. The impact of a successful CSRF attack is limited to the capabilities exposed by the vulnerable application. For example, this attack could result in a transfer of funds, changing a password, or purchasing an item in the user's context. In effect, CSRF attacks are used by an attacker to make a target system perform a function via the target's browser without knowledge of the target user, at least until the unauthorized transaction has been committed. Impacts of successful CSRF exploits vary greatly based on the privileges of each victim. When targeting a normal user, a successful CSRF attack can compromise end-user data and their associated functions. If the targeted end user is an

Malware has been discovered preinstalled on 36 Android phones belonging to two companies, security software maker Check Point reported on Friday. Malware Found Preinstalled on Dozens of Android Phones "In all instances, the malware was not downloaded to the device as a result of the users' use -- it arrived with it," noted Oren Koriat, a member of Check Point's Mobile Research Team. The malicious apps on the phones of a telecommunications company and a multinational technology business were not part of the official ROM supplied by the vendor, he explained. They were added somewhere along the supply chain. Six of the malware instances were added by a malicious actor to the device's ROM using system privileges, meaning they couldn't be removed by the user and the device had to be re-flashed, Koriat added. Most of the preinstalled malware consisted of information stealers and rough ad networks, he said. Included in the malicious software array was Slock

Recent ransomware threats have escalated into a global crisis, and cybersecurity experts and government authorities have redoubled their investigative efforts. Of grave concern is the possibility that the recent Petya attack had more sinister motives than typical ransomware operations, and that state actors were involved behind the scenes. The Petya attack -- which disrupted major government agencies, infrastructure sites, multinational companies and other organizations -- actually used the cover of a ransomware attack to deploy a more malicious exploit, called a "wiper," that paralyzed thousands of computers and destroyed data in dozens of countries around the world, some leading cybersecurity experts have concluded. The National Cyber Security Centre, which operates within the UK's GCHQ intellligence agency, late last month raised questions about the motives behind the attack, saying it had found evidence that questioned initial judgments that collecting ransoms wa

Hello, guys !!! Today I'm bringing some interesting topic to you. That is Investigate the Investigator Walkthrough. Let's see how to break this CTF box. Bypass the grub of the Virtual Machine and get the final on desktop Analyze the packets at Pcaps in the desktop and Retrieve Flag2 by file header analysis and identify the dictionary for the Brute-forcing Analyze pacap2 and identify the username and the IP addres for the brute force Session Bypass and log in as manager user   Decrypt the Chiper text and log in to the next level Dump the database and retrieve the final flag at the user

Hello, guys !!! Today I'm bringing some interesting topic to you. That is DNS cache poisoning. Let's talk about the DNS cache poisoning. Cache poisoning, also called domain name system (DNS) poisoning or DNS cache poisoning, is the corruption of an Internet server's domain name system tables by replacing an Internet address with that of another, rogue address. When a Web user seeks the page with that address, the request is redirected by the rogue entry in the table to a different address. At that point, a worm, spyware, Web browser hijacking program, or other malware can be downloaded to the user's computer from the rogue location. Cache poisoning can be transmitted in a variety of ways, increasing the rate at which rogue programs are spread. One tactic is the placement of compromised URLs within spam e-mail messages having subject lines that tempt users to open the message (for example, "Serious error on your tax return"). Images and banner ads wi