HACKERV!LLE

Malware has been discovered preinstalled on 36 Android phones belonging to two companies, security software maker Check Point reported on Friday. Malware Found Preinstalled on Dozens of Android Phones "In all instances, the malware was not downloaded to the device as a result of the users' use -- it arrived with it," noted Oren Koriat, a member of Check Point's Mobile Research Team. The malicious apps on the phones of a telecommunications company and a multinational technology business were not part of the official ROM supplied by the vendor, he explained. They were added somewhere along the supply chain. Six of the malware instances were added by a malicious actor to the device's ROM using system privileges, meaning they couldn't be removed by the user and the device had to be re-flashed, Koriat added. Most of the preinstalled malware consisted of information stealers and rough ad networks, he said. Included in the malicious software array was Slock

Recent ransomware threats have escalated into a global crisis, and cybersecurity experts and government authorities have redoubled their investigative efforts. Of grave concern is the possibility that the recent Petya attack had more sinister motives than typical ransomware operations, and that state actors were involved behind the scenes. The Petya attack -- which disrupted major government agencies, infrastructure sites, multinational companies and other organizations -- actually used the cover of a ransomware attack to deploy a more malicious exploit, called a "wiper," that paralyzed thousands of computers and destroyed data in dozens of countries around the world, some leading cybersecurity experts have concluded. The National Cyber Security Centre, which operates within the UK's GCHQ intellligence agency, late last month raised questions about the motives behind the attack, saying it had found evidence that questioned initial judgments that collecting ransoms wa

Hello, guys !!! Today I'm bringing some interesting topic to you. That is Investigate the Investigator Walkthrough. Let's see how to break this CTF box. Bypass the grub of the Virtual Machine and get the final on desktop Analyze the packets at Pcaps in the desktop and Retrieve Flag2 by file header analysis and identify the dictionary for the Brute-forcing Analyze pacap2 and identify the username and the IP addres for the brute force Session Bypass and log in as manager user   Decrypt the Chiper text and log in to the next level Dump the database and retrieve the final flag at the user

Hello, guys !!! Today I'm bringing some interesting topic to you. That is DNS cache poisoning. Let's talk about the DNS cache poisoning. Cache poisoning, also called domain name system (DNS) poisoning or DNS cache poisoning, is the corruption of an Internet server's domain name system tables by replacing an Internet address with that of another, rogue address. When a Web user seeks the page with that address, the request is redirected by the rogue entry in the table to a different address. At that point, a worm, spyware, Web browser hijacking program, or other malware can be downloaded to the user's computer from the rogue location. Cache poisoning can be transmitted in a variety of ways, increasing the rate at which rogue programs are spread. One tactic is the placement of compromised URLs within spam e-mail messages having subject lines that tempt users to open the message (for example, "Serious error on your tax return"). Images and banner ads wi

Hello, guys !!! Today I'm bringing some interesting topic to you. That is bypass the passwords in windows OS. Let's talk about that. Bypass Windows Login Password with Command Prompt In my computer has one admin account and there is no password on that account. If it means Windows 7 built-in administrator has been enabled and its password has not been set, now we can bypass our Windows 7 login screen-free with using command prompt in safe mode. In windows 7 computer, there are 3 different types of safe modes to choose, safe mode, safe mode with networking and safe mode with command prompt. In order to make full use of command prompt to bypass Windows login password, we just could select the third one. Restart your Windows 7 computer and hold on pressing F8 to enter Advanced Boot Options. Choose safe mode with command prompt in the coming screen and press enter. In pop-up command prompt window, type net user and hit Enter. Then all Windows 7 user accounts wou

Hello, guys !!! Today I'm bringing some interesting topic to you. That is Mobile Application security. Let's talk about the Mobile Application security. Mobile Application Security states to the enforcement of access and data protection measures for individual apps. For examples of such application security policies include data encryption, mobile app VPN, authentication, and data wipe. These security policies and others can be applied during application development, later with software development kits (SDKs), or after the app is compiled with application wrapping. Let's See what are the Mobile Application security policies in the industry. Corporate Authentication – Dynamically requires users to enter their corporate credentials before the application will open. This utilizes our enterprise integration for single sign-on (SSO). Data-at-Rest Encryption – Secures data stored by the application without having to encrypt the entire device. The entire application

What is Tor? Tor is free software for enabling anonymous communication. The name is derived from an acronym for the original software project name "The Onion Router". Tor directs Internet traffic through a free, worldwide, volunteer overlay network consisting of more than seven thousand relays to conceal a user's location and usage from anyone conducting network surveillance or traffic analysis. Using Tor makes it more difficult for Internet activity to be traced back to the user: this includes "visits to Web sites, online posts, instant messages, and other communication forms". Tor's use is intended to protect the personal privacy of users, as well as their freedom and ability to conduct confidential communication by keeping their Internet activities from being monitored. Tor does not prevent an online service from determining when it is being accessed through Tor. Tor protects a user's privacy but does not hide the fact that Tor is being used. So

Hellow Peeps !!! Today I bring some interesting hacking challenge walkthrough. Let's see what it is, CySCA2014 Web Penetration Testing Write-up We need to first setup the cysca2014 box in VM. When the VM configuring we can check connectivity is their using ping commands. Web Penetration Testing 1 – Club Status Turn on the intercept in the burp suit and go to the web site using cysca2014 IP address. Then you can see the GET request. There are two cookies called PHPSESSID and VIP. Then we have to edit the VIP cookie value from 0 to 1 and forward the request. Then we need to forward this packet in burp suite. Then we can get a website. Index.php Now we cannot access the blog. Now we need to change VIP 0 to 1 then we can access the blog.   Now we can access Blog. Web Penetration Testing 2 – Om nom nom nom After completing challenge 1, you can browse on the Blog page. There is