SECARMY (sec_army) instagram photos and videos

SECARMY
SECARMY

SECURITY AND RESEARCH COMMUNITY Ethical Hacking 👤 Pentesting 🕵️ CTF 🚩 Bug Bounty 🐞 Tools 💻 Meetups 🤝 Blogs 📝 Jobs 💸 #wearesecarmy

SECARMY all instagram publications

  • followers count: 22,697
  • followers rank: 0
  • likes count: 172,352
  • like rank: 0

Most popular images

Hype medias

Free Webcast : Social Engineering & How To Stay Safe From Fraudulent Emails/Calls In this webcast you'll learn about what is Social Engineering & how you can stay safe from fraudulent emails/calls. Link : https://sec.army/webcasts Speaker : @guru.317 Join @sec_army for Daily Hacktivity & Knowledge Dose. #cybersecurityawareness #webcast #streaming #cybersecuritytraining #ethicalhacking #hacking #hackingtools #learnhacking #kalilinux #kalilinuxtools #cyberhunter #cyberattack #cybersecurity #cyberarmy #instacybersecurity #wearesecarmy

Insecure Cryptographic Storage isn’t a single vulnerability, but a collection of vulnerabilities that compromise data storage. Usually, this collection involves encryption of very sensitive data. Known causes are incorrect encryption of data, improper key storage and management, using known bad algorithms or using your own insecure cryptography. While most modern cryptographic algorithms are extremely resilient, most attackers will go after how you are using the cryptography, not the actual cryptography itself. Improper usage like 1 No Encryption. 2 Use of Weak Hashes or Unsalted Hash. 3 Insecure way Key Management. 4 Storage unnecessary but, confidential data on your database. •Risks:- Usually information that has been encrypted is to protect very sensitive data such as; personal identifiable information, trade secrets, healthcare records, financial data and credit card numbers. Most attackers have a motive and will go after how you are using the cryptography, not the actual cryptography itself, thus exploiting sensitive data. Once compromised, loss of such delicate information will be costly to your business, your reputation and possibly face legal fines. Prevention : First, we identify and locate flaws in any key stroke management and/or possible inputting of incorrect encryption codes. We will determine whether you are using insecure algorithms designed by you or a known outside source. In doing so, we will also run a security scan to target these issues and provide a detailed report with active solutions and recommendations to help protect your business and your clients in all ways. Credits : @yashpatil_ Join @sec_army for Daily Hacktivity & Knowledge Dose. #cybersecurityawareness #cybersecuritytraining #ethicalhacking #hacking #hackingtools #learnhacking #kalilinux #kalilinuxtools #cyberhunter #cyberattack #cybersecurity #cyberarmy #instacybersecurity #wearesecarmy

If an attacker can create/upload a malicious Flash (SWF) file or control the top part of any page he can perform an attack known as Cross domain data hijacking. The Content-Type of the response doesn't matter. If the file is embedded using an tag, it will be executed as a Flash file as long as the content of the file looks like a valid Flash file. Here is the attack scenario: •An attacker creates a malicious Flash (SWF) file •The attacker changes the file extension to JPG •The attacker uploads the file to victim.com •The attacker embeds the file on attacker.com using an tag with type "application/x-shockwave-flash" •The victim visits attacker.com, loads the file as embedded with the tag. •The attacker can now send and receive arbitrary requests to victim.com using the victims session •The attacker sends a request to victim.com and extracts the CSRF token from the response. There are many ways to perform this attack. The attacker doesn't need to upload a file. The only requirement is that an attacker can control the data on a location of the target domain. One way is to abuse a JSONP API. Usually, the attacker can control the output of a JSONP API endpoint by changing the callback parameter. However, if an attacker uses an entire Flash file as callback, we can use it just like we would use an uploaded file in this attack. Remediation:- For file uploads: It is recommended to check the file's content to have the correct header and format. If possible, use "Content-Disposition: attachment; filename=Filename.Extension;" header for the files that do not need to be served in the web browser. Isolating the domain of the uploaded files is also a good solution as long as the crossdomain.xml file of the main website does not include the isolated domain. For other cases: For JSONP abuses or other cases when the attacker control the top part of the page, you need to perform proper input filtering to protect against this type of issues. Credits : @yashpatil_ Join @sec_army for Daily Hacktivity & Knowledge Dose. #cybersecurityawareness #cybersecuritytraining #ethicalhacking #hacking #hackingtools #learnhacking #kalilinux #wearesecarmy #cyberhunter

The Lightweight Directory Access Protocol (LDAP) is used to store information about users, hosts, and many other objects. LDAP injection is a server side attack, which could allow sensitive information about users and hosts represented in an LDAP structure to be disclosed, modified, or inserted. This is done by manipulating input parameters afterwards passed to internal search, add, and modify functions. LDAP Injection is an attack used to exploit web based applications that construct LDAP statements based on user input. When an application fails to properly sanitize user input, it’s possible to modify LDAP statements through techniques similar to SQL Injection. If the variable $userName is not validated, it could be possible to accomplish LDAP injection, as follows: If a user puts “*” on box search, the system may return all the usernames on the LDAP base. If a user puts “akash) (| (password = * ) )”, it will generate the code below revealing yash’s password ( cn = yash ) ( | (password = * ) ). ...... . Prevention: Input Validation : All user-end input must be sanitized. It should be free of suspicious characters and strings that can be malicious.There are OWASP Api present which can help in defense to these vulnerability like: esapi-java C # AntiXSS functions including Encoder.LdapFilterEncode(string), Encoder.LdapDistinguishedNameEncode(string) and Encoder.LdapDistinguishedNameEncode(string, bool, bool). --------------------------------------- Credits : @yashpatil_ Join @sec_army for Daily Hacktivity & Knowledge Dose. #cybersecurityawareness #cybersecuritytraining #ethicalhacking #hacking #hackingtools #learnhacking #kalilinux #kalilinuxtools #cyberhunter #cyberattack #cybersecurity #cyberarmy #instacybersecurity #wearesecarmy

SECARMY looking to hire services of InfoSec Certified Trainers as per their availability . Trainers required for modules like ...... The trainer should be mandatory certified . If the trainer has conducted academic trainings it is added advantage . If you are interested to be associated with us please DM or Email us your Resume to Mail : secarmyofficial@gmail.com ..... for further discussion and details . #wearesecarmy Join @sec_army for Daily Hacktivity & Knowledge Dose. #cybersecurityawareness #cybersecuritytraining #ethicalhacking #hacking #hackingtools #learnhacking #kalilinux #kalilinuxtools #cyberhunter #cyberattack #cybersecurity #cyberarmy #instacybersecurity #wearesecarmy

Insufficient authentication occurs when an application permits an attacker to access sensitive content or functionality without having to properly authenticate; for instance, accessing admin controls by going to the /admin directory without having to log in. • For many web applications, administrative functionality is located directly off the root directory (/admin/). This directory is typically not linked from anywhere on the website, but can still be accessed using a standard web browser. Users and developers often fail to enforce authentication, never expecting anyone to view this page because of the fact it’s not linked. With this oversight, attackers simply need to visit this page to obtain complete administrative access to the website for their malicious activities. • The impact of insufficient authentication vulnerabilities is usually that attackers that don't have legitimate application accounts will be able to perform operations that only legitimate users should be able to perform. In an extreme case, insufficient authentication might allow attackers to change user passwords and then take over their accounts. A more common example is that an attacker might be able to access or download content, such as music, without creating an account. Countermeasures Force Reauthentication for Sensitive Operations Credits : @yashpatil_ Join @sec_army for Daily Hacktivity & Knowledge Dose. #cybersecurityawareness #cybersecuritytraining #ethicalhacking #hacking #hackingtools #learnhacking #kalilinux #kalilinuxtools #cyberhunter #cyberattack #cybersecurity #cyberarmy #instacybersecurity #wearesecarmy

THIS PODCAST IS BEING PRESENTED IN FRONT OF YOU WITH A HOPE OF ENHANCING THE DIGITAL ENVIRONMENT BY EXPANDING THE SCOPE OF SECURITY. IN THIS PODCAST, WE'LL TALK ON VARIOUS TOPICS SUCH AS WHO WE ARE, WHY SECARMY PODCAST, WHY CYBERSECURITY IS IT NECESSARY AND WHAT YOU CAN DO WITH IT. IT'S JUST A START, JOIN IN FOR EXCITING AND INTIMIDATINGLY GREAT CONTENT. Join @sec_army for Daily Hacktivity & Knowledge Dose. #cybersecurityawareness #Podcast #youtubelive #cybersecuritytraining #ethicalhacking #hacking #hackingtools #learnhacking #kalilinux #kalilinuxtools #cyberhunter #cyberattack #cybersecurity #cyberarmy #instacybersecurity #wearesecarmy

Insecure data storage vulnerabilities occur when development teams assume that users or malware will not have access to a mobile device's filesystem and subsequent sensitive information in data-stores on the device. Filesystems are easily accessible. In the event that attacker physically attains the mobile device, hooks up the mobile device to a computer with freely available software. These tools allow the attacker to see all third party application directories that often contain stored personally identifiable information (PII) or other sensitive information assets. An attacker may construct malware or modify a legitimate app to steal such information assets. Risk: Identity Theft Fraud Reputation Damage External Policy Violation (PCI) Material Loss. Preventions: 1.Never store credentials on the phone file system 2.SD Card Storage some security can be achieved via the ‘javax.crypto’ library Credits : @yashpatil_ Join @sec_army for Daily Hacktivity & Knowledge Dose. #cybersecurityawareness #cybersecuritytraining #ethicalhacking #hacking #hackingtools #learnhacking #kalilinux #kalilinuxtools #cyberhunter #cyberattack #cybersecurity #cyberarmy #instacybersecurity #wearesecarmy

Missing/insufficient SPF record When a domain lacks an SPF policy, an attacker is able to send spoofed emails that look like they’re originating from the vulnerable domain. What can happen? Spoofing can be used to trick people into giving up sensitive information and spreading false information that may damage the reputation of the vulnerable part. Employing an SPF policy could result in some legitimate emails being rejected if they are automatically forwarded by old mail servers that haven’t yet implemented mitigations for this. If this is a considered a greater problem than spoofed emails, a very strict SPF policy may not be the best solution. However, this is so rare that we still recommend the use of SPF, but it still needs to taken into consideration. Remediation The first step is to compile the appropriate SPF policy and to do that, you need to read the document about the syntax of SPF which can be found here: http://www.openspf.org/SPF_Record_Syntax If you use one of the most common email service providers, you can just use one of the SPF policies listed below: Outlook: v=spf1 include:spf.protection.outlook.com -all Zoho: v=spf1 mx include:zoho.com -all AOL: v=spf1 ptr:mx.aol.com -all Inbox: v=spf1 ip4:33.34.35.0/24 include:inbox.com -all CounterMail: v=spf1 mx -all Hushmail: v=spf1 ip4:65.39.178.0/24 a mx -all Google: v=spf1 include:_spf.google.com -all To fully implement your SPF policy, there is only one step left, adding it to the DNS record for the domain. Credits : @_anishkashukla_ Join @sec_army for Daily Hacktivity & Knowledge Dose. #cybersecurityawareness #cybersecuritytraining #ethicalhacking #hacking #hackingtools #learnhacking #kalilinux #kalilinuxtools #cyberhunter #cyberattack #cybersecurity #cyberarmy #instacybersecurity #wearesecarmy

Source code Disclosure : Source code intended to be kept server-side can sometimes end up being disclosed to users. Such code may contain sensitive information such as database passwords and secret keys, which may help malicious users formulate attacks against the application. A server vulnerability can be exploited to read arbitrary files. This vulnerability can be used to reveal the source code of application files as well as display configuration files. Source code disclosure exposes sensitive application information such as input validation filters, database connection strings and queries, or hard-coded passwords. An attacker with information about input validation filters may be able to craft a specific request that would bypass the filter. Information about database connection strings exposes the user name and password used to access the database. Information about how database queries are constructed can help attackers create SQL injection exploits that pull specific information from the database. Hard-coded passwords within configuration files or application source code may enable an attacker to access portions of the application that are otherwise restricted. Remediation: Source code disclosure Server-side source code is normally disclosed to clients as a result of typographical errors in scripts or because of misconfiguration, such as failing to grant executable permissions to a script or directory. Review the cause of the code disclosure and prevent it from happening. Credits : @_anishkashukla_ Join @sec_army for Daily Hacktivity & Knowledge Dose. #cybersecurityawareness #cybersecuritytraining #ethicalhacking #hacking #hackingtools #learnhacking #kalilinux #kalilinuxtools #cyberhunter #cyberattack #cybersecurity #cyberarmy #instacybersecurity #wearesecarmy

#insecure Deserialization is a vulnerability which occurs when untrusted data is used to abuse the logic of an application, inflict a denial of service (DoS) attack, or even execute arbitrary code upon it being deserialized. Object and data structure related attacks where the attacker modifies application logic or achieves arbitrary remote code execution if there are classes available to the application that can change behavior during or after deserialization. Typical data tampering attacks, such as access-control-related attacks, where existing data structures are used but the content is changed. Serialization may be used in applications for: -Remote- and inter-process communication (RPC/IPC) -Wire protocols, web services, message brokers -Caching/Persistence -Databases, cache servers, file systems -HTTP cookies, HTML form parameters, API authentication tokens The only safe architectural pattern is not to accept serialized objects from untrusted sources or to use serialization mediums that only permit primitive data types. If that is not possible, consider one of more of the following: #Implementing integrity checks such as digital signatures on any serialized objects to prevent hostile object creation or data tampering. #Enforcing strict type constraints during deserialization before object creation as the code typically expects a definable set of classes. Bypasses to this technique have been demonstrated, so reliance solely on this is not advisable. #isolating and running code that deserializes in low privilege environments when possible. #logging deserialization exceptions and failures, such as where the incoming type is not the expected type, or the deserialization throws exceptions. #restricting or monitoring incoming and outgoing network connectivity from containers or servers that deserialize. #monitoring deserialization, alerting if a user deserializes constantly. Credits : @yashpatil_ Join @sec_army for Daily Hacktivity & Knowledge Dose. #cybersecurityawareness #cybersafety #ethicalhacking #hacking #hackingtools #learnhacking #kalilinux #cyberhunter #cyberattack #cybersecurity #cyberarmy #instacybersecurity #wearesecarmy

#hashing is an algorithm that calculates a fixed-size bit string value from a file. A file basically contains blocks of data. Hashing transforms this data into a far shorter fixed-length value or key which represents the original string. The hash value can be considered the distilled summary of everything within that file. A good hashing #algorithm would exhibit a property called the avalanche effect, where the resulting hash output would change significantly or entirely even when a single bit or byte of data within a file is changed. A hash function that does not do this is considered to have poor randomization, which would be easy to break by hackers. A hash is usually a hexadecimal string of several characters. Hashing is also a unidirectional process so you can never work backwards to get back the original data. #types Of Hashing: MD5 - Used as a checksum to verify data integrity. SHA 2 - A cryptographic hash function. CRC32 - cyclic redundancy check is an error-detecting code often used for detection of accidental changes to data. Credits : @yashpatil_ Join @sec_army for Daily Hacktivity & Knowledge Dose. #cybersecurityawareness #hash #cybersecuritytraining #ethicalhacking #hacking #hackingtools #learnhacking #kalilinux #kalilinuxtools #cyberhunter #cyberattack #cybersecurity #cyberarmy #instacybersecurity #wearesecarmy

This application is not utilizing an access control strategy for one or more components. Failure to utilize access control can lead to exposure of sensitive functionality to unintended users. Malicious users seek out this type of functionality to cause harm to users of the application, or the application itself. In Websphere, if you enable servlets by class name, then this is performing the same act as Android in that it allows you to invoke by the class. If the following snippet exists or the variable is not declared, this allows you to invoke servlets without any permissions: enable-serving-servlets-by-class-name value="true" Utilize an access control strategy for all components of the application where sensitive functionality may reside. Prevent servlets from serving by classname by adding the following line: enable-serving-servlets-by-class-name value="false" Credits : @yashpatil_ Join @sec_army for Daily Hacktivity & Knowledge Dose. #cybersecurityawareness #cybersecuritytraining #ethicalhacking #hacking #hackingtools #learnhacking #kalilinux #kalilinuxtools #cyberhunter #cyberattack #cybersecurity #cyberarmy #instacybersecurity #wearesecarmy

The application makes use of untrusted data in conjunction with the creation and or use of an interpreter. #Untrusted #data is retrieved from the attacker and utilized as an argument to a dangerous interpreter access method. Failure to properly validate or encode data utilized by an interpreter increases the risk of injection attacks. Such injection typically results in the attacker's ability to execute arbitrary code in the context of the #program consuming the interpreter results. The nature of a Injection Attack is that the attacker tricks the application into running some code statements that are not part of the intended functions of that application. This means there has to be some mechanism to parse and execute the malicious code contained in the attacker's payload before the owner of the application can stop it. In theory, an application could compile code and run it automatically, but it's much more common for this type of attack to use malicious code that is not compiled, but is interpreted at runtime. ¶Your other examples, XML, XPath, HTTP, are not typically associated with code injection. •XML is not code, it's a data format. •HTTP is not code, it's a protocol. •XPath is sort of like code, but a very specialized type of code. It's an expression language to identify elements in an XML document. It's limited in what it can do, so it's not a common vector for code injection attacks. #solution Define and enforce a strict set of criteria defining what the application will accept as valid input, and contextually encode all untrusted data passed to the interpreter prior to execution. Credits : @yashpatil_ Join @sec_army for Daily Hacktivity & Knowledge Dose. #cybersecurityawareness #cybersecuritytraining #ethicalhacking #hacking #hackingtools #learnhacking #kalilinux #kalilinuxtools #cyberhunter #cyberattack #cybersecurity #cyberarmy #instacybersecurity #wearesecarmy

Insufficient randomness results when software generates predictable values when unpredictability is required. When a security mechanism relies on random, unpredictable values to restrict access to a sensitive resource, such as an initialization vector (IV), a seed for generating a cryptographic key, or a session ID, then use of insufficiently random numbers may allow an attacker to access the resource by guessing the value. There are various steps in cryptography that call for the use of random numbers. Generating a nonce, initialization vector or cryptographic keying materials all require a random number. The strength of a cryptographic system depends heavily on the properties of these CSPRNGs. Depending on how the generated pseudo-random data is applied, a CSPRNG might need to exhibit some (or all) of these properties: •It appears random •Its value is unpredictable in advance •It cannot be reliably reproduced after generation. The potential consequences of using insufficiently random numbers are data theft or modification, account or system compromise, and loss of accountability – i.e., non-repudation. #solution When using random numbers in a security context, use cryptographically secure pseudo-random number generators (CSPRNG). Credits : @yashpatil_ Join @sec_army for Daily Hacktivity & Knowledge Dose. #cybersecurityawareness #bug #cybersecuritytraining #ethicalhacking #hacking #hackingtools #learnhacking #kalilinux #kalilinuxtools #cyberhunter #cyberattack #crypto #cyberarmy #instacybersecurity #wearesecarmy

Applications frequently fail to encrypt network traffic when it is necessary to protect sensitive communications. Encryption (usually TLS) must be used for all authenticated connections, especially Internet-accessible web pages. Backend connections should be encrypted as well. Otherwise, the application will expose an authentication or session token to malicious actors on the same network as the application host. These backend connections may represent a lower likelihood of exploitation than a connection over the external internet; however, in the case of exploitation they can result in compromise of user accounts or worse. | Encryption should be used whenever sensitive data, such as credit card or health information, is transmitted. Applications that fall back to plaintext or are otherwise forced out of an encrypting mode can be abused by attackers. | •How To Find? >Is SSL is used to protect all traffic related authentication? >On all private pages and services is SSL is used for all resources? >Is the ‘secure’ flag set on session cookies? >Are legitimate server certificates in use and configured properly? >Are certificates issued from an authorized source? >Are server certificates in use expired? | •Prevention :- >Implementing SSL for the entire site. >Setting the ‘secure’ flag on for sensitive cookies. >Insuring that a server certificate is valid, is not expired, is not revoked, and that it correctly matches all domains for which it is used. >And certifying that backend and other connections also use SSL or other encryption mechanisms. | Credits : @yashpatil_ Join @sec_army for Daily Hacktivity & Knowledge Dose. #cybersecurityawareness #cybersecuritytraining #ethicalhacking #hacking #hackingtools #learnhacking #kalilinux #kalilinuxtools #cyberhunter #cyberattack #cybersecurity #cyberarmy #instacybersecurity #wearesecarmy

We're here with an exquisite offer for you. On the occasion of Halloween, we present you a monstrous offer with a bundle of Bug Bounty and Python Programming courses at just 10$. Now, this is what we call "Double-Trouble". HURRY! SIGN UP NOW! LIMITED PERIOD OFFER! Link: https://academy.sec.army/p/halloween Or Check link in Bio #infosec #hacking #bughead #ethicalhacker #ethicalhacking #cyberpunk #cybersecurity #Cyber #halloween #spookyseason #programming #development #developer

Get Ready for CTF?⠀ As in CTF, many hacking skills are tested like Reverse engineering, Web, Forensic, Cryptography, Binary etc. So you need to pick any one and master it then go for the other. You need to participate in a team and make sure you have members who are have knowledge of their domain so that you don't face any problems while playing CTF. ⠀ ⠀ Join @sec_army for Daily Hacktivity & Knowledge Dose.⠀ #wearesecarmy⠀ ⠀ Credits: @_anishkashukla_⠀ ⠀ #hacker #hacking #ethicalhacking #cybersecurity #infosec #technology #web #cyberpunk #mobilesecurity #bugbounty #cybersafe #legalhackers #ethicalhacking #entrepreneurlife #webdeveloper #programmer #wearesecarmy

What is DOTDOTPWN?⠀ DotDotPwn is a Directory Traversal Fuzzer to discover traversal directory vulnerabilities in software such as HTTP/FTP/TFTP servers, Web platforms such as CMSs, ERPs, Blogs, etc.⠀ It’s written in perl programming language and can be run either under *NIX or Windows platforms. It’s the first Mexican tool included in BackTrack Linux (BT4 R2).⠀ ⠀ Fuzzing modules supported in this version:⠀ ⠀ HTTP⠀ ⠀ HTTP URL⠀ ⠀ FTP⠀ ⠀ TFTP⠀ ⠀ Payload (Protocol independent)⠀ ⠀ STDOUT⠀ ⠀ ⠀ ⠀ Join @sec_army for Daily Hacktivity & Knowledge Dose.⠀ #wearesecarmy⠀ ⠀ Credits: @_smile_hacker_⠀ ⠀ #hacker #hacking #ethicalhacking #cybersecurity #infosec #technology #web #cyberpunk #mobilesecurity #bugbounty #cybersafe #legalhackers #ethicalhacking #entrepreneurlife #webdeveloper #programmer #wearesecarmy

What is XPLICO?⠀ Xplico is a network forensics analysis tool (NFAT), which is a software that reconstructs the contents of acquisitions performed with apacket sniffer. It can reconstruct the protocol's application data and it is able to recognize the protocols with a technique named Port Independent Protocol Identification (PIPI)⠀ ⠀ Check : https://buff.ly/2JUgLfu⠀ ⠀ Join @sec_army for Daily Hacktivity & Knowledge Dose.⠀ #wearesecarmy⠀ ⠀ Credits: @_smile_hacker_⠀ ⠀ #hacker #hacking #ethicalhacking #cybersecurity #infosec #technology #web #cyberpunk #mobilesecurity #bugbounty #cybersafe #legalhackers #ethicalhacking #entrepreneurlife #webdeveloper #programmer #wearesecarmy

What is Sensitive data exposure vulnerability?⠀ It scans occur when an application does not adequately protect sensitive information from being disclosed to attackers. ⠀ The most common flaw is simply not encrypting sensitive data. When crypto is employed, weak key generation and management, and weak algorithm, protocol and cipher usage is common, particularly for weak password hashing storage techniques.⠀ ⠀ Join @sec_army for Daily Hacktivity & Knowledge Dose.⠀ #wearesecarmy⠀ ⠀ Credits: @kishorkumar3854⠀ ⠀ #hacker #hacking #ethicalhacking #cybersecurity #infosec #technology #web #cyberpunk #mobilesecurity #bugbounty #cybersafe #legalhackers #ethicalhacking #entrepreneurlife #webdeveloper #programmer #wearesecarmy

What is KOLIBRI OS?⠀ KolibriOS is Worlds tiniest OS ⠀ ⠀ wich requires 8 MB of RAM and ⠀ ⠀ 16 MB of storage it take only 3 seconds to boot ⠀ ⠀ and its free and open source OS.⠀ ⠀ ⠀ ⠀ Join @sec_army for Daily Hacktivity & Knowledge Dose.⠀ #wearesecarmy⠀ ⠀ Credits: @_smile_hacker_⠀ ⠀ #hacker #hacking #ethicalhacking #cybersecurity #infosec #technology #web #cyberpunk #mobilesecurity #bugbounty #cybersafe #legalhackers #ethicalhacking #entrepreneurlife #webdeveloper #programmer #wearesecarmy

What is MIMIKATZ?⠀ Mimikatz is a tool that was built for collecting Windows passwords and hashes. It’s a well-known tool and can also perform pass-the-hash, pass-the-ticket or build Golden tickets⠀ ⠀ ⠀ Join @sec_army for Daily Hacktivity & Knowledge Dose.⠀ #wearesecarmy⠀ ⠀ Credits: @yashpatil_⠀ ⠀ #hacker #hacking #ethicalhacking #cybersecurity #infosec #technology #web #cyberpunk #mobilesecurity #bugbounty #cybersafe #legalhackers #ethicalhacking #entrepreneurlife #webdeveloper #programmer #wearesecarmy

Commom forms of DDos Attacks⠀ 1.Buffer overflow attacks⠀ ⠀ 2.ICMP flood⠀ ⠀ 3.(S)SYN flood⠀ ⠀ 4.Teardrop attack⠀ ⠀ 5.Smurf attack⠀ ⠀ 6.Low-rate Denial-of-Service⠀ ⠀ attacks⠀ ⠀ 7.Peer-to-peer attacks⠀ ⠀ ⠀ ⠀ ⠀ Join @sec_army for Daily Hacktivity & Knowledge Dose.⠀ #wearesecarmy⠀ ⠀ Credits: @yashpatil_⠀ ⠀ #hacker #hacking #ethicalhacking #cybersecurity #infosec #technology #web #cyberpunk #mobilesecurity #bugbounty #cybersafe #legalhackers #ethicalhacking #entrepreneurlife #webdeveloper #programmer #wearesecarmy

Bug Bounty Platforms⠀ 1. Bugcrowd⠀ ⠀ 2. Synack⠀ ⠀ 3. intigriti⠀ ⠀ 4. HackerOne⠀ ⠀ 5. HackTrophy⠀ ⠀ 6. PlugBounty⠀ ⠀ 7. HackenProof⠀ ⠀ 8. Bounty Factory⠀ ⠀ 9. BountyGraph⠀ ⠀ 10. Open Bug Bounty⠀ ⠀ ⠀ Join @sec_army for Daily Hacktivity & Knowledge Dose.⠀ #wearesecarmy⠀ ⠀ Credits: @_navneetmuffin_⠀ ⠀ #hacker #hacking #ethicalhacking #cybersecurity #infosec #technology #web #cyberpunk #mobilesecurity #bugbounty #cybersafe #legalhackers #ethicalhacking #entrepreneurlife #webdeveloper #programmer #wearesecarmy

SECARMY Presents Webcast on RF HACKING 101 (Hacking Radio Frequencies) In this webcast you will be learning about Radio Frequency theory, various modulation techniques and how to analyze them. Date: 9-June-2019 Time: 7:30 PM (IST) Speaker: @hrishikeshsomchatwar Link: www.sec.army/webcasts #ethicalhacker #pentesting #github #kalilinux #hacker #raspberrypi #programming #anonymous #mrrobot #fsociety #cybersecurity #hacking #linux #parrotsec #java #android #ethicalhacking #penetrationtester #python #networking #security #Darknet #deepweb #pwn #news #developer #ceh #secarmy #wearesecarmy @xhackergirl @the_cyber_kitten @ruthless.0x0x @lori.io @jackk1337 @jhaddix38156 @a.zi.me @codibyte_ @i.m.pratikdabhi @hackison_ @hacker_razz_security @offensivehunter @thecyberwomenblog @thecybersecurityman @pwned_and_exploited @hackersclub @sstectutorials @falkyou @darknetdiaries @bl4cksystem @thecybersecurityhub @r0r0x_hck

Hacking Hardware Devices⠀ 1. LAN Turtle⠀ ⠀ 2. HackRF One⠀ ⠀ 3. Raspberry Pi⠀ ⠀ 4. Rubber Ducky⠀ ⠀ 5. WiFi Pineapple⠀ ⠀ 6. Proxmark3 Kit⠀ ⠀ 7. Ubertooth One⠀ ⠀ 8. Alfa Network Board⠀ ⠀ Join @sec_army for Daily Hacktivity & Knowledge Dose.⠀ #wearesecarmy⠀ ⠀ Credits: @_navneetmuffin_⠀ ⠀ #hacker #hacking #ethicalhacking #cybersecurity #infosec #technology #web #cyberpunk #mobilesecurity #bugbounty #cybersafe #legalhackers #ethicalhacking #entrepreneurlife #webdeveloper #programmer #wearesecarmy

WHAT IS DMITRY?⠀ DMitry (Deepmagic Information Gathering Tool) is a UNIX/(GNU)Linux Command Line Application coded in C. It is able to gather possible subdomains, email addresses, uptime information, tcp port scan, whois lookups, and more.⠀ The following is a list of the current features:⠀ An Open Source Project.⠀ Perform an Internet Number whois lookup.⠀ Retrieve possible uptime data, system and server data.⠀ Perform a SubDomain search on a target host.⠀ Perform an E-Mail address search on a target host.⠀ Perform a TCP Portscan on the host target.⠀ A Modular program allowing user specified modules⠀ ⠀ Join @sec_army for Daily Hacktivity & Knowledge Dose.⠀ #wearesecarmy⠀ ⠀ Credits: @_smile_hacker_⠀ ⠀ #hacker #hacking #ethicalhacking #cybersecurity #infosec #technology #web #cyberpunk #mobilesecurity #bugbounty #cybersafe #legalhackers #ethicalhacking #entrepreneurlife #webdeveloper #programmer #wearesecarmy

WHAT IS CISCO TORCH? ⠀ Cisco torch can launch multiple simultaneous scanning functions at the same time for greater speed and efficiency. It also works well in the Application layer of the OSI model for fingerprinting systems, which is something that NMAP lacks.⠀ ⠀ Join @sec_army for Daily Hacktivity & Knowledge Dose.⠀ #wearesecarmy⠀ ⠀ Credits: @_smile_hacker_⠀ ⠀ #hacker #hacking #ethicalhacking #cybersecurity #infosec #technology #web #cyberpunk #mobilesecurity #bugbounty #cybersafe #legalhackers #ethicalhacking #entrepreneurlife #webdeveloper #programmer #wearesecarmy

ONLY 2 DAYS LEFT OF EARLY BIRD DISCOUNT ON ETHICAL HACKING TRAINING Link: bit.ly/secarmy-tr-1 #ethicalhacker #pentesting #github #kalilinux #hacker #raspberrypi #programming #anonymous #mrrobot #fsociety #cybersecurity #hacking #linux #parrotsec #java #android #ethicalhacking #penetrationtester #python #networking #security #Darknet #deepweb #pwn #news #developer #ceh #secarmy #wearesecarmy @xhackergirl @the_cyber_kitten @ruthless.0x0x @lori.io @jackk1337 @jhaddix38156 @a.zi.me @codibyte_ @i.m.pratikdabhi @hackison_ @hacker_razz_security @offensivehunter @thecyberwomenblog @thecybersecurityman @pwned_and_exploited @hackersclub @sstectutorials @falkyou @darknetdiaries @bl4cksystem @thecybersecurityhub @r0r0x_hck

WHAT IS INSPY? ⠀ InSpy is a Python-based LinkedIn enumeration tool InSpy searches for employees by title and/or department from a newline-delimited file. InSpy may also create emails for the identified employees if the user specifies an email format.⠀ ⠀ Join @sec_army for Daily Hacktivity & Knowledge Dose.⠀ #wearesecarmy⠀ ⠀ Credits: @_smile_hacker_⠀ ⠀ #hacker #hacking #ethicalhacking #cybersecurity #infosec #technology #web #cyberpunk #mobilesecurity #bugbounty #cybersafe #legalhackers #ethicalhacking #entrepreneurlife #webdeveloper #programmer #wearesecarmy

WHAT IS OSRF? ⠀ OSRFramework is an open source research framework that helps you glean data from multiple sources. This information can be most helpful in multiple OSINT engagements where you are trying to get as much information about a target– user, domain, phone number, DNS lookups, information leaks research, deep web search.⠀ ⠀ Join @sec_army for Daily Hacktivity & Knowledge Dose.⠀ #wearesecarmy⠀ ⠀ Credits: @_smile_hacker_⠀ ⠀ #hacker #hacking #ethicalhacking #cybersecurity #infosec #technology #web #cyberpunk #mobilesecurity #bugbounty #cybersafe #legalhackers #ethicalhacking #entrepreneurlife #webdeveloper #programmer #wearesecarmy

WHAT IS SIP ARMY KNIFE? ⠀ SIP Army Knife is a fuzzer that searches for cross site scripting, SQL injection, log injection, format strings, buffer overflows , etc... It is made by Blake Cornell.⠀ ⠀ Join @sec_army for Daily Hacktivity & Knowledge Dose.⠀ #wearesecarmy⠀ ⠀ Credits: @_smile_hacker_⠀ ⠀ #hacker #hacking #ethicalhacking #cybersecurity #infosec #technology #web #cyberpunk #mobilesecurity #bugbounty #cybersafe #legalhackers #ethicalhacking #entrepreneurlife #webdeveloper #programmer #wearesecarmy

WHAT IS BLUEMAHO? ⠀ BlueMaho is GUI-shell (interface) for a suite of tools best used for Bluetooth security testing. It scan for devices, show advanced info, SDP records, vendor etc.⠀ ⠀ Git: https://buff.ly/2WqhWFa⠀ ⠀ Join @sec_army for Daily Hacktivity & Knowledge Dose.⠀ #wearesecarmy⠀ ⠀ Credits: @_smile_hacker_⠀ ⠀ #hacker #hacking #ethicalhacking #cybersecurity #infosec #technology #web #cyberpunk #mobilesecurity #bugbounty #cybersafe #legalhackers #ethicalhacking #entrepreneurlife #webdeveloper #programmer #wearesecarmy

WHAT IS CRACKLE? ⠀ Crackle can guess or very quickly brute force the TK (temporary key) used in the pairing modes supported by most devices (Just Works and 6-digit PIN). With this TK, crackle can derive all further keys used during the encrypted session that immediately follows pairing.⠀ Source: https://buff.ly/2QWjZQ8⠀ ⠀ Join @sec_army for Daily Hacktivity & Knowledge Dose.⠀ #wearesecarmy⠀ ⠀ Credits: @_smile_hacker_⠀ ⠀ #hacker #hacking #ethicalhacking #cybersecurity #infosec #technology #web #cyberpunk #mobilesecurity #bugbounty #cybersafe #legalhackers #ethicalhacking #entrepreneurlife #webdeveloper #programmer #wearesecarmy

SECARMY presents webcast on Social Engineering Social Engineering has always been the most important, lethal and a secret weapon for our hacker community so what I'll teach in the webinar would be the basics of social engineering. Date: 16-June-2019 Time: 7:30 PM (IST) Link: www.sec.army/webcasts Speaker: @thetusharbaweja #ethicalhacker #pentesting #github #kalilinux #hacker #raspberrypi #programming #anonymous #mrrobot #fsociety #cybersecurity #hacking #linux #parrotsec #java #android #ethicalhacking #penetrationtester #python #networking #security #Darknet #deepweb #pwn #news #developer #ceh #secarmy #wearesecarmy

WHAT IS OLLYDBG? ⠀ OllyDbg is a 32-bit disassembler/debugger for Microsoft Windows binary files , This tool can be used in reverse engineering software or malware.⠀ ⠀ Link : https://buff.ly/2I7FsTp⠀ ⠀ Join @sec_army for Daily Hacktivity & Knowledge Dose.⠀ #wearesecarmy⠀ ⠀ Credits: @_smile_hacker_⠀ ⠀ #hacker #hacking #ethicalhacking #cybersecurity #infosec #technology #web #cyberpunk #mobilesecurity #bugbounty #cybersafe #legalhackers #ethicalhacking #entrepreneurlife #webdeveloper #programmer #wearesecarmy