Code Injection

 

Code Injection

 Definition:

Code injection occurs when an attacker exploits a vulnerability in a system by injecting malicious code into a vulnerable program. This manipulation allows the attacker to alter the program’s intended execution, often resulting in severe consequences such as the spread of computer viruses or worms.

Types of Code Injection:

1. Cross-site Scripting (XSS): Learn more
2. SQL Injection: Learn more
3. LDAP Injection
4. Carriage Return-Line Feed Injection (CRLF)
5. SMTP Injection
6. Command Injection

How to Protect Against Code Injection:

1. Strong Coding Practices:
   Ensure secure coding techniques are followed during application development. Validate and sanitize all user inputs to prevent malicious code from being processed.

2. Comprehensive Security Testing:
   Perform thorough security testing of applications or websites before deployment to identify and fix potential vulnerabilities.

3. Use Trusted and Secure Applications:
   Always use authorized websites and verified secure applications to minimize risks.

4. Implement Least Privilege Access:
   Grant users only the minimum access necessary for their roles. For instance, if an employee does not require internet access for their work, restrict their access to prevent unnecessary exposure to risks.

Phishing

 

Phishing

 

You may get email or message which contain similar type of URL, but not the real one and when you will check on that you will get similar type of website:

For ex: https://rahulprakash156.blogsport.com

https://rahuulprakash156.blogsport.com ---Wrong Website

 

After logging in wrong website you may share your user name, email id Password etc

Vishing (Voice Phishing)

In office they may call and say they are calling from bank or from your boss office.

In India there is a case under investigating in which a man call a business man’s wife and said that they are from ruling part and they need donation and like that he took 200 cr.

Smishing (SMS Phishing) is done by text message

Spear Phishing:

They target a very particular person like CEO of a company for a particular information

 

 

 

Cross Site Scripting

 

Cross Site Scripting

 

XSS stands for cross site Scripting is  code injection attack executed an the client side of a web application

Here attacker injects malicious script through the web brouser

The malicious script is executed when the victim visits the web page or web server

Attacker try to steals cookies, session, token and other sensitive information

It is a web application hacking technique

Virus Hoax

 

Virus Hoax

A computer virus hoax is a message warning that recipients of a non-Existent computer virus threat.

 

It is a Threat that doesn’t actually exist but they seem like they could be real

Virus Hoaxes are usually harmless and accomplish nothing more than annoying wasting the time of people who forward the message.

Example of few Virus hoax:

Good Times:

Warnings about a computer virus named “Good times” began being passed around among internet user in 1994. The good time virus was supposedly transmitted via an email bearing the subnet header “Good Times” or Goodtimes” Hence the virus name and the warning recommended deleting any such email unread. The Virus described in the warning did not exist but the warning in effect virus like.

 

Invitation attachment:

The invitation virus hoax involved an email spam in 2006 that advised computer users to delete an email with any type of attachment that stated with invitation.

Trojan Horse

                                 

In the 13th or 12th century BC, the Greeks waged war against Troy for 10 long years. Despite their efforts, they couldn’t breach the city’s defenses, as Troy was surrounded by strong stone walls. The Greeks, however, devised a clever plan—they built a large wooden horse. This horse, known as the "Trojan Horse," became the key to their victory.

The Trojan Horse was enormous, and inside it, Greek soldiers lay hidden. The Greeks left the horse at the gates of Troy, leading the Trojans to believe it was a gift, possibly signifying the end of the war. The unsuspecting Trojans brought the wooden horse into their city. That night, while the Trojans were asleep, the Greek soldiers emerged from their hiding place inside the horse. They opened the city gates, allowing the rest of the Greek army to enter. The Greeks then attacked, overwhelming the Trojan forces, destroying the city, and ultimately winning the war.

Today, cyber attackers use a similar strategy to infiltrate computers, calling their malicious programs "Trojan Horses." Once a Trojan enters a system, it has the same level of access as the machine’s administrator. It can open backdoors for other malware to invade, spy on the device, slow it down, delete files, and cause more harm than one might expect.

How to Identify a Trojan Horse on Your Machine:

Method 1: Antivirus Detection
Trojan horses can be difficult to detect because they often disguise themselves as harmless files, such as software, applications, videos, MP3s, or images. While they might seem normal on the surface, they carry out malicious activities in the background. If your antivirus software has a signature for the Trojan, it will detect it, and you’ll be notified via a pop-up. To ensure protection, always keep your antivirus updated.

Method 2: Monitor Internet Data Usage
Another way to detect a Trojan is by monitoring your device’s internet usage. If you notice unusually high data consumption, it could be a sign that spyware is running on your system, sending data to an external source. Regularly check your internet data usage to catch these suspicious activities early.

How to check internet data in Windows:

 

Step i : Press control + alt + delete, the below window will open then Click on task manager as shown in the below screen

Step ii: Click on task manager below screen will open.

Step iii: Click on "Networking" button you will see all network connection details, like Adaptor name, Network Utilization, link speed and state (Connected/ Disconnected). So if you find any extra connection or data use more than expectation it means someone else connected with your computer so immediately investigate that, check all process and services running and if required delete unwanted application and stop unwanted or vulnerable  services.

Method 3. Check list of all software used by you and if you find any unknown software please uninstall or delete it.

How to check all installed Software list in windows ?

 

Step i: Open control panel and in the view by category list click on “uninstall a program” a window will open with list of all software installed in the machine, check all software installed and if you find any unwanted software uninstall that. 

Method 4. Check performance of your machine, if it’s not normal (if memory utilization or CPU utilization is not normal)  then there is something wrong, in such case check the task war and find all current running application

How to check performance of your device in windows OS

 

Step i: click control + Alt + Delete

Step ii: Click on process it will show you the CPU and memory utilization used by all process if you find any unknown process is running then please do further investigation, and stop it if not needed

Note: Before stopping any Process you must know about it, because there are some important Process which suppose to run and if you will stop that you may face problem in normal activity. 

Step iii: Click task manager, then click on application, it will show you all current running applications that you are currently using, 

  

Method 5. Click on services it will show you the CPU and memory utilization used by all services if you find any unknown service is running then please do further investigation, and stop it if not needed

Note: Before stopping any services you must know about it, because there are some important services which suppose to run and if you will stop that you may face problem in normal activity. 

How Trojan horse comes in device ?

 

It may come from unauthorized free software, from unknown website, or while downloading any application, audio, video or from untrusted sites like porn site, or from unauthorized email we always need to be sure before opening any attachment in the email.

 

Example of Trojans:

 

1. Tiny Banker Trojan:

This is designed to target finance websites.  It works by establishing man-in-the-browser attacks and network sniffing, when it is detected it had been targeted more than 12 banking institute in USA.  It is designed to steal user’s sensitive data, such as account login information and banking codes.

 

2. RAT: (Remote Administration Tool)

 

This is one type of Trojan horse, which may give administrator access of a remote device to a bad guy, and a bad guy can install spyware software in your computer, a key logger, screen recording, attacker can copy file or install any software.

 

Ex: Ghost RAT is RAT Trojan that allows attackers to gain complete, real-time control on a device.

Apart from this few RAT tools used these days are NanoCore, BlackShades, JSpy.

 

How a Trojan is made:

 

Today many tools are available in market to make Trojan and attack; some of them are free like BEAST, and some of them are paid software. We can also make Trojan with the help of notepad.

 

We will take an example here to make a Trojan with the help of Notepad.

 

Write a Virus code on notepad.

 

Open notepad and write the below code

@ECHO off

 :top

 START %SystemRoot%\system32\notepad.exe

 GOTO top

 

 

Note:  The above code will open notepad endlessly, I am giving a very simple example here, you can write code to delete file, stop services and much more.

 

After that save file with .bat extension and select all files from “save as types” option 

You will get icon of the bat file like this,

Here the user can easily understand that the file is not a normal file and target user can delete the file so here we need to change the icon of the file. To do that we need to follow the below steps:

 

Right click on the file and click properties

 

A window will pop up select shortcut and then change icon

When you will click on change icon a small window  will open with few icons select anyone from those (Select any one icon like My PC that user click easily)

 

 

User will think it is a normal shortcut and when he/she will click on it and the code will perform its job.

 

Apart from the above Technic there is many tools available which can be use for remote access I will try to cover that in my future blogs.

Tips to use Email

I welcome all my readers in my second blog. I will start this blog with a small story. One of my friends is looking for a job and every week he has to attend interview sometimes in the city and sometimes outside the city and it’s really difficult for him to carry all the documents with him. It has become more difficult because each company has its own requirements, few wants education certificate, few wants personal documents too and few company has other requirements, so it is really difficult for him to carry all his documents with him everywhere so he decided to keep all his document's scan copy in his email inbox and he takes print out of whatever documents he required. This is a very easy and effective way to carry documents anywhere without any physical file.

But just think what will happen when some unauthorized person has access of your email. It may go worst than our expectation; an unauthorized person can see your data, your education qualification, your contact details, passport details and many more. How can we protect our email from such an unauthorized access, we are going to discuss it today. I will give you basic idea to protect your device or email from an unauthorized person. 

Create your email password strong:

A strong password protects your email from Brute-Force attack (I will write a separate blog for Brute-Force attack), We suppose to use upper case, lower case, numbers and special characters in our password together to avoid someone from guessing our password, never use your name, date of birth or mobile number as your password because it can be easily guessed by anyone.

(i) Use Multi factor Authentication:

It is an authentication method in which user has to pass more than one authentication to complete any task. Nowadays all banks transaction systems has adopted this method but when we talk about the general public I saw only few people who use this technology to protect his/ her email or personal device.

(ii) How Multi factor Authentication works:

Take an example when you enter your ATM card in the ATM machine you cannot withdraw the money just by entering your ATM card you need to enter your ATM PIN also to do any transaction this is an example of 2 factor Authentication because it has two layers of protection, one is ATM card and the other is ATM PIN  similarly, we have one more example and that is OTP ( one time Password ) when we do any online transaction by net banking we have to enter our password to login and then we have to enter OTP also to complete the transaction, similarly we can do 2 steps verification in our mail also. I will share a good example of Gmail here because it is used by many people and very common in general public. In Gmail we have option for Voice or Text Message so, whenever anyone will try to login in the Gmail account it will send a text or voice message on phone and we have to enter that to login in Gmail account.

(iii) Never share your password with anyone:

I was travelling in a taxi and the taxi driver requested me to reset his Paytm password because he was not much educated and he did not know how to use that application, nowadays people are using data much more and they had started using many money transfer application but they do not know how to use that. It's very common to share password with friends and relatives.

(iv) Do not use same password everywhere:

This is the common mistake I find with people they use same passwords for all application. They use same password for computer login, emails and for banks also and they share the password with friends without knowing that they are sharing passwords of all his application. All security applications, software and tools are useless if someone knows your password so we need to think about it. 

  

 Public Place email access (Use of public Wi-Fi or computer)

Today internet is available everywhere in the metro cities, railway stations, airports, etc. and it’s very common practice to use public internet to check ticket details when we are travelling, watching your favorite shows online, when we are waiting for someone or while waiting for flight, and to save our data we use free public Wi-Fi which is not a good practice, we do not know who manage it and since it’s for common purpose and many people use same network and subnet so it’s easy for an unauthorized person to access your phone from the same network.

(i) Look over your shoulder

Generally people don’t think much on small things which might come out like a disaster, when we use our PC or mobile at public place we don’t see what other people are doing around.  Suppose you are entering the password and someone saw that from your back side, in such case he can login in your email, so we have to be careful whenever we enter our password. Always check behind your shoulder is there anyone looking at your device (phone, PC)

Use VPN:

This is something that people use mostly in companies, but we can protect our computer or emails by using it, it provides a virtual private network so, other people need permission to enter in your network, apart from this we can avoid extra unwanted ads while browsing, we can access 

out home network from anywhere or public internet more effectively and securely with the help of VPN.

Use internet carefully:

We use internet but only few of us check the links that we open, we suppose to open only those links which are secured, and the best method to know about it is to see at the URL: if it is HTTPS then it is secured and if it is without “s” ( HTTP) then it is not secured so please try to use those websites which are secured and which starts with HTTPS.

 (i) Don’t click on any link in the email if you are not sure

Clicking on any link can put you in trouble, because you can allow someone to encrypt your data, or you can give permission to install any software in background which can be a spyware. Do not click on any link or attachment if it is not from an authorized person.

Fake call or email:

Few days back a person called my brother on behalf of Paytm, and told that he will help him in KYC process, since my brother is not from technical background he was not able to understand the process then that guy shared my brothers mobile screen by using team viewer ( A software used to share the screen of computer with other person) and he saw his user ID, password, bank details everything and my brother did not even noticed it and after that, that person tried to login in his email and bank account.

Like this you may get an email or call for technical support or for a lucky draw, always be careful and contact police cyber sell for such issue.

Use antivirus:

Always use antivirus in your phone and laptop, it will protect your device from unauthorized access and apart from this there is many other benefits of using antivirus and we suppose to use it every time.

Always update your operating system and other software in your device 

We suppose to update our operating systems as well as all the software that we use in our device, because whenever a company find any malware or any security related issue in its products they issue a new patch or issue a new updated version of that software which will help to protect our device, avoid to use free or unwanted software or websites that is not from an authorized source.

I hope the above information will help my readers to protect his/her computer from an unauthorized access, Please share it with your friends and put your questions related to this post, suggestions and advice are most welcome.  

Conficker and Rogue System Detection

This is my first blog, and my aim is to share real-world experiences from cybersecurity experts. I’ll cover prominent cyber-attacks and how professionals protect their environments from such threats. Additionally, I’ll provide tutorials on various cybersecurity technologies and tools.

Today, I’m starting with a very well-known cyber-attack that first surfaced in November 2008. It affected government organizations, private sectors, and even home computers across over 190 countries, making it the largest known computer worm infection since 2003. If you’re a cybersecurity professional, you’ve likely guessed it—I'm talking about Conficker.

Conficker targeted Microsoft Windows operating systems, and its initial detection was in 2008. In 2011, Ukrainian police arrested Mikael Sallnert, who was sentenced to 48 months in prison for his role in the attack.

 

How Conficker affect your machine ?

 

Conficker used dictionary attacks on administrator passwords to propagate itself while forming a botnet. It could execute arbitrary code via a crafted RPC request that triggered a buffer overflow during canonicalization. Once on a system, Conficker copied itself with a random name into the system directory (%systemroot%\system32) and registered itself as a service.

After gaining access to a machine, Conficker set up a small HTTP server and began scanning for other vulnerable machines. When a target was identified, the infected machine would send a URL with the payload to the target, which would then download the worm and continue the infection cycle.

                                   

Why Do Such Attacks Happen?

Attacks like Conficker often succeed due to unmanaged or unprotected machines within a network. These “rogue” machines can be a gateway for attackers to infiltrate your environment.

What Is a Rogue Machine?

A rogue machine is any unprotected system within a network. If a machine lacks antivirus software or doesn’t adhere to security policies, it becomes a rogue system. These machines pose a significant risk because they can be exploited by attackers to spread infections throughout an entire network.

How Can We Protect Our Environment?

Using antivirus software is crucial, but it’s not always enough—especially if some machines don’t have antivirus installed. Identifying rogue systems is challenging but essential for comprehensive network protection.

For example, consider a car manufacturing company with several business units—manufacturing, design, dealerships, and showrooms. The company manages its manufacturing and design units directly, but it may not manage the dealer’s computer systems. However, dealers may need access to the company’s network. An attacker could target a dealership’s unprotected machine and, through it, gain access to the more secure manufacturing unit.

To protect against such threats, it’s important to monitor all machines in your network, regardless of whether they are directly managed. This is where Rogue System Detection (RSD) comes into play.

How Does Rogue System Detection Work?

Rogue System Detection involves placing sensors within your network, often using a DHCP server. These sensors detect all devices connected to the subnet—laptops, desktops, IP phones, printers, etc.—and send the information to an endpoint management tool that cybersecurity professionals use.

Rogue System Detection works by employing tools like WinPcap to monitor network traffic and protocols such as ARP and DHCP to identify all systems on the network. The sensor sends details about every device to the antivirus management tool, which filters out the rogue machines.

You can also configure exceptions for devices like printers or IP phones that you don’t want to monitor. Additionally, you can block specific machines as needed to tighten security.

By using Rogue System Detection, you can ensure that all machines in your network—whether directly managed or not—are monitored, reducing the risk of attacks from unmanaged systems. This approach would have been effective in mitigating the spread of infections like Conficker, which took advantage of such weaknesses.

In this post, we’ve explored the Conficker worm and the dangers posed by rogue machines. By implementing Rogue System Detection, organizations can safeguard their networks from such threats. Stay tuned for more tutorials and insights into how cybersecurity professionals defend against real-world attacks!