Hello to Everyone.Welcome to my channel "College Hacker".
This channel provides world class technical knowledge to the platform of IT Network and learn updated basic & advance knowledge of computer.
We provide a simple and unique learning style.
It is most useful for the college students who have interest in Digital World (hacking, networking & security).
Stay connected with #collegehacker
Subscribe on YouTube - #CollegeHacker
Sunday, March 19, 2023
Cyber Security Introduction
Cybersecurity:-
Cybersecurity refers to the practice of protecting electronic systems, networks, and sensitive information from theft, damage, or unauthorized access. It involves a range of techniques and technologies used to secure computer systems, networks, and data from various cyber threats such as hacking, phishing, malware, ransomware, and other types of cyber attacks.
Cybersecurity measures may include:-
Authentication and access control: This involves using secure passwords, multi-factor authentication, and other access control mechanisms to ensure only authorized personnel can access sensitive data and systems.
Firewalls and intrusion detection systems: These are security software and hardware systems that help prevent unauthorized access to networks and detect any attempted breaches.
Encryption: This involves using encryption algorithms to protect data from unauthorized access by encrypting it in transit and at rest.
Backup and disaster recovery: These are measures taken to ensure that data can be recovered in the event of a cyber attack or other disaster that causes data loss or corruption.
Cybersecurity training and awareness: This involves educating employees about cybersecurity best practices and potential threats, as human error is a major cause of security breaches.
Vulnerability management: This involves regularly scanning systems for vulnerabilities and addressing them before they can be exploited by attackers.
Note:
Cybersecurity is a critical concern for businesses, governments, and individuals alike, as cyber attacks can result in financial loss, reputational damage, and other serious consequences. As technology continues to advance, the need for strong cybersecurity measures is becoming increasingly important.
___________________________________________________
SUBSCRIBE - SHARE - LIKE - COMMENT .
___________________________________________________
Subscribe And Press the Bell Icon For More Update.
Phishing is similar to fishing in a lake, but instead of trying to capture fish, phishers attempt to steal your personal information. They send out e-mails that appear to come from legitimate websites such as eBay, PayPal, or other banking institutions. The e-mails state that your information needs to be updated or validated and ask that you enter your username and password, after clicking a link included in the e-mail. Some e-mails will ask that you enter even more information, such as your full name, address, phone number, social security number, and credit card number. However, even if you visit the false website and just enter your username and password, the phisher may be able to gain access to more information by just logging in to you account.
Phishing is a con game that scammers use to collect personal information from unsuspecting users. The false e-mails often look surprisingly legitimate, and even the Web pages where you are asked to enter your information may look real. However, the URL in the address field can tell you if the page you have been directed to is valid or not. For example, if you are visiting an Web page on eBay, the last part of the domain name should end with "ebay.com." Therefore, "http://www.ebay.com" and "http://cgi3.ebay.com" are valid Web addresses, but "http://www.ebay.validate-info.com" and "http://ebay.login123.com" are false addresses, which may be used by phishers. If URL contains an IP address, such as 12.30.229.107, instead of a domain name, you can almost be sure someone is trying to phish for your personal information.
If you receive an e-mail that asks that you update your information and you think it might be valid, go to the website by typing the URL in your browser's address field instead of clicking the link in the e-mail. For example, go to "https://www.paypal.com" instead of clicking the link in an e-mail that appears to come from PayPal. If you are prompted to update your information after you have manually typed in the Web address and logged in, then the e-mail was probably legitimate. However, if you are not asked to update any information, then the e-mail was most likely a spoof sent by a phisher.
Most legitimate e-mails will address you by your full name at the beginning of the message. If there is any doubt that the e-mail is legitimate, be smart and don't enter your information. Even if you believe the message is valid, following the guidelines above will prevent you from giving phishers your personal information.
Phishing Methods
Phishing attempts most often begin with an email attempting to obtain sensitive information through some user interaction, such as clicking on a malicious link or downloading an infected attachment.
A.) Through link manipulation, an email may present with links that spoof legitimate URLs; manipulated links may feature subtle misspellings or use of a subdomain. B.) Phishing scams may use website forgery, which employs JavaScript commands to make a website URL look legitimate. C.) Using covert redirection, attackers can corrupt legitimate websites with malicious pop-up dialogue boxes that redirect users to a phishing website. D.) Infected attachments, such as .exe files, Microsoft Office files, and PDF documents can install ransomware or other malware. E.) Phishing scams can also employ phone calls, text messages, and social media tools to trick victims into providing sensitive information.
Types of Phishing Attacks
Some specific types of phishing scams use more targeted methods to attack certain individuals or organizations.
A.) Spear Fishing
Spear phishing email messages won’t look as random as more general phishing attempts. Attackers will often gather information about their targets to fill emails with more authentic context. Some attackers even hijack business email communications and create highly customized messages.
B.) Clone Phishing
Attackers are able to view legitimate, previously delivered email messages, make a nearly identical copy of it—or “clone”—and then change an attachment or link to something malicious.
C.) Whaling
Whaling specifically targets high profile and/or senior executives in an organization. The content of a whaling attempt will often present as a legal communication or other high-level executive business.
How to Prevent Phishing Attacks
Organizations should educate employees to prevent phishing attacks, particularly how to recognize suspicious emails, links, and attachments. Cyber attackers are always refining their techniques, so continued education is imperative.
Some tell-tale signs of a phishing email include:
‘Too good to be true’ offers
Unusual sender
Poor spelling and grammar
Threats of account shutdown, etc., particularly conveying a sense of urgency
Links, especially when the destination URL is different than it appears in the email content
Unexpected attachments, especially .exe files
Additional technical security measures can include:
Two Factor Authentication incorporating two methods of identity confirmation—something you know (i.e., password) and something you have (i.e., smartphone)
Email filters that use machine learning and natural language processing to flag high-risk email messages. DMARC protocol can also prevent against email spoofing.
Augmented password logins using personal images, identity cues, security skins, etc.
___________________________________________________
SUBSCRIBE - SHARE - LIKE - COMMENT .
___________________________________________________
Subscribe And Press the Bell Icon For More Update.
Reconnaissance : This is the first phase where the Hacker tries to collect information about the target. It may include Identifying the Target, finding out the target’s IP Address Range, Network, DNS records, etc.Let’s assume that an attacker is about to hack a websites’ contacts.He may do so by : using a search engine like maltego, researching the target say a website (checking links, jobs, job titles, email, news, etc.), or a tool like HTTPTrack to download the entire website for later enumeration, the hacker is able to determine the following: Staff names, positions, and email addresses.
Scanning: This phase includes usage of tools like dialers, port scanners, network mappers, sweepers, and vulnerability scanners to scan data. Hackers are now probably seeking any information that can help them perpetrate attack such as computer names, IP addresses, and user accounts.Now that the hacker has some basic information, the hacker now moves to the next phase and begins to test the network for other avenues of attacks. The hacker decides to use a couple methods for this end to help map the network (i.e. Kali Linux, Maltego and find an email to contact to see what email server is being used). The hacker looks for an automated email if possible or based on the information gathered he may decide to email HR with an inquiry about a job posting.
Gaining Access: In this phase, hacker designs the blueprint of the network of the target with the help of data collected during Phase 1 and Phase 2. The hacker has finished enumerating and scanning the network and now decide that they have a some options to gain access to the network. For example, say hacker chooses Phishing Attack The hacker decides to play it safe and use a simple phishing attack to gain access. The hacker decides to infiltrate from the IT department. They see that there have been some recent hires and they are likely not up to speed on the procedures yet. A phishing email will be sent using the CTO’s actual email address using a program and sent out to the techs. The email contains a phishing website that will collect their login and passwords. Using any number of options (phone app, website email spoofing, Zmail, etc) the hacker sends a email asking the users to login to a new Google portal with their credentials. They already have the Social Engineering Toolkit running and have sent an email with the server address to the users masking it with a bitly or tinyurl. Other options include creating a reverse TCP/IP shell in a PDF using Metasploit ( may be caught by spam filter). Looking at the event calendar they can set up a Evil Twin router and try to Man in the Middle attack users to gain access. An variant of Denial of Service attack, stack based buffer overflows, and session hijacking may also prove to be great.
Maintaining Access: Once a hacker has gained access, they want to keep that access for future exploitation and attacks. Once the hacker owns the system, they can use it as a base to launch additional attacks. In this case, the owned system is sometimes referred to as a zombie system.Now that the hacker has multiple e-mail accounts, the hacker begins to test the accounts on the domain. The hacker from this point creates a new administrator account for themselves based on the naming structure and try and blend in. As a precaution, the hacker begins to look for and identify accounts that have not been used for a long time. The hacker assumes that these accounts are likely either forgotten or not used so they change the password and elevate privileges to an administrator as a secondary account in order to maintain access to the network. The hacker may also send out emails to other users with an exploited file such as a PDF with a reverse shell in order to extend their possible access. No overt exploitation or attacks will occur at this time. If there is no evidence of detection, a waiting game is played letting the victim think that nothing was disturbed. With access to an IT account the hacker begins to make copies of all emails, appointments, contacts, instant messages, and files to be sorted through and used later.
Clearing Tracks : Prior to the attack, the attacker would change their MAC address and run the attacking machine through at least one VPN to help cover their identity. They will not deliver a direct attack or any scanning technique that would be deemed “noisy”. Once access is gained and privileges have been escalated, the hacker seek to cover their tracks. This includes clearing out Sent emails, clearing server logs, temp files, etc. The hacker will also look for indications of the email provider alerting the user or possible unauthorized logins under their account.
___________________________________________________
SUBSCRIBE - SHARE - LIKE - COMMENT .
___________________________________________________
Subscribe And Press the Bell Icon For More Update.
Start with Marc Goodman's 'UPDATE' acronym – then take it to the next level with our 33 tips below.
Update regularly
Use auto-updates to get the latest patches for apps, software and operating systems.
Passwords: don’t re-use them
Using the same password on a whole raft of logins is a rookie mistake. Once hackers get one password, they’ll try it on everything else they can connect you to (see tip 19).
Download from authorised sources
Whether you 'side-load' apps (self-install them) or go for open source software, make sure you get them from trusted sites.
Check for any bundled bits ('spyware' or 'adware') and remove them – toolbars and add-ons that change your default search engines are the biggest culprits.
'Administrator' shouldn't be your default setting
Don’t log in as admin on your computer for day-to-day use (except when you have to, like if you're installing stuff). If you download something dodgy or have already been compromised, hackers can track, install and change pretty much whatever they like.
Turn off when you’re done
That includes logging out of sites when you’ve had your fill of memes, switching off the computer when you leave the house, or disconnecting the WiFi when you’re not using it.
Encrypt to keep your stuff unreadable
Encryption doesn’t stop files, emails or details you submit through a website being intercepted – it ‘scrambles’ the content so they can’t be read by unauthorised users.
One of the most common forms of encryption you can make use of is to check for the little padlock symbol next to the URL (or that the address starts with https, not just http) when you're logging in or providing payment details. Most sites use this nowadays anyway, but it's always worth checking!
There’s much more you can get into, from tweaking email settings to encrypting files on your machines. FileVault (built into Macs) can help, as can check free utilities such as VeraCrypt.
How to protect your computer from hackers and viruses
Protecting yourself from getting hacked can take just a couple of minutes if you follow these quick steps:-
Security basics :-
Get yourself decent anti-virus and firewall software – and turn it on! Some insurance companies and banks only cover fraud and theft if you can prove you had security in place.
Back-up important data on an external hard drive or USB stick. If there’s something that you’d be gutted to lose, keep copies!
Be picky about which companies you share your personal info with – your data’s only as secure as they are.
Be very suspicious of emails or messages asking for login or account info, and check that any links are legit (i.e. not hsbo-bank.co.uk) and secure (https not http). This is known as phishing and is one of the easiest ways for passwords to be nicked.
Most cloud storage is snoopable: encrypt the content you keep in them or check out Dropbox (which claims to encrypt all files stored).
Only log in to accounts from your own gadgets. If you do have to use a public or shared device, make sure you log out afterwards.
Where possible, buy online using a credit card. If you're a victim of fraud you'll have a better chance of getting your money back. If you can't get accepted for a credit card, use a prepaid card instead – while this won't insure your stolen cash, hackers will only have access to what you've topped up rather than your entire bank balance.
If there’s something you really, really don’t want anyone else to know or get hold of, don’t put it online!
How to create a strong password
Use an unusual but memorable phrase, and replace letters with numbers or punctuation marks (0 instead of o, or 3 for E).
Never use real answers in security questions – make up memorable answers that will only make sense to you.
Change passwords at least a couple of times a year: get fresh ones, and don’t just swap around the ones you already use!
Get LastPass – seriously. It's all very well (and essential) having long and unique passwords for each site, but you'll never remember them without a password manager. LastPass is the most popular free solution for storing them all and integrates easily as a browser extension (and app).
Use two-step verification if it’s available for logins: if someone signs in from a new or unauthorised device, they’ll have to provide a code that’s only sent to your phone or email address.
Hide your email from spam bots
Credit: College Hacker
Don’t use an easily-guessed email – like yourname@gmail.com – for logging into sites holding sensitive information (like online banking). Use alias emails that you can simply forward to your main account.
In fact, use alias emails for all aspects of your online life: work, personal stuff, online surveys, memes, whatever. This will limit what info hackers can access (and how much spam you get!).
Forced to enter an email address but worried you’re going to be inundated with spam afterwards? Use one you can burn when you’re done! You can create a temporary email that will combust after use over on guerrillamail.com.
If your email account displays the location of the last login (Gmail does – check the bottom of the screen), take a look at it every now and again to spot any rogue usage.
Check your social media security settings
Credit: Walt Disney Studios
Check your privacy settings: don’t broadcast every update to the whole world. Log out every now and again to view your profile the way strangers see it.
Don’t accept friend requests from folk you don’t know (obviously!)
Enable login alerts to get beeped when someone signs into your account. On Facebook, you can turn it on through Security Settings (approve your own devices so you don’t get pointless alerts!).
Be careful what you share on social, especially your date of birth or any info banks use to verify accounts or lost passwords.
Review app permissions: whenever you log in to another site using Facebook or add an app to your account, you've opened another door for personal data leakage. See what info you're handing out here.
Protecting your phone and gadgets
Always lock your phone using either fingerprint recognition, a secure PIN (not your birthday) or unique gesture.
Know how to wipe your gadgets if they're lost or stolen.
Put a sticker over any unused webcams (hackers could be watching you).
Read app permissions to see exactly what data you’re allowing them to access before you install them.
Install Find My iPhone (Apple) or make sure you've set up Find My Device on Android. Prey is also excellent for tracking, locking and wiping missing phones and laptops.
Always password protect your home WiFi network, and change the default admin password on your internet routers.
Remember that public WiFi has more holes than Swiss cheese – everything you do while connected can be spied on.
Only use well-known or reputable WiFi hotspots – setting up fake free networks is a common sting.
Turn off sharing, so that things you usually connect or share on a secure network (files, devices or logins) aren’t discoverable.
Only visit secure sites: check for the padlock and 'https' in the address bar.
Use a VPN (Virtual Private Network) to 'cloak' yourself and your data. Private Internet Access is our favourite due to ease of setup, privacy settings and security features.
___________________________________________________
SUBSCRIBE - SHARE - LIKE - COMMENT .
___________________________________________________
Subscribe And Press the Bell Icon For More Update.
Hello to Everyone.Welcome to my channel "College Hacker".
This channel provides world class technical knowledge to the platform of IT Network, Operating systems
with the latest version, Networking and learn updated basic & advance knowledge of computer.
We provide a simple and unique learning style.
It is most useful for the college students who have interest in Digital World (hacking, networking & security).
Stay connected with #collegehacker.
* All information is for study purpose only.
#collegehacke
