Khanna Security Blog

Microsoft released Security patch for 53 Vulnerabilities in July 2018. So if you are not running an updated system go an update as fast as possible. Users are strongly advised to apply security patches as soon as possible to keep hackers and cybercriminals away from taking control of their computers. These vulnerabilities are so deadly. It will create a bad impact on your system. Affecting Products 1) Windows 2) Internet Explorer (IE) 3) Edge 4) ChackraCore 5) NET Framework 6)…

Read More Read More

Over the last few weeks, the Check Point Threat Intelligence Team discovered the comeback of an APT surveillance attack against institutions across the Middle East, specifically the Palestinian Authority. The attack begins with a phishing email sent to targets that include an attachment of a self-extracting archive containing two files: a Word document and a malicious executable. Posing to be from the Palestinian Political and National Guidance Commission, the Word document serves as a decoy, distracting victims while the malware…

Read More Read More

The Advanced Persistent Threat, commonly abbreviated as APTs, are defined as multi-phase attacks on an organization’s network. They’re characterized by a “long game” approach to gaining entry, avoiding detection, and collecting a large volume of protected information. One of the most challenging aspects of Advanced Persistent Threats is the fact that they are naturally varied and complex. They may originate from phishing campaigns or zero-day malware. APTs are also stealthy; often playing the long game. The recently discovered DarkHotel attack, which remained undetected…

Read More Read More

Penetration testing or pen-testing as it is sometimes called features two distinctly different methods of execution, internal and external. Understanding the differences between internal and external penetration testing is important so that you can use the method that is best suited and properly evaluate the results. External Pen-Testing External pen-testing is the traditional, more common approach to pen-testing. It addresses the ability of a remote attacker to get to the internal network. The goal of the pen-test is to access…

Read More Read More

What is the Red Team? A Red Team assessment is an authorized, adversary-based assessment for defensive purposes, performed by an interdisciplinary team of professionals. It includes 1)OSINT(Open Source Intelligence) 2)Reconnaissance 3)Footprinting: System, Network, and Services. 4)Footprinting online presence of people. 5)Developing attack vector 6)Developing exploit to gain access. 7)Escalate privileges 8)Social engineering 9)Developing backdoor REPORT AND QUERY SOLVED!! After performing these steps the red team will provide the extensive report to detail the problem areas. Where the issues are and…

Read More Read More

A software testing technique is also known as glass box, structural, clear box and open box testing, white box testing whereby explicit knowledge of the internal workings of the item being tested is used to select the test data. Unlike black box testing, white box testing uses specific knowledge of programming code to examine outputs. The test is accurate only if the tester knows what the program is supposed to do. He or she can then see if the program diverges from its intended goal. White box testing does not account…

Read More Read More

Black-box security testing refers to a method of software security testing in which the security controls, defenses, and design of an application are tested from the outside-in, with little or no prior knowledge of the application’s internal workings. Essentially, black-box testing takes an approach similar to that of a real attacker. This method is named so because the software program, in the eyes of the tester, is like a black box; inside which one cannot see. This method attempts to…

Read More Read More

LTE ATTACK If you are using 4G network mobile phone carrier also known as LTE, you need to beware of your network communication that can be remotely hijacked. The researcher’s team has discovered some critical weakness in the ubiquitous LTE mobile device standard that could allow HACKERS to SPY on users cellular networks. They can re-route to the malicious website and even modify the content of their communication. Evolution LTE Long Term Evolution, used by millions of people this is…

Read More Read More

BLOCK CHAIN A blockchain is a chain of a block that contains information. This technique was originally discovered in 1991 by a group of teachers and it was originally intended to timestamps digital documents. so it is not possible to tamper with them. A blockchain is a distributed ledger completely open to anyone they have an interesting property one the data has been recorded inside the blockchain it becomes very difficult to change it. It is a structure of data…

Read More Read More

The Blockchain is an undeniably ingenious invention – the brainchild of a person or group of people known by the pseudonym,  Satoshi Nakamoto. But since then, it has evolved into something greater, and the main question every single person is asking is: What Is blockchain technology? “The blockchain is an incorruptible digital ledger of economic transactions that can be programmed to record not just financial transactions but virtually everything of value.” How does the Blockchain work? By allowing digital information to be distributed but…

Read More Read More