BANGLADESH BANK HEIST 2016

In February 2016, instructions to steal US$951 million from Bangladesh Bank, the central bank of Bangladesh, were issued via the SWIFT network. CID again fail 10th time to submit charge-sheet in court over Bangladesh Bank reserves heist (17 Jan 2017) The case, initiated under the Money Laundering Prevention Act and the ICT Act. The Bangladesh Bank…

GLOSSARY : COMPUTER & EMAIL FORENSICS

Note: The terms in this glossary may have other uses in other fields. The uses discussed here are for general use in computer science & email forensics. EMAIL FORENSICS :  https://d3pakblog.wordpress.com/2016/12/28/email-analysis-techniques/ Acquisition: The stage in a computer forensic investigation wherein the data involved is collected. Often the means used is a bit-by-bit copy of the…

CYBER SECURITY THREAT 2017

Thanks you ones again to all those who read this blog and keep up with me via Facebook LinkedIn and twitter, I’m grateful for our connection. Well in this article going to focus on Cyber Security threats. As we know Ransomwares, DDOS, Mobile malware, Underground Hacking, Insider Threat are the major trending threats in few last…

Why Experts get paid more?

This is a really nice story that I received in my email today. This story demonstrates why the experts need to be paid more for their services and how the power of knowledge is important. There are probably dozens of variations on this story, but I liked this one the most. A giant ship engine…

WAYS TO HACK OFFLINE

Is unplugging your Internet connection enough to hide from prying eyes? Certainly Not. Just because you’re offline doesn’t mean your computer or your Smartphone can’t be hacked. Chances are high that you are one of the owners of nearly 100,000 computers around the world in which the National Security Agency has implanted software that enables…

DFIR RESOURCES

Digital Forensics & Incident Response is a multidisciplinary profession that focuses on identifying, investigating, and remediating computer network exploitation. This can take varied forms and involves a wide variety of skills, kinds of attackers, kinds of targets. The forms and policies posted on this page are publicly available on the Internet and are good sources…

AWESOME THREAT INTELLIGENCE

A curated list of awesome Threat Intelligence resources A concise definition of Threat Intelligence: evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice, about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject’s response to that menace or hazard. Sources Formats Frameworks Tools Research,…

INFO-SEC RELATED CHEAT SHEETS

PENETRATION TESTING CHEAT SHEETS Mobile Application Pentesting: https://www.peerlyst.com/posts/mobile-application-penetration-testing-cheat-sheet Nmap : https://pen-testing.sans.org/blog/2013/10/08/nmap-cheat-sheet-1-0/ Nmap (Not printable): https://hackertarget.com/nmap-cheatsheet-a-quick-reference-guide/ Nmap 5(older version): https://nmapcookbook.blogspot.lu/2010/02/nmap-cheat-sheet.html Nmap 5 (older version, printable) http://www.cheat-sheets.org/saved-copy/Nmap5.cheatsheet.eng.v1.pdf   Java-Deserialization https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet Metasploit https://www.tunnelsup.com/metasploit-cheat-sheet/ Another Metasploit: http://resources.infosecinstitute.com/metasploit-cheat-sheet/ Powerupsql https://github.com/NetSPI/PowerUpSQL/wiki/PowerUpSQL-CheatSheet Scapy https://pen-testing.sans.org/blog/2016/04/05/scapy-cheat-sheet-from-sans-sec560# HTTP Status codes: http://suso.suso.org/docs/infosheets/HTTP_status_codes.gif Beacon https://github.com/HarmJ0y/CheatSheets/blob/master/Beacon.pdf Powershellempire https://github.com/HarmJ0y/CheatSheets/blob/master/Empire.pdf Powersploit https://github.com/HarmJ0y/CheatSheets/blob/master/PowerSploit.pdf PowerUp https://github.com/HarmJ0y/CheatSheets/blob/master/PowerUp.pdf PowerView https://github.com/HarmJ0y/CheatSheets/blob/master/PowerView.pdf Vim https://people.csail.mit.edu/vgod/vim/vim-cheat-sheet-en.pdf Attack Surface Analysis XSS Filter…

CHALLENGES IN MOBILE FORENSICS

One of the biggest forensic challenges when it comes to the mobile platform is the fact that data can be accessed, stored, and synchronized across multiple devices. As the data is volatile and can be quickly transformed or deleted remotely, more effort is required for the preservation of this data. Mobile forensics is different from…

The Vigilante Who Hacked Hacking Team

Read about ethics of hacking, what is important in the world for “Phineas Fisher” and the choices we make. Hacker who hacked ‘The Hacking team’ The hacker who stole reams of secret documents from the controversial surveillance company Hacking Team has come forward to explain how he did it and why. In a lengthy post…