Just a thought: A phone controls you now.

Our society has changed so much now. A simple device (phone) has taken control of you & you have no control over it. Even husband & wife are sitting in each corner of the bed & checking Watsapp every min. Hoping, something will come up & may change his/her life.

In a week, We have 168 hrs but you or me do not have 5 mins to talk to parents, brother, friends or old colleagues. Even if you try they do not have time to speak to you. A kid wants to play with father but father is busy in facebook. Strange time and we all are sick in many ways.

If you ask anybody they say no time yaar then blame kids, work, unhealthy parents or partner. But, never check his/her total screen time in a week. As per research, On average a person can maintain maximum 200 contacts but now you can’t even maintain 10 people contacts because of phone.

My humble request to all readers is that Talk to the people who is next to you. Say hello to others in metro or workplace rather than chatting someone online on Facebook.


Email Security: What is credential phishing?

Credential phishing is a type of email-based attack that uses malicious web forms mimicking legitimate websites to steal the victim’s login credentials. Potentially targeted credentials can include any web-based service, including:

  • Microsoft Outlook Web Access (OWA) and other corporate web-based email services
  • Free webmail services (e.g., Gmail, Yahoo, Hotmail)
  • Cloud-based sync and sharing services (e.g., DropBox, Box)
  • Online shopping (Apple ID, Amazon, etc) and loyalty program logins 

The credential phishing site frequently appears to be a perfect copy of the targeted website, and as a result a quick visual scan by the victim does not arouse suspicion. However, the domain in the URL will be under the attacker’s control, rather than owned by the targeted organization, and may indicate that the site is not legitimate.

Credential phishing is one of most successful social engineering technique to target larger organizations.

CyberNews: Top Vulnerabilities this week

Following Vulnerabilities: 

CVE-2020-16898 — There’s an RCE in the Windows TCP/IP stack related to the handling of ICMPv6 Router Advertisements More 

CVE-2020-16898 Highlights

  • Do not disable IPv6 entirely unless you want to break Windows in interesting ways.
  • This can only be exploited from the local subnet.
  • But it may lead to remote code execution / BSOD
  • PoC exploit is easy, but actual RCE is hard.
  • Patch

Almost 800,000 internet-accessible SonicWall VPN appliances will need to be updated and patched for a major new vulnerability that was disclosed on Wednesday. 800,000 SonicWall VPNs are vulnerable to an RCE.

Discord Desktop app RCE

A few months ago, I discovered a remote code execution issue in the Discord desktop application and I reported it via their Bug Bounty Program.

The RCE I found was an interesting one because it is achieved by combining multiple bugs. In this article, I’d like to share the details.. More

Multiple vulnerabilities have been discovered in #Magento CMS, the most severe of which could allow for arbitrary code execution. More

Ransomware Facts, Trends & Statistics for 2020


The following facts, statistics, and trends will help you realize how imminent the ransom threat is to your business and personal life.

Ransomware Facts, Trends & Statistics for 2020

Some hackers even corrupt and delete a company’s files while they await the ransom payment, just to show that they’re serious. Regardless of the cyber criminal’s ultimate actions, the actual cost of ransomware goes beyond just the payout.

Ransomware Facts, Trends & Statistics for 2020



MacOS Forensic: How to compare malware app (.dmg) with authentic app in MacOS

Let’s consider a scenario in which you as security analyst needs to investigate if a particular endpoint (laptop, desktop or server) has downloaded a malware flash player. Let’s assume you have endpoint protection in your organization and you have received an alert regarding downloaded malware in ‘X’ Machine.

In most of the cases, you would get enough details in endpoint protection software itself however if you are interested in knowing malware behaviour or what is this new malware does then you would following steps:

  • Download fake malware flash player from virus total and also download authentic flash player from adobe site. You can find malware from virus total as well but that is premium service.
  • Open two command prompts side by side and type command like below image. In below snapshot, I have shown how to find metadata info about any dmg file.
codesign -dvv <file-name>

You can check the same code sign information on fake dmg file and compare it. You will get to know a lot of details.

Another method malware vs real Mac OS App

Another good method is to check contents of app. Basically, you have to compare folder & files within each Mac OS application In order to do that follow below steps:

  • Open malware & authentic app by double click and in Mac OS finder windows. Once it is open it like below image..

Right click on app and use “Show Package Contents”. Do it same for authentic app too and compare the folder structure.

This is a bit of forensics about how to extract metadata & details about malware. I hope this helps.