Tag Archives: Cyber Security

Cyber Security

Cyber Security notes for 2025 – Part 4

Leave a comment

Further to my four Cyber Security notes here:

Below I am listing Part 4 with keywords to explore relevant to 2025:

  • Access Control
  • Advanced Persistent Threat (APT)
  • AI-driven Phishing
  • Allow-list / Block-list
  • Antivirus / Anti-Malware Software
  • Attack Surface
  • Attack Vector
  • Authentication
  • Authenticator App
  • Authorization
  • Availability
  • Backdoor
  • Backup & Recovery
  • Behavioral Biometrics
  • Biometric Authentication
  • Biometrics
  • Botnet
  • Browser Isolation
  • Cloud Security
  • Confidentiality
  • Cryptography / Encryption
  • Cyber Hygiene
  • Cyber Resilience
  • Data Breach
  • Data Privacy
  • Deepfake
  • Digital Footprint
  • Double Extortion (Ransomware)
  • Encryption
  • Endpoint Protection
  • Firewall
  • Identity Theft
  • Incident Response
  • Insider Threat
  • IoT (Internet of Things) Device
  • IoT Security
  • Malware (Malicious Software)
  • Multi-factor Authentication (MFA)
  • Multi-Factor Authentication (MFA) / Two-Factor Authentication (2FA)
  • Parental Controls
  • Patch Management
  • Patching / Software Update
  • Password Manager
  • Passwordless Authentication
  • Phishing
  • Privacy Settings
  • Quantum-safe Encryption
  • Ransomware
  • Safe Browsing
  • Secure Configuration
  • Security Control / Countermeasure
  • Security Key
  • Shoulder Surfing
  • SIM Swapping
  • Smishing / Vishing
  • Social Engineering
  • Spoofing
  • Threat Actor / Adversary
  • Virtual Private Network (VPN)
  • VPN (Virtual Private Network)
  • Vulnerability
  • WPA3 (Wi-Fi Protected Access 3)
  • Zero Trust
  • Zero Trust (Principle)
  • Zero-Day
  • Zero-Day Exploit

Note: Enhanced / compiled with help of AI / LLMs

Cyber Forensics, Cyber Security

Cybersecurity and Cyber Forensics tools – Part 1 (Collated from internet & AI)

Leave a comment

Here is an exhaustive list of cybersecurity and cyber forensic tools, categorized based on their functionalities:

1. Network Security & Monitoring Tools

  • Wireshark – Network packet analyzer
  • Snort – Open-source network intrusion detection system (NIDS)
  • Suricata – High-performance IDS, IPS, and network security monitoring (NSM)
  • Zeek (formerly Bro) – Network security monitoring tool
  • Tcpdump – Command-line packet analyzer
  • NetFlow Analyzer – Traffic analysis and bandwidth monitoring
  • Nmap – Network scanning and mapping
  • Nagios – Network monitoring and alerting
  • OpenVAS – Open-source vulnerability scanner

2. Penetration Testing & Ethical Hacking

  • Metasploit – Penetration testing framework
  • Kali Linux – Comprehensive penetration testing OS
  • Parrot Security OS – Alternative to Kali Linux with penetration testing tools
  • Burp Suite – Web application security testing
  • SQLmap – Automated SQL injection testing
  • John the Ripper – Password cracking tool
  • Hydra – Brute-force password cracking
  • Aircrack-ng – Wi-Fi network penetration testing
  • Nikto – Web server scanner
  • BeEF (Browser Exploitation Framework) – Browser-based attack tool
  • Reaver – Wi-Fi Protected Setup (WPS) attack tool
  • Social-Engineer Toolkit (SET) – Social engineering attack simulation

3. Digital Forensics Tools

  • Autopsy – Open-source digital forensic tool
  • FTK (Forensic Toolkit) – Disk imaging and forensic analysis
  • EnCase – Comprehensive digital forensic suite
  • The Sleuth Kit (TSK) – File system forensics
  • Volatility – Memory forensics framework
  • X-Ways Forensics – Lightweight forensic analysis tool
  • Magnet AXIOM – Digital investigation and analysis
  • OSForensics – Advanced file system analysis
  • DEFT Linux – Digital Evidence & Forensics Toolkit
  • CAINE (Computer Aided Investigative Environment) – Linux-based forensic tool
  • Oxygen Forensic Suite – Mobile forensic analysis
  • XRY – Mobile forensics tool
  • UFED (Cellebrite) – Mobile data extraction tool

4. Endpoint Security & Antivirus Tools

  • Windows Defender – Built-in Windows security
  • Bitdefender – Advanced endpoint protection
  • Kaspersky Endpoint Security – Enterprise-level security suite
  • Symantec Endpoint Protection – Comprehensive security solution
  • McAfee Endpoint Security – Next-gen endpoint protection
  • Sophos Intercept X – AI-driven endpoint security
  • CrowdStrike Falcon – Cloud-based EDR solution
  • Carbon Black (VMware) – Next-gen antivirus and EDR

5. Malware Analysis & Reverse Engineering

  • IDA Pro – Disassembler for reverse engineering
  • Ghidra – Open-source reverse engineering suite by NSA
  • Radare2 – Reverse engineering and binary analysis
  • OllyDbg – Windows debugger for malware analysis
  • x64dbg – Open-source Windows debugger
  • Cuckoo Sandbox – Automated malware analysis
  • PEStudio – Portable executable analysis tool
  • YARA – Pattern-matching tool for malware research

6. Web Security & Vulnerability Scanners

  • OWASP ZAP (Zed Attack Proxy) – Web app security scanner
  • Acunetix – Automated web vulnerability scanner
  • Nessus – Vulnerability scanning and risk assessment
  • Nikto – Web server scanner
  • Burp Suite – Comprehensive web penetration testing
  • Arachni – Web application security scanner

7. Cloud Security & Security-as-a-Service

  • AWS Security Hub – Cloud security posture management
  • Azure Security Center – Microsoft cloud security tool
  • Google Chronicle – Threat intelligence and SIEM
  • Palo Alto Prisma Cloud – Cloud security suite
  • Qualys Cloud Security – Compliance and vulnerability management
  • CrowdStrike Falcon for Cloud – Cloud-based threat detection

8. SIEM (Security Information and Event Management) & Log Analysis

  • Splunk – Security analytics and SIEM
  • ELK Stack (Elasticsearch, Logstash, Kibana) – Log monitoring and analysis
  • IBM QRadar – Threat intelligence and SIEM
  • ArcSight – Enterprise SIEM solution
  • Graylog – Open-source log analysis tool
  • LogRhythm – Security analytics and threat detection

9. Identity & Access Management (IAM)

  • Okta – Cloud-based identity and access management
  • Microsoft Active Directory (AD) – Centralized identity management
  • Ping Identity – Enterprise IAM solution
  • Auth0 – Authentication and authorization solution
  • CyberArk – Privileged access management (PAM)
  • Duo Security – Multi-factor authentication (MFA)

10. Threat Intelligence & Incident Response

  • MISP (Malware Information Sharing Platform) – Open-source threat intelligence platform
  • TheHive – Incident response and case management
  • AlienVault OTX – Open threat exchange intelligence
  • VirusTotal – Malware scanning and threat intelligence
  • Palo Alto Cortex XSOAR – Security orchestration and automation
  • MITRE ATT&CK Navigator – Threat tactics and techniques framework

11. Cryptography & Secure Communication

  • OpenSSL – Open-source cryptographic library
  • GnuPG (GPG) – Open-source encryption tool
  • VeraCrypt – Disk encryption software
  • TrueCrypt – Legacy disk encryption tool
  • Hashcat – Advanced password recovery tool
  • KeePass – Secure password manager

12. Wireless Security & Bluetooth Forensics

  • Kismet – Wireless network detection and monitoring
  • Aircrack-ng – Wi-Fi security auditing
  • Wireshark – Wireless traffic analysis
  • BlueMaho – Bluetooth security auditing
  • Ubertooth – Bluetooth sniffer

13. DevSecOps & Secure Development Tools

  • SonarQube – Static code analysis for security vulnerabilities
  • Checkmarx – Application security testing
  • Snyk – Open-source dependency vulnerability scanning
  • Veracode – Application security scanning
  • Dependency-Check – Software composition analysis (SCA) tool

14. Honeypots & Deception Technology

  • Dionaea – Malware honeypot
  • Cowrie – SSH and Telnet honeypot
  • Kippo – SSH honeypot for attacker monitoring
  • Honeyd – Low-interaction honeypot framework
  • Canary Tokens – Digital tripwires for intrusion detection

15. Mobile Security & Mobile Forensics

  • MobSF (Mobile Security Framework) – Static and dynamic analysis of mobile apps
  • Appknox – Mobile security vulnerability scanning
  • Drozer – Android security assessment framework
  • iOS Security Suite – iOS penetration testing tools

Cyber Security

List of hacking types you should be protecting your website / portal against – Part 1

Leave a comment

Comprehensive List of Website Hacking Types (100+) sourced from ChatGPT

  1. SQL Injection
  2. Blind SQL Injection
  3. Boolean-Based SQL Injection
  4. Time-Based SQL Injection
  5. Error-Based SQL Injection
  6. Cross-Site Scripting (XSS)
  7. Reflected XSS
  8. Stored XSS
  9. DOM-Based XSS
  10. Cross-Site Request Forgery (CSRF)
  11. Clickjacking
  12. Remote File Inclusion (RFI)
  13. Local File Inclusion (LFI)
  14. Directory Traversal
  15. Session Hijacking
  16. DNS Spoofing
  17. Man-in-the-Middle (MITM) Attack
  18. Brute Force Attack
  19. Credential Stuffing
  20. Dictionary Attack
  21. Code Injection
  22. Command Injection
  23. XML External Entities (XXE)
  24. HTTP Host Header Attack
  25. Broken Authentication
  26. Sensitive Data Exposure
  27. Security Misconfiguration
  28. Insecure Deserialization
  29. Server-Side Request Forgery (SSRF)
  30. Denial of Service (DoS)
  31. Distributed Denial of Service (DDoS)
  32. Path Manipulation
  33. Subdomain Takeover
  34. Open Redirect
  35. Cache Poisoning
  36. Business Logic Attack
  37. Social Engineering
  38. Zero-Day Exploit
  39. Exploit Kits
  40. Malware Injection
  41. Web Shell Attack
  42. Phishing
  43. Spear Phishing
  44. Whaling
  45. Content Spoofing
  46. Parameter Tampering
  47. URL Manipulation
  48. Cookie Poisoning
  49. HTTP Response Splitting
  50. Broken Access Control
  51. API Abuse
  52. Side-Channel Attack
  53. Supply Chain Attack
  54. CSP Bypass (Content Security Policy Bypass)
  55. OAuth Misconfiguration
  56. DOM-Based XSS
  57. Web Cache Deception
  58. CRLF Injection
  59. Eavesdropping
  60. Remote Code Execution (RCE)
  61. Privilege Escalation
  62. SQL Truncation Attack
  63. Timing Attack
  64. Padding Oracle Attack
  65. Credential Harvesting
  66. Session Fixation
  67. URL Redirection Attack
  68. HTTP Parameter Pollution (HPP)
  69. Race Condition
  70. Slowloris Attack
  71. DNS Amplification Attack
  72. Smurf Attack
  73. Ping of Death
  74. SYN Flood
  75. TCP Hijacking
  76. ICMP Flood
  77. ARP Spoofing
  78. Email Spoofing
  79. Typosquatting
  80. Watering Hole Attack
  81. Malvertising
  82. Click Fraud
  83. Cookie Injection
  84. Cookie Theft
  85. Cookie Tampering
  86. DNS Cache Poisoning
  87. Command and Control (C2) Attack
  88. Keylogging
  89. Credential Reuse Attack
  90. Watermarking Attack
  91. Image-Based Attack (Steganography)
  92. WebRTC Leak
  93. Host Header Injection
  94. Token Hijacking
  95. Hidden Field Manipulation
  96. Bypassing Input Validation
  97. Null Byte Injection
  98. File Upload Vulnerability
  99. Cross-Origin Resource Sharing (CORS) Exploit
  100. Cross-Origin Request Attack (COR)
  101. Security Token Exposure
  102. HTML Injection
  103. Frame Injection
  104. Tabnabbing
  105. DNS Rebinding
  106. HTTP Smuggling
  107. HTTP Desync Attack
  108. SSL Stripping
  109. TLS Downgrade Attack
  110. JavaScript Injection
  111. Python Code Injection
  112. Bash Injection
  113. Shellshock Attack
  114. Path Traversal
  115. Symlink Attack
  116. Broken Function Level Authorization
  117. DNS Tunneling
  118. WebSocket Injection
  119. Parameter Pollution
  120. Java Deserialization Attack
  121. PHP Object Injection
  122. Command Injection via Environment Variables
  123. Header Injection
  124. RegEx Injection
  125. Server-Side Template Injection (SSTI)
  126. PHP Code Injection
  127. DOM Clobbering
  128. Prototype Pollution
  129. Buffer Overflow
  130. Heap Overflow
  131. Stack Overflow
  132. Heap Spray Attack
  133. Session Replay Attack
  134. Token Replay Attack
  135. Referrer Leakage
  136. Weak Password Attack
  137. Content Injection
  138. Response Tampering
  139. Email Injection
  140. Path Manipulation Attack
  141. JSON Injection
  142. LDAP Injection
  143. XPath Injection
  144. iFrame Injection
  145. Process Injection
  146. Memory Corruption
  147. Cross-Site History Manipulation
  148. Drive-by Download Attack
  149. Command Injection via Shell
  150. Exposed Debug Endpoint
  151. Rate Limiting Bypass
  152. Anti-Automation Bypass
  153. Automated Scanner Detection Bypass
  154. WAF Bypass (Web Application Firewall)
  155. Websocket Abuse
  156. Multi-Factor Authentication (MFA) Bypass
  157. Sensitive File Exposure
  158. Default Credentials Exploit
  159. Hidden Admin Panel Detection
  160. Deprecated API Exploit
  161. Weak CAPTCHA Protection
  162. Insufficient Logging and Monitoring
  163. Excessive Data Exposure
  164. Improper Error Handling
  165. Full Path Disclosure
  166. WebRTC Exploit
  167. Content Spoofing in HTML Emails
  168. Vulnerable JavaScript Libraries
  169. Browser Fingerprinting
  170. Remote Desktop Exploit
  171. SAML Injection
  172. JWT Token Forgery
  173. Firebase Misconfiguration
  174. Server Misconfiguration
  175. Third-Party Script Exploits
Architecture, Cloud, Cyber Security

Security best practice, patterns & architecture links from AWS, GCP & Azure – Part 1

Leave a comment

Herewith I am providing a curated list of links for security best practices, patterns & architecture for AWS, GCP & Azure – Part 1.

AWS:

GCP:

AZURE:

Also, check out security as code products like oak9:

Email me: Neil@HarwaniSystems.in

Cyber Security

Security tips for Google Drive & Android

Leave a comment

Google Drive:

  • Open Google Drive on web based browser like Chrome
  • On each of the folders if you see a person symbol it’s shared, if you don’t see the symbol its not shared
  • For each folder -> click SHARE -> Advanced -> Check which user has view rights and which user has edit rights -> Disable options to download, print, and copy for commenters and viewers -> Prevent editors from changing access and adding new people.
  • For each folder -> click SHARE -> Advanced -> SHARE SETTINGS -> Change -> Check settings there are 4 to 5 options
  • Note -> Even if your folder is not shared, files inside it can be in shared mode – This seems to be a big missing feature in Google Drive. There is no clear way to check this in one go for all files and we individually need to check each file. Workaround: Write Java code using Google Developers API to check this: https://developers.google.com/drive/

Android security settings to explore:

  • Emergency info – Settings -> Users -> Emergency info -> INFO & CONTACT – Note: Can be seen on locked screen
  • Settings -> Security -> Screen Lock
  • Encryption ON – at-least Android 6 required, by default it’s on from 6/7 onward – Settings -> Security
  • Settings -> Security -> Screen Lock -> Gear button -> Lock message
  • Security -> Install from unknown locations -> Should be OFF
  • Settings -> Users -> Guest user -> Turn on phone calls -> OFF
  • Settings -> Users -> Add users while screen is locked -> OFF
  • Settings -> Security -> Make password visible -> OFF
  • Settings -> Security -> Set up SIM card lock