This second blog post on the OSINT field will talk about Facebook. Again, it is a really simple tip but very interesting.
ReadOSINT, for Open Source INTelligence, is the process of searching for, gathering and analyzing data found from public sources. The data are accessible without breaking into any systems (hacking, phishing, etc.). Sometimes, data are behind a paywall (it is necessary to pay a monthly subscription to have access to some specific data) but a lot are easily accessible with the right tricks.
ReadA password is like a "key" used to open a specific door or vault. In this vault, there can be different personal documents, pictures, banking information... It is obvious that a user wants its personal documents secure. If the "key", therefore the password, is easy to find, the vault can be as strong as you want, it will be easy to open it.
ReadA tedious step for all red-teamers is set up a system to upload payloads on the victim's machine. Kuba Gretzky, the author of Evilginx, released a nice tool to simplify this task.
ReadMobile Device Security Android Reverse Engineering
Most of the countries around the world are in a more or less hard lockdown. In Europe, some countries are gradually starting to allow certain sports outings, visiting family or opening certain stores. An important fear is a possible second wave of contamination. To prevent that, some governments provide a mobile application to track the virus spreading.
ReadStay Home Mobile Device Security
During each crisis, some people use the fear of the population to make benefit. Unfortunately, the COVID-19 crisis is not an exception. There are a lot of different scams related to COVID-19. And a place where it is easy to perform these scams is on the Internet. Globally, the methods used are the same as before the crisis, but currently, the word, Coronavirus, COVID-19,... inspire fear. Fear lowers the level of caution for a lot of people. The possibility that a phishing campaign works is greater now than a few months ago, for example.
ReadMobile Device Security Secure Software Development
Usually, Android applications are written in Java (or, now, in Javascript) and compiled in a Dalvik bytecode (DEX file). Then, the bytecode is interpreted and executed by the Dalvik Virtual Machine.
ReadOffensive Security Mobile Device Security
In May 2019, Google announced there are 2.5 billion active Android devices. Thereby, most companies develop their own application. Not only the richest companies like Google, Facebook, Amazon,... but also a lot of smaller businesses.
ReadPython is a very interesting programming language because it is possible to prototype a lot of things in a few minutes. The Python Package manager, called pip, is a very simple tool that allows the user to import/install easily any Python package and its dependencies.
Read
In some cases, it is necessary to work on offline machines because of sensitive data for example. To install a Ubuntu version on an offline computer is quite easy. Problems begin when it is needed to install some programs/debian packages for your development. With the default configuration, it is not possible to install anything without an Internet connection.
ReadIt is very common to implement a model to classify elements in different categories. A very important step in classification is the evaluation of the model efficiency.
ReadThe number of Wi-Fi access points is bigger day after day. Everywhere in the street, it is possible to see a lot of Access Point (AP)
Read