Whitehats CyberSecurity

In order to perform VA/PT, it is very important to understand all possible areas which could give some information on vulnerability.  Foot Printing is one such part which is described below. Foot Printing (Phase 1-VAPT)              EXTERNAL PT                                                                                 INTERNAL PT         Phone Number (Identify Phone No and do Social Eng.)       Internal DNS Network                                                                                        Private Websites Public Websites                                                                           Dumpster Diving Email (Use for Phishing)                                                             Shoulder Surfing Who is                                                                                           Eaves Dropping DNS IP Blocks Net Blocks WebSrv Content Source Code Website Mirroring OS Detecting Public Directo

Ever since wanna cry and petya Ransomware spreads have started, cyber security has become a major topic to discuss on. Effective Cybersecurity approach can help gain maximum out of cyber security program. Few steps can help us make a good start with respect to infrastructure 1- start with identify objectives of cyber security. 2- vulnerability assessments of infra is must 3- malware scanning should be a part of every vulnerability assessments 4- policy testing should be done to identify organisation Security violations as password violations 5- Disabled users and guest accounts should be checked​ 6- Admin passwords, blank passwords , root accounts, privilege levels should be verified 7- Business needs to be tested for escalation on user privileges 8- Find out most critical cves and newly discovered CVS

Database Dump using SQLMap Find out the parameter of application that is vulnerable to SQL injection . Vulnerable Parameter  : “User ID” Enter ‘ and then click on Submit button. will get the SQL Error. Now Intercept the Request in burp. Copy the incepted request and save it in sqlmap installed directory. Open CMD and go to the directory where SQL map is installed (C:/sqlmap) and type sqlmap.py –r sqlinjection (filename) –-dbs and then enter. (dbs is used for dump database name). Then type Y and enter. Type N and enter, it display all the database . Now we have to find out the table in database. Type sqlmap.py –r sqlinjection –D dvwa(database name) –tables.     In the above snap we got the table name in dvwa database. Then we have find out the column name. type sqlmap.py –r sqlinjection –d dvwa –T users –column. Now we are going to dump the userid and password from column. Type sqlmap.py –r sqlinje