CyberTalk

CYBER LAW IT ACTS
1) Section 65 :- Tampering with computer source documents.
कंप्यूटर स्रोत दस्तावेजों के साथ छेड़छाड़.
 किसे तरह का डॉक्यूमेंट या सौर्स कोड किसे के कम्प्यूटर सिस्टम से चोरी करना या कॉपी पेस्ट करना |

2)Section 66 :- Hacking Computer System and Alteration.
हैकिंग कंप्यूटर सिस्टम और बदलाव
 किसे के भी कंप्यूटर सिस्टम को हैक करना और उसके डाटा में बदालव करना या डिलीट करना |

3) Section 67:- publishing obscene information
अश्लील जानकारी प्रकाशित करना
 किसी के द्वारा कंप्यूटर मोबाइल का प्रयोग करते हुए किसी के खिलाफ आपत्तिजनक जानकारी भेजने, ऐसी जानकारी जिसका मकसद किसी को परेशान करने, चिढ़ाना या बाधा डालना हो तो ऐसे आरोप साबित होने पर जुर्माना तो लगता ही है साथ में तीन साल तक सजा भी हो सकती है।

burp shortcuts

ctrl+u --- Url Encoding
ctrl+shift+u --- Url Decoding
ctrl+h --- Html encoding
ctrl+shift+h --- Html Decoding
ctrl+b --- Base64 encoding
ctrl+shift+b --- Base64 Decoding
Navigations

ctrl+shift+t --- Move to target Page
ctrl+shift+p --- move to proxy page
ctrl+shift+i --- Move to Intruder
ctrl+shift+r --- Move to Repeater
ctrl+shift+a --- Move to Alerts
ctrl+shift+o --- Move to Options

BYPASS MEGA LIMIT WITH A SIMPLE SCRIPT

1.create a new mega account with tempmail, verify it and login on your new MEGA account

2. To run the script you first need to add the Google Extension Tampermonkey to your browser

3.Click on the Tampermonkey Icon from your browser and choose the “Create a New Script”-

This will open up the Script Editor. Delete all of the content that is already prepopulated

4.Now copy the script from the pastebin link below

Mega.nz Script:
https://pastebin.com/4AXkE1yE

And paste it into the Tampermonkey userscript section. Then click file & save

Now just make sure that it’s enabled and you’re all set

As long as there’s a remaining space in your cloud, you can import any link bypassing the 50GB limit.
this script work only from imported links.

Enjoy 👍❤️

megascript - Pastebin.com Pastebin.com is the number one paste tool since 2002. Pastebin is a website where you can store text online for a set period of time.

I need to content writer.

Basic uesd some Linux command.

CD =change directory
Rm=remove
Rmdir=remove directory
Whoami=who are currently login
Pwd=current working directory
Cp=use for copy group of file
Mv= mob aur rename file and directory
Cat= create single or multiple file
ls= Kali Linux that list directory contain
Chmod= change group of permission
Ifconfig=check in your IP address

What is zero-day (0day) exploit:-

A zero-day (0day) exploit is a cyber attack targeting a software vulnerability which is unknown to the software vendor or to antivirus vendors. The attacker spots the software vulnerability before any parties interested in mitigating it, quickly creates an exploit, and uses it for an attack. Such attacks are highly likely to succeed because defenses are not in place. This makes zero-day attacks a severe security threat.

Typical attack vectors include Web browsers, which are common targets due to their ubiquity, and email attachments that exploit vulnerabilities in the application opening the attachment, or in specific file types such as Word, Excel, PDF or Flash.

A related concept is zero-day malware — a computer virus for which specific antivirus software signatures are not yet available, so signature-based antivirus software cannot stop it.

Typical targets for a zero-day exploit include:

Government departments.
Large enterprises.
Individuals with access to valuable business data, such as intellectual property.
Large numbers of home users who use a vulnerable system, such as a browser or operating system. Hackers can use vulnerabilities to compromise computers and build massive botnets.
Hardware devices, firmware and Internet of Things (IoT).
In some cases governments use zero-day exploits to attack individuals, organizations or countries who threaten their natural security.
Because zero-day vulnerabilities are valuable for different parties, a market exists in which organizations pay researchers who discover vulnerabilities. In addition to this ‘white market’, there are gray and black markets in which zero-day vulnerabilities are traded, without public disclosure, for up to hundreds of thousands of dollars.

Examples of zero-day attacks
Some high-profile examples of zero-day attacks include:

Stuxnet: This malicious computer worm targeted computers used for manufacturing purposes in several countries, including Iran, India, and Indonesia. The primary target was Iran’s uranium enrichment plants, with the intention of disrupting the country’s nuclear program.The zero-day vulnerabilities existed in software running on industrial computers known as programmable logic controllers (PLCs), which ran on Microsoft Windows. The worm infected the PLCs through vulnerabilities in Siemens Step7 software, causing the PLCs to carry out unexpected commands on assembly line machinery, sabotaging the centrifuges used to separate nuclear material.
Sony zero-day attack: Sony Pictures was the victim of a zero-day exploit in late 2014. The attack crippled Sony’s network and led to the release of sensitive corporate data on file-sharing sites. The compromised data included details of forthcoming movies, business plans, and the personal email addresses of senior Sony executives. The details of the exact vulnerability exploited in the Sony attack remains unknown.
RSA: In 2011, hackers used a then-unpatched vulnerability in Adobe Flash Player to gain access to the network of security company RSA. The attackers sent emails with Excel spreadsheet attachments to small groups of RSA employees. The spreadsheets contained an embedded Flash file that exploited the zero-day Flash vulnerability. When one of the employees opened the spreadsheet, the attacked installed the Poison Ivy remote administration tool to take control of the computer.Once they gained access to the network, attackers searched for sensitive information, copied it and transmitted it to external servers they controlled. RSA admitted that among the data stolen was sensitive information related to the company’s SecurID two-factor authentication products, used around the world for access to sensitive data and devices.
Operation Aurora: This 2009 zero-day exploit targeted the intellectual property of several major enterprises, including Google, Adobe Systems, Yahoo, and Dow Chemical. The vulnerabilities existed in both Internet Explorer and Perforce; the latter was used by Google to manage its source code.
Zero-day vulnerability detection
By definition, no patches or antivirus signatures exist yet for zero-day exploits, making them difficult to detect. However, there are several ways to detect previously unknown software vulnerabilities.

Vulnerability scanning
Vulnerability scanning can detect some zero-day exploits. Security vendors who offer vulnerability scanning solutions can simulate attacks on software code, conduct code reviews, and attempt to find new vulnerabilities that may have been introduced after a software update.

This approach cannot detect all zero-day exploits. But even for those it detects, scanning is not enough—organizations must act on the results of a scan, perform code review and sanitize their code to prevent the exploit. In reality most organizations are slow to respond to newly discovered vulnerabilities, while attackers can be very quick to exploit a zero-day exploit.

Patch management
Another strategy is to deploy software patches as soon as possible for newly discovered software vulnerabilities. While this cannot prevent zero-day attacks, quickly applying patches and software upgrades can significantly reduce the risk of an attack.

However, there are three factors that can delay the deployment of security patches. Software vendors take time to discover vulnerabilities, develop a patch and distribute it to users. It can also take time for the patch to be applied on organizational systems. The longer this process takes, the higher the risk of a zero-day attack.

Input validation and sanitization
Input validation solves many of the issues inherent in vulnerability scanning and patch management. It doesn’t leave organizations unprotected while they are patching systems or sanitizing code—processes that can take time. It is operated by security experts and is much more flexible, able to adapt and respond to new threats in real time.

One of the most effective ways to prevent zero-day attacks is deploying a web application firewall (WAF) on the network edge. A WAF reviews all incoming traffic and filters out malicious inputs that might target security vulnerabilities.

Additionally, the most recent advancement in the fight against zero-day attacks is runtime application self-protection (RASP). RASP agents sit inside applications, examining request payloads with the context of the application code at runtime, to determine whether a request is normal or malicious- enabling applications to defend themselves.

Zero-day initiative
A program established to reward security researchers for responsibly disclosing vulnerabilities, instead of selling the information on the black market. Its objective is to create a broad community of vulnerability researchers who can discover security vulnerabilities before hackers do, and alert software vendors.