Day 1 Task – Injection Question #1: Log into the administrator account! Capture the request and change the parameters Click on send button See response in browser The token used is a jwt token which can be easily decoded from jwt.io After decoding you get the password Login with the credentials Here is your flag.Continue reading “OWASP Juice Shop”
Tag Archives: cybersecurity
Hydra
What is Hydra? Hydra is a brute force online password cracking program; a quick system login password ‘hacking’ tool. We can use Hydra to run through a list and ‘bruteforce’ some authentication service. Imagine trying to manually guess someones password on a particular service (SSH, Web Application Form, FTP or SNMP) – we can useContinue reading “Hydra”
Upload Vulnerabilities
Task 1 – Deploying Machine Task 4 – Overwriting Existing Files What is the name of the image file which can be overwritten? Answer – mountains.jpg Overwrite the image. What is the flag you receive? Step 1: Download a sample image Step 2: Change the name of the image Step 3: Now select the downloaded image toContinue reading “Upload Vulnerabilities”
Metasploit Framework
Metasploit, an open-source pen testing framework, is a powerful tool utilized by security engineers around the world. Maintained by Rapid 7, Metasploit is a collection of not only thoroughly tested exploits but also auxiliary and post-exploitation tools. Throughout this room, we will explore the basics of using this massive framework and a few of theContinue reading “Metasploit Framework”
Computer Crimes
Definition Cybercrimes are defined as “Offences that are committed against individuals or groups of individuals with a criminal motive to intentionally harm the reputation of the victim or cause physical or mental harm to the victim directly or indirectly, using moderntelecommunication networks such as the Internet through chat rooms, emails, notice boards, groups, and mobileContinue reading “Computer Crimes”
Compliance
Compliance means conforming to a rule, such as a specification, policy, standard, or law. For example: ISO 27001, PCI DSS, GDPR, HIPAA, etc. Need For Compliance: Protect the critical information Enforce control through written policy Understand the requirements for protecting organizational information Identify requirements for protecting organizational information Avoid inadequate implementation and enforcement; this canContinue reading “Compliance”
Security Policies
Security policy is a broad statement produced by the senior management that dictates the role of security within the organization. Characteristics of Security Policy It must be generic, non technical, and easily understood It must integrate security into all business processes and functions It must be reviewed and modified periodically or as the company environmentContinue reading “Security Policies”
Some Generic Terms
Goals, Mission and Objectives Goals: Define what the organization desires to achieve Goals provide the overall context of what the organization wants to accomplish. Mission: Indicate how will you proceed to them Mission is a statement of the organization’s purpose and reason for existence. Objectives: Help in creation of long term and short term strategiesContinue reading “Some Generic Terms”
Governance, Risk and Compliance
GRC is an acronym of Governance, Risk management and Compliance. GRC of every organization is different and varies based on the type of organization. It depends on organization mission, size, industry, culture and legal regulations. Ultimate responsibility of GRC program is to protect their assets and operations, including their IT infrastructure and information. Governance ItContinue reading “Governance, Risk and Compliance”
Information Security Management and Governance
ISO 27001:2013 ISO/IEC 27001 It is an internationally recognized structured methodology dedicated to information security. It is a management process to evaluate, implement and maintain an Information Security Management Systems(ISMS). It is a comprehensive set of controls compromised of best practices information security. It is applicable to all industry sectors. It emphasizes prevention. ISO 27001Continue reading “Information Security Management and Governance”
