Luis Silva

Luis Silva

1617585392

Las 10 Cosas que me hubiera gustado Saber al empezar en el hacking . Inicia en el pentesting

EN esta oportunidad les voy a compartir las 10 cosas que me hubieran gustado saber cuando empecé en el mundo del hacking, es decir para empezar a ser un pentester

#hacking #developer

What is GEEK

Buddha Community

Las 10 Cosas que me hubiera gustado Saber al empezar en el hacking . Inicia en el pentesting
Luis Silva

Luis Silva

1617585392

Las 10 Cosas que me hubiera gustado Saber al empezar en el hacking . Inicia en el pentesting

EN esta oportunidad les voy a compartir las 10 cosas que me hubieran gustado saber cuando empecé en el mundo del hacking, es decir para empezar a ser un pentester

#hacking #developer

Tech Hub

Tech Hub

1628430590

How to find WiFi Passwords using Python 2021|Hack WiFi Passwords|Python Script to find WiFi Password

Hack Wifi Passwords easily..

https://youtu.be/7MwTqm_-9Us

 

#wifi #python #passwords #wifipasswords #linux #coding #programming #hacking #hack

#wifi #hack #using #python #python #hacking

Einar  Hintz

Einar Hintz

1594638720

Smartwatch Hack Could Trick Dementia Patients into Overdosing

Attackers could hack the smartwatch and send dementia patients alerts for taking their medication.

Researchers are warning vulnerabilities in a smartwatch application for dementia patients could allow an attacker to convince patients to overdose.

The vulnerabilities stem from the SETracker application, which is developed by Chinese developer 3G Electronics (based out of Shenzhen City). The app, which is available on iOS and Android and has been downloaded over 10 million times, is used to power various third-party smartwatch devices. These smartwatches are utilized by elderly patients with dementia who need reminders for taking their medication and to carry out everyday tasks. The apps are also used by parents to track their children – expanding the impact of the security issues.

“Is this yet another cheap Chinese kids GPS watch story? No, this is much more than just kids watches. The SETracker platform supports, automotive trackers, including both car and motorcycle, often embedded in audio head units and dementia trackers for your elderly relatives,” said Vangelis Stykas, with Pen Test Partners, in a Thursday post. “The vulnerabilities discovered could allow control over ALL of these devices.”

Researchers discovered an unrestricted server-to-server application programming interface (API) behind the app that allowed them to carry out a number of malicious activities. Specifically, the API had no authentication required to send commands, other than the requirement of a semi-random string that was already hardcoded to the code. That means a remote, unauthenticated attacker could send commands freely as if they were on a “trusted” server, said researchers.

“This was trivial to discover, all we had to do was just read through the compiled javascript code in the node file to understand what the API was doing,” said Stykas. “With no API restrictions and knowing the API structure we could take over all the devices.”

This issue allows an attacker – who knows the device ID of the smartwatch – to make a device call for any phone number or send SMS with any text from the watch, spy on any smartwatch, or fake a message from a “parent” to the smartwatch or access its camera. Worse, an attacker could send a “TAKEPILLS” command to the smartwatch that uses the app, to remind a relative to take medication (even if the target already took his pills).

#hacks #iot #3g electronics #credentials #exposed password #hack #hacking #internet of things #mobile app #setracker #smartwatch

Fannie  Zemlak

Fannie Zemlak

1603094400

Ethical Hacking (Part 1): OWASP Top 10 and DVWA

If you intend to delve into the world of ethical hacking and particularly web application penetration “pen” testing a good starting point is understanding what OWASP is and more particularly the OWASP Top 10.

“The Open Web Application Security Project® (OWASP) is a nonprofit foundation that works to improve the security of software. Through community-led open source software projects, hundreds of local chapters worldwide, tens of thousands of members, and leading educational and training conferences, the OWASP Foundation is the source for developers and technologists to secure the web.” — OWASP® Foundation

“The OWASP Top 10 is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications.

Companies should adopt this document and start the process of ensuring that their web applications minimise these risks. Using the OWASP Top 10 is perhaps the most effective first step towards changing the software development culture within your organisation into one that produces more secure code.” — OWASP® Foundation

The OWASP Top 10 are described by OWASP® Foundation as follows:

Top 10 Web Application Security Risks

  1. Injection. Injection flaws, such as SQL, NoSQL, OS, and LDAP injection, occur when untrusted data is sent to an interpreter as part of a command or query. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing data without proper authorisation.
  2. Broken Authentication. Application functions related to authentication and session management are often implemented incorrectly, allowing attackers to compromise passwords, keys, or session tokens, or to exploit other implementation flaws to assume other users’ identities temporarily or permanently.
  3. Sensitive Data Exposure. Many web applications and APIs do not properly protect sensitive data, such as financial, healthcare, and PII. Attackers may steal or modify such weakly protected data to conduct credit card fraud, identity theft, or other crimes. Sensitive data may be compromised without extra protection, such as encryption at rest or in transit, and requires special precautions when exchanged with the browser.
  4. XML External Entities (XXE). Many older or poorly configured XML processors evaluate external entity references within XML documents. External entities can be used to disclose internal files using the file URI handler, internal file shares, internal port scanning, remote code execution, and denial of service attacks.

#web-application-security #dvwa #pentesting #owasp-top-10 #ethical-hacking

Top Mobile App Development Company in Las Vegas

AppClues Studio is a Top Mobile App Development Company in Las Vegas with over 700+ successful projects under its belt. Our aced mobile app developers have rich industry experience and in-depth technical app development expertise to build business-centric apps. We harness the latest tools and SDKs to build custom iOS & Android mobile applications for businesses of all sizes. Hire our developers on a full time or part-time basis to achieve sustainable growth for your organization.

For more information,

Visit: https://appcluesstudio.com/mobile-applications-development-company-lasvegas/
Connect with us: 978-309-9910
Email: info@appcluesstudio.com

#top mobile app development company in las vegas #best mobile app development company in las vegas #top mobile app development agency in las vegas #best mobile app development agency in las vegas #mobile app development las vegas