Tag: Cyber Security

Google Report Reveals Russia’s Elaborate Cyber Strategy in Ukraine
Risk, Security

Google Report Reveals Russia’s Elaborate Cyber Strategy in Ukraine

Russian-sponsored cyberattacks against Ukraine increased by 250% in 2022 compared to 2020, while those against NATO nations increased by 300%. In a report titled Fog of War: How the Ukraine Conflict Transformed the Cyber Threat Landscape, released on February 16 in collaboration with Google Trust & Safety and threat intelligence company Mandiant, now a part of Google Cloud, Google Threat Analysis Group (TAG) made several startling discoveries. Google discovered that Russia's assertive, multifaceted plan to "achieve a decisive combat advantage in cyberspace" may have started as early as 2019 read the complete article Google Report Reveals Russia'Elaborate Cyber Strategy in Ukraine. With ReconBee.com Stay ahead of the latest threats with in-depth coverage of cyber attacks and ...
BEC Groups Target Firms With Multilingual Impersonation Attacks
Business, Risk, Security

BEC Groups Target Firms With Multilingual Impersonation Attacks

Executive impersonation has been used by two business email compromise (BEC) organizations to attack businesses across the globe. Security experts at Abnormal Security have named the threat actors "Midnight Hedgehog," who specialized in payment fraud, and "Mandarin Capybara," who is committed to carrying out payroll diversion assaults, in accordance with their findings. According to Crane Hassold, the director of threat intelligence at Abnormal, "they have launched BEC campaigns in at least 13 other languages, including Danish, Dutch, Estonian, French, German, Hungarian, Italian, Norwegian, Polish, Portuguese, Spanish, and Swedish." Threat actors from Midnight Hedgehog specifically investigated the roles and connections read the complete article BEC Groups Target Firms With Multi...
10 Free Sources To Learn Ethical Hacking
Availability

10 Free Sources To Learn Ethical Hacking

By simulating an attack, ethical hacking is a technique for evaluating the security of a website or service. Its goal is to identify weaknesses and address them before an attacker may take advantage of them. Ethical hacking can be performed for free or as part of a contract that costs money. Although businesses frequently test their websites and applications, users can also utilize them to safeguard their accounts. One of the industries with the fastest global growth is ethical hacking. The first step is to choose a location for your ethical hacking practice. One can undertake ethical hacking in a variety of settings, but some demand more effort than others. We'll talk about several sources and websites where beginners can begin their quest for ethical hacking in this article. Y...
Business

Optimizing ZAP Scan

Overview Is your ZAP scan taking hours to complete? Maybe even a day to two? Not everyone has the luxury to wait for a 24hr ZAP scan to complete. This is the problem many people face and is what we will be tackling. In this article, we will discuss the variables that affect the duration of the scan and optimise zap scans. Optimise Zap Scans - What Affects a ZAP Scan? Server Hardware and network are one factor that affects the speed of a ZAP scan. So you could get better equipment, but the target equipment is also another factor that we can't control. Thus, let's focus on the configuration of the ZAP application itself. When running an automated scan, there are 2 things that occur, the spidering (which is also part of the passive scan) and the active scan. Each of these co...
Business

ZAP Command Line

ZAP is mostly executed from the GUI, but ZAP can also be executed from the command line. This is great if you want to run a quick scan on your target or want to automate it. If you haven't read How to use OWASP ZAP - Open Source Vulnerability Scanner, I suggest you read it first to have a better understanding of ZAP before moving on to the command line. ZAP Command Line (CLI) Executing ZAP from the command line is limited as you will not be able to specify anything using the command line arguments alone. This means you may not be able to use other scanning features such as fuzzing, ajax spidering, brute force, etc. You can specify some variables by using the -autorun command with an automation file from the automation framework. You can read more about that in How to Autom...
Business

How to use OWASP ZAP – Open Source Vulnerability Scanner

Overview OWASP ZAP is an open-source web application vulnerability scanner that runs on Java11+. It has features such as spidering, passive scanning, active scanning, fuzzing, automation, API and more. ZAP is available on operating systems such as Windows, Linux, Mac and cross platforms. You can download ZAP from here. If you are using Kali Linux, it comes preinstalled. In this article, we will discuss how to use ZAP, its features and results to take note of. How to use ZAP ZAP can be executed through the Automated Scan or the Manual Explore option. Automated Scan This method is an automatic scan. It is the main feature of ZAP. First, enter the URL to attack, and select a spider to use (traditional or ajax). Next, click attack and let it run to comp...
Business

Wappalyzer – Website Technology Identifier

Overview In the information-gathering stage of penetration testing, we must know the technologies used by the target so that we can plan our attacks. One tool that can help with this is Wappalyzer, a website technology identifier. Wappalyzer is a tool that identifies technologies used on a website, such as CMS, web frameworks, eCommerce platforms, JavaScript libraries, analytics tools and more. It is also fast and easy to use. Wappalyzer is a free tool but more advanced services like access to their API require a monthly subscription. Fortunately, Wappalyzer is an open-source project, so you download their code from their GitHub. How to use Wappalyzer Wappalyzer lookup The simplest way to use Wappalyzer is through their website lookup page. Simply input the URL of...
DNSrecon – DNS Reconnaissance for Pentesting
Business

DNSrecon – DNS Reconnaissance for Pentesting

Overview The first stage of penetration testing is reconnaissance (information gathering). One method of reconnaissance is by gathering the target's DNS information, such as DNS records and DNS servers. This information can be used to piece together the network infrastructure of an organization. Additionally, it does not trigger an alert from the organisation's firewall or IDS/IPS. A tool that helps us accomplish this is DNSrecon. As the name implies, DNSrecon is a DNS reconnaissance tool that can extract DNS-related information from a website/domain. Here is a list of its features (according to the source repository): Check all NS Records for Zone Transfers. Enumerate General DNS Records for a given Domain (MX, SOA, NS, A, AAAA, SPF and TXT). Perform common S...
Business

5 Popular Open Source Tools for Reconnaissance

Overview In penetration testing, reconnaissance (information gathering) is the first step to analyse the target and explore its attack surface. It is a crucial step to determine the ways that the target could be exploited. In this article, we will explore the 5 essential and popular open-source tools for reconnaissance for penetration testing. We will be covering the following tools: Wappalyzer - Website Technology Identifier DNSrecon - DNS-related information gathering Sublit3r - Subdomain finder theHarvester - Email Finder (for social engineering) Ffuf - URL Fuzzer/Finder Wappalyzer Wappalyzer is software that identifies technologies in a web application such as CMS, web frameworks, eCommerce platforms, JavaScript libraries, analytics tools and more....