Blog Category


What is Kerberos?

In simplest words, Kerberos is an authentication protocol which can service requests over an untrusted network such as the Internet. Kerberos formed its name from Greek mythology which was a three-headed dog that guarded the gates of Hades. Similarly, in Kerberos authentication, we have three heads representing

Data loss is an error condition in information systems that causes stored information to be destroyed by some critical failure or neglect while in storage, transmission, or processing. Most of these systems would implement some form of backup or disaster recovery equipment to both prevent or recover from data loss.

What is SQL Injection?

Explore the power and vulnerabilities of SQL (Structured Query Language). Discover how SQL revolutionized data management and the risks posed by SQL Injection attacks. Learn about the types of SQL Injection vulnerabilities and effective mitigation strategies to safeguard your data and applications.

What is ARP Spoofing?

The Address Resolution Protocol (ARP) Spoofing attack, also called ARP Cache Poisoning or ARP Poison Routing, is a technique by which an attacker sends spoofed ARP messages onto a Local Area Network (LAN). It is used to allow the attacker access to incoming internet traffic on a LAN by having their Media Access Control (MAC) Address be linked to the Internet Protocol (IP) Address of another host (usually, the default gateway). Through this, they’re able to receive incoming traffic intended for that IP Address which allows them to intercept the data, modify traffic, or even stop all traffic on the network. Because of this, the technique is often used to open up the possibility of other attacks such as a Denial of Service (DoS) attack, a man in the middle attack, and a session hijacking attack. The success of the attack depends heavily on the attacker gaining direct success to the targeted local network segment and it can only be used on networks which use ARP.

What is LDAP Injection?

The Lightweight Directory Access Protocol (LDAP) is a standard application layer protocol in the Internet Protocol (IP) Suite used for accessing and maintaining distributed directory information services over a network. This is achieved by the protocol's methods to query and manipulate these directory services. Directory services are integral in setting up an Intranet and internet applications through allowing the sharing of the user, system, network, service, and application information on the network. For example, a corporate email for an organization and a telephone directory are both only achievable through directory services. As such, these records are always stored in an organized and often hierarchical structure.

What is Cache Poisoning?

Cache Poisoning (or DNS Spoofing) is an attack technique where corrupted Domain Name Server (DNS) data is stored into the DNS Resolver’s cache and causes it to return an incorrect Internet Protocol (IP) Address. As a result of this, the network traffic is then redirected to the attacker’s (or any other) computer instead of the intended recipient. From here, the attacker could use this to supplement other types of attacks such as a Denial of Service (DoS) attack or a man-in-the-middle attack. It can even be used in aiding them to spread computer worms and other malware or even redirecting users to a malicious site owned by the attacker (this method can be used in phishing attacks).

Keystroke logging, also called keylogging or keyboard capturing, is the action of recording and saving each keystroke on a keyboard over sometime, usually covertly. This is so that the person who enters the information onto to the keyboard remains unaware of having their information be monitored. The action is done through a logging program which is called a keylogger and it can be either software or hardware.

A man-in-the-middle (MITM) attack is a special type of attack in which an attacker covertly relays and potentially alters data between two parties on a network. These parties are usually oblivious to this attack and believe their connection and communication between each other is secured and their messages have integrity; however, that is not the case. The basis of the attack is to circumvent mutual authentication between the two parties and it can only be considered successful if the attacker can successfully impersonate the involved parties to each other. That is to say, the attacker must appear like Person A to Person B and like Person B to Person A. While it is a very common form of attack, most protocols do provide some kind of endpoint verification process to prevent MITM attacks; such as Transport Layer Security (TLS) which can authenticate both parties via a mutually trusted certificate authority.

What is a Botnet?

The most recent news of huge cyber-attacks using “Zombies” and “Bots” will not be alarming. This will not create this enthusiast think, even for a second, that the digital world has been taken by the living dead creatures or yet alien armies. But one thing will come to realize the "Botnets".

What are cyber threats?

Ransomware is a type of malware that locks users from accessing their data in their computer or any mobile device. To unlock their data, the users must pay a certain amount of ransom, this is mainly done by the payment method which uses Bitcoin. Although paying is an option in recovering your data, it is recommended not to pay because we cannot guarantee the promise of the attackers.