#Interview #Cybersecurity
Network Layer:
The network layer has two main functions. One is breaking up segments into network packets, and reassembling the packets on the receiving end. The other is routing packets by discovering the best path across a physical network. The network layer uses network addresses (typically Internet Protocol addresses) to route packets to a destination node.
The transport layer:
takes data transferred in the session layer and breaks it into “segments” on the transmitting end. It is responsible for reassembling the segments on the receiving end, turning it back into data that can be used by the session layer. The transport layer carries out flow control, sending data at a rate that matches the connection speed of the receiving device, and error control, checking if data was received incorrectly and if not, requesting it again.
🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube
Network Layer:
The network layer has two main functions. One is breaking up segments into network packets, and reassembling the packets on the receiving end. The other is routing packets by discovering the best path across a physical network. The network layer uses network addresses (typically Internet Protocol addresses) to route packets to a destination node.
The transport layer:
takes data transferred in the session layer and breaks it into “segments” on the transmitting end. It is responsible for reassembling the segments on the receiving end, turning it back into data that can be used by the session layer. The transport layer carries out flow control, sending data at a rate that matches the connection speed of the receiving device, and error control, checking if data was received incorrectly and if not, requesting it again.
🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube
🔥1
#Interview #Cybersecurity
Flow control mechanisms can be classified by whether or not the receiving node sends feedback to the sending node. Flow control is important because it is possible for a sending computer to transmit information at a faster rate than the destination computer can receive and process it.
Flow control tells the sender how much data should be sent to the receiver so that it is not lost.
🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube
Flow control mechanisms can be classified by whether or not the receiving node sends feedback to the sending node. Flow control is important because it is possible for a sending computer to transmit information at a faster rate than the destination computer can receive and process it.
Flow control tells the sender how much data should be sent to the receiver so that it is not lost.
🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube
🔥1
#Interview #Cybersecurity
Binary search is an efficient algorithm for finding an item from a sorted list of items. It works by repeatedly dividing in half the portion of the list that could contain the item, until you've narrowed down the possible locations to just one.
🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube
Binary search is an efficient algorithm for finding an item from a sorted list of items. It works by repeatedly dividing in half the portion of the list that could contain the item, until you've narrowed down the possible locations to just one.
🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube
🔥1
#Interview #Cybersecurity
Merge sort is a sorting algorithm based on the Divide and conquer strategy. It works by recursively dividing the array into two equal halves, then sort them and combine them. It takes a time of (n logn) in the worst case.
🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube
Merge sort is a sorting algorithm based on the Divide and conquer strategy. It works by recursively dividing the array into two equal halves, then sort them and combine them. It takes a time of (n logn) in the worst case.
🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube
#Interview #Cybersecurity
Confidentiality, integrity and availability, also known as the CIA triad, is a model designed to guide policies for information security within an organization.
Confidentiality :
is roughly equivalent to privacy. Confidentiality measures are designed to prevent sensitive information from unauthorized access attempts. It is common for data to be categorized according to the amount and type of damage that could be done if it fell into the wrong hands. More or less stringent measures can then be implemented according to those categories.
🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube
Confidentiality, integrity and availability, also known as the CIA triad, is a model designed to guide policies for information security within an organization.
Confidentiality :
is roughly equivalent to privacy. Confidentiality measures are designed to prevent sensitive information from unauthorized access attempts. It is common for data to be categorized according to the amount and type of damage that could be done if it fell into the wrong hands. More or less stringent measures can then be implemented according to those categories.
🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube
👍1
InfoSecTube
#Interview #Cybersecurity Confidentiality, integrity and availability, also known as the CIA triad, is a model designed to guide policies for information security within an organization. Confidentiality : is roughly equivalent to privacy. Confidentiality…
🔹Integrity
involves maintaining the consistency, accuracy and trustworthiness of data over its entire lifecycle. Data must not be changed in transit, and steps must be taken to ensure data cannot be altered by unauthorized people (for example, in a breach of confidentiality).
🔹Availability:
means information should be consistently and readily accessible to authorized parties. This involves properly maintaining hardware and technical infrastructure and systems that hold and display the information.
🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube
involves maintaining the consistency, accuracy and trustworthiness of data over its entire lifecycle. Data must not be changed in transit, and steps must be taken to ensure data cannot be altered by unauthorized people (for example, in a breach of confidentiality).
🔹Availability:
means information should be consistently and readily accessible to authorized parties. This involves properly maintaining hardware and technical infrastructure and systems that hold and display the information.
🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube
🔥1
🔹What is the Diffie Hellman algorithm used for?
The Diffie-Hellman algorithm will be used to establish a secure communication channel. This channel is used by the systems to exchange a private key. This private key is then used to do symmetric encryption between the two systems.
🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube
The Diffie-Hellman algorithm will be used to establish a secure communication channel. This channel is used by the systems to exchange a private key. This private key is then used to do symmetric encryption between the two systems.
🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube
👍1
#Interview #Cybersecurity
🔹What are some common techniques used to extract information from malware samples?
Some common techniques used to extract information from malware samples include reverse engineering, static analysis, and dynamic analysis.
Reverse engineering involves looking at the code of a malware sample to understand how it works.
Static analysis involves analyzing the code without running it, in order to understand what it does.
Dynamic analysis involves running the code in a controlled environment in order to observe its behavior.
🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube
🔹What are some common techniques used to extract information from malware samples?
Some common techniques used to extract information from malware samples include reverse engineering, static analysis, and dynamic analysis.
Reverse engineering involves looking at the code of a malware sample to understand how it works.
Static analysis involves analyzing the code without running it, in order to understand what it does.
Dynamic analysis involves running the code in a controlled environment in order to observe its behavior.
🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube
🔥1
🔹Can you explain the difference between a virus, worm, and Trojan horse?
A virus is a type of malware that is able to replicate itself and spread to other computers. A worm is a type of malware that is able to spread itself without the need to attach to other programs or files. A Trojan horse is a type of malware that is disguised as a legitimate program or file in order to trick users into downloading and installing it.
🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube
A virus is a type of malware that is able to replicate itself and spread to other computers. A worm is a type of malware that is able to spread itself without the need to attach to other programs or files. A Trojan horse is a type of malware that is disguised as a legitimate program or file in order to trick users into downloading and installing it.
🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube
👍4🔥1
Reloadium: Advanced Hot Reloading & Profiling
• Reloadium adds hot reloading and profiling features to any Python application
📌How to install:
>>>
>>>
° Django
° Flask
° Sqlalchemy
° Pandas
✔️Github: https://github.com/reloadware/reloadium
🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube
• Reloadium adds hot reloading and profiling features to any Python application
📌How to install:
>>>
pip install reloadium
📌How to use:>>>
reloadium run example.py
✅ Supports:° Django
° Flask
° Sqlalchemy
° Pandas
✔️Github: https://github.com/reloadware/reloadium
🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube
👍1
#Interview #Cybersecurity
🔸What do you understand about polymorphism in context with malware analysis?
Polymorphism is a technique that malware authors use to make their malware more difficult to detect and analyze. By changing the code of the malware slightly each time it is run, or by encrypting it in different ways, the malware can avoid detection by signature-based detection systems. This makes it more difficult for analysts to understand how the malware works, and makes it more likely to slip past security defenses.
🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube
🔸What do you understand about polymorphism in context with malware analysis?
Polymorphism is a technique that malware authors use to make their malware more difficult to detect and analyze. By changing the code of the malware slightly each time it is run, or by encrypting it in different ways, the malware can avoid detection by signature-based detection systems. This makes it more difficult for analysts to understand how the malware works, and makes it more likely to slip past security defenses.
🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube
❤3
#Interview #Cybersecurity
🔸Domain Name Server(DNS)
Consider DNS as the phonebook of the internet. All the IP addresses and the name of the links are saved in it. For example, you want to go to google.com. You type this on your web application. Then, this name goes to the DNS server, and the DNS server finds the IP address of google.com. Then, the DNS server returns it to your computer with the IP address.🕸
🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube
🔸Domain Name Server(DNS)
Consider DNS as the phonebook of the internet. All the IP addresses and the name of the links are saved in it. For example, you want to go to google.com. You type this on your web application. Then, this name goes to the DNS server, and the DNS server finds the IP address of google.com. Then, the DNS server returns it to your computer with the IP address.🕸
🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube
👍1
#Machine_Learning
🔸Machine Learning Steps
🔹1)Collecting Data:
As you know, machines initially learn from the data that you give them. It is of the utmost importance to collect reliable data so that your machine learning model can find the correct patterns. The quality of the data that you feed to the machine will determine how accurate your model is. If you have incorrect or outdated data, you will have wrong outcomes or predictions which are not relevant.
🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube
🔸Machine Learning Steps
🔹1)Collecting Data:
As you know, machines initially learn from the data that you give them. It is of the utmost importance to collect reliable data so that your machine learning model can find the correct patterns. The quality of the data that you feed to the machine will determine how accurate your model is. If you have incorrect or outdated data, you will have wrong outcomes or predictions which are not relevant.
🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube
👍1
#Interview #Cybersecurity
🔸DHCP
Dynamic host configuration protocol is a protocol that assigns an IP address to any device that wants to connect to the internet.
🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube
🔸DHCP
Dynamic host configuration protocol is a protocol that assigns an IP address to any device that wants to connect to the internet.
🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube
👍1
#DDoS #Cybersecurity
🔸Distributed Denial of Service
It is an attack used to restrict a user from accessing the resources by flooding the traffic that is used to access resources. A botnet controller controls all the bots that are under it. The attacker sends a command to the botnet controller that tells all bots to attack a server so that the server will be flooded. When a user wants to access a website, he will not be able to, as the traffic on the website will be at full capacity.
🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube
🔸Distributed Denial of Service
It is an attack used to restrict a user from accessing the resources by flooding the traffic that is used to access resources. A botnet controller controls all the bots that are under it. The attacker sends a command to the botnet controller that tells all bots to attack a server so that the server will be flooded. When a user wants to access a website, he will not be able to, as the traffic on the website will be at full capacity.
🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube
👍2
#Cybersecurity
🔸Password Attack
To crack a password or find a password, we use this technique. There are five types of password attacks:
🔹Dictionary attack: In this method, we handle every password that is possible through the dictionary.
🔹Brute force: This is a trial and error method used to decode the password or data. This attack takes the most amount of time.
🔹Keylogger: As the name suggests, a keylogger records all keystrokes on a keyboard. Most hackers use keyloggers to get passwords and account details.
🔹Shoulder surfing: The attackers observe the user’s keyboard by looking over the user’s shoulder.
🔹Rainbow table: There are rainbow tables that contain precomputed hash values. Attackers use this table to find the password of the user.
🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube
🔸Password Attack
To crack a password or find a password, we use this technique. There are five types of password attacks:
🔹Dictionary attack: In this method, we handle every password that is possible through the dictionary.
🔹Brute force: This is a trial and error method used to decode the password or data. This attack takes the most amount of time.
🔹Keylogger: As the name suggests, a keylogger records all keystrokes on a keyboard. Most hackers use keyloggers to get passwords and account details.
🔹Shoulder surfing: The attackers observe the user’s keyboard by looking over the user’s shoulder.
🔹Rainbow table: There are rainbow tables that contain precomputed hash values. Attackers use this table to find the password of the user.
🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube
👍2
🔹داده کاوی چیست؟
به فرایند استخراج و کشف همبستگیها و الگوهای مفید از میان حجم زیادی از دادههای خام که با استفاده از الگوریتم و سازوکارهای هوشمند انجام میگیرد دیتاماینینگ یا داده کاوی میگویند، به زبان سادهتر، استخراج دانش از میان مجموعهای از دادهها را دادهکاوی مینامند.
🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube
به فرایند استخراج و کشف همبستگیها و الگوهای مفید از میان حجم زیادی از دادههای خام که با استفاده از الگوریتم و سازوکارهای هوشمند انجام میگیرد دیتاماینینگ یا داده کاوی میگویند، به زبان سادهتر، استخراج دانش از میان مجموعهای از دادهها را دادهکاوی مینامند.
🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube
👍3
🔹کاربردهای اصلی داده کاوی
همانطور که گفتیم، دادهکاوی یعنی استخراج اطلاعات مفید از مجموعهی دادههای خام و نامفهوم که این اطلاعات شامل اجزای مختلفی هستند، از جمله کاربردهای دیگر دادهکاوی عبارتند از:
🔸کشف الگوی میان دادهها
🔸پیشبینی حدودی نتایج
🔸بهدست آوردن اطلاعات کاربردی
🔸تمرکز بر روی دادههای بزرگ
بهطور کلی فرایند دادهکاوی علاوهبر اینکه به ما کمک میکند دادههای نامرتبط و بلااستفاده را از مجموعهی خود حذف کنیم، از طرفی اطلاعات بسیار مفید و کاربردی را در اختیار ما (سازمان) قرار میدهد و همچنین به فرایندهای تصمیمگیری سرعت میبخشد.
🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube
همانطور که گفتیم، دادهکاوی یعنی استخراج اطلاعات مفید از مجموعهی دادههای خام و نامفهوم که این اطلاعات شامل اجزای مختلفی هستند، از جمله کاربردهای دیگر دادهکاوی عبارتند از:
🔸کشف الگوی میان دادهها
🔸پیشبینی حدودی نتایج
🔸بهدست آوردن اطلاعات کاربردی
🔸تمرکز بر روی دادههای بزرگ
بهطور کلی فرایند دادهکاوی علاوهبر اینکه به ما کمک میکند دادههای نامرتبط و بلااستفاده را از مجموعهی خود حذف کنیم، از طرفی اطلاعات بسیار مفید و کاربردی را در اختیار ما (سازمان) قرار میدهد و همچنین به فرایندهای تصمیمگیری سرعت میبخشد.
🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube
👍5
💬 #نشت اطلاعات واتساپ: شماره حدود ۵۰۰ میلیون کاربر برای فروش
👥 هکرها به شماره تلفن حدود ۴۸۷ میلیون کاربر واتساپ دست پیدا کرده و قصد دارند این اطلاعات را از طریق انجمن هکری به فروش برسانند.
🪪 از حدود نیم میلیارد شماره در این دیتابیس، بیش از ۴۴ میلیون شماره مربوط به مصر و ۳۲ میلیون نیز مربوط به ایالات متحده است. بیشتر از ۳۰۰ هزار شماره نیز از کشور ایران در این لیست قرار دارد. رسانه «سایبر نیوز» که این خبر را منتشر کرده میگوید شرکت «متا» هنوز هیچ پاسخی به چرایی این موضوع نداده است.
❕ طبق گزارش Cybernews، هکر نحوه دسترسی به این دادهها را مشخص نکرده است و توضیح داده که «از استراتژی خود» برای جمعآوری آنها استفاده کرده است. این احتمال وجود دارد که هکرها واتساپ را از نظر فنی هک نکرده باشند، بلکه دادههای آن را از طریق وب اسکرپینگ (Web Scraping) به دست آورده باشند که شامل اجرای یک اسکریپت خودکار برای تایید صفحات وبی میشود که در آنها از شمارهها برای واتساپ استفاده میشود.
🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube
👥 هکرها به شماره تلفن حدود ۴۸۷ میلیون کاربر واتساپ دست پیدا کرده و قصد دارند این اطلاعات را از طریق انجمن هکری به فروش برسانند.
🪪 از حدود نیم میلیارد شماره در این دیتابیس، بیش از ۴۴ میلیون شماره مربوط به مصر و ۳۲ میلیون نیز مربوط به ایالات متحده است. بیشتر از ۳۰۰ هزار شماره نیز از کشور ایران در این لیست قرار دارد. رسانه «سایبر نیوز» که این خبر را منتشر کرده میگوید شرکت «متا» هنوز هیچ پاسخی به چرایی این موضوع نداده است.
❕ طبق گزارش Cybernews، هکر نحوه دسترسی به این دادهها را مشخص نکرده است و توضیح داده که «از استراتژی خود» برای جمعآوری آنها استفاده کرده است. این احتمال وجود دارد که هکرها واتساپ را از نظر فنی هک نکرده باشند، بلکه دادههای آن را از طریق وب اسکرپینگ (Web Scraping) به دست آورده باشند که شامل اجرای یک اسکریپت خودکار برای تایید صفحات وبی میشود که در آنها از شمارهها برای واتساپ استفاده میشود.
🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube
Cybernews
WhatsApp data leaked - 500 million user records for sale online
Someone is allegedly selling up-to-date mobile phone numbers of nearly 500 million WhatsApp users. A data sample investigated by Cybernews likely confirms this to be true.
📣فرایند انجام Data Mining
دادهکاوی به صورت کلی و عمومی در 6 مرحلهی اصلی انجام میشود، در ابتدا دادههای مورد نیاز (دادههای هدف) جمعآوری میشوند و مورد پردازش و پاکسازی قرار میگیرند، یعنی دادههای اضافه حذف شده و تنها دادههای مورد نیاز وارد سیستم میشوند.
در مرحلهی بعدالگوی میان دادهها کشف و ارزیابی و سپس الگوریتم و متدهای Data Mining بر روی دادهها انجام خواهد شد.
در نهایت نیز اطلاعات بهدست آمده از فرایند دادهکاوی در قالب فرمتهای قابل درک برای انسان مانند نمودار، تصویر، گزارش و… ارائه شده و دانش مورد نظر که از میان انبوه دادههای خام استخراج شدهاست در اختیار سازمان قرار خواهد گرفت.
🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube
دادهکاوی به صورت کلی و عمومی در 6 مرحلهی اصلی انجام میشود، در ابتدا دادههای مورد نیاز (دادههای هدف) جمعآوری میشوند و مورد پردازش و پاکسازی قرار میگیرند، یعنی دادههای اضافه حذف شده و تنها دادههای مورد نیاز وارد سیستم میشوند.
در مرحلهی بعدالگوی میان دادهها کشف و ارزیابی و سپس الگوریتم و متدهای Data Mining بر روی دادهها انجام خواهد شد.
در نهایت نیز اطلاعات بهدست آمده از فرایند دادهکاوی در قالب فرمتهای قابل درک برای انسان مانند نمودار، تصویر، گزارش و… ارائه شده و دانش مورد نظر که از میان انبوه دادههای خام استخراج شدهاست در اختیار سازمان قرار خواهد گرفت.
🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube
👍2
🔸 خبرگزاری فارس توسط گروه هکری Black Reward هک شد !
گروه هکری Black Reward در حمله جدیدش سایت خبرگزاری فارس رو هدف قرار داده که صفحه اصلی سایت را هم دیفیس کردن. طبق توضیحاتشون احتمالا اسنادی را هم انتشار بدهند..
منتظریم:)
🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube
گروه هکری Black Reward در حمله جدیدش سایت خبرگزاری فارس رو هدف قرار داده که صفحه اصلی سایت را هم دیفیس کردن. طبق توضیحاتشون احتمالا اسنادی را هم انتشار بدهند..
منتظریم:)
🔝 @InfoSecTube
🖥 youtube
🍁 instagram.com/info_sec_tube
❤6🔥1