🔶Cross-file dependence analysis refers to examining how different files within a project relate to each other and how changes in one file might affect others. This type of analysis is crucial for understanding and managing the complexity of large software projects, where individual components often interact with each other.


🎯@InfoSecTube
📌YouTube channel
🎁Boost Us

یک فرد ایرانی به نام سینا قلی ‌نژاد، ۳۷ ساله، که به هک شرکتهای مختلف امریکایی و رمزنگاری داده های اونها با باج افزار رابین هود متهم شده بود، اتهامش رو پذیرفته و ممکن هست به اتهام هک و پولشویی به 30 سال زندان محکوم بشه.

این شخص و همکارانش بیمارستان ها و ادارات مختلف ایالتهایی همچون کالیفرنیا، مریلند، اورگان و غیره رو هک کرده بودن و با الوده کردن سیستمهای اونها به باج افزار برای گرفتن پول به ازای باز کردن رمز فایلها، دهها میلیونها دلار به اونها ضرر زدن.

🔎 5tuxnet

🎯@InfoSecTube
📌YouTube channel
🎁Boost Us

🐞Digital Signatures
Prove who sent a message and ensure it wasn't altered.

Based on private signing key and public verification key.

Properties:

Integrity

Authentication

Non-repudiation

Best practice: hash the message first, then sign the hash.

🎯@InfoSecTube
📌YouTube channel
🎁Boost Us

📌 What is a Process?
A process is a running program — not just code on disk, but a live entity managed by the OS.

A process includes:

Memory (address space): Code, data, heap, stack

CPU registers: Includes PC (program counter), stack pointer, etc.

I/O state: Open files, resources

Programs sit on disk; the OS loads them into memory and sets them up to run.

🎯@InfoSecTube
📌YouTube channel
🎁Boost Us

⛑Shellcode is a small piece of code that is used as the payload in a software exploit. It typically contains the instructions needed to perform a specific action, such as spawning a shell, creating a network connection, or injecting code into another process.

🎯@InfoSecTube
📌YouTube channel
🎁Boost Us

💢 بدافزار جدید در داکر؛ استخراج ارز دیجیتال Dero!
❇️ یک بدافزار خود تکثیرشونده، نمونه‌های داکر با API ناامن را هدف گرفته و آنها را به ربات‌های استخراج ارز دیجیتال Dero تبدیل می‌کند.
❇️ این بدافزار با نفوذ به کانتینرها، منابع سیستم قربانی را برای استخراج ارز دیجیتال می‌دزدد و خود را تکثیر می‌کند. این بدافزار خود را به شکل وب‌سرور nginx جا زده و با اسکن گسترده شبکه، کانتینرهای بیشتری را آلوده می‌کند.
❇️ این حمله بیشتر روی کانتینرهای مبتنی بر اوبونتو و محیط‌های Kubernetes تمرکز دارد. همچنین مواردی از حمله با ماینر مونرو و درب پشتی پیشرفته نیز مشاهده شده است.


Link

🎯@InfoSecTube
📌YouTube channel
🎁Boost Us

🔑 Lazy loading: Modern OSes load parts of the program only when needed, to save memory.

🎯@InfoSecTube
📌YouTube channel
🎁Boost Us

🔐 What Does Forward Secrecy Do?
1)When you establish a secure connection (like HTTPS), the session uses a temporary session key to encrypt data.

2)Forward secrecy ensures that each session key is unique and ephemeral — it’s generated for that session only and not derived solely from the server’s long-term key.

3)If an attacker obtains the server’s private key later on, they cannot decrypt past communications recorded from earlier sessions.

🧠 How Is Forward Secrecy Achieved?
Typically, through ephemeral key exchange algorithms such as:

Ephemeral Diffie-Hellman (DHE)

Elliptic Curve Ephemeral Diffie-Hellman (ECDHE)

These generate a fresh temporary key pair per session.

نسخه‌‌ی بتای XChat به صورت تدریجی برای مشترکین X عرضه میشه. ورژن ارتقا یافته DM پلتفرم اکس که با زبان Rust نوشته شده برای رقابت با سیگنال و واتس‌اپ طراحی شده.

اکس‌چت با معماری غیرقابل نظارت، رمزگذاری سرتاسری، پیام‌های محوشونده، تماس صوتی و تصویری بدون نیاز به شماره تلفن و پشتیبانی از انواع فایل‌ها سعی داره X رو به یک پلتفرم همه‌کاره تبدیل کنه.

🔗 bbntimes
🎯@InfoSecTube
📌YouTube channel
🎁Boost Us

🔒 1. DV – Domain Validation
Purpose: Basic encryption, proves control of a domain.

✅ Validation Level: Only verifies that the applicant owns the domain (via DNS, email, or file upload)

📄 Certificate Info: Shows the domain name (e.g., example.com)

👁 Browser Bar: Padlock only, no organization name

💰 Cost: Cheapest (often free with Let's Encrypt)

🧰 Use Case: Personal websites, blogs, small projects

Example:
Issued to: example.com
No organization details shown


🎯@InfoSecTube
📌YouTube channel
🎁Boost Us

😈A control flow graph (CFG) is a visual representation of all possible execution paths within a program. It's essentially a graph where nodes represent basic blocks of code (sequences of instructions without jumps) and edges represent the possible flow of control between those blocks. CFGs are crucial for static analysis and compiler optimizations


🎯@InfoSecTube
📌YouTube channel
🎁Boost Us

📚 OS Concepts — Named vs Unnamed Pipes 🧵
Let’s talk about how processes talk to each other in UNIX/Linux systems!

🔹 Pipes are a way for processes to send data between each other. There are two types:

🔸 1. Unnamed Pipe
🧠 Temporary, memory-based communication
👨‍👦 Works between related processes (like parent & child)
➡️ Unidirectional (one-way only)
⚙️ Created using pipe() in C
📂 Not visible in the file system

✅ Example:
When you run:

ls | grep txt

…the shell creates an unnamed pipe between ls and grep.

🔸 2. Named Pipe (FIFO)
📛 Has a name in the file system
🔗 Used between any processes
⏳ Persistent until deleted
⚙️ Created using mkfifo or mknod
➡️ Also unidirectional
✅ Example:
Terminal 1:

mkfifo mypipe  
echo "Hello" > mypipe  

Terminal 2:

cat < mypipe

#OS #Pipes


🎯@InfoSecTube
📌YouTube channel
🎁Boost Us

😱In computing, a daemon is a type of program that runs in the background, performing system tasks without direct user interaction. They are often associated with Unix and Unix-like operating systems like Linux and macOS. Daemons typically start automatically when a system boots up and manage system resources, handle network connections, or provide services for other programs.

🎯@InfoSecTube
📌YouTube channel
🎁Boost Us

📚 OS Concepts — What is a Trap? What is a Trap Table? 🧵
Let’s break down one of the coolest mechanisms your OS uses to switch into "superpower mode" 🦸‍♂️

🔹 Trap = Software Interrupt

🛎 Happens when a user program needs to request OS services
📞 Example: read(), write(), fork() → These trigger traps
⚙️ Transfers control to the kernel via a safe & controlled mechanism
⏱️ Happens synchronously (exact instruction, not random)

🔹 Trap Table = Phonebook for the OS

🧠 It’s a table that maps trap numbers → handler functions
📍 When a trap happens, the CPU consults the table to know where to jump
💥 Example: Trap 0x80 in Linux → syscall handler

#OS #Traps #SystemCalls #Interrupts #TrapTable #KernelMode

🎯@InfoSecTube
📌YouTube channel
🎁Boost Us

❌Inline hooking is a technique where malware (or legitimate software) modifies the beginning of a function's code—usually by overwriting the first few bytes with a jump (JMP) instruction to custom (malicious) code. This allows the attacker to intercept function calls and either:

Alter inputs or outputs

Inject new behavior

Hide actions or data

🎯@InfoSecTube
📌YouTube channel
🎁Boost Us

❌❌وام سامانه حمایت کلاهبرداری است

بانک مرکزی با صدور اطلاعیه ای ضمن تکذیب انتشار برخی ادعاها مبنی بر پرداخت تسهیلات بانکی از طریق سامانه هایی در فضای مجازی تاکید کرد: برنامه این بانک در خصوص تامین مالی خرد به صورت رسمی در پایگاه اطلاع رسانی این بانک اعلام می شود و هرگونه اخبار مرتبط با پرداخت تسهیلات در فضای مجازی و رسانه های غیررسمی مورد تایید این نهاد نیست.

اخیرا در فضای مجازی اخباری با محتوای «وام ۱۵۰ میلیون تومانی از طریق سامانه حمایت» در حال انتشار است که از اساس این اخبار شایعه بوده و صرفا با هدف #کلاهبرداری و جمع آوری اطلاعات اشخاص صورت می گیرد. #هشدار


🎯@InfoSecTube
📌YouTube channel
🎁Boost Us

🔧 What is a System Call (Syscall)?
A system call is a controlled entry point that allows user-mode applications to request services from the kernel (like reading a file, opening a network socket, etc.).

🕵️ What is Syscall Hijacking?
Syscall hijacking is when a rootkit modifies or redirects system calls to its own malicious functions, instead of letting them reach the legitimate kernel handlers.

🎯@InfoSecTube
📌YouTube channel
🎁Boost Us

🏢 2. OV – Organization Validation
Purpose: Encrypts and authenticates the organization behind the domain.

✅ Validation Level: Confirms domain ownership and verifies company details (via business registration, phone, etc.)

📄 Certificate Info: Includes organization name and location

👁 Browser Bar: Padlock only, but company name visible in cert details

💰 Cost: Moderate

🧰 Use Case: Business websites, login portals, B2B platforms

Example:
Issued to: example.com
Organization: Example Corp, US

🎯@InfoSecTube
📌YouTube channel
🎁Boost Us

📚 OS Concepts — What Happens When the System Runs Out of RAM? 💥🧵
Let’s break down how the OS reacts when memory is almost full! 🔍

🧠 The Problem:
Your system is running low on RAM. New apps need memory, but there’s no space left! What does the OS do?

🔹 Option 1: Swapping / Paging Out
💽 Move memory pages from RAM → disk (swap area)
🧊 Frees up RAM for urgent tasks
⚠️ Disk is much slower → system may feel sluggish ("thrashing")

📌 Think: Push books to a shelf to make space on your desk

🔹 Option 2: Killing Processes (OOM Killer / LMK)
💀 OS starts terminating processes to free memory

🧠 OOM Killer (Linux): kills least important process

📱 LMK (Android): aggressively frees memory by killing background apps

⚠️ Risk: Important work may be lost if a process is killed



🎯@InfoSecTube
📌YouTube channel
🎁Boost Us