This document discusses advanced phishing techniques. It begins by defining phishing and describing how phishing attacks have evolved from targeting individuals to larger organizations and governments. It then outlines traditional phishing methods like spoofed emails and exploitation of web vulnerabilities. The document focuses on newer advanced techniques like spear phishing, whaling, smishing, and use of tools like the Social Engineering Toolkit and Phishnix to craft sophisticated phishing attacks. It describes how obfuscation, credential harvesting, and exploits can be used in phishing to compromise systems and potentially gain root access on victims' machines.
In this article we will be the focusing on all the aspects of Phishing attacks including the technological advancements, exploitation, post exploitation techniques and the countermeasures techniques against Advanced Phishing” The Art of Stealing” .
We will also learn about payloads , Web Application attacks and Network Attacks and how they contribute to advanced phishing attacks.
HOST PROTECTION USING PROCESS WHITE-LISTING, DECEPTION AND REPUTATION SERVICESAM Publications,India
The Internet or World Wide Web has become prominent platform for business and commerce and is witnessing user growth with increased penetration of mobile Internet. Huge traffic is being generated, some of it being legitimate and the rest being malicious. Hence the implementation and maintenance of Information Security programs is been done .In the age of the Internet, protecting our information has become just as important as protecting our property. Malware authors have found and exploited new zero-day vulnerabilities resulting in damage to end-user system. Ransomware, a malware that has taken malware attacks to a new level by locking files of the affected user and demand Bitcoin payment to unlock those files. On the other hand the Volume and frequency of Distributed Denial of Service (DDoS) attacks have increased. Many unpatched machines without the knowledge of its owners have become a part of Botnets which carry out DDoS attacks. This paper focuses on strategies to be adopted to protect individual hosts from malware attacks and other types of intrusions using Deception, White-Listing and Reputation Services.
Phishing detection in ims using domain ontology and cba an innovative rule ...ijistjournal
User ignorance towards the use of communication services like Instant Messengers, emails, websites, social networks etc. is becoming the biggest advantage for phishers. It is required to create technical awareness in users by educating them to create a phishing detection application which would generate phishing alerts for the user so that phishing messages are not ignored. The lack of basic security features to detect and prevent phishing has had a profound effect on the IM clients, as they lose their faith in e-banking and e-commerce transactions, which will have a disastrous impact on the corporate and banking sectors and businesses which rely heavily on the internet.Very little research contributions were available in for phishing detection in Instant messengers. A context
based, dynamic and intelligent phishing detection
methodology in IMs is proposed, to analyze and detect phishing in Instant Messages with relevance to domain ontology (OBIE) and utilizes the Classification based on Association (CBA) for generating phishing rules and alerting the victims. A PDS Monitoring system algorithm is used to identify the phishing activity during exchange of messages in IMs, with high ratio of precision and recall. The results have shown improvement by the increased percentage of precision and recall when compared to the existing methods.
Detecting malicious URLs using binary classification through ada boost algori...IJECEIAES
Malicious Uniform Resource Locator (URL) is a frequent and severe menace to cybersecurity. Malicious URLs are used to extract unsolicited information and trick inexperienced end users as a sufferer of scams and create losses of billions of money each year. It is crucial to identify and appropriately respond to such URLs. Usually, this discovery is made by the practice and use of blacklists in the cyber world. However, blacklists cannot be exhaustive, and cannot recognize zero-day malicious URLs. So to increase the observation of malicious URL indicators, machine learning procedures should be incorporated. In this study, we have developed a complete prototype of Malicious URL Detection using machine learning methods. In particular, we have attempted an exact formulation of Malicious URL exposure from a machine learning perspective and proposed an approach using the AdaBoost algorithm - the proposed approach has brought forward more accuracy than other existing algorithms.
In this article we will be the focusing on all the aspects of Phishing attacks including the technological advancements, exploitation, post exploitation techniques and the countermeasures techniques against Advanced Phishing” The Art of Stealing” .
We will also learn about payloads , Web Application attacks and Network Attacks and how they contribute to advanced phishing attacks.
HOST PROTECTION USING PROCESS WHITE-LISTING, DECEPTION AND REPUTATION SERVICESAM Publications,India
The Internet or World Wide Web has become prominent platform for business and commerce and is witnessing user growth with increased penetration of mobile Internet. Huge traffic is being generated, some of it being legitimate and the rest being malicious. Hence the implementation and maintenance of Information Security programs is been done .In the age of the Internet, protecting our information has become just as important as protecting our property. Malware authors have found and exploited new zero-day vulnerabilities resulting in damage to end-user system. Ransomware, a malware that has taken malware attacks to a new level by locking files of the affected user and demand Bitcoin payment to unlock those files. On the other hand the Volume and frequency of Distributed Denial of Service (DDoS) attacks have increased. Many unpatched machines without the knowledge of its owners have become a part of Botnets which carry out DDoS attacks. This paper focuses on strategies to be adopted to protect individual hosts from malware attacks and other types of intrusions using Deception, White-Listing and Reputation Services.
Phishing detection in ims using domain ontology and cba an innovative rule ...ijistjournal
User ignorance towards the use of communication services like Instant Messengers, emails, websites, social networks etc. is becoming the biggest advantage for phishers. It is required to create technical awareness in users by educating them to create a phishing detection application which would generate phishing alerts for the user so that phishing messages are not ignored. The lack of basic security features to detect and prevent phishing has had a profound effect on the IM clients, as they lose their faith in e-banking and e-commerce transactions, which will have a disastrous impact on the corporate and banking sectors and businesses which rely heavily on the internet.Very little research contributions were available in for phishing detection in Instant messengers. A context
based, dynamic and intelligent phishing detection
methodology in IMs is proposed, to analyze and detect phishing in Instant Messages with relevance to domain ontology (OBIE) and utilizes the Classification based on Association (CBA) for generating phishing rules and alerting the victims. A PDS Monitoring system algorithm is used to identify the phishing activity during exchange of messages in IMs, with high ratio of precision and recall. The results have shown improvement by the increased percentage of precision and recall when compared to the existing methods.
Detecting malicious URLs using binary classification through ada boost algori...IJECEIAES
Malicious Uniform Resource Locator (URL) is a frequent and severe menace to cybersecurity. Malicious URLs are used to extract unsolicited information and trick inexperienced end users as a sufferer of scams and create losses of billions of money each year. It is crucial to identify and appropriately respond to such URLs. Usually, this discovery is made by the practice and use of blacklists in the cyber world. However, blacklists cannot be exhaustive, and cannot recognize zero-day malicious URLs. So to increase the observation of malicious URL indicators, machine learning procedures should be incorporated. In this study, we have developed a complete prototype of Malicious URL Detection using machine learning methods. In particular, we have attempted an exact formulation of Malicious URL exposure from a machine learning perspective and proposed an approach using the AdaBoost algorithm - the proposed approach has brought forward more accuracy than other existing algorithms.
Malware attacks have become increasingly prevalent with more than one million unique malware samples uncovered each month. And with threats on the rise, businesses are starting to question the capabilities of their security infrastructure.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
The intention behind writing this paper on this subject is to anticipate IT students or novice in the field of data communication and network security about spoofing attacks, how vulnerable and the prevention from the attacks. Nowadays, several malicious attacks and contents are found on the internet. So, to overcome the probability of risk, it is must be implemented to prevent the end user from these. IP address spoofing is basically a technique to alter spoof the packets of original source address in the header section intended to compromise or retrieve sensitive information from another trusted host or a machine. The meaning of spoofing is to provide the false information, in the area network security and it comprises of many types which includes IP ADDRESS SPOOFING E MAIL SPOOFING WEB SPOOFING ARP ADDRESS RESOLUTION PROTOCOL SPOOFING Mr. Satish Bharadwaj | Prof. Abhijit Desai "IP Spoofing" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-4 | Issue-6 , October 2020, URL: https://www.ijtsrd.com/papers/ijtsrd33246.pdf Paper Url: https://www.ijtsrd.com/computer-science/computer-security/33246/ip-spoofing/mr-satish-bharadwaj
What are the possible damages of phishing and spoofing mail attacks part 2#...Eyal Doron
We are living in a dangerous world that produces many types of threats and risks to our organizational mail infrastructure, to our users and to us.
In the current article, I would like to review some of the possible damages that we can experience in a scenario, in which Spoof or Phishing mail attacks are realized.
http://o365info.com/what-is-the-possible-damages-of-phishing-spoofing-mail-attacks-part-2-of-9/
NATO Cyber Security Conference: Creating IT-Security Start-UpsBenjamin Rohé
introduction about the cyber security startup landscape, what are the drivers, why businesses and governments need to act, some predictions for 2015 and beyond, investment market and Palantir mini-case-study, market growth, 3 startup tips from founders, some references and additional material
Cyberthreats broke new ground with mobile devices, while reaching deeper into social media. Online criminals also stepped up attacks via email, web and other traditional vectors.
Elektrik kesintisinden kredi kartı hırsızlığına, filmlerden dizilere; siber güvenlik başlığı haberler ve magazin gündeminde baş köşelere yerleşmeye başladı. Peki kurumlar ve devlet yönetimleri hangi alanlara odaklanmalı? Ya da bu başlığın tam adı ne olmalı ve kavram karmaşasına nasıl yaklaşmalıyız? Information Security Forum raporları ile son yıllarda Türkiye ve Dünya'daki kurumların gündeminde en ön sıralarda yer alan başlıklardan yola çıkarak hazırlanan bu sunumda, önümüzdeki yıllarda sadece siber güvenlik camiasının değil, kurum ve devlet yönetimlerinin de odaklanması gereken alanlara ışık tutulmaya çalışılacak.
Cyber crime is a social crime that is increasing worldwide day by day. So the cyber crime investigation is becoming a very complicated task to do without a proper framework. This paper mainly focuses on the various types of cyber crime like crimes against individuals, crimes against property, and crimes against organization. It also includes impact on the real world and society, and how to handle cyber crimes.
As reported in the ISTR Volume 19, 2013 saw a 500 percent increase in ransomware in the latter part of the year. Overall ransomware levels remained high through March 2014, and then slowly started to decline, in part due to the disruption of the GameOver Zeus botnet back in late May.
In contrast, crypto-style ransomware has seen a 700 percent-plus increase. These file-encrypting versions of ransomware began the year comprising 1.2 percent of all ransomware detec¬tions, but now make up 31 percent at the end of August. One variant known as Trojan.Cryptodefense began to appear in large numbers in early June. By the end of July, it made up 77 percent of all crypto-style ransomware for the year to date. This follows predictions in the ISTR saying this type of malware would become more common in 2014.
Over 31.5 million identities were reported exposed in August, from 12 incidents. The jump in exposed identities is due to a large breach in South Korea, comprising 27 million identities. In the last 12 months 53 percent of data breaches were caused by hacking and 21 percent were accidentally made public.
The average number of spear-phishing emails blocked each day for August was 20, compared with 54 in July and 88 in June. This is below the year-to-date average of 86, which is slightly higher than the daily average of 84 for all if 2013.
The most frequently used malicious file types in these email-based targeted attacks were .exe and .doc file types, with .exe attachments coming out on top this month at 31.8 percent. 29 percent of spear phishing emails were sent to Manufacturing, returning it to the top of the industries targeted.
One in 1,587 emails was identified as a phishing attempt, compared with one in 1,298 for July and one in 496 in June. While at first glance this looks like a big drop, it is not indica¬tive of a wider trend just yet, resulting in only a 0.01 percentage point decrease in the overall phishing rate.
We hope that you enjoy this month’s report and feel free to contact us with any comments or feedback.
All product and company names mentioned herein are for identification and educational purposes only and are the property of, and may be trademarks of, their respective owners.
Malware attacks have become increasingly prevalent with more than one million unique malware samples uncovered each month. And with threats on the rise, businesses are starting to question the capabilities of their security infrastructure.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
The intention behind writing this paper on this subject is to anticipate IT students or novice in the field of data communication and network security about spoofing attacks, how vulnerable and the prevention from the attacks. Nowadays, several malicious attacks and contents are found on the internet. So, to overcome the probability of risk, it is must be implemented to prevent the end user from these. IP address spoofing is basically a technique to alter spoof the packets of original source address in the header section intended to compromise or retrieve sensitive information from another trusted host or a machine. The meaning of spoofing is to provide the false information, in the area network security and it comprises of many types which includes IP ADDRESS SPOOFING E MAIL SPOOFING WEB SPOOFING ARP ADDRESS RESOLUTION PROTOCOL SPOOFING Mr. Satish Bharadwaj | Prof. Abhijit Desai "IP Spoofing" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-4 | Issue-6 , October 2020, URL: https://www.ijtsrd.com/papers/ijtsrd33246.pdf Paper Url: https://www.ijtsrd.com/computer-science/computer-security/33246/ip-spoofing/mr-satish-bharadwaj
What are the possible damages of phishing and spoofing mail attacks part 2#...Eyal Doron
We are living in a dangerous world that produces many types of threats and risks to our organizational mail infrastructure, to our users and to us.
In the current article, I would like to review some of the possible damages that we can experience in a scenario, in which Spoof or Phishing mail attacks are realized.
http://o365info.com/what-is-the-possible-damages-of-phishing-spoofing-mail-attacks-part-2-of-9/
NATO Cyber Security Conference: Creating IT-Security Start-UpsBenjamin Rohé
introduction about the cyber security startup landscape, what are the drivers, why businesses and governments need to act, some predictions for 2015 and beyond, investment market and Palantir mini-case-study, market growth, 3 startup tips from founders, some references and additional material
Cyberthreats broke new ground with mobile devices, while reaching deeper into social media. Online criminals also stepped up attacks via email, web and other traditional vectors.
Elektrik kesintisinden kredi kartı hırsızlığına, filmlerden dizilere; siber güvenlik başlığı haberler ve magazin gündeminde baş köşelere yerleşmeye başladı. Peki kurumlar ve devlet yönetimleri hangi alanlara odaklanmalı? Ya da bu başlığın tam adı ne olmalı ve kavram karmaşasına nasıl yaklaşmalıyız? Information Security Forum raporları ile son yıllarda Türkiye ve Dünya'daki kurumların gündeminde en ön sıralarda yer alan başlıklardan yola çıkarak hazırlanan bu sunumda, önümüzdeki yıllarda sadece siber güvenlik camiasının değil, kurum ve devlet yönetimlerinin de odaklanması gereken alanlara ışık tutulmaya çalışılacak.
Cyber crime is a social crime that is increasing worldwide day by day. So the cyber crime investigation is becoming a very complicated task to do without a proper framework. This paper mainly focuses on the various types of cyber crime like crimes against individuals, crimes against property, and crimes against organization. It also includes impact on the real world and society, and how to handle cyber crimes.
As reported in the ISTR Volume 19, 2013 saw a 500 percent increase in ransomware in the latter part of the year. Overall ransomware levels remained high through March 2014, and then slowly started to decline, in part due to the disruption of the GameOver Zeus botnet back in late May.
In contrast, crypto-style ransomware has seen a 700 percent-plus increase. These file-encrypting versions of ransomware began the year comprising 1.2 percent of all ransomware detec¬tions, but now make up 31 percent at the end of August. One variant known as Trojan.Cryptodefense began to appear in large numbers in early June. By the end of July, it made up 77 percent of all crypto-style ransomware for the year to date. This follows predictions in the ISTR saying this type of malware would become more common in 2014.
Over 31.5 million identities were reported exposed in August, from 12 incidents. The jump in exposed identities is due to a large breach in South Korea, comprising 27 million identities. In the last 12 months 53 percent of data breaches were caused by hacking and 21 percent were accidentally made public.
The average number of spear-phishing emails blocked each day for August was 20, compared with 54 in July and 88 in June. This is below the year-to-date average of 86, which is slightly higher than the daily average of 84 for all if 2013.
The most frequently used malicious file types in these email-based targeted attacks were .exe and .doc file types, with .exe attachments coming out on top this month at 31.8 percent. 29 percent of spear phishing emails were sent to Manufacturing, returning it to the top of the industries targeted.
One in 1,587 emails was identified as a phishing attempt, compared with one in 1,298 for July and one in 496 in June. While at first glance this looks like a big drop, it is not indica¬tive of a wider trend just yet, resulting in only a 0.01 percentage point decrease in the overall phishing rate.
We hope that you enjoy this month’s report and feel free to contact us with any comments or feedback.
All product and company names mentioned herein are for identification and educational purposes only and are the property of, and may be trademarks of, their respective owners.
비즈니스의 언어인 재무회계는 기업/부서/개인단위까지
모두가 반드시 배워야 하는 필수 역량입니다.
리더가 아는 만큼 기업을 볼 수 있고 의사결정을 할 수 있습니다.
내가 만든 기획안을 숫자로 설명하지 못한다면
완벽한 기획안이라 할 수 있을까요?
기업이 돌아가는 것을 이해하는 능력인
회계재무는 모든 직장인의 필수역량 입니다
경영자, 매니저, 신입사원 모두에게 필요한 재무회계를 하루에 풀어드립니다.
재무회계의 큰 그림을 이해할 수 있도록 사례와 더불어
아주 쉽고 명쾌하게 알려드립니다.
더 늦기 전에 바로 재무회계공부 시작하세요
EXPLORING HISTORICAL AND EMERGING PHISHING TECHNIQUES AND MITIGATING THE ASSO...IJNSA Journal
Organizations invest heavily in technical controls for their Information Assurance (IA) infrastructure. These technical controls mitigate and reduce the risk of damage caused by outsider attacks. Most organizations rely on training to mitigate and reduce risk of non-technical attacks such as social engineering. Organizations lump IA training into small modules that personnel typically rush through because the training programs lack enough depth and creativity to keep a trainee engaged. The key to retaining knowledge is making the information memorable. This paper describes common and emerging attack vectors and how to lower and mitigate the associated risk.
Phishing is basically the type of cybercrime in which attackers imitates a real person through institution and mimics that they are sending message from an authorized organization and then take the details of the user personal identity, credit card details and any type of bank information and will breach the personal details of the user. There are many free tools to help in web based scams. Basically the free anti phishing toolbars in the below given study were examined many example in which Spoof Guard anti phishing toolbar is sufficient and good at identifying fraudulent sites and can also gave false positive results. Earth Link, Google, Net Craft, Cloud Mark and Internet Explorer seven detected many of the fraudulent or fake sites even more than 15 of fraudulent sites are false positive. Trust Watch, eBay and Netscape correctly found the fraudulent websites and by the combination of the toolbars the expected outcome came out. Dr. Lalit Pratap | Mr. Shubham Sangwan | Monika "E-Mail Phishing Prevention and Detection" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-6 | Issue-3 , April 2022, URL: https://www.ijtsrd.com/papers/ijtsrd49541.pdf Paper URL: https://www.ijtsrd.com/other-scientific-research-area/other/49541/email-phishing-prevention-and-detection/dr-lalit-pratap
Today's security is that the main downside and every one the work is finished over the net mistreatment knowledge. whereas the information is out there, there square measure many varieties of users who act with knowledge and a few of them for his or her would like it all for his or her gaining data. There square measure numerous techniques used for cover of information however the hacker or cracker is a lot of intelligent to hack the security, there square measure 2 classes of hackers theyre completely different from one another on the idea of their arrange. The one who has smart plans square measure referred to as moral hackers as a result of the ethics to use their talent and techniques of hacking to supply security to the organization. this idea describes concerning the hacking, styles of hackers, rules of moral hacking and also the blessings of the moral hacking. Mukesh. M | Dr. S. Vengateshkumar "Ethical Hacking" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-3 | Issue-6 , October 2019, URL: https://www.ijtsrd.com/papers/ijtsrd29351.pdf Paper URL: https://www.ijtsrd.com/engineering/computer-engineering/29351/ethical-hacking/mukesh-m
best usage and for seminar purpose and best quality and every points included..best designed backgroud according to the subject and can use any higher classes like 11 and 12 and stricty not usage for any lower classes because it contains more detailed points and lower classes will cannot able to understand it very clearly...
Looking to understand how hackers and other attackers use cyber technology to attack your network and your executives? This slide set provides an overview and details the anatomy of a cyber attack, and the strategies you can use to manage and mitigate risk.
Running head CYBERSECURITY IN FINANCIAL DOMAIN .docxhealdkathaleen
Running head: CYBERSECURITY IN FINANCIAL DOMAIN 1
CYBERSECURITY IN FINANCIAL DOMAIN 6
Cyber Security in Financial Domain
Introduction
The latest IT sector is faced with several risks. The revolution has a chance with the manufactures of digital supply networks and smart technologies. The revolution is growing at a fast rate which leads to the increase of cyber-attacks. The interconnection of the digital systems leads to the significant rise of cyber-attacks. Some of the firms faced with cyber-attacks are not ready to face the issue of cyber-crime. IT firms need to be organized, vigilant, and resilient to deal with any risk that may arise (Evans, 2019). They need to put strict measures that will help them tackle any issue on its initial before it destroys different organizations.
Background of the problem
Cybersecurity is also referred to as information technology. Cybersecurity is the process which involves protecting networks, systems, and programs from digital attacks. Cybersecurity has been designed in a way that people try to gain access to applications without easily. Cybersecurity attacks intend to manipulate data, interrupt the functionality of the cyber, destroy digitally stored data as well as demand for money from data owners.
The attacks tend to gain access within the information technology so as they can easily manipulate the data. Most industries today have been affected by cybersecurity attacks. Their information has been managed, leading to loss of money. According to Singer and Friedman (2014), coming up with useful cybersecurity measure is a challenge since it requires a lot of time and attention to implement them. Cybersecurity criminals have also evolved and devised modern means and innovations on how they attack industries.
Cybersecurity can be termed as coming up with different practices into the existing systems to ensure credibility, availability, and integrity of information. The challenges faced with IT organizations can be solved with better practices and measures put in place. Organizations use advanced technology to detect any form of attack. The systems are well protected in a way that they cannot be manipulated. The firms will be on the safe side as they will not lose any data to hackers. They will also transform their technology to a new level.
The threats have been said to come in different forms such as ransom ware, malware attacks, and phishing and exploit kits. They have become more complicated due to the growing technologies in organizations. The IT firms have revolutionized over the years up to date. They use the latest technology, such as the use of robots, to make the work easier. Once these threats attack the machines, the machine fails hence will not be valid.
The organizations, therefore, need to come up with the latest techniques that will help them protect their technology. The m ...
Credential Harvesting Using Man in the Middle Attack via Social Engineeringijtsrd
With growing internet users threat landscape is also increasing widely. Even following standard security policies and using multiple security layers will not keep users safe unless they are well aware of the emerging cyber threats and the risks involved. Humans are the weakest link in the security system as they possess emotions that can be exploited with minimum reconnaissance. social engineering is a type of cyber attack where it exploits human behavior or emotions to collect sensitive information such as username, password, personal details, etc. This paper proposes a system that helps end users to understand that even using security mechanisms such as two factor authentication can be useless when the user is not aware of basic security elements and make internet users aware of cyber threats and the risk involved. Sudhakar P | Dr. Uma Rani Chellapandy "Credential Harvesting Using Man in the Middle Attack via Social Engineering" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-6 | Issue-3 , April 2022, URL: https://www.ijtsrd.com/papers/ijtsrd49629.pdf Paper URL: https://www.ijtsrd.com/computer-science/computer-security/49629/credential-harvesting-using-man-in-the-middle-attack-via-social-engineering/sudhakar-p
KuberTENes Birthday Bash Guadalajara - K8sGPT first impressionsVictor Morales
K8sGPT is a tool that analyzes and diagnoses Kubernetes clusters. This presentation was used to share the requirements and dependencies to deploy K8sGPT in a local environment.
Harnessing WebAssembly for Real-time Stateless Streaming PipelinesChristina Lin
Traditionally, dealing with real-time data pipelines has involved significant overhead, even for straightforward tasks like data transformation or masking. However, in this talk, we’ll venture into the dynamic realm of WebAssembly (WASM) and discover how it can revolutionize the creation of stateless streaming pipelines within a Kafka (Redpanda) broker. These pipelines are adept at managing low-latency, high-data-volume scenarios.
Online aptitude test management system project report.pdfKamal Acharya
The purpose of on-line aptitude test system is to take online test in an efficient manner and no time wasting for checking the paper. The main objective of on-line aptitude test system is to efficiently evaluate the candidate thoroughly through a fully automated system that not only saves lot of time but also gives fast results. For students they give papers according to their convenience and time and there is no need of using extra thing like paper, pen etc. This can be used in educational institutions as well as in corporate world. Can be used anywhere any time as it is a web based application (user Location doesn’t matter). No restriction that examiner has to be present when the candidate takes the test.
Every time when lecturers/professors need to conduct examinations they have to sit down think about the questions and then create a whole new set of questions for each and every exam. In some cases the professor may want to give an open book online exam that is the student can take the exam any time anywhere, but the student might have to answer the questions in a limited time period. The professor may want to change the sequence of questions for every student. The problem that a student has is whenever a date for the exam is declared the student has to take it and there is no way he can take it at some other time. This project will create an interface for the examiner to create and store questions in a repository. It will also create an interface for the student to take examinations at his convenience and the questions and/or exams may be timed. Thereby creating an application which can be used by examiners and examinee’s simultaneously.
Examination System is very useful for Teachers/Professors. As in the teaching profession, you are responsible for writing question papers. In the conventional method, you write the question paper on paper, keep question papers separate from answers and all this information you have to keep in a locker to avoid unauthorized access. Using the Examination System you can create a question paper and everything will be written to a single exam file in encrypted format. You can set the General and Administrator password to avoid unauthorized access to your question paper. Every time you start the examination, the program shuffles all the questions and selects them randomly from the database, which reduces the chances of memorizing the questions.
Water billing management system project report.pdfKamal Acharya
Our project entitled “Water Billing Management System” aims is to generate Water bill with all the charges and penalty. Manual system that is employed is extremely laborious and quite inadequate. It only makes the process more difficult and hard.
The aim of our project is to develop a system that is meant to partially computerize the work performed in the Water Board like generating monthly Water bill, record of consuming unit of water, store record of the customer and previous unpaid record.
We used HTML/PHP as front end and MYSQL as back end for developing our project. HTML is primarily a visual design environment. We can create a android application by designing the form and that make up the user interface. Adding android application code to the form and the objects such as buttons and text boxes on them and adding any required support code in additional modular.
MySQL is free open source database that facilitates the effective management of the databases by connecting them to the software. It is a stable ,reliable and the powerful solution with the advanced features and advantages which are as follows: Data Security.MySQL is free open source database that facilitates the effective management of the databases by connecting them to the software.
A review on techniques and modelling methodologies used for checking electrom...nooriasukmaningtyas
The proper function of the integrated circuit (IC) in an inhibiting electromagnetic environment has always been a serious concern throughout the decades of revolution in the world of electronics, from disjunct devices to today’s integrated circuit technology, where billions of transistors are combined on a single chip. The automotive industry and smart vehicles in particular, are confronting design issues such as being prone to electromagnetic interference (EMI). Electronic control devices calculate incorrect outputs because of EMI and sensors give misleading values which can prove fatal in case of automotives. In this paper, the authors have non exhaustively tried to review research work concerned with the investigation of EMI in ICs and prediction of this EMI using various modelling methodologies and measurement setups.
We have compiled the most important slides from each speaker's presentation. This year’s compilation, available for free, captures the key insights and contributions shared during the DfMAy 2024 conference.
Hierarchical Digital Twin of a Naval Power SystemKerry Sado
A hierarchical digital twin of a Naval DC power system has been developed and experimentally verified. Similar to other state-of-the-art digital twins, this technology creates a digital replica of the physical system executed in real-time or faster, which can modify hardware controls. However, its advantage stems from distributing computational efforts by utilizing a hierarchical structure composed of lower-level digital twin blocks and a higher-level system digital twin. Each digital twin block is associated with a physical subsystem of the hardware and communicates with a singular system digital twin, which creates a system-level response. By extracting information from each level of the hierarchy, power system controls of the hardware were reconfigured autonomously. This hierarchical digital twin development offers several advantages over other digital twins, particularly in the field of naval power systems. The hierarchical structure allows for greater computational efficiency and scalability while the ability to autonomously reconfigure hardware controls offers increased flexibility and responsiveness. The hierarchical decomposition and models utilized were well aligned with the physical twin, as indicated by the maximum deviations between the developed digital twin hierarchy and the hardware.
2. International Journal of Computer science and Engineering Research and Development (IJCSERD),
ISSN 2248- 9363 (Print), ISSN- 2248-9371 (Online) Volume 4, Number 2, April-June (2014)
42
from financial, economic and military sectors. Phishing scams have progressed drastically
and they are not restricted to common phishing attacks in which the victim is sent a spoofed
email and lured to provide PSI and BSI.
Traditional techniques used by Phishers involved use of the following techniques:-
1. Spoofed emails asking for PSI & BSI
2. Obfuscation techniques
3. Webchat/Chat Rooms
4. Compromising a Web server and hosting a phish link.
Traditionally Phishers used Sensitive personal information for committing high value
crimes such as Identity theft and electronic fraud. These were targeted at individuals .Victim
receives an email and in the spoofed email content generally gives a very legitimate sounding
reason along with a sense of 1.Hope, 2.Urgency, 3.PSI, 4.Highly confidential info, 5.Threat
and fear. As phishing is combined with human emotions it is has been also termed as “Social
Engineering –Attacking the Human element or The Art of Human Exploitation.”
An example of Spoofed email:
Fig: Cursor placed on top of email id gives the actual email-id
Fig: Spoofed email asking for PSI
3. International Journal of Computer science and Engineering Research and Development (IJCSERD),
ISSN 2248- 9363 (Print), ISSN- 2248-9371 (Online) Volume 4, Number 2, April-June (2014)
43
Advanced Techniques used by Phishers:-
Spear Phishing: - This is the most popular attack as it is highly used in APT attacks. The
term Spear Phishing is coined as it’s a much focused attack on a particular
individual/organization/sector fetching detailed information .Spear Phishers uses social
engineering techniques to get detailed information about you including your likes and
dislikes. Using your presence on web (Facebook/LinkedIn/Company/twitter) a detailed
profile is created and phishing attacks are crafted combined with this information which is
much more convincing as it ensures to come from a legitimate source and the content is
highly designed to lure the victim to share PSI and BSI. Also what makes it more powerful is
that it’s combined with advanced malwares which are designed for very specific purpose
ranging from session control, data theft to compromising the whole system.
Whaling-It is a type of phishing attack in which spear phishing techniques are used but are
targeted only at high ranking officers/government officials, Political leaders, and industrialist
both in Private and Military sectors
Fig: Spoofed email from attacker asking to click on link
Vishing-Victim will receive a phone call and asked for SPI and BSI.
Few examples:-
• Receiving a call from Bank to change your password for extra security.
• A call from Credit card companies asking yourself to confirm your identity or your
account will be closed immediately or in next 24 hrs .Similarly asking victim to enroll
for Credit card services with lots of good benefits (Free movie tickets/50% off on
hotel bill or reward points) and share all his details in form of online scanned
documents are few good tricks.
• Even highly qualified employees fall prey to a phishing attack as when you receive a
call on your office landline number most of them never bother to ask why or who is
calling .Identifying yourself as a helpdesk spoc person and asking the employees to
change their password to your choice or asking them to perform a specific action of
your choice (Running an exe or clicking on a link).This may jeopardize security of the
Org. As the threats are both internal and external, one should always be careful.
4. International Journal of Computer science and Engineering Research and Development (IJCSERD),
ISSN 2248- 9363 (Print), ISSN- 2248-9371 (Online) Volume 4, Number 2, April-June (2014)
44
Smishing:-Sending specially crafted text messages asking to click on links send via mobile
messages or share their SPI or spreading false information. Few example of smashing are
given below
1. Victim receives a sms that he has won 10000 $ to transfer click on link.
2. Victim receives a sms to download an app for free. The app may be a spoofed version
of any popular game, social network app like Wechat, Whatsapp or bank.
As most of the mobiles are android based most of the apps are available for free .Also
many of these apps are combined with malwares specifically designed to read ,modify and
delete any data present in your phone’s memory and memory card. These apps can read your
sms or delete any content present on your phones memory. By installing such app you also
agree to share your OTP as well.
Fig: Spoofed SMS from attacker
Obfuscation Techniques:-
Obfuscation technique comes into picture when the Phishers want to disguise the evil
website link, which is to be sent to victim so that the victim falls for it. Obfuscation means
hiding of intended meaning in communication.
Obfuscation techniques include using Dword/HEX/Octal representation of an Ip
address of any website.
Example: - www.google.com .Ip Address of Google.com is - 173.194.38.166
• Dword Obfuscation:- http://2915182246
• Hex Obfuscation:- http://0xADC226A6
• Octal Obfuscation:- http://0255.0302.046.0246
• Few other techniques are to encode the URL using different forms
Conversion tools are available for free over the internet which can help the attacker to
craft his attacks viciously. Observe that in the above obfuscated URL it is not possible to
know what will happen after you click on the URL. Curiosity is a human factor that
encourages most of us to explore things and in this case if you click on the above link, you
may be directed to a Malware site easily.
5. International Journal of Computer science and Engineering Research and Development (IJCSERD),
ISSN 2248- 9363 (Print), ISSN- 2248-9371 (Online) Volume 4, Number 2, April-June (2014)
45
Now as we know about various Phishing techniques, let’s think how we can use these
techniques combined with the following:-
1. Web Application Vulnerabilities
2. Network Vulnerabilities
3. Advanced tools /kits
4. Exploits
Phishing techniques combined with Vulnerabilities, Advanced phishing kits/tools
and Exploits are so much powerful that they can compromise security of your entire IT-
infrastructure.
Application and Network based Vulnerabilities:-
Few examples of Web Application based vulnerabilities are as follows:-
1. Cross-Site Scripting
2. Frame Injection
3. Link Injections
4. Session hijacking
5. Open Redirection
6. Hidden Element-Web
7. Embedded Objects and links in documents like doc ,images and pdf
8. File uploads-Advanced Malwares etc
These Application related vulnerabilities and many more makes a Phishing attack powerful.
Now let’s look at few Network Vulnerabilities which boost’s phishing attacks:-
1. Compromised DNS -DNS Cache Snooping/poisoning Vulnerability
2. SMTP Open Mail Relay’s/User enumeration etc
Attack amplification:-
To increase the attack surface, hackers use the following techniques:-
1. Posting a phish link on a forums /blogs/group chats to get the max victims
2. Mass emails
3. Mass Mobile messages
4. Spoofed Apps(Games/Social chat)
Thus we complete phase-I i.e. “The Art “involved in phishing
Now that everything is known about the” the Art “, let’s start” Stealing
Phase –II Begins - Attacking the Human Element
Before we begin please note the below points:-
“Targeting any individual/Organization with any kind of phishing attack or in any way which
can harm an individual or organization without prior written confirmation/consent from right
authority will certainly put you into a lot of trouble. Please note that it is a “Crime” and is
against the law .So please do not perform the below steps or use any tool/kits until it’s a
pentest with proper approvals from the right authority.”
Information shared within this article is only for educational purpose and is shared for
spreading awareness about phishing attacks and how to secure yourself as an
individual/Organization .Please do not misuse it. Author of this document/article is not
responsible for misuse of the information contained within this article.
Let’s begin with Offensive security professional’s favorite SET- “Social Engineering
Toolkit “which is an open source toolkit.
6. International Journal of Computer
ISSN 2248- 9363 (Print), ISSN- 2248
As we can see it has the
email to Third Party Module are listed and each and every module is combined with
numerous methods
Let’s take a quick look into how the attack can be crafted
you can see in the below screenshot
achieve via any of the listed methods.
Above attacks can be used dig login credent
browser exploitation to root level access.
We have another most popular tool called as “Phishnix”
Phishnix is a social engineering solution that assess and trains employees on the risks
of phishing. Phishnix develops
organization. This scenario will be sent out to employees and Phishnix will track how the
International Journal of Computer science and Engineering Research and Development (IJCSERD),
2248-9371 (Online) Volume 4, Number 2, April-June (2014)
46
Fig: SET Overview
As we can see it has the most advanced ways for Phishing ranging from Phishing
hird Party Module are listed and each and every module is combined with
take a quick look into how the attack can be crafted using these methods
below screenshot the attack depends upon what the attacker is trying to
achieve via any of the listed methods.
Fig: Attack Methods
Above attacks can be used dig login credentials of any victims via session hijacking,
to root level access.
We have another most popular tool called as “Phishnix”
is a social engineering solution that assess and trains employees on the risks
Phishnix develops a phishing scenario that is realistic and relative to your
organization. This scenario will be sent out to employees and Phishnix will track how the
science and Engineering Research and Development (IJCSERD),
June (2014)
most advanced ways for Phishing ranging from Phishing
hird Party Module are listed and each and every module is combined with
using these methods. As
the attack depends upon what the attacker is trying to
any victims via session hijacking,
is a social engineering solution that assess and trains employees on the risks
a phishing scenario that is realistic and relative to your
organization. This scenario will be sent out to employees and Phishnix will track how the
7. International Journal of Computer science and Engineering Research and Development (IJCSERD),
ISSN 2248- 9363 (Print), ISSN- 2248-9371 (Online) Volume 4, Number 2, April-June (2014)
47
employees respond. This provides organizations with a view of their human firewall and
insight into where the vulnerabilities exist within the human firewall. Phishnix further
leverages the teaching moment created based on the user's response and generate an action
plan that can be implemented to avoid future pitfalls. Phishnix helps your organization to
build the first line of defense by increasing an employee's awareness to phishing; thus
Phishnix plays a vital role in an organization's anti-phishing strategy
We can use phishnix to deliver specially crafted spoofed email to be sent to the
victims.
Also the best part of this tool is that it will analyze the data and provide information
about how many employees were victims of the attack. Also it is capable of collecting data
from users if required to be presented in an audit session.
Exploitation and Post Exploitation:-
Now that we know about attack methods ,lets dig the third bit Exploits and
Exploitation.
Advanced URL Obfuscation techniques: -
1. Use Clone page attack to get the same page as hosted by a live server
2. Use any of the Obfuscation techniques mentioned above and combine as per your
needs.
3. Use URL Shorter service (Google URL shortner/tiny URL) which is freely available
and shorten your URL .Now you are ready for a real world attack.
4. Send the phish link to the victim.
Credential Harvesting Attack via Web attack vectors:-
The below yahoo.com webpage was opened by clicking on a malicious link by victim
which was sent to him by an attacker using Credential Harvester attack. If you observe the
URL closely, the Ip address using which the link was opened doesn’t belong to yahoo.com.
This IP belongs to an attacker on which the website is hosted.
8. International Journal of Computer
ISSN 2248- 9363 (Print), ISSN- 2248
Fig: Victim tricked to click and login into Evil Page
Fig: Session established from Attacker system to victim’s session
Fig: Login Credentials output Using Credential Harvester attack
International Journal of Computer science and Engineering Research and Development (IJCSERD),
2248-9371 (Online) Volume 4, Number 2, April-June (2014)
48
Victim tricked to click and login into Evil Page
Session established from Attacker system to victim’s session
Login Credentials output Using Credential Harvester attack
science and Engineering Research and Development (IJCSERD),
June (2014)
Login Credentials output Using Credential Harvester attack
9. International Journal of Computer science and Engineering Research and Development (IJCSERD),
ISSN 2248- 9363 (Print), ISSN- 2248-9371 (Online) Volume 4, Number 2, April-June (2014)
49
Once the data attacker needs is collected, they can have all the data built into form of a report
which will contain your username and password as well. Similar process can be used to craft
credential harvesting attacks for various different websites as and when required.
Phase III- Gaining Root Access-(Victim Pawned) via Phishing Attack
Few Exploits and their descriptions are as follows which can be used to gain system level /
Root Level Access
Gaining Root Access
1) Windows Shell
Reverse_TCP
Spawn a command shell on victim and send back to
attacker
2) Windows Reverse_TCP
Meterpreter
Spawn a meterpreter shell on victim and send back to
attacker
3) Windows Reverse_TCP
VNC DLL
Spawn a VNC server on victim and send back to
attacker
4) Windows Bind Shell Execute payload and create an accepting port on
remote system
5) PyInjector Shellcode
Injection
This will drop a meterpreter payload through
PyInjector
There are more than 300+ exploits available on the internet each pertaining to
different products (Software’s/Browsers/Document/OS/System level).
Steps for gaining root access
1. Choose any one of the above exploits and run
2. Share the evil link with the victim,
3. Backdoor will be installed, as soon as victim clicks on evil link.
4. And the session is established
Fig: Using Aurora exploit for taking root access
10. International Journal of Computer
ISSN 2248- 9363 (Print), ISSN- 2248
Steps to follow after using any of the exploits and gaining system level access/root
level access:-
1. Take control of user’s session
2. Create a user with privilege
3. Try to gather as much information as you can as required as a part of your Advanced
Persistent threat exercise
4. The main aim as a part of this APT Phishing exercise should be
compromised one system, look for another system attached/ connected to it until you
find a system with Active Directory and try to compromise the same by dumping as
much data as required .
5. Install few more backdoor’s and c
Fig: Gained Root access to victim’s system
Fig: Dump
Phase IV -Securing the Human Element
Following are the Counter measures
Don’ts
Do not click on any links which seems suspicious.
Don’t open any documents, images or pdf file
users, they may trigger unwanted actions.
Don't put too much information (SPI) about yourself on the internet
(LinkedIn/Facebook/twitter) exam
Don’t share any information with email address which uses real organization name but
incorrect email/domain address. Example microsoft@gmail.com
Don’t click on links in e-mails especially any that are requesting priva
Attackers use URL shortner for hiding the intent hidden with the evil link. Don’t click on tiny
(bitly/adsfly) URL or URL which have no meaning or sense
International Journal of Computer science and Engineering Research and Development (IJCSERD),
2248-9371 (Online) Volume 4, Number 2, April-June (2014)
50
fter using any of the exploits and gaining system level access/root
session.
Create a user with privileged access-hidden mode and dump the hashes.
Try to gather as much information as you can as required as a part of your Advanced
The main aim as a part of this APT Phishing exercise should be once you have
compromised one system, look for another system attached/ connected to it until you
find a system with Active Directory and try to compromise the same by dumping as
nstall few more backdoor’s and clear all the logs generated as a part of this exercise
Fig: Gained Root access to victim’s system
Fig: Dump hashes from victim’s system
Securing the Human Element
r measures Against Advanced Phishing:-
links which seems suspicious.
images or pdf file which comes as attachment from unknown
users, they may trigger unwanted actions.
Don't put too much information (SPI) about yourself on the internet
/twitter) example your DOB or social security number
Don’t share any information with email address which uses real organization name but
incorrect email/domain address. Example microsoft@gmail.com
mails especially any that are requesting private information.
Attackers use URL shortner for hiding the intent hidden with the evil link. Don’t click on tiny
which have no meaning or sense e.g. http://bit.ly/1dUdYId
science and Engineering Research and Development (IJCSERD),
June (2014)
fter using any of the exploits and gaining system level access/root
Try to gather as much information as you can as required as a part of your Advanced
once you have
compromised one system, look for another system attached/ connected to it until you
find a system with Active Directory and try to compromise the same by dumping as
nerated as a part of this exercise.
which comes as attachment from unknown
Don't put too much information (SPI) about yourself on the internet
Don’t share any information with email address which uses real organization name but
te information.
Attackers use URL shortner for hiding the intent hidden with the evil link. Don’t click on tiny
http://bit.ly/1dUdYId
11. International Journal of Computer science and Engineering Research and Development (IJCSERD),
ISSN 2248- 9363 (Print), ISSN- 2248-9371 (Online) Volume 4, Number 2, April-June (2014)
51
*You may get an email from your friend/relative does not mean they have sent it. Your
friend/relative computer may have been infected or their account may have been
compromised. If you have a suspicious email from a trusted friend or colleague, call them to
confirm that they sent it. Use a telephone number that you already know or can independently
verify, not one that was included in the message to verify
Don’t share any usernames, passwords or transfer money urgently without verifying.
Don’t plug any pen-drives, SD cards and other memory chips you find in your lying on
ground or in your company campus to your company’s laptop/desktop, you may compromise
security of entire company.
Those days are gone when you used to get phishing emails with bad grammar and lousy
spelling mistakes. Now-a-days Phishing emails look more authentic than the original emails.
Do’s
Check the grammar or spelling mistakes.
Use common sense, if an email/call seems too good to be true, it is most likely an attack.
Verify this every time while sharing any PSI or BSI over email.
Use good Antivirus which has Web protections set to on while you are browsing. For
Corporate/Business Use an updated anti-virus program that can scans e-mail and has Anti-
Spam Filter enabled. Few of them also get coupled with browser to show site rating and risk.
Also use Anti Trojan and Anti-Spyware to get rid of any harmful malwares.
Always type a website URL manually for any Banking transactions, financial transactions or
even for social websites like Facebook if you want to be secure.
Use Open VPN for connecting and browsing on internet. Most of them are available for free.
Please observe the”https://” and a lock icon in the address bar before entering any private
information. Ensure all Financial Banking and social networking websites are on secured
channel and has a valid SSL Certificate before performing login and performing any
transactions.
If you put your mouse Cursor over the link, your browser or security software will share the
actual email id/URL
Request for sharing PSI and BSI are a clear sign of an attack .Never share your PSI, BSI over
emails from free email service providers like hacker@gmail.com,
@yahoo.com,@rediffmail.com
Set Internet Explorer as your default browser. Always use Mozilla Firefox in private
browsing mode or Google Chrome in incognito mode for performing any financial
transaction or logging into a Social Networking Website .Always remember to close your
browser after use.
Be aware of any email that requires quick attention or creates a sense of urgency so that you
rush to click on it without thinking.
Always use the preview method provided by email service providers to view the attachments
that come via emails.
Avoid tiny URLs .Use service such as Long URL to view the complete URL. These services
also give you a preview of the URL which helps you to determine whether they are of
malicious nature or not.
Enable One Time Password functionality on Gmail, Yahoo, Facebook and other websites
which you browse regularly and use to transfer SPI.
Disable your Mobile’s internet connection while performing any transaction that involves use
of OTP-One Time Password.
Always dump suspicious emails in trash or marking it spam. Marking spam only once for one
type of email helps your anti spam service to analyze its content and the signature including
12. International Journal of Computer science and Engineering Research and Development (IJCSERD),
ISSN 2248- 9363 (Print), ISSN- 2248-9371 (Online) Volume 4, Number 2, April-June (2014)
52
email-id and host ip details from which the email was received which in turn helps to ensure
that you don’t receive any malicious emails in future.
Download Software Products only from authentic sources or for business purposes from
companies own software store and keep them updated with latest versions and patches.
Use Mobile Device Management solutions if you permit your employees to use Smart Phones
to connect to company’s network or storing companies BSI.
Download only those apps from android market which have been downloaded by at least
100000+ users. This doesn’t guarantee but would limit the possibility of you falling for a
Smishing attack.
Never speak of company’s secrets, SPI or BSI in public places. Example: Discussing
Network diagram of your company over a cup of tea with anonymous people in public places.
Spread and share awareness about phishing attacks and prevention.
If you find any pen drives lying anonymously and if you are greedy enough to own it. Use it
in own your home laptop and make sure you are not connected to internet. Also scan Pen
drive for malware, Trojans and spyware. Make sure you open it on a VM.
Make use of paper shredder in your organization and install it next to printers. Dispose of any
confidential information using it. Ask the employees to collect their prints within 15 minutes
from the time of print action.
Never share your debit/credit cards at ATM centers. If you are not able to use it, request the
concerned security personal present at ATM center for help and not to ask to person standing
next to you. Always press cancel button two times once your transaction is complete.
Conduct Phishing exercise within your company to analyze how vulnerable are your
employees. Arrange a session for your friends and employees to generate awareness against
phishing.
If you come across any phishing website, please submit it at www.phishtank.com.
Use https://www.virustotal.com and scan any suspicious URL before browsing it.
Also send a Phishing Awareness email monthly once to your employees. So that they will be
prepared for the worst and this exercise would definitely stop and limit any kind of phishing
activity within your network.
Financial Losses via Phishing Attacks
Fig: Financial Loss from Phishing Attacks
13. International Journal of Computer science and Engineering Research and Development (IJCSERD),
ISSN 2248- 9363 (Print), ISSN- 2248-9371 (Online) Volume 4, Number 2, April-June (2014)
53
Financial loss from phishing occurs in Millions of dollars. India ranks third in the
world which is prone to phishing attacks. Last year financial loss was 28.8 million dollars.
“Don’t have false assumptions that you will never be targeted. Beware you may be Next.”
REFERENCES
1. Technical Trends in Phishing Attacks by Jason Milletary-CERT Coordination Center
2. Phishing Awareness –by Navy Information Operations Command (NIOC) Norfolk
3. https://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201302_en.pdf
4. http://www.moneycontrol.com/news/features/phishing-for trouble_648789.html
ABOUT AUTHOR
Avinash Sinha is a Security Consultant working with Aujas. Previously he has worked with
IBM India Pvt Ltd as an Application Security Consultant for 2.8 Yrs. His key area of interests
include Vulnerability assessments, Secure Code review, Security research, Penetration testing
and professional interest focuses on network infrastructure protection.
Amruta Moon is working as a faculty at G.H Raisoni College of engineering. She has
completed her M.Tech in Software Engineering from Sagar institute. Her keen area of
interest includes security research, image analysis and programming.