Learning CyberSec One at a time!(Part

January 27, 2024

Hey learners, 
hope it’s been a good day. 
Let’s start with no delay! Let’s discuss some more wonderful topics by diving deep inside them. **1. CCTV architecture
**CCTV is short for Closed-Circuit Television, We all are aware of these tiny devices placed literally everywhere watching us with their little red blinking dots. Now coming to their specifications, they are two types first one is the analogue old generation CCTVs and the other one is the modern CCTVs which we can see in today’s world. Analog ones work over wires and hardware combination, just transferring the feed they catch, while modern ones can do a lot ; Capturing feed and uploading it into the cloud, detect motions, sending alerts and a lot mlre, These modern ones are alloted a network where the device owner logs into and access the camera’s feed while being away from their home network, in-short “remotely accessible” . Since it’s a broad term i won’t go into much details. That’s the gist. Oh and those networks are mostly poorly configured, often a tasty delight for brute force attacks. 2. Web scrapping
Web scrapping is a method where the contents of an openly-public website gets copied and downloaded(often with proxy to hide their identities), The methods include copying whole Web’s anatomy including its data which is being transferred, All one need is a bit of python scripting and knowledge of right package library and that’s it! Web scrapping is very common in adult sites and sites with huge traffic, These people scrape them and host that content in their own domain to get online traffic. By getting the traffic they can use ads to get huge revenue. 3. Iphone’s Closed Environment
I was always amused by iPhone’s Ecosystem, iPhone is like a plant kept in a safely sealed jar with everything inside the jar to support itself. iPhone is safe because it simply blocks the probability of attack vectors happening without user’s knowledge outside. From the updates to appstore everything is closely monitored and secured, to get into an iPhone an attacker need to plan highly complex and sophisticated attacks such as “operation triangulation”. It comes at the cost of high moderation, apple boasts about it’s privacy, but i highly doubt it. These days privacy is a myth be it in any Device. 4. Payload Integration
To understand Payload Integration, We have to know “what is a payload?” a payload is a small package that an attacker sends it to the victim(contains plausible malware to get control the device), It goes off after the victim execute it via opening it, Now people are not so dumb these days like the 90s right? We have to integrate into a highly click-able form of creation such as a JPEG, PNG, PPT, APK, MP4 etc. The trick is not only to get your victim click it but also believe that they are still safe, i.e. not realising that they are pwned. The file should work as it’s supposed to be after the device gets pwned, that’s how the integration should work. I’ll discuss the integration into more clearer steps some other time, I’m kinda running late on schedule these days. **5. Modern encrypted Ransomware **
Finally, ransomware. My favourite topic to discuss, ransomware is a part of the Malware family (obvious), What it does is, after successful execution the device gets encrypted and a paywall can be seen asking for payment to be done for decryption of encrypted files.(mostly in bitcoin) < It’s super interesting on how fast these ransomware work, We’re talking 10–15 seconds upon execution. I’ve seen ransomware such as blackhunt, lockbit and blackbasta they take less than 20 seconds to gain full encryption status. These are mostly written in python, Java and c++. The attacker group obfuscate the code so that nobody else can reverse engineer it.