What your browser knows about you?

When considering privacy and security of our data it is important to know what details grab by our browsers in day to day life and how they collect those data and how we can mitigate or prevent from being revealed ourselves.

To get know what details a website can grab through your browser visit following sites.

https://panopticlick.eff.org ; This site reveals your screen size and colour depth, browser plugins, time zone, keyboard language type, system fonts, platform and other things.

https://clickclickclick.click ; It is super for getting weird. This site shows your mouse location, whether it is moved or not. Time you spent in the site.

http://webkay.robinlinus.com/ ; This site shows your location, operating system, browser version, plugins, cpu cores, gpu details, battery percentage, local and public ip, isp location, social medias logged in, gyroscope if it is a phone or tablet without any button click. there are some other tests also. You can test your network by clicking on a button, demo of click jacking scenario and auto fill phishing demo. These tests indicates how any site can extract details from your browser and make those for malicious things. Important thing is using it's page source you can learn to write javascripts which can extract details (you can use its JS functions).

Miss concepts of TOR and How to use TOR

The Onion Router or the well known TOR is the most popular platform for being anonymous by freed from clearnet. For years it had well recognition for anonymity, but lately there was some bad news regarding the security of the TOR network, revealing TOR users and some of security breaches. Some of these has been exposed, but some of them are in a blackhole inside this network. As a result there is a trend to use a VPN with TOR browser. There are lots of guides to configure TOR with a VPN. Some of these solutions has raised because of the miss concepts. Therefore before getting into correct or wrong of these news and solutions, it must have to take a look into what happens inside TOR.

VPN setup for kali

VPN is a essential part in using kali. Here is a simple setup of vpn for kali.

• Go to https://www.vpnbook.com/freevpn and download ovpn config files to kali.
• Place them in an accessible place.
• Install ovpn

Link shortner for bypass phishing detection bitly

Recently there was a huge video link scam based on facebook users for hack their fb accounts. It is a phishing attack which is prompting for user name and password for fb login.

Message actually comes as a video which claims that victim was there. As its comes from user's friend and he/she was in the video most of victims open the link with the panic situation. Then it will goes to fb login page which user needs to put there user name and password. Finally the hacker will take the control of victim's fb account. Then hacker will send the same message to victim's friends also.

Important thing in here it has used bitly for short and mask phishing site's url.as it is shorten fb phishing site detection could be bypassed by the hacker. Therefore bitly.com is a good site for short your phishing site's link and bypass the phishing site detection

Wiper malware steps

1. Steal credentials from browser and system.
2. Spread to other systems using psexec and WMI tools.
3. First delete all shadow copies of files and windows backup catalogs.
4. Turn off recovery mode.
5. Delete system logs.

This will cover tracks and making difficult to recover