Antivirus




An antivirus is software that protects our system from malware like viruses, trojans, backdoors, etc. To prevent our computers from this malware, antiviruses are installed. This also protects our data from getting leaked, provides email protection, browsing protection, and much more.

There are many Antivirus, but the most powerful Antivirus are:
  • ESET NOD32 Antivirus
  • Norton Antivirus
  • Avast Antivirus
  • Kaspersky Antivirus
  • F-secure Antivirus

How Antivirus detects Malware?

Every file has a signature, it tells how the file works and behaves. Antivirus scans that signature and checks in their database which contains a huge database of malware signatures. If the Antivirus has that signature on its database, then it will detect the malware and remove it from the computer.

But what if this is a new malware and the database does not have a signature? Then Antivirus will send the sample of the file to its lab or run directly in a Virtual Environment to check the behavior of the file and if there is something suspicious or wrong the file’s signature will be added to their database and it will be detected as a virus. That is why it is necessary to update the Antivirus daily.

If we download a file and scan it with our antivirus and if it is undetected, does that mean it is safe? No, it does not mean that the file is malware-free as it might be the case that signature of the file is not in the antivirus database. Antivirus can be bypassed with many techniques. So, to overcome these issues you can use an online virus scanner that scans the file using more than 70 antivirus’ databases.

To know more about Online AntivirusClick Here

Antivirus is based on the following methods:

  • Signature-based Detection: It detects malware based on its signature and if the signature matches with its database then the file is deleted and if it does not finds the file’s signature in its the database then takes the signature of that file and sends it to their labs for testing so that they can identify whether it is a malware or not.
  • Cloud Detection: It is based on a cloud server and it detects malware with the help of the server. You need to install only a small client program that will connect to the security service provider's Web Service. On the bright side, this drastically reduces the processing amount needed to keep a system safe. But on the other hand, there can be connection issues and secondly, there is some concern about uploading user data to the server, which can question your security.
  • Heuristic Detection: Detecting Viruses by examining code for suspicious properties. Antivirus de-compiles and examine the source code of the program. This code is then compared with viruses (already known) and in a heuristic database. If the particular percentage of code matches with the heuristic database, the code is flagged as a possible threat.
  • Sandbox Detection: This type of detection is done via an isolated environment like VMs, and the file is tested in VMs to detect any suspicious behavior. It is a good practice to run files in VMs or inside sandboxing tools before running on your main system. Heuristic Detection can also be based on this method. Sandbox detection can be of two types, Standalone and Integrated.
  • Behavior Detection – It detects malware based on its behavior. Example: If a program is using a larger percentage of memory or if the file tries to make a connection which is also known as a reverse connection to an unknown destination then the antivirus will detect and will delete the file.
  • Reputation Based: Reputation-based security is a security mechanism that classifies a file as safe or unsafe based on its worldwide reputation. It works by collecting and tracking several attributes of a file, such as age, source, signature, and overall usage statistics across thousands of users consuming that file. The data is then analyzed within a reputation engine using algorithms and statistical analysis.

If interested in any topic, CLICK HERE:
  • Free Antivirus 
  • Best Antivirus in terms of OS
  • Next-Generation Antivirus
  • Online Antivirus
  • Why Antivirus is Joke/Dangerous
We hope this helps. If any suggestions or doubts you can add a comment and we will reply as soon as possible.

An antivirus is software that protects our system from malware like viruses, trojans, backdoors, etc. To prevent our computers f...

Default Credential for Routers

Generally, a network/security administrator makes the mistake of leaving the default credentials of the router. While performing VAPT, trying to login with the default username and password for the router can help you get access to the router and the internal network. Default credentials can be found in multiple ways. 

The credentials can be obtained from the router hardware itself as they are written on the backside of the router provided you have physical access.
Secondly, you can use the Router Passwords website to find the default password. Passwords can vary with the model number of the router with respect to the company. But some common ones are mentioned below.

 
Router Brand Username Password IP Address
BenQ admin admin 192.168.1.1
D-Link admin admin 192.168.0.1
Digicom admin michelangelo 192.168.1.254
Netgear admin password 192.168.0.1
Asus admin admin 192.168.1.1
Dell admin password 192.168.1.1
Netcomm admin password 192.168.0.1
Netstar admin admin 192.168.0.1
Samsung admin password 192.168.0.1
Sigma admin admin 192.168.0.1
SUN admin admin 192.168.0.1
Telco Systems telco telco 192.168.0.1
Tenda admin admin 192.168.0.1
ZTE admin admin 192.168.0.1
3Com admin admin 192.168.1.1

We hope this helps. If any suggestions or doubts you can add a comment and we will reply as soon as possible.

Generally, a network/security administrator makes the mistake of leaving the default credentials of the router. While performing V...

De-Authentication Attack




Disconnects any client from any network.
  • Works on encrypted networks (WEP, WPA, WPA2)
  • No need to know the network key/password/passphrase.
  • No need to connect to the network.
You can find a detailed explanation for Deauth Attacks form here Concept of De-authentication Attack.

    Requirements:

    • Need Kali Linux installed as a host or as a virtual machine. We generally use Kali Linux as a Virtual Machine. Check this link for how to Install Kali Linux in Virtual Machine.
    • Get the MAC Address/BSSID for the router/access point. Check the section How to scan nearby wireless networks of the post Wireless Network Sniffing.
    • If want to attack a person get the MAC Address/BSSID of the target. Check the section How to scan a specific network of the post Wireless Network Sniffing to get the MAC of a particular person.
    • Wireless Adapter which supports Monitor Mode. We are using ALPHA AWUS036NHA which has an Atheros AR9271 chipset.
    • Your wireless adapter should be in Monitor Mode. Check this link for how to Enable Monitor Mode for Wireless Adapter.
    • It's good practice to change your MAC Address before scanning. Check this link for how to Change MAC Address in Kali Linux.

    Deauth Attacks

    How to deauth everyone from a network

    In terminal, type:
    • Syntax
    aireplay --deauth <no._of_packets> -a <AP_MAC> <adapter_name> 
      • --deauth: to tell it's a de-authentication attack. Instead of --deauth you can type -0.
      • <no._of_packets>: specifies how many numbers of packets you want to send for deauth. 0 (Zero) means infinite or send packet continuously.
      • -a: is an option where you need to specify Target's router MAC Address.
      • <adpater_name>: type the adapter which is in monitor mode.
      • Example: 
              aireplay --deauth 0 -a e2:33:44:55:66:77 wlan0
        • Sending infinite packets to the router's mac address (e2:33:44:55:66:77) using the wireless adapter (wlan0) which is in monitor mode.

        How to deauth specific device from a network

        In terminal, type:
        • Syntax: 
        aireplay -0 <no._of_packets> -a <AP_MAC> -c <target's_mac> <adapter_name>
          • -0: is the short version of writing --deauth.
          • -c: is option where you need to specify Target's Device's MAC Address.
          • Example: 
          aireplay -0 0 -a e2:33:44:55:66:77 -c e2:22:33:44:55:66 wlan0  
            • Sending infinite packets to Target's Device (e2:22:33:44:55:66) which is connected to the router (e2:33:44:55:66:77) using the wireless adapter (wlan0) which is in monitor mode.

            Video Tutorial 


            We hope this helps. If any suggestions or doubts you can add a comment and we will reply as soon as possible.

            Disconnects any client from any network. Works on encrypted networks (WEP, WPA, WPA2) No need to know the network ke...

            TCP/IP 3-WAY Handshake


            When we meet someone the first thing we do is a Handshake to connect with the person (which also tells how strong the bond is or is the person interested in talking). In the same way, the client and the server also need to establish a connection between them before sending/receiving data. Thus a handshake takes place called TCP/IP 3-WAY Handshake.

            TCP/IP handshake is designed in such a way that it helps both the client and the server to initiate, negotiate, and confirms the transmission of packets.
            It is also referred to as SYN, SYN-ACK, ACK. As the above picture states, The client first SYNchronizes its sequence number with the server. The server then ACKnowledges the client's sequence number and SYNchronizes with its sequence number. The client then ACKnowledges the server's sequence number. Three message takes place to complete a handshake using TCP/IP protocol. Thus, TCP/IP Three-way Handshake. (After everything is done there is FIN message to terminate the connection)

            TCP Three-way Handshake Process


            Step 1: The client establishes a connection with the server by sending a segment number with SYN and informs the server. Basically, the client says, "Hi, let's connect. I will number my messages starting from 420."

            Step 2: The server responds to the client's request with an SYN-ACK packet. Well, it should be ACK-SYN as server ACKnowledges the number, and then SYNchronizes its number with the client. Basically, the server replies, "All right, I am ready for message 421 and I will number my messages starting from 786."

            Step 3: The client ACKnowledges the response and establishes a stable connection. Basically, the client replies, "Noted, I am ready for message 787."

            Why is this sequence number important?

            If a message did not receive by the other end because of network traffic the packet got dropped or one message was sent multiple times this would help to rectify this mistake.
            • Detects when messages are duplicate. (Hey, I got multiple copies of message 787. Well I will ignore the others since I already have one.)
            • Detects if the packets are missing. (Hey, I got 787, 788, 790. I did not receive 789.)


            Recap

            Type of Message Description
            SYN Used to initiate, establish the connection, and to synchronize the number. 
            SYN-ACK SYN message is from the local device and ACK is replying to the previous message.
            ACK Confirms to the sending entity that is has received SYN.
            FIN Use to terminate the message.

            We hope this helps. If any suggestions or doubts you can add a comment and we will reply as soon as possible.

            When we meet someone the first thing we do is a Handshake to connect with the person (which also tells how strong the bond is or ...