Phishing 

                

        Phishing is an act of stealing someone’s personal information such as usernames, passwords, credit card details, account details, & other sensitive information by behaving as a trustworthy entity. Most attackers associate phishing with email messages which spoof or mimic credit card companies, auction sites such as eBay, online business sites like amazon & flip kart, etc. This email messages seems so real from the content of the message that it is difficult to conclude whether it is real or fake message. Phishing is an use of social engineering tactics to trick victims into revealing sensitive informations. There are many types of phishing such as Deceptive  phishing, Malware-based phishing, keyloggers, session hijacking, Web Trojans and many more.

Deceptive phishing

                      Emails are broadcasted to a wide group of people asking the need to verify banking account information, system failure require to re-enter their personal information, fictitious account charges. The victims easily get fooled by this emails and reveal their personal information by responding to this emails.

Keyloggers

               It is a practice of recording the key struck on the keyboard typically in a secret manner so that the person using the keyboard is unaware that such action are being monitored. Keyloggers is quicker and easier way of capturing the passwords and monitoring the victims actions.

                                              

WikiLeaks

                 WikiLeaks is an international non- profit corporation that bring outs secret information, classified media , leaked secrets , leaked news provided by unknown sources. It is website where whistleblowers can give secret informations anonymously. Its website started in Iceland in the year 2006 by the organisation sunshine press. It claims a database of 10 millions documents in 10 years. Julian Assange is the founder & director of wikileaks. Wikileaks has released many number of prominent documents. Early release of wikileaks include documentation of equipments expenditure in Afghanistan war. Wikileaks also released a report informing corruption investigation in Kenya. Other releases of wikileaks includes the collateral murder footage from the 12 July 2007 Baghdad airstrike, Afghan war diary , the Iraq war logs and so on. The main purpose of wikileaks is to bring out important information & news to public.

Mariana web

Mariana web is the deepest web on the internet often called as the fifth layer of the web even deeper and more dangerous than dark web and deep web. As I told in my previous blog dark web can only be surfed only if you have the address of that specific website. Its name is derived from the Mariana trench which is often known as the deepest point of the oceans on the earth. It is believed that the top secrets of the government can be found in Mariana web. But its very difficult to enter into Mariana web. To enter Mariana web onw would need super computer or quantum computer which has high processing capacity.

           

Dark web 

     The dark web is the part of World Wide Web whose content only exists on dark net & overlay network(network built on the top of another network). It is encrypted network that exists between TOR servers & their users.To access dark web one needs specific software,configuration or authorisation.Darknet websites are accessible through TOR( “The onion routing”) & I2P( Invisible Internet project) networks. TOR allows anonymous access to the internet and I2P allows anonymous hosting of websites.The dark net clients identities & location remain anonymous and not traceable due to multiple encryption.The transmitted information can be decrypted by a subsequent node in the scheme which leads to exit node. It is almost impossible to rebuild the node path & decrypt the information.Dark web is filled with illegal activities or content such as illegal porn(child porn, child abuse,etc), drug markets, weapon markets , weapon exchange for the terrorist, bitcoin scam , hitmans , illegal software’s and much more.

XSS (cross site scripting)

It is computer vulnerability usually found in web applications.
XSS allows attacker to inject client side scripts into web pages viewed by other users.

TYPES OF XSS

Persistent

• Persistent is a type of XSS vulnerability arise when the data provided by the attacker is saved on the server & permanently showed on normal pages returned to the other users.

Non-persistent

• Non-persistent is the basic type of web vulnerability.This loopholes show up when the data provided by the client is users immediately by the server side scripts to change & display a page of results to the user without sanitising request.

Self-XSS

• Self-XSS is the form of XSS vulnerability which depends on social engineering to trick the victim to execute malicious Js code in to their browser.

Mutated XSS(mxss)

• MutatedXSS is the type of XSS vulnerability usually happens when the attacker injects something that is apparently safe but rewritten & changed by browser while analysing the markup.