Reacts Academy

Reacts Academy

Share

A child Academy from Reacts cyber security solutions. Our aim to prepare professional pentesters.

17/09/2022

من أقل من ٤٨ ساعة بدأت تطلع اخبار على منتديات ال dark web وبعدها twitter عن إختراق حصل ل شركة Uber, بعدها بساعات قليلة شركة Uber نفسها أعلنت إن في إختراق و cyber security accident حصلها، اللي يثير الاستغراب اكتر ان اللي عمل كدا شخص واحد مش فريق والأغرب والأغرب إن عنده ١٨ سنة !
شخص واحد وفي السن دا يأكد ان ال attack معتمد على ال phising وال social engineering اكتر بكتير من ال network attacks اللي ممكن نقول هنا العلم الحقيقي ولكن السؤال ازاي عرف يعمل ال network hack دا، وبالفعل التفاصيل ان الولد عرف يوصل لمعلومات ال password وال username الخاصين بموظف في الشركة وبيدخل بيهم عن طريق ال Vpn, الغريب ان اكتشفوا ان الموظف دا مهندس و ف تيم ال security ل uber نفسها !!! ازاي الولد ضحك عليه دا اكتر شيء غريب، المهم بعدها الولد عرف يوصل ل servers جوه الشركة مش موجود عليها اي حماية ! المضحك ان ال servers موجود عليها معلومات مهمة جدا عن العملاء والموظفين لدرجة انه وصل للاكونت بتاع uber على منصة hackerone وهي منصة متخصصة ف ال bug bounty اللي فيما معناه وصل للثغرات القديمة الخاصة ب uber وازاي اتقفلت او الثغرات اللي لسه متقفلتش !!!
مراهق ١٨ سنة هيخسر uber حرفيا ملاين الدولارات
المستفاد من هنا واللي يتلاحظ ازاي شخص جوه الشركة ب صلاحيات مش كبيرة يعرف يوصل ل كل دا ! معنى كدا انه مخوخة من جوه :"D
الشركة دفعت ملاين ف ال bount program بتاعها بس سايبه ال network من جوه بايظه دا الوضع اللي هم كانوا فيه
الاهتمام ب ال Web شيء ضروري لإنه وجهة الشركة ولكن إحنا بنعيش التجاهل لل network في حكمة معروفة نقولها هنا
"Don't color the plastic with gold"

30/08/2022

Cybersecurity in Medical & Healthcare

Technology's rapid advancement has helped create and develop a number of industries, including computer and information technology, banking and finance, healthcare, transportation, and many more, that completely rely on sophisticated software and machines to handle complex equations and critical operations.

Medical and health care organizations are among the most targeted sectors by cybercriminals due to the numerous values that may be used against the victim, such as private patient information including identification and personal data; financial data; blood type; genetic information; health insurance; previous diagnoses files; patient data; operations history; surgery schedule; prescriptive medicine types; drug schedule; etc., which put the patient's life in danger.

The vast number of medical and healthcare gadgets utilized across the hospital creates a massive network that is used to make vital healthcare information open and shareable to all remotely working staff.

Because medical equipment was not designed to survive pe*******on attempts, requiring upgrading security patches to give active guidance to access permissions makes staying on top of security challenging and opens the door to many vulnerabilities for attackers to get access to your system.

Common threats
-Malware/ransomware.
-Unauthorized access or release of patient information.
-Denial-of-service attacks.
-Medical IoT device breaches.
-Identify Theft.
-Phishing attacks.

29/08/2022

Social Engineering attacks are attempts to trick employees into revealing confidential information appearing as legitimate action from a reliable source to gain a foothold inside the system's network.

The social engineer attacks rely on human error, rather than vulnerabilities in software and operating systems.

There are multiple attack methods that hackers can use against employees, the most common of them are phishing, pretexting, baiting, quid pro quo, and tailgating.

Once the attacker gains a foothold inside the system he starts to collect login credentials, credit cards, bank accounts, company data, plans & activities, gathers recon, and install spying applications.

In case of any malicious behavior in your cyber security system. Contact us immediately

27/08/2022

A Man-in-the-Middle attack [MITM]
معروف ايضا ب اسم “Session Hijacking”
فكرة ال attack دا انك بتحط نفسك كوسيط ما بين جهاز موجود في الشبكة والسيرفر نفسه
ال attack دا الهدف الابعد منه انك تصنع session بينك وبين ال server اكنك ال user التاني دا بيتم بكذا طريقة منها مثلا ال "ARP Poising"
وبنجاح ال attack بتقدر تبدأ تشوف المعلومات المنقولة من السيرفر لل user والعكس.
================
A Man-in-the-Middle attack [MITM], also known as “Session Hijacking”, takes place when an attacker inserts himself in the middle of two-party transactions between the servers and the user.

The attacker aims to hijack the session by capturing the session ID using many methods like the ARP Poising method.

By having the private unique session ID, the attacker requests access from servers pretending to be the other party in the session.

Once the attacker gets a foothold in the middle he starts to manipulate data in both directions.

In case of any malicious behavior in your cyber security system. Contact us immediately
================

Want your school to be the top-listed School/college in Cairo?
Click here to claim your Sponsored Listing.

Category

Telephone

Address


Cairo
12345