Whiteboard Security

  Pretexting Cyber Attack Ok friends. Today we talk about pretexting cyberattacks. Pretexting is a form of social engineering where a hacker creates a made-up story or “pretext” to manipulate people into divulging confidential and personal information, such as financial details, or login credentials. The whole idea behind pretexting attacks is that the attacker essentially creates a fake identity to deceive the target and gain their trust to get information easily. This type of attack depends heavily on human nature and the inclination to trust individuals. Let’s go through a made-up example of a pretexting cyber attack to make it easy to understand. By the way, you can support me and my channel on the following link:   buymeacoffee Imagine you have access to a secret password to your favorite game online, and only you and one of your best friends know about it. Now, let’s pretend someone comes up to you and says they’re a new employee sent by the game company, and they n...

  Shellshock Attacks in Cyber Security Ok, friends, I really wanted to make a video about this one. Today is about shellshock attacks. Sometimes, this is referred to as a shellshock bash bug. Actually, most of the time, it is referred to as the  Shellshock bash bug. Shellshock is a vulnerability in the bash shell. Bash stands for Bourne Again Shell, which is a command-line window where users run commands that cause actions in the Unix system. Bash is a basic component of any Unix-based environment. It is like a smart robot that you can talk to by typing words or commands. No graphics. Well, somethings you can create your own if you choose to. It has many tools that you can use to run commands, execute scans, list what is on a system, and so on. What this bug does is change the Unix environment variables to allow a hacker to manipulate these variables to inject malicious code into Bash and basically execute code remotely on any target system that would use Unix. Umm, sorry, I k...

  Dns Spoofing Attack Explained In Cyber Security Ok friends. Today is about DNS spoofing attacks. First, DNS stands for Domain Name System. Sometimes, this is referred to as DNS cache poisoning. This is basically a cyberattack that manipulates the domain name system to redirect network traffic. Basically, what DNS does is translate human-readable domain names (like  www.YouTube.com)  into an IP address that a computer can understand. DNS spoofing is maliciously associating a domain name with a different IP address. Umm, ok, let’s explain this in a different way. But, hey, just wanted to let you know that you can support my content on the following link:  Buymeacoffee Imagine the internet is a huge city, and each website you visit is like a house in that city. Usually, to find a house that you are after, you would use a map. DNS is the map for the Internet. When you type  www.YouTube.com, Your browser asks the Internet for the DNS — you know, the map — for the a...

  Watering Hole Attack explained in Cyber Security Ok friends. For this one, we are talking about Watering Hole Attacks in Cyber Security. But what does Watering Hole exactly mean? Watering Hole  is basically the location where targets gather and meet, much like animals gathering at a watering hole in the wild. From a technical point of view,  A Watering Hole Attack is a type of cyber attack in which the attacker compromises a website that is likely to be visited by their target audience.  The goal is to infect the target’s computer or network with malware by exploiting vulnerabilities in the website or its plugins. By the way, you can buy me coffee on the following link:  Buymeacoffee Umm, ok, but, what does that mean? Look, the whole idea behind Watering Hole Attacks is when an organisation has a solid cyber security structure and cannot be hacked, then this creates a problem for hackers. And because of this high level of security structure, hackers will look ...

  Salami Attack In Cyber Security Ok friends, In this one, we are talking about Salami Attacks. You can watch the full video here:  Yes, you heard me,  Salami . That’s right. Just to let you know, this is the common term. But, from a technical cyber security point of view, the attack is referred to as the Salami Slicing Attack or the Salami Technique. Look, I can’t find the image for a salami right now, but let’s imagine that this is a Salami. Basically, The Salami Slicing Attack is a method used by cybercriminals to steal small amounts of money or resources from a large number of transactions or accounts over time. The whole idea is to make the theft go unnoticed by taking only a tiny fraction from each transaction. Cyber criminals can only hope that the victims or security systems won’t detect these small losses. In these situations, hackers usually follow a structured approach for executing such an attack. By the way, you can support me and buy me coffee on the followi...

  Ok friends Basically, Identity and Access Management is a framework of rules, policies, and tools that ensures that the right people have the right access to resources inside an organization. The primary goal of identity and access management is to control the management of digital identities and access to systems and data while maintaining security and compliance. Identity and access management can have different tools and components. So, in this video, we will look into five of them. These are:  identification ,  authentication ,  authorization ,  single sign-on (SSO) , and  lifecycle management . Let’s explore each one of those components and Imagine you have a clubhouse with different rooms, and you want to make sure only the right people can enter those rooms. So,  Identification : This is like having a secret handshake or a special badge that shows who you are. Every person or computer in your clubhouse needs a way to say, “Hey, it’s me!” Then ...

  Ok friends. Phishing is a type of cyber attack where attackers with malicious intent use deceptive techniques to trick individuals into revealing sensitive and personal information such as usernames, passwords, or even financial information like credit card or bank statement details. Phishing attacks come in a variety of forms, but they always aim to influence and manipulate their victims. Some of the more known types include email phishing, spear phishing, and SMS phishing, each with its own unique approach. The bait is where it all begins. This may be a message, an email, or even a post on social media. The attacker creates a message that captures the target’s interest by appealing to their feelings, sense of urgency, or wonder. Once the target accepts the bait, it’s time to lay the hook. This often involves a call to action, like clicking on links or downloading an attachment. These actions can lead to a phony website that mimics a real one, capturing sensitive information whe...