Kartier Pohs

Monday, August 1, 2016

Canara Bank Website Hacked by Pakistani Hackers

Today canara bank website is hacked.According to a facebook post , a pakistani hacker named "Faisal 1337" claimed that he hacked the website of canara bank.Actually he hacked and defaced the payment system of canara bank.
The hacked website link is https://epayment.canarabank.in/

Canara Bank Website Hacked by Pakistani Hackers

Accroding to Facebook Page(https://www.facebook.com/Pakistan1337) of "Faisal 1337" ,he hacked canara bank payment system around 9AM today.
He posted about this on his facebook page.

Canara Bank Website Hacked by Pakistani Hackers

Hackers posted message on the defaced page that "We are team Pak Cyber Attackers,If need security then contact us."

Here is a screenshot of the defaced website

Canara Bank Website Hacked by Pakistani Hackers

Website was defaced for more than 2 hours with this message on website. Now they are trying to recover it since the defacement page is removed and redirected to another temporary website.
This is one of the biggest incident for banking system since payment system of canara bank is hacked.So the hackers can misuse it and bank may face a big loss untill unless the website is recovered and patched.

Read more ...

Tuesday, May 17, 2016


We always think of a hot lady to be dangerous and unbeatable in the field of acting, modeling, and their hot and sizzling role in magazines, but now Women matching every game of Man's shoulder to shoulder from a field of sports to hacking. Women regarded as being less informed about the complicated theory, coding of computers and technology. But now with coming time we have seen hot ladies creating deadly viruses and are not any more calculated to underestimate easily. Some of the hot lady hackers are:

1. Adeanna Cooke:
A classy hacker and a model famous with a name of ‘Hacker fairy’ is quite popular amongst best Hackers of world. Adeanna Cooke, known worldwide as a great international model regularly featured in Playboy. She is a well-established and self-trained hacker and amateur computer programmer.
She was cheated by a friend who uploaded nude pictures of her on the website to make money and to show her in a bad light. She hacked the website and removed all her pictures before calling to Cyber-crime authorities. Not only she removed her pictures but also removed the objectionable pictures of other girls.

2. Xiao Tian:

Xiao Tian is a famous hacker from China. She was born on 6 September 1989. Xiao Tian made a group of hackers known as China Girl Security Team as she felt teenage girls like her can prove their skills in this male dominating world. She was the leader of the group whose members reached more than 2,200 women hackers in numbers.
His group counted on performing many notorious activities of hacking and become one of the biggest female group of hackers in China. They continue to revive the attention from national and international police organizations due to their activities.

3. Anna Chapman:

Anna Chapman is a Russian hacker. She got married to a British citizen based in London, Alex Chapman. She was known to be an active agent of Russian Federation. With her gorgeous and fascinating looks she always gains the attention of the media and working as a TV host, and able to hide her illegal work for Russia.
In 2010, she got arrested with ten other hackers in New Yew York on a charge of being accused of spying for the Russian Government. She was sent Back to Russia as a prisoner, and she also lost her US citizenship. After coming back, she was nominated as the public council of the young guard of United Russia in a Russian political party.

4. Kristina Svechinaskaya:

She is a Russian Hacker specialize in Zeus Trajan. She was born on February 16, 1989. She is known to be a mule money hacker. After her father’s death, she went to New York and completed her studied at New York University.
She has attempted to defraud several British and U.S. banks of millions of dollars using a Trojan horse and attacked thousands of bank account and opened five accounts in Bank of America and Wachovia which received $35,000 of money theft.

5. Ying Cracker:

A hot girl from Shanghai, China is a hacking teacher. Ying Cracker’s never counted on the list of illegal or unethical hacker though her work is neither her work is exactly clean. She regularly teaches core basic hacking, takes workshops and training classes of hacking.
Ying Cracker is an expert in hacker software writing, and she charges a good amount of money for courses on the simple hacking tool. She helped many people in cracking Software.

6. Gigabyte:

Her real name is Kimberley Vanvaeck is a virus maker who was born and brought up in Belgium. She is known for making deadly high-end viruses such as Coconut-A, Sahay-A, and Sharp-A. Her viruses are not meant to get any sensitive information but to destroy them.
She was the age of 17 when she released a virus called sharpie in #C language. She was the one who credited for writing the ever #C virus. 
7. Joanna Rutkowska:

Joanna Rutkowska is not only an ethical hacker but a polished computer security researcher. She is Specializes in developing software and tools to counter hacker in the worldwide. In 2006, she presented an attack against Vista kernel protection mechanism, and another technique dubbed as Blue pill. This blue pill used hardware virtualization to turn in Operating System into a Virtual Machine.
Rutkowska also launched her security services lab known as Invisible things Lab in Warsaw

8. Raven Alder:
Raven Alder was born in Mississippi, USA. She works as a Security Consultant at True North Solutions. She is best known for tracing spoofed distributed denial of service attacks Area of expertise: ISP Backbone networking, protocol decoding and design, Linux/BSD security and cryptography.
She was the first women to present a technical presentation at DefCon hacker conference in Las Vegas. She works with several companies to help them in protecting their online database.

9. Jude Milhon:

June Milhon was an author as a hacker in the San Francisco Bay Area. Jude died due to cancer on July 19, 2003. She started as a computer programmer in 1967and worked in a company known as Horn and Hardart in New York. She was also a member of Computer Professionals for Social Responsibility.
Throughout her life, she wrote many books and worked for in many magazines. She pushed against those people who believed that hacking is nothing just a Crime. 
10. Natasha Grigori:

Natasha Grigori started her career as a hacker in 90-80’s. She helped people in share release and hack various software. In the year she founded an antichildporn.org and anti-child porn organization. This website got the attention of many people and crusaders against online child pornography. It made her famous and popular.


Read more ...

Saturday, March 5, 2016

Cross Site Scripting Vulnerability in CISCO.

CISCO is a well known company that designs, manufactures and sells networking devices.While testing on website of CISCO i found a stored cross site scripting vulnerability there.I reported this vulnerability to CISCO , after a long conversation they fixed the bug and awarded me an Appreciation certificate after 3 months.

Vulnerability Type: Stored XSS
Vulnerable Link: https://res.cisco.com

Payload used:  "/><img src=x onerror=prompt(/XSS-Tested-By-Yogesh-Prasad/)>

Reproduction steps:
1-Go to  https://res.cisco.com/websafe/login.action
2-Login to your account.
3-click on compose message and send a message to any email(x).
4-Now you will find an  attachment in email(X) with .html extension.
5-Click on view on attachment.
6-Now in To section,you will foind a dropdown,"select address not listed"
7-Click on open,Click on yes during confirmation.
8-Now in email box use the above given payload Payload used:  "/><img src=x onerror=prompt(/XSS-Tested-By-Yogesh-Prasad/)>
9-Press Enter and you will get the "popup box" generated by XSS.

Proof : 
Cross Site Scripting Vulnerability in CISCO.

Appreciation Certificate Awarded by CISCO :

Cross Site Scripting Vulnerability in CISCO.

Read more ...

Wednesday, January 13, 2016

25 Top-Paying Certifications for IT professionals

Being certified professional is a fastest way to advance your career in the IT industry. Whether you work for an enterprise, a small business, government, healthcare or any other place that employs IT professionals.

25 Top-Paying Certifications for IT professionals

Here are some top paying certifications for IT professionals which will help you to get hike in your salary and your knowledge also.Here is a list of top 25 IT certifications which plays a very important role in growth of a IT professional.

1. Certified in Risk and Information Systems Control (CRISC)

2. Certified Information Security Manager (CISM)

3. Certified Information Systems Security Professional (CISSP)

4. Project Management Professional (PMP®)

5. Certified Information Systems Auditor (CISA)

6. Certified ScrumMaster

7. Cisco Certified Design Associate (CCDA)

8. Citrix Certified Professional - Virtualization (CCP-V)

9. Cisco Certified Network Professional (CCNP) Routing and   


10. Juniper Networks Certified Internet Associate - Junos (JNCIA- 


11. Microsoft Certified Systems Engineer (MCSE)

12. ITIL v3 Foundation

13. Certified Ethical Hacker (CEH)

14. VMware Certified Professional - Data Center Virtualization  

15. Certified Novell Engineer (CNE)

16. Citrix Certified Advanced Administrator (CCAA) for XenApp      $93,831

17. Citrix Certified Enterprise Engineer (CCEE)     


18. Citrix Certified Associate - Virtualization (CCA-V)    

19. Citrix Certified Administrator (CCA) for Citrix XenServer 6       $92,695

20. CCA for Citrix XenDesktop 6     

21. Microsoft Certified IT Professional (MCITP): Enterprise  

22. CCA for Citrix XenApp 6  

23. Red Hat Certified System Administrator (RHCSA)     

24. Certified Novell Administrator (CNA)     

25. Microsoft Certified Systems Administrator (MCSA)     

Source :- http://www.globalknowledge.com/training/generic.asp?pageid=3736

Read more ...

Saturday, January 2, 2016

What is the market of CEH(Certified Ethical Hacker) ?

CEH(Certified Ethical Hacker) is an International recognized certification by EC-Council for Information Security Professionals.CEH is a good option for entry level security professionals but it is no more helpful to get a job. It  is just an eligibility criteria of most of the companies to have CEH certification with them to fulfill companies policy.
What is the market of CEH(Certified Ethical Hacker) ?

All depends on your knowledge ,how much strong is  your technical skills.The thing is recruiter would want to see how much you really know because there are institutions which can help you achieve certifications easily.you will be certified but you won't really know anything.
From the survey, India needs about 5 lakhs CEH in coming years.No doubt there will be a huge requirements of CEH professionals in Information  Security domain.So finally i can say that it is x-factor to have CEH with you but it is useful just to fulfill the eligibility criteria for a job , rest depends on your knowledge.
No doubt that you can get a handsome package in Ethical Hacking as compare to another domain but don't think that if you have CEH certification then you can get a handsome package.You need to have good understanding of all the modules of CEH and knowledge of current corporate standard like ISO/IAM/VAPT etc.

You can check the course content and details description about latest version of CEH certification i.e. CEH v9 from the official website of EC-Council http://www.eccouncil.org/

Suggested post : How to learn Ethical Hacking from scratch ?
Read more ...

Friday, January 1, 2016

How to save your important data if someone hacked your gmail account ?

Gmail is a frequently used and most popular Email service by Google.Most of the people use Gmail for their email service.Gmail is itself very secure but sometime gmail accounts get hacked because the lack of awareness of user.
How to save your important data if someone hacked your gmail account ?

If you think there is any software in world to hack a service like Gmail then you are completely wrong because there is no software in world by which any hacker can hack Gmail. If someone claims to have software and tell to download them then it is completely spam and may have any trojans/backdoors attached with it. So these types of services only get hacked if user is not aware about the email attacks and security services provided by Gmail.
If you think or have doubt that some hacked your account then you can check it by seeing your account details(option provided by Gmail). For that go to your Gmail account and "at the bottom right" just below Last account activity click on "details" and you will get a chart of web sessions about your gmail login.

Here you can see
Access Type, Location (IP address) and Date/Time
if you find something suspicious then you should report it to near cyber crime cell about this incident.

So the best security option is provided by Gmail is 2-Step Verification . Always enable 2 step verification in gmail account. If you have enabled this option then no one can use your sensitive data in the world even they have your gmail Username/Password. But only thing to remember that don't share your mobile phone with anyone which you are using for 2 step verification.
Another suggestion to secure your email is that make your Email-id dead means don't share this email to third party.Don't share this email with anyone where it is not much more important .Keep this email for official purpose only so if you don't share it with unknown resources then no one will be aware about your email id and it will be out of from hackers/attackers.
Read more ...

Major bug bounty and disclosure programs for Bug hunters.

Here is a list of Bug bounty,disclosure programs announced by major companies who take security of their website at high priority.This list will help all bug hunters to find each and every website easily for vulnerability assessment.

Major bug bounty and disclosure programs for Bug hunters.
 This list is taken from the http://bugcrowd.com/ . So to check the upcoming programs please visit the Bugcrowd website for up to date information.









































































































































































































































































































































































































































































Read more ...
Copyright 2015 @ Yogesh Prasad