Secure Sockets Layer (SSL) - An Introduction

In the OSI model a reference model for effective communication we find a layer named transport layer. Just like a physical layer (where viruses attack normally) transport layer also need some sort of security because transport layer is responsible for transmission of data.

So what actually makes transport layer to make the transmission secure and to protect the data from any intruder.

Have you ever noticed that when you visit some website it starts with http:// and whenever you visit some sort of money transfer and other important websites you find https:// point is clear https means a secure communication it means that your data that transfer from this connection secure by using some cryptography techniques.

SSL or secure sockets layer are cryptographic protocols that provide secure communication over the Internet. So what actually a cryptography is " Cryptography is a science of secrete communication".

SSL uses two keys to encrypt data − a public key known to everyone and a private or secret key known only to the recipient of the message.  

HTTP VS HTTPS 

 

The above picture shows that when ALICE sends the confidential information over insecure channel that there is a chance to sniff this confidential information (it might be a credit card information or may be your password etc). So the point is that an attacker can easily sniff this data and can easily read, understand and use for illegal activities because the data transfer in plain text regardless of any encryption it is simply a HTTP connection. 

Now consider the second picture when an user send some sort of information over secure channel means if someone using HTTPS than the data first encrypt by using cryptography technique than it sends over channel, so in this case if someone sniff this data than he/she not able to understand it. 

The above broad picture has clearly shows that HTTPS is secure, but how HTTPS is secure? Because it uses secure sockets layer (SSL). A website can implement HTTPS by purchasing an SSL Certificate.

Where there's a will there's a way. By following this amazing quote some researcher has discovered some ways to crack/hack SSL certificate too. To hack SSL certificate we will post an article later on.

Read More

The Difference Between HTTP and HTTPS

HTTPS : Hyper Text Transfer Protocol Secure HTTPS is combination of Hyper Text Transfer Protocol and Secure Socket Layer protocol(SSL) / Transport Layer Security(TLS) to provide encrypted communication between web server and client. Usually HTTPS used for internet banking, payment transaction, login page, etc. This protocol use port 443 for communication.

Website that already use this protocol is GMail.com, and also other websites such as PayPal, Amazon, etc. 
Let's see the connection between our computer and web server when we made connection using HTTPS using netstat -an. 

As we can see from the picture, client computer opened random local ports and open port 443 on server side.   


Are HTTPS (Hyper Text Transfer Protocol Secure) Secure? 
To answer this question, let's see experiment below. 
In this experiment, there's 2 person in one wireless network BadGuy and NiceGuy. NiceGuy trying to open http://gmail.com then login into it. In different place, BadGuy is in the same wireless network with NiceGuy as shown in the picture below : 

When BadGuy trying to capture all packet data to/from access point, it will be different when NiceGuy using HTTPS for its connection. For more clear description, lets see the image below when NiceGuy Input username and password on GMail login page. 

as you can see in above picture, it's use https:// for connection between client and web server. Then we will see what BadGuy do after NiceGuy using HTTPS for his connection. This BadGuy really like Wireshark, so he try again to capture the data and hope there's something interesting there. 

BadGuy didn't find plain data there, every data send to / send from server is encrypted. The picture above is the login information(maybe) data that has already captured by BadGuy, but I think BadGuy cannot break the encrypted data only in a few days/months/year or maybe we can called "impossible" (we still didn't know when the possible time to break into it).   


HTTPS Conclusion 
Packet data sent using HTTPS is encrypted, anyone cannot see the packet data inside public network. That's why HTTPS usually used for banking or transaction on internet, and also login page or other page need to encrypt the data.

Read More

How to Know if You Are Infected with RATs or Keyloggers

How to Know if You Are Infected with RATs or Keyloggers

In this post i am going to show you how to find out when you are infected with a RAT or Keylogger without using any complex tools. Now i believe most of you might know that you need to have an internet connection to make a RAT or a Keylogger work, which would mean, if you are not connected to internet, you don't have to worry about being infected with RAT or Keylogger Ok, so for those who have internet connection and think they are being infected with a Trojan, here is a little guide that can solve your problem.

1. Now every program has their own process which can be seen on task manager. So the first thing to do is to find out which process theTrojan is being attached to. If you see some unknown process search that on google. A good hacker will always makes sure he hides its process with a Windows based Process, for eg. svchost.exe or something like that.

2. If you cant find, then the next thing you can do is use cmd 
(to open cmd prompt, Click on Start--->Accessories-->Command prompt).
3. Once Command Prompt is opened, use this command: netstat -an |find /i "listening"
Note: The NETSTAT command will show you whatever ports are open or in use, but it is NOT a port scanning tool!

Now we wonder What this Command does? 
This command will show all the opening ports. Now check for any unknown port.

4. You can skip step 3 if you want, and can do this instead.

Open command prompt and type netstat -b

Now this command will show you the active connections with the process with their PID (Process Identifier) and also the packets.
Look out for SYN Packets and the Foreign address its been connecting with , check the process its been associated with, check the ports also. If you find that its connecting to some unknown ports, then you can say you have been backdoored.

5. Go to your task manager. On the top of it, 
click on View---> select Column---> Tick on PID (Process Identifier).
Match the suspicious Process with the Processes In task manager, check PID also.

Now most of the RATs resides on Start up. How to delete them from start up?
a) Go to regedit ---> HKLM\Software\Microsoft\Windows\Current version\Run
On the Right hand side, check for the process name which you find on step 4. if its not their. Check at
HKCU\Software\Microsoft\Windows\Current Version\Run
OR
Open Cmd prompt & type start msconfig. Go to Startup tab, you can check the startup process there.

I hope This Tutorial was easy and comprehensive.

Read More