Posts

My New PGP key

Due to Security reasons , I have created a new PGP key , and have digitally signed my new key using my old key to ensure proper trust continuity.  I have planned to change my PGP keys every two years as a security precaution , each new key will be signed by old key to ensure trust chain , also as soon as new key is published and digital signature of new public key is verified , please stop using the old key. My old PGP key Fingerprint:  4339 E8DF F25C 1A09 C1AC 4DF3 AF0C D7AB A6CE 44A2 My new PGP key Fingerprint: 34BA 0B8A A9AF 2EB7 7B2A E4F6 D57E FA59 BA33 695F -----BEGIN PGP PUBLIC KEY BLOCK----- mQINBGOd6AQBEADhNqcKhx07TdBumgNUyh42msNbpOWbC2Tku5F+tBMEXCbxoE06 pYyNYkrNBk67fUKYaOqGZopOZmKKhT5KtweWBnYTYUR/3We6fmNB92wqX/VN2SFH xhGzEbMALG6QDc0oHJvy5cAwRGnmFw8o+QLWOLpWg6g1kOnZZRjjmElrLiFNoFTf qQ5SmfG3YwRhgfPIoNXzJ1cfkiYwWB8fwL58ubcS4ul+ZxHIKAR5hsScQXDxapJw 28GHqW9BhP6lAWT8Sp8F53yFqLQ0P948EpZAhdhZPETF8IaIcqG9qt48J4tEtdzK JHeCV8eG0LNL+TngvI8bS7r17spMpONQSYWj0LEJ7YjGZ5Pr/kdYPgGhKNwNV3zx 0LYO

Tutorial: Easiest way to Install Arch Linux on Desktop

Image
Arch Linux is often portrayed as being hard to install , highly technical , do it yourself and not an user friendly linux distro. But Arch Linux has its own advantages like high performance , less bloat and freedom to modify all parts of operating system. The official Arch Linux iso has a component called archinstall which can be used to easily install arch linux, so that even newbies can try arch linux without much technical knowledge. So here are the basic steps after burning the iso image on USB stick and booting into the live iso. step 1: Boot into live os and choose the first option to install and connect internet via USB tethering by connecting PC to phone. step 2: Wait for some time  and get access to shell. step 3: Type archinstall in the shell to begin installer. step 4: When asked for keyboard layout press enter to use default US keyboard layout. step 5: When asked about region to download packages choose the region closest to you and type its respective number which is disp

Whatsapp User’s IP Address disclosure with Link Preview feature and Grabify

Image
Note: This content is strictly for educational use only , misusing this knowledge can land you in trouble.  I recently came across an article on medium by Rahul Kankrale about  Whatsapp user’s IP disclosure from Whatsapp's Link Preview feature  . The article was quite interesting , it meant that if a Whatsapp user copy pasted a website URL on his/her message box and Whatsapp generated a preview of the URL , it may expose Whatsapp user's IP address to the website even without user clicking the URL . That article was quite techy and demonstrating it to non technical student community was a pain, i also wanted to test if it works in 2021 without complex technical setup. So after lots of trial and error I selected  grabify for this purpose and got interesting results such as Whatsapp version , Location , ISP and IP Address. I have used a VPN to hide my IP Address and geolocation . In the above dashboard  i had to  hide few columns for privacy reasons .   So here i am going to expla

Here is how i found and Reported a Potential Newsletter Misconfiguration in Graham Cluley's Security Newsletter

Image
Note: Blog post for educational use only. Do not use this method for spamming anyone! Newsletters are very useful to deliver latest advancements in areas of  your personal interest by legitimate companies and blogs directly to your inbox. One has to personally subscribe for newsletters to receive newsletters. But this is not always the case , Sometimes anyone with your personal email address can bomb your inbox with unnecessary newsletters. I found an potential issue with Graham Cluley's Security Newsletter which bad guys might have used for spamming. Here is the screenshot i sent to Graham Cluley sir regarding that issue. The name field can be given as ' click me https://kali.org ' , i am using Kali linux website because it's harmless. And i gave my email address to get the newsletter! Here is the final surprise , I have notified Graham Cluley Security Newsletter and It has been now hardened to prevent this Issue.     It was really great experiance to discover a  pote

Online Cybersecurity Challenge

Image
Online Cyber Security Challenge: UPDATE: This challenge has been closed and these links to download wont work anymore. Bob , one of cutest street dog in Dogsville was  dognapped by a notorious Bank robbing gang. The people of Dogsville gave a good chase and managed to get access to one of bad guy's laptop. They seemed to have used a custom built password manager available in github. Play as a detective and help rescue poor Bob! The Encrypted files of password manager can be accessed from here:  Download Encrypted Files The The source code of Password Manager can be found here: https://github.com/gowtham758550/password-generator-and-manager Help the people of Dogsville recover the user passwords! You can use any legal ethical hacking tool for this Purpose. Happy Hacking!