Skip to main content

Posts

Shortened URL - Security Risk or Rewards

URL Shortening Shortened URLs  offers several benefits by playing a vital role in digital marketing by  transforing lengthy URL into short and simple URL which can be shared on social media, blogs, emails and more. It is a technique that will redirect your short URL to specific website of your choice.  How ever short URLs produced by services like bit.ly and goo.gl, can be brute-forced.  And searching random shortened URLs could yield all sorts of secret documents. Plus, many of them can be edited, and can be infected with malware. Below image depicts the technique used by shortened URLs

RBI Cyber Security Framework(RBI-CSF)

RBI Cyber Security Framework(RBI-CSF) History RBI stands for Reserve Bank of India, a India's central bank and regulatory body establish in 1 April 1935 in accordance with Reserve Bank of India Act 1934. Purpose & Objective RBI's basic function as a reserve bank is to " to regulate the issue of Bank notes and keeping of reserves with a view to securing monetary stability in India and generally to operate the currency and credit system of the country to its advantage; to have a modern monetary policy framework to meet the challenge of an increasingly complex economy, to maintain price stability while keeping in mind the objective of growth ." The primary objectives of RBI are to undertake initiatives to: Define the  framework and guidelines and act as monitoring regulatory body for financial sectors  consisting of commercial banks, financial institutions and non- banking financial companies (NBFC),  Urban co-operative bank (UCB) etc. Fortifying the role of statutor

Powershell To Fetch Patches Installed in Last 30 Days on Windows System

What is the need for this PowerShell script. This script is needed when there is a discrepancy reported by vulnerability scan claiming that a set of windows systems are missing particular patch however the centralized patching tool is showing them as installed. This script could be handy for auditors, control validator/tester to test if patches are installed periodically or to check recently patched dates etc. Option 1 $cDate = Get-Date   # Get the date 30 adys ago $DaysAgo = $cDate .AddDays(-30)  # Get all the Updates installed since 30 days ago Get-HotFix | Where-Object { $_ .InstalledOn -gt $DaysAgo } $LastPatch = Get-HotFix | Sort-Object InstalledOn -Descending | Select-Object -First 1 Option 2 Get-CimInstance -Class win32_quickfixengineering | Where-Object { $_ .InstalledOn -gt ( Get-Date ).AddDays(-30) } Option 3 $Hosts = Get-Content -Path '.\hosts.txt'   #contains list of hosts #For each of the hosts in that file, run a command to gather patches installed on

Difference Between SFTP, FTPS, FTP Over SSH, SCP

Introduction. We are going to discuss various file transfer options in brief and the security concerns associated with them. By understanding how these solution operate we can have an informed decision over its usage across the organization . Let's see if we could find answers to below question.  Differences between FTP, SFTP, FTPS and FTP over SSH? Why not just use FTP? Why should I use SFTP instead of FTP? Is SFTP better than FTPS?

WPAD - Web Proxy Auto Discovery.

WPAD protocol is a mechanism used by web clients to locate a browser configuration file ( WPAD.dat ) to obtain nearby proxy server details.