Topic: [DISCUSSION] Why you shouldn't trust any anonymous files and applications. (Read 222 times)

If I'm in that situation, I'll look to buy for a SIM first. As much as possible, I won't connect.

Before you arrive to that airport, be sure to research or do an advance purchase for the SIM for your data.

I agree with everything you wrote. Being a cybersecurity specialist means you understand all these threats. However, I'm still very confused about international airports. I mean, when the open wi-fi is the only opportunity to connect with family and friends. What should I do in that case?

Yes, we shouldn't settle for few guides but these guides are the first step and good reminder for those who are not yet aware of such. As said, there are types of hackers, the good and bad.

White hat hackers the good ones.

Gray hat hackers, can be counted as good as well. They hack to inform the company that they have to improve their security.

Black hat hackers, these are the bad ones. Whether with or without the users help, they'll try to find a loophole to get what they want.

And us users, we need to apply the carefulness as we use internet and our or company's computer.

Hackers will always keep finding new ways from time to time to scam and hack people so we can't just settle for some guides, we need to be aware of things we are doing but one thing need to be remembered, a hacker can't steal your money without help of you because all they can do is to phishing and fake layer of gateway to get login or account or any details they want from you.

It is the good side of hacking or we call them white hat hackers. They do hack for goodness sake.

Thank you for those tips and advice OP, how we can be aware of those files, and how we can avoid it to happen.

I have never heard of ethical hacking. Good tips. Thanks to the author for this advices.

Playstore doesn't entirely protect us from malicious files in our smartphone because we can find lot of apps getting removed once they get reported by the users related to stealing user information,so we should more concentrate on giving permissions to any apps we are installing.

Another way to find virus infected file on third party website by downloading the file first then scan them by uploading into virustotal like websites.

This OP are absolutely helpful i'm also interested to study ethical hacking where did you learn about ethical hacking? Although i already spotted this courses in https://www.udemy.com but i didn't get it for free  do you have any idea where we can learn this type of courses without any pay? If you have anything you could share with me let me know please thankyou.

ETHICAL HACKING

Recently while being on lock down, I've been studying Ethical Hacking and how can someone penetrate, gain access, and bypass any security just to steal information on a certain target (single person or even a group). My first practice was to hack my own phone and it is was just easy as 1 2 3. Then, I chatted my friend that I would hack her, I her a malicious file/mobile app on my friend and ask her "Just install it I just wanted to test if my mobile app can work on other devices." Then with that little Social Engineering, I managed to gain access in here phone without her knowing. (ofcourse she didn't think it was possible) I've sent her a picture of her on her phone's front cam then teach her the lesson in which she was both amazed and shocked with how easy anyone could access other device. She then later accepted my actions as it was even a lesson for her.

I've also seen users in here that said their accounts was hacked. Below would contain some tips on how to prevent such events.

There are a lot of attacks that can be used to gain access, most commonly on Android and Windows devices.

---

---

COMMON ATTACKS

• ANDROID HACKING
  
  • APK FILE (Android Package) - never ever download any APK files online even those MOD (modified) apps that lets you use a premium-like service of a certain application (Spotify, Netflix, etc). One thing I've learned is that hackers can inject payloads (malicious scripts) on an existing APK file, meaning that they can have a malicious script running on an already trusted android application. And with a simple installation, hacker can gain access on your device, without you noticing!
    
  • PDF FILE - never trust someone to make you view nor even download ANY pdf files! I've recently learned that a single pdf can even manage to gain an access on your android device without even any detection from Google's preinstalled anti-virus.
    
• WINDOWS HACKING
  
  • ANY FILE!!! - Yes, you've read it right! There's an easy attack that can load/inject scripts and payloads on file formats such as Image files (JPEG, PNG, anything!), PDF Files, and even other Microsoft Office file formats! There is even a way to bypass any antivirus just with a single encryption of the script injected to the file, hence with a single execution, the attacker can easily gain access on your computer!
    

• WIRELESS HACKING
  
  • PUBLIC WIFI - never ever connect to any public and open Wi-Fi! There's an attack that allows the hacker to use his Wi-Fi adapter (can be preinstalled on laptops, smartphones, wi-fi dongles) to monitor ALL the traffic that is going through the Wi-fi. Basically, Wi-Fi transfers data on the air not on a single unseen line but rather scatters it in the mid air, and just let the clients (users) fetch those data depending upon their Wi-fi connection's channel. Therefore, He can track and listen to the transfers of data, even focus on a single I.P/target, and fetch all the traffic (contains passwords, images, even chats!). The attacker can even send you fake websites of what your are visiting and let you input your credentials!
    
  
  

---

TIPS TO PREVENT SUCH ATTACKS

• Android hacking attacks can be prevented easily by simply not trusting any anonymous offers and file/application downloads. Just focus on applications that is on your Playstore and not download anything from unknown sources, even those that can give you hacks on many subscription-based services and platforms!
• Preventing such Windows attacks is easy. Always keep your anti-virus updated (I personally suggests using Windows Defender that updates almost everyday and already preinstalled on any Windows distributions). Also, never download files that came from the internet even from simple emails from unknown sources. Better use Virtual Machines for downloading files so that the attacker cannot gain access on your main files.
• NEVER CONNECT TO ANY PUBLIC/OPEN WIFI. That's just a simple prevention that is much worth and better than any post-actions.

---

• USE STRONG PASSWORDS OR EVEN ENCRYPT IT! There are a lot of text-encryption such as base64 (can be repeated multiple times), TDES, AES, etc. Those I've mentioned are the pretty strong encryptions, you can even combine all the encryption to have a solid password. I use all of it one by one (from plaintext -> base64 -> etc..) then save the output as my password online. With that, the possibility of bruteforcing your password would be even less than zero.

---

I've posted this simply just to warn all the users on how can they be vulnerable digitally. There had been a lot of users whom still had been hacked here in the forum, and I hope the tips could be somehow helpful for them and make them less vulnerable to certain cyber attacks. This is only for educational purposes, please do not commit nor try Hacking without further approval from someone you would test it.

Let me know if you have more suggestions or any clarifications with the thread!