PRACTICAL-12

Aim: Secure your mobile device

1. Prevent installation of third-party applications.
2. Check permissions given to the installed application and evaluate
whether the given permission is actually required by that application i.e.,
message application should not have permission to access camera
3. To prevent your device from connecting to poorly configured or
insecure networks disable auto-connect in wifi settings.
4. Turn off location services, Bluetooth, wifi, mobile data as and when it is
not required
5. Configure backup and restore data settings on your mobile device

Mobile app security is a measure to secure applications from external threats

like malware and other digital frauds that risk critical personal and financial
information from hackers.

1. Prevent installation of third-party applications.

All modern smartphones and many other devices support third-party

applications. Most also offer an online marketplace from which to install them.
There are clear advantages in allowing your users and devices to access a
broad range of applications. However, it's important to think about the risks to
your devices and data from these applications.
Users engage in nearly all activities on mobile devices, right from watching the
news to checking emails, instant messaging, purchasing items online, and
doing bank transactions. Through these apps, businesses can gather usable
information, such as the location, usage statistics, phone number, likes,
dislikes, and other meaningful metrics about users, which can help businesses
make precise decisions to improve their services. If the data in these mobile
devices go in the wrong hands, it can be harmful to the user.
Thus, the need for mobile app security has become inevitable.
Using third-party libraries may reduce the amount of coding done by the
developer and ease the application development process. But, it can be a risky
proposition. For example, the GNU C library had a security flaw that allowed
buffer overflow, which hackers could exploit to remotely execute a malicious
code and crash a device. It lasted for eight years before the open-source
community that contributes to the GNU Project released a fix in 2016.
Therefore, developers should limit the use of a number of libraries and create a
policy for handling libraries in order to secure apps from attacks.
Why secure your third party apps?
Third-party software is regularly installed on devices and will typically be able
to read and/or modify some or all of the user's data on that device.
In some cases, applications will also have access to your organisation's data
too. Once a third-party application has had the chance to access data, it is very
difficult to know exactly what has been done with that data. Some applications
will helpfully sync your local data to cloud services, some may handle it in
insecure ways, and others may use third-party libraries within the application
which have their own security risks.
By developing an organisational policy which outlines the types of application
permitted, you'll be able to more effectively manage risks associated with
running third-party code.
To help you use third-party applications on your organisations' devices, you
should:
Agree an acceptable level of risk with stakeholders
Firstly, you should agree with key stakeholders what the acceptable level of
risk is for your organisation. For example:
• What app behaviours will be prohibited or high-risk (e.g. accessing
contacts on devices that sync with your global address list)?
• How will you assess a vendor as reputable?
• Might the application make it difficult to comply with any regulations
for auditing stored data (e.g. freedom of information requests)?
Develop an applications approval process
You can develop a process for assessing applications against your agreed level
of acceptable risk (see previous point).
You should balance your assessment against user productivity needs:
• The process should include someone from procurement, legal, security,
IT admin, and user representatives, as required.
• Integrate this process into your standard software asset management
routine and run assessments in parallel.
• Make the process fast, lightweight and responsive, to ensure users feel
well-served by the process.
• You can use third-party assessments to help inform your decision, but
don't wholly rely on them.
 • Decide how you will handle updates to software. Most popular mobile
applications update at least once per month and you should be able to
handle this.
• Regularly re-review apps you have approved, in case things have
changed.
• You should be able to approve most regular business apps into your app
catalogue for anyone to use.
• For applications you consider risky, you may wish to only allow users
with a strong business need to install them.
• As part of the security review, look at historic security incidents
involving the application or developer, as well as any other sources you
feel are relevant.
Use architectural approaches to limit risk
Where there are user requirements for applications that may present
unacceptable levels of risk, there may be architectural approaches which can
bring down the risk level:
• Some platforms may provide the ability to enterprise manage which
permissions a third-party application can request, using MDM. You can
use these features to prevent risky apps accessing work data.
• If the platform supports it, we recommend not allowing users to install
arbitrary software from outside of curated app stores. Follow
our platform-specific guidance for recommendations about how to
achieve this. Enterprise app catalogues typically provide a good balance
of security and flexibility for the platform.
• Don't allow third-party apps to access work data unless they are doing a
work-related function. This can be achieved by using a Corporately
Owned, Personally Enabled (COPE) approach, or a Bring Your Own
Device (BYOD) approach. In both of these cases, you can enable users to
install riskier apps outside of the trusted work space, prohibiting those
applications from accessing work data.
• Some platforms may provide additional logging features that may enable
you to take a trust and verify approach.
• If using containers, the ideal approach is to have the personal container
as part of the work profile (e.g. the fully managed device with a work
profile configuration of Android Enterprise) rather than the converse of
having work containers on a personal device, but the converse is often
simpler. You might be able to have separate virtual machines for
 personal usage or riskier behaviour as a compromise (e.g. for developers
who need admin rights).

2. Check permissions given to the installed application and evaluate

whether the given permission is actually required by that
application i.e., message application should not have permission to
access camera

Android app permissions to avoid

You should avoid app permissions that aren’t necessary for an app to work. If
the app shouldn’t need access to something — like your camera or location —
don’t allow it. Consider your privacy when deciding whether to avoid or accept
an app permission request.
Android system permissions are divided between “normal” and “dangerous”
permissions. Android allows “normal” permissions — such as giving apps
access to the internet — by default. That’s because normal permissions
shouldn’t pose a risk to your privacy or your device’s functionality.
It’s the “dangerous” permissions that Android requires your permission to use.
These “dangerous” permissions include access to your calling history, private
messages, location, camera, microphone, and more. These permissions are not
inherently dangerous, but have the potential for misuse. That’s why Android
gives you the opportunity to accept or refuse them.
Some apps need these permissions. In those cases, check that an app is
safe before you install it, and make sure the app comes from a reputable
developer.
How to tell if an app permission is dangerous
Android classifies permissions as “dangerous” if they might affect your
privacy, the functionality of other apps, or your device’s operation. Watch out
for apps that request access to at least one of these nine permission groups:
• Body sensors
• Calendar
• Camera
• Contacts
• GPS location
• Microphone
 • Calling
• Texting
• Storage
How to change Android app permissions
You can manage Android app permissions by checking which ones you
currently have allowed and modifying them if necessary. You can also check
Android app permissions in the Google Play store before you download an
app. Here are four ways to change your app permissions on Android.
Check an app’s permissions before installing it
Maintain strict privacy standards by reviewing an app’s permissions before
you install it. Here’s how to check Android app permissions in the Google Play
store:
1. Open Google Play and find the app you’re interested in.
2. Scroll down and tap About this app.
3. Scroll down to the bottom and tap App permissions.

4. Here you can see all the permissions the app will request.

From here, you can decide whether you trust the app developer and feel
comfortable with the app using these permissions. Choosing to use only
apps with appropriate permissions is a great way to control Android app
permissions right from the start.
 See all permissions used by a specific app

Concerned about what a particular app can access on your phone?

Here’s how to manage permissions on a specific app:

1. Open Settings and choose Apps & notifications.

2. Find and select the app you want to check permissions for.
3. Tap Permissions.

4. Now you can see all the app’s permissions. To change a specific
permission, tap it.
5. Here you can delete any permissions you aren’t comfortable with.

Apps do require some permissions to work properly. If you deny Google

Maps access to your location, it can’t give you directions and also won’t
be able to personalize your map searches based on your location.

See all apps that use a specific permission

 If you’d rather take a look at the Android app permissions list and
choose something specific — like access to your location or contacts —
and then view all apps that have that access, this can help you get
control of your privacy on Android.

Here’s how to access the app permissions list to see all apps that use a
specific permission:

1. Open Settings and tap Apps & notifications.

2. Tap Permission manager to open the Android permission controller
app.

3. Click a specific permission from the app permissions list that you’re
interested in, like location.
4. Here you’ll see apps that have access to your location all the time or
only while in use. To remove access, tap a particular app.

5. Manage the Android app’s permissions by choosing its level of access

here.
 3. To prevent your device from connecting to poorly configured or
insecure networks disable auto-connect in wifi settings.

Having your Android device switch from your mobile data, your home’s WiFi
can be very convenient. You stop using your mobile data as soon as your home
network is within, so you only use it when it’s absolutely necessary.
But, as convenient as connecting to a nearby WiFi may be, it can also be
dangerous. Without you knowing, your phone could detect a nearby free WiFi
network (that is not safe) and connect automatically. So, if you don’t mind
switching over manually, here how you can stop your Android device from
doing it on its own.
To disable the auto-connect feature, open your device’s settings and go to
Network & Internet. Tap on WiFi> WiFi Preferences, and toggle off the
Connect to open network option.
You can also try forgetting the network, so if you’re ever near that network
again, your Android device will ask you if you would like to connect instead of
connecting automatically.
To forget a WiFi network go to Settings > Network & Internet > WiFi > Long-
press on the WiFi network you want to forget > Tap Forget.

How to Forget a WiFi Network in Android

To forget a WiFi network go to Settings > Network & Internet > WiFi > Long-
press on the WiFi network you want to forget > Tap Forget.
4. Turn off location services, Bluetooth, wifi, mobile data as and when it is
not required

How to give apps permission to use your location

Some apps might not work unless you turn on Location Services.1 The first
time an app needs to access your Location Services information, you'll get a
notification asking for permission. Choose one of these options:
• Tap Allow to let the app use Location Services information as needed.
• Tap Don't Allow to prevent access.2
• Tap Ask Next Time to choose Always While Using App, Allow Once,
or Don't Allow.
iOS and iPadOS devices might use Wi-Fi and Bluetooth to determine your
location. GPS and cellular location are available on iPhone and iPad (Wi-Fi +
Cellular) models.
How to turn Location Services on or off for specific apps
 1. Go to Settings > Privacy > Location Services.
2. Make sure that Location Services is on.
3. Scroll down to find the app.
4. Tap the app and select an option:
• Never: Prevents access to Location Services information.
• Ask Next Time: This allows you to choose Always While Using
App, Allow Once, or Don't Allow.
• While Using the App: Allows access to Location Services only
when the app or one of its features is visible on screen. If an app is
set to While Using the App, you might see your status bar turn
blue with a message that an app is actively using your location.
• Always: Allows access to your location even when the app is in
the background.
From here, apps should provide an explanation of how the app will use your
location information. Some apps might offer only two options.
How to share your specific location
With iOS 14 and iPadOS 14, some apps can use Precise Location to get to your
specific location. To share only your approximate location — which may be
sufficient for an app that doesn’t need your exact location — turn Precise
Location off. Here's how:
1. Go to Settings > Privacy, then select Location Services.
2. Select an app, then turn Precise Location on or off.

Location Services uses GPS and Bluetooth (where they're available), along
with crowd-sourced Wi-Fi hotspots and cellular towers to determine the
approximate location of your device.
Apps won't use your location until they ask for your permission and you allow
permission.
5. Configure backup and restore data settings on your mobile device
You have a lot of important data and files stored on your Android phone or
tablet—contacts, appointments, apps, settings, passwords. And you want to
make sure that information is backed up in case your phone ever goes on the
fritz. Android offers a built-in backup tool through which you can back up
content using your Google account. Certain brands of phones, like those from
Samsung, also let you back up data using your account.
The specific backup and restore steps differ somewhat based on your device
and version of Android. I'll cover the basic process, and you should be able to
adapt it for your specific device and flavor of Android.
Back Up with Your Google Account
Let's first look at how to back up your device using your Google Account, an
option that should be available for any Android phone or tablet. By using your
Google Account, your data and settings are automatically backed up to
your Google Drive storage. The following items are included in the backup:
• Google Contacts data
• Google Calendar events and settings
• Wi-Fi networks and passwords
• Wallpapers
• Gmail settings
• Apps
• Display settings (brightness and sleep)
 • Language and input settings
• Date and time
• Settings and data for apps not made by Google (varies by app)
Open Settings by swiping down from the top of the screen. Look for a setting
for Backup & reset or Backup and Restore and tap on it. In most cases, this
should be listed as its own entry in the Settings screen; in other cases, it may be
nestled within a more general setting, such as Accounts. If you can't easily find
it, tap on the Search icon in Settings and search for Backup, which should
display the option you need.
Back Up My Data
At the Backup & reset screen, tap on the option to Back up my data, which
automatically backs up the data and settings on your device to Google Drive.
Turn On Backup
Turn on the switch to Back up my data. Return to the Backup & reset screen if
necessary.
Choose Backup Account
Next, tap on the entry for Backup account. If you have just one Google
account, that account should appear. If you use more than one, you can select
the account to use. Tap on the account.
Turn on Automatic Restore
Turn on the setting for Automatic restore to restore any backed up settings and
data for apps that you reinstall.
Choose What to Sync
Go back to the main Settings screen and hop over to the Accounts setting. Tap
on the Google account and then tap on your specific account. Swipe down the
list of apps and services to sync. Turn on any you want to include; turn off any
you wish to exclude.
Manually Sync Data
If you want to manually sync the data listed on this screen, tap on the More
link or the three-dot icon () and tap Sync now.
View and Edit Backup Data
Sign into Google Drive on your mobile device or your computer. Tap on the
entry for Backups. You should see the latest backups for your phone or tablet.
Double-click on a specific backup to view more details on it.
Restore With Your Google Account
Now, let's say you need to reset your phone or tablet and want to restore the
data you backed up through Google. Return to the Backup & reset screen. Tap
on the option for Factory data reset. (If that option doesn't appear at the screen,
then search Settings for the Reset option).

Perform a Factory Reset

Tap on the Reset button.
Erase All Data
At the confirmation screen, tap on the button to Erase Everything or Delete
All.
Restore From Previous Backup
Your device restarts, all existing data is erased, and it resets to factory
conditions. After your device is ready, tap on the Welcome screen and connect
to your Wi-Fi network. At the next screen, you should be asked if you want to
copy your accounts, apps, and data from another device. Bypass this option by
answering "No thanks." At the next screen, sign into your Google account and
go through the next screens. Finally, you should see a screen asking if you
want to restore the last backup of this device. Tap Next to do this.
Restore Your Device
Your device will then be restored from the backup.
Back Up with Your Manufacturer's Account
Some Android device makers offer their own backup options. Samsung is one,
so I'll use that as the example. First, sign up for your account at the Samsung
website(Opens in a new window).
Back Up Data With the Manufacturer
On your Samsung phone or tablet, open Settings and go to the Backup & reset
or Backup and Restore screen. Under the Samsung account section, tap on the
option for Backup settings or back up my data.
Set Backup Preferences
Sign into your Samsung account. At the screen to back up data, review the
apps and services and enable the ones you want to include in the backup. Turn
on the switch for Auto back up if that option appears, or tap on the Back Up or
Backup Now command to perform a manual backup.
Perform Back Up
The backup runs and then shows you the date and time when completed.

Restore With Your Manufacturer's Account

You can now restore your data if necessary without resetting your device. At
the Backup & reset or Backup and Restore screen, tap on the Restore option in
the Samsung account section.
Perform Data Restore
Make sure the correct device backup is listed. Review the different apps and
services to see which ones will be restored. Tap on Restore or Restore Now.
Restore After Reset
You can also restore the data backed up to your Samsung account after a
factory reset of your phone or tablet. To do this, follow the steps to reset your
device. After your device is erased and restored to factory conditions, follow
the setup screens but bypass the option to restore the backup from your Google
account. You should then be prompted to create or sign into your Samsung
account. Sign in with your username and password. You'll then see the screen
to restore data. Tap on the Restore command. Wait for the device to be
restored and then check it to make sure the necessary data and settings are
back.

Conclusion
Manually connecting to a WiFi network may seem annoying, but it’s another
excellent way to keep your device safe. If you can’t find the Connect to open
networks option on your device, you can always forget the network.
 PRACTICAL-13

Aim: Use Google password manager available at given link

https://passwords.google.com/
to save, manage, protect and create strong passwords.

Save, manage & protect your passwords

Google Password Manager makes it simple to use a strong, unique password for
all your online accounts. When you use Google Password Manager, passwords
are saved in your Google Account.

You can use Google Password Manager to:

Create and save strong, unique passwords that you don’t have to remember.

Protect all your saved passwords with built-in security.

Automatically fill in passwords from your Google Account.

How Google Password Manager can improve your online security

Stolen passwords are one of the most common ways that accounts are
compromised.

To help protect your accounts, you can use Google Password Manager to:

Suggest strong, unique passwords to avoid multiple account compromises from

a single stolen password.

Notify you about unsafe passwords. If passwords you’ve saved are published
on the internet, Google Password Manager can help you change any unsafe
passwords.
Help block unauthorized access. Your passwords are stored behind
Google’s built-in security using encryption. To view passwords, you’ll need to
sign in again.

Tip: To add more security to your saved passwords, you can add recovery
info and turn on 2-Step Verification.

Use Google Password Manager on your computer, you can either:

Turn on sync in Chrome.

Sign in to Chrome and allow Chrome to use passwords from your Google
Account when asked.

Save & use passwords

Create, save, and fill passwords with Chrome

Sign in with a saved password on Chrome

Switch to Google Password Manager

Manage & secure your passwords

View, delete, or export saved passwords

Check for unsafe passwords

Change Password Manager settings

How Google Password Manager handles your data

Google Password Manager collects certain information to perform services on

your device. Some of this functionality uses Google Play services. For
example, the Google Password Manager collects this information for analytics
and troubleshooting purposes: Data is encrypted in transit.
 • Page views and taps in the app
• Crash logs
• Diagnostics

The given link will help you to start with google password manager:
https://passwords.google.com/

Conclusion: The study of this practical shows how google manager works and
help us to protect our data.
 Practical 14
Aim: Demonstrate a phishing attack simulation with the GoPhish
tool
Phishing Attacks
Phishing remains one of the most effective avenues of attack for cyber
criminals. Having doubled in 2020, phishing attacks steadily increased
throughout 2021, with remote work making it harder for businesses to ensure
their users aren't falling victim.
But why is phishing still such a threat to businesses in 2022?
One major factor is due to how sophisticated these types of attacks have
become. Attackers are now using smarter techniques to trick employees into
compromising sensitive data or downloading malicious attachments.
For example, business email compromise (BEC) is a common form of phishing
that uses prior research on a specific individual — such as a company's senior
executive — in order to create an attack that can be incredibly difficult to
distinguish from a real email.
Partner these more intelligent attacks with the common misconception that
phishing is 'easy to spot', then there is no wonder why many businesses
are forecast to suffer a phishing-related breach in 2022.
Employees need regular training on how the spot phishing attacks that use
modern techniques, as well as how to report a phishing attack as soon as they
believe they have been targeted.
How to install GoPhish
You don’t actually install GoPhish. Instead, you simply download a zipped file,
unpack it, and run the binary.
The first thing you must do is download the GoPhish zipped file from
the official download page. Once the download completes, open a terminal
window, change into the directory housing the download, and create a new
directory with the command:
mkdir gophish
Move the zipped file into that directory with the command:
mv gophish*.zip gophish
Change into the new directory with the command:
cd gophish
Next, unpack the file with the command:
unzip gophish*.zip
When the unpacking completes, you’ll find (among other things) the GoPhish
binary file. In order to execute that file, you need to give it the proper
permissions with the command:
chmod u+x gophish
How to run GoPhish
In order to use GoPhish properly, recipients of your phishing test campaign
must be able to access the phishing server. Because of this, you should not use
the loopback address, but instead use the IP address of the URL of the phishing
server. That, of course, means the server must be reachable. To make sure
GoPhish is accessible from your LAN, you need to make one simple adjustment
to a configuration file. Back at your terminal window, issue the command:
nano config.json
In that file, look for the line:
"listen_url": "127.0.0.1:3333",
Change that line to:
"listen_url": "SERVER_IP:3333",
Where SERVER_IP is the IP address of the hosting machine.
Save and close the file.
Now you can start GoPhish with the command:
sudo ./gophish
This will start the built-in GoPhish server. Once it is running, you should see a
line in the output informing you of the default credentials for your instance. The
username is admin and the password is a random string of characters. Copy that
string of characters and then open a web browser. Point the browser
to https://SERVER_IP:3333 (where SERVER_IP is the IP address or URL of
your hosting server). When prompted, enter the default login credentials
(Figure A).
Figure A

You will then be prompted to change the admin password (Figure B).
Figure B

Once you’ve successfully changed the admin password, you’ll find yourself on
the GoPhish dashboard (Figure C).
Figure C
How to start a GoPhish campaign
Sending a GoPhish campaign is fairly straightforward–if you know where to
begin. You can’t just click New Campaign and start out, because you first must
create a few pieces so the puzzle can come together.
The sending profile is an SMTP configuration (otherwise GoPhish wouldn’t be
able to send out campaigns). Click Sending Profiles in the left sidebar and click
New Profile. In the resulting window configure an SMTP server to be used for
the campaign (Figure D).
Figure D

Next, create an email template by clicking Email Templates in the left sidebar
and clicking New Template. In the new template window, create a template to
be used for your campaign (Figure E).
Figure E

Creating a new phishing campaign template.

When creating a template, it’s important that you use variables. For instance, in
a subject line you would use something like:
Password Reset for {{.Email}}
Then, in the body of the email, you might use something like:
{{.FirstName}},
The password for {{.Email}} has expired. Please reset your password here.
Thanks,
Your IT Team
You would then want to add a link for the word here. Open the Link Dialog and
then use {{.URL}} as the URL.
Next, you need to create a landing page. This will simulate a page where users
will attempt to log in to their service or change their password. For this, you’ll
need to use an actual website that requires users to log in or change their
password. This can be one of your own servers or that of a third-party. Click
Landing Page and then click New Landing Page.
In the resulting window, give the page a name, click Import Site, type the URL
of the login page to be used, click Import, click the check boxes for Capture
Submitted Data and (optionally) Capture Password (Figure F).
Note: Credentials are not encrypted, so you might not want to capture
passwords.
Figure F

Creating a new landing page for the campaign.

Finally, you must create a new group. Click Users & Groups in the left
sidebar and click New Group. In the popup window, create a new group and
then add or import users. These users will be the email addresses you send the
phishing campaign to (Figure G).
Figure G

Creating a new group in GoPhish.

After you’ve created a profile, template, landing page, and a group, you can
now click Campaigns and then click New Campaign. In the New Campaign
window, fill out all of the information, selecting the new bits you just created
(Figure H).
Figure H

Creating your first GoPhish campaign.

The only bit of information that might trip you up is the URL. The URL is that
which populates the {{.URL}} template value and must be reachable by the
recipient. It also must be the domain or IP address of your GoPhish server.
Once you’ve filled out all of the information, click Launch Campaign, which
will immediately launch the campaign to the recipient list you created in the
Groups section.
The recipients will receive the campaign and (very possibly) click on the link.
When they do, GoPhish will record the data. You can then go to the Dashboard
and view the results, which will even inform you which users opened the email,
which users clicked the phishing link, and which users submitted data to the
clicked link

So far one user has opened the email and clicked the phishing link.
And that’s all there is to creating and launching a phishing campaign with
GoPhish. If you have end users in your company, you owe it to them, to
yourself, and to the security of your company’s resources to run these types of
campaigns now and then.

Conclusion
Till we have known that Phishing Attacks are simple yet the most dangerous
and powerful, there are multiple varieties in which Phishing Attacks can
happen. In the world of the Internet, Phishing Attacks can cause major losses if
not taken care of properly, so everyone must be aware of precautions and
actions to be taken.
 Practical :15
AIM: Test website authenticity and possible phishing websites using Virus
Total, Google Transparency Report, URLVoid, or any other tools. Identify
ways to report Fraudulent or Scam Websites.

How can Virus Total help you?

Virus Total Enterprise offers you all of our tool set integrated on top of the
largest crowd sourced malware database. It is your entry point for your
investigations

Virus Total provides you with a set of essential data and tools to handle these
threats:

• Analyse any ongoing phishing activity and understand its context and
severity of the threat.
• Discover phishing campaigns impersonating your organization, assets,
intellectual property, infrastructure or brand.
• monitor any suspicious activity from trusted third parties.
• Protect your corporate information by monitoring any potential sensitive
information being shared without your knowledge.

Discover malicious activity impersonating your organization

Find out if your business is used in a phishing campaign by searching for URLs
or domain masquerading as your organization.

How to do it?:

1. Go to VirusTotal Search: https://www.virustotal.com/gui/home/search

2. it can also be used to find PDFs and other files presented to the victim with
very similar aspect. This is extremely useful to find related malicious activity.

3. Launch your query using VirusTotal Search. You can also do the same using
VirusTotal API
URL Reports Summary

After your URL is scanned, you'll see a report that looks like this. Note that this
is a sample report and does not reflect the actual ratings of any of the vendors
listed. We've numbered the elements in the screenshot above for easy reference.
They are:

1) The total number of VirusTotal partners who consider this url harmful (in
this case, 0) out of the total number of partners who reviewed the file (in this
case, 66).

2) The URL you scanned. Note that the URL may not match exactly your
submission, this is because we canonicalize URLs, i.e. we normalize them in
order to make sure that different variations of the same URL do not affect its
detections.

3) The link to the domain report which this url belongs to.

4) Content type of the resource analysed. For example: html, xml, flash, ie
cookie, bittorrent, email, outlook, cap.

5) The date and time (UTC) of the review.

6) Favicon from the domain that belongs to the url scanned.

7) You can reanalyse the URL to get an updated report. URLs statuses are
updated frequently by VirusTotal as they are distributed by antivirus companies.

8) Explore the URL VirusTotal Graph.

9) The reputation of the given URL as determined by VirusTotal's Community

(registered users). Users sometimes vote on files and URLs submitted to
VirusTotal, these users in turn have a reputation themselves, the community
score condenses the votes performed on a given item weighted by the reputation
of the users that casted these votes. Negative (red) scores indicate
maliciousness, whereas positive (green) scores reflect harmlessness. The higher
the absolute number, the more that you may trust a given score. You can read
more about this at: https://support.virustotal.com/hc/en-
us/categories/360000162858-Community

URL Reports Details

1) A list of each reviewing partner and their findings. Possible findings include:

• Clean site: no malware detected.

• Unrated site: the partner never reviewed the given site.
• Malware site: distributes malware.
• Phishing site: the site tries to steal users' credentials.
• Malicious site: the site contains exploits or other malicious artifacts.
• Suspicious site: the partner thinks this site is suspicious. Grey area.
• Spam site: involved in unsolicited email, popups, automatic commenting,
etc.

2) Additional information about the scanned resource, such as the category of

its content, the HTTP response headers returned by the server upon asking for
the given URL, etc.

3) VirusTotal's backend generates rich relationships: URLs from which a file

has been downloaded, whether a given file been seen contained in some other
files, what are the parents of a given Portable Executable, domain to IP address
mappings over time, etc.

4) These are comments made by members of the VirusTotal Community. Most

recent comments are listed first. This section also records the votes made by
members of the VirusTotal Community on this file or URL.

File reports Summary

When you scan a file or search for a file given its hash, you'll see a report that
looks like this:
Again, this report is a sample only and does not reflect the actual ratings of any
vendor listed. And again we have numbered the most characteristic elements in
the screenshot above for reference. They are:

1) and 3) The total number of VirusTotal partners who consider this file harmful
(in this case, 44) out of the total number of partners who reviewed the file (in
this case, 60).

2) The reputation of the given URL as determined by VirusTotal's Community

(registered users). Users sometimes vote on files and URLs submitted to
VirusTotal, these users in turn have a reputation themselves, the community
score condenses the votes performed on a given item weighted by the reputation
of the users that casted these votes. Negative (red) scores indicate
maliciousness, whereas positive (green) scores reflect harmlessness. The higher
the absolute number, the more that you may trust a given score. You can read
more about this at: https://support.virustotal.com/hc/en-
us/sections/115000737185-Community

4) SHA-256 (a cryptographic hash function) is a unique way to identify a file

and used in the security industry to unambiguously refer to a particular threat.
For more info see:

5) File name of last submission, and access to search by file names.

6) Tags.

7) The date and time (UTC) of the review.

8) Icon for the file type.

9) Button to reanalyse the file.

10) Multi-similarity: find similar files using different approaches. (Feature

available only to Enterprise customers)

11) Search for similar files. (Feature available only to Enterprise customers)

12) Download sample. (Feature available only to Enterprise customers)

13) Explore the file in VirusTotal Graph.

File Reports Details

1) A list of each reviewing partner and their findings. Possible findings are:

• Undetected: The given engine does not detect the file as malicious.
• Suspicious: The given engine flags the file as suspicious.
• Unable to process file type: The given engine does not understand the
type of file submitted and so will not produce verdicts for it.
• Timeout: The given engine reached VirusTotal's time execution limit
when processing the file and so no verdicts were recorded for it.

2) Displays more information about the item being reviewed. For instance, for
an Office document file this might list VBA code streams seen in document
macros and other file type specific information. Similarly, VirusTotal specific
metadata such as first submission and last submission dates, upload file names,
etc are also recorded in this section.

3) VirusTotal's backend generates rich relationships: URLs from which a file

has been downloaded, whether a given file been seen contained in some other
files, what are the parents of a given Portable Executable, domain to IP address
mappings over time, etc.

4) The samples submitted to VirusTotal get executed automatically in a

controlled (sandboxed) environment and the actions performed are recorded in
order to give the analyst a high level overview of what the sample is doing.

5) Content of the file: Strings and hexadecimal content extracted from the file.
Preview of the full content is available depending of the filetype(pdf, docx,
etc) (Feature available only to Enterprise customers)

6) Detailed listing about the submissions of this file with information like origin
countries and dates. (Feature available only to Enterprise customers)

7) These are comments made by members of the VirusTotal Community. Most

recent comments are listed first. This section also records the votes made by
members of the VirusTotal Community on this file or URL.
8) List of Analyses with the detections evolution and the option to click on
Previous Analyses. (Feature available only to Enterprise customers)

9) Copy detections as plain text to the clipboard. (Feature available only to

Enterprise customers)

Domain and IP address reports

Unlike file and URL reports, network location views do not record partner
verdicts for the resource under consideration. Instead, these reports condense all
of the recent activity that VirusTotal has seen for the resource under
consideration, as well as contextual information about it. These details include:

• Autonomous System and location country for IP addresses.

• Passive DNS replication information: all the IP-domain name mappings
that VirusTotal has seen over time for the item being studied. These
resolutions are performed when contacting URLs submitted to VirusTotal
for scanning, when executing files in sandboxes, through partnerships
with third-parties, etc.
• Whois lookups: registered users or assignees of an Internet resource, such
as a domain name, an IP address block, or an autonomous system, but is
also used for a wider range of other information.
• Observed subdomains: domains seen hierarchically under another domain
stored in VirusTotal.
• Sibling domains: domains at the same hierarchical level as the domain
being studied.
• URLs: latest URLs seen under the domain or IP address being studied.
Note that the date reflected in this section is not the date at which the
URL was contacted but rather the date of the last report that we have for
the resource, this might be more recent or older than the retrieval date.
• Downloaded files: latest files that have been retrieved from URLs sitting
at the domain or IP address under study. Note that the date recorded in
this section is not the date at which the file was downloaded but rather the
date of the last report that we have for the resource.
• Communicating files: latest files that, through their execution in a
sandboxed virtual environment, have been seen to perform some kind of
communication with the IP address or domain under consideration. Note
that the date recorded in this section is not the date at which the
communication took place but rather the date of the last report that we
have for the resource.
• Files referring: VirusTotal will inspect the strings contained in files
submitted to the service and apply certain regular expressions to these in
order to identify domains and IP addresses. This section records files that
 have referenced the domain or IP address under consideration. Note that
the date recorded in this section is not the date at which the file that give
raise to the relationship was submitted but rather the date of the last
report that we have for the resource.

Google Transparency Report

Where would we be without Google? Google Transparency Report is a basic yet

effective link checking service tool. It can warn you about insecure websites
that threaten your data privacy.

Something in the URL seems suspicious? One of the deals on an online

shopping platform is too much of a steal? This tool will let you know how
unsafe it really is.
 URLVoid

Many a time we come across websites that can contain malware and phishing
scams. Although, there are a number of extensions available to provide some
sort of security, they require visiting the website for them to work. By then it
can be too late if the malware infects your system. Moreover, a website can be
infected by a virus when one transfers a file to the FTP server for deployment
and by many other means.

URLVoid is a free web service that scans any specified website with a number
of diagnostic tools such as Browse Defender, Google Diagnostics, Host,
Malware Patrol, McAfee Site Advisor, Norton Safe Web, etc and provides a
detailed scanning result.

Just go to the URLVoid website and enter a website URL to begin scanning.

In a short, while you will be presented with the scanning result along with
information about the website such as, IP address, IP location, Domain hash,
Web host, malware detection percentage (if any) and overall status. The best
thing about URLVoid is that it uses reliable scanning resources like Google
Diagnostics, MacAfee SiteAdvisor, Norton SafeWeb, TrendMicro Web
Reputation, and so on.

Conclusion:
Scammers use websites to defraud people in a variety of ways. For example,
they may sell people goods and services which are never delivered. Or they may
collect personal or financial information in order to commit identity theft. All
internet-related crime should be reported to the appropriate authorities to
investigate so that more people do not become victims.
 PRACTICAL-16

Aim: Configure all privacy settings for social networks with which you
have an account and review your entire profile.

How to Manage Your Social Media Privacy Settings?

Every day we share a wealth of personal information via social media

platforms. We tweet at our friends, share vacation photos on Facebook and post
selfies on Snap Chat. The benefits and joys of social media are numerous but
there are privacy risks to consider as well. Overshared private details can be
used maliciously by cyber thieves to access sensitive accounts, create fraudulent
identities and possibly compromise careers.

Outlined below are the steps that can help keep your most sensitive information
safe on social media. Use these steps to help protect yourself and your loved
ones online.

Manage your privacy settings

By accessing the "Privacy Settings and Tools" panel found above, you can
control a broader range of your settings.

• "Who can see my stuff?" - OIS recommends selecting "Friends" to view

future posts. Take time to review your Activity Log and your audience
for past posts, to ensure old posts are secure as well.
• "Who can contact me?" - For maximum security, we recommend
selecting "Friends" or "Friends of Friends" for who can send you friend
requests. In this section, you can also filter the messages you will receive
in your Facebook inbox.
• "Who can look me up?" - In the last privacy section, users have the
ability to filter who can find them by searching an email address and
 phone number. It is recommended that you select the most restrictive
option which is "Friends".
• "What about Search Engines?" - The last option in this panel is "Do you
want other search engines to link to your timeline?" It is recommended to
select "No". Facebook does note that "If you turn off this setting, it may
take a while for search engines to stop showing the link to your timeline
in their results".

Guard your personal information

While it is fun to share your high school, birthday, and even your hometown
with your friends, it is considered personally identifying information (PII).
Paired with other information, these facts could potentially be used to
compromise your bank accounts or even your identity.

In the navigation below your cover photo, select "About". There are seven
sections that contain personal information. In these sections, hover below each
box of text to see editing options appear in blue. Make sure none of your
personal information is public, and for maximum security, select "Only Me" for
certain information.

You can also edit the privacy setting for your "Friend List." In the navigation
menu below your cover photo, select "Friends." In the right hand corner of your
friends list, select the "pen" tool then select the option "Edit Privacy." You will
now be able to control who can see your friends list and the people you are
following. It is recommended to select "Friends" or "Only Me" for both
sections. There is also a "Custom" option which allows you to choose to share
select information with certain friends.
Understand how to QUIT the site

It's usually easy to deactivate your account, but some sites, like Facebook, will
retain all your information including pictures, friends, etc. even if you do. Find
out how you can delete all of your information. You may have to request that
the operators of the site delete it for you. When quitting Facebook, you must
submit a deletion request, and that, too, comes with some gotcha's:

• There will be a delay of unspecified length between submitting your

delete request and the actual deletion.
• If you are login to Facebook after submitting your request, your deletion
request will be cancelled automatically.
• There's no easy way to confirm that your deletion request has been
completed.
• Even after deletion, copies of your photos may remain on Facebook
servers for technical reasons.

Here is review of Privacy Setting of social network Twitter profile

Twitter’s privacy settings are straightforward. Either you have a private

account, or you do not. By default, the ‘Protect my Tweet” setting is off.
Respectively, this setting allows everyone to see your tweets, whether it is your
follower or anyone searching on Google.

Hence, to change the privacy settings on your Twitter account, click on the
More button and then on the ‘Security and privacy’ option from the left panel.
Select ‘Your account’ and head straight to ‘Account information’.

Enter your password. Click on ‘Protected Tweets’ next. Check the ‘Protect your
Tweet’ box to limit the tweet’s visibility to your followers. Uncheck the same if
you want to approve each follower instead of allowing everyone to read your
tweets.

In addition, Twitter gives the option to add location to your tweet. When you
tweet with the location, Twitter stores that location. You can change the
“location on/off” before each tweet. Also, you can decide whether users can
find your Twitter profile with your email address or your phone number. After
you have made any changes, make sure you click the save changes button at the
bottom.

Conclusion:

Social media privacy is a raging topic for individuals and marketers alike.
Recent data breaches and information leaks have made it crucial to abide by
privacy and security rules. Also the practical shows review of twitter account
profile.