Technical Gillal

09/09/2023

What is session Hijacking?

Session hijacking, also known as session theft or session fixation, is a security attack where an unauthorized user gains control of a legitimate user's session on a computer system or web application. This attack can occur in various contexts, such as websites, online services, or even within local network environments.

Here's how session hijacking typically works:

1. **Session Establishment**: When you log into a website or web application, a session is created. This session is usually identified by a unique session ID or token stored in a cookie on your browser.

2. **Session ID Theft**: The attacker somehow obtains the legitimate user's session ID or token. This can happen through various means, such as stealing cookies, exploiting vulnerabilities in the application, or using social engineering techniques like phishing.

3. **Session Usage**: With the stolen session ID, the attacker can impersonate the legitimate user by presenting the stolen session ID to the web server. The server, believing it to be the legitimate user, grants access to the attacker.

4. **Unauthorized Actions**: Once the attacker has control of the session, they can perform actions on the user's behalf. This can include changing account settings, making unauthorized transactions, or accessing sensitive information.

To prevent session hijacking, web applications often employ security measures like:

- **Secure Session Management**: Implementing strong session management practices, such as using secure tokens and regularly refreshing session IDs.

- **HTTPS**: Using HTTPS encryption for all communications between the user's browser and the web server to protect against eavesdropping.

- **Secure Cookies**: Ensuring that cookies used to store session information are marked as secure and HttpOnly, making them less vulnerable to theft.

- **Two-Factor Authentication (2FA)**: Implementing 2FA adds an additional layer of security, even if an attacker manages to hijack a session.

- **Regular Security Audits**: Conducting regular security audits and vulnerability assessments to identify and patch potential weaknesses.

Users can also help protect their sessions by logging out when they're done with a website or application, using strong and unique passwords, and being cautious about clicking on suspicious links or emails.

28/08/2023

MOST IMPORTANT TERMS AND ATTACKS..!!

~BOTNETS:
A botnet is network of computers infected with malware that can be used by a hacker to do their bidding.

~BRUTE FORCE ATTACK:
A brute-force attack occurs when an attacker checks all possible passwords until the correct one is found.

~CLEAN URLS:
Clean URLs (or semantic URLs) are readable URLs for websites or web services that intuitively represent the underlying resource.

~CODE INJECTION:
Code injection can used by an attacker to introduce malicious code into a vulnerable computer program and change the course of ex*****on.
~CONTENT MANAGMENT SYSTEM:
Content Management Systems (CMS) allow non-technical users to publish and edit online resources.

~COOKIES:
HTTP is a stateless protocol. Cookies are the most common way to make a conversation between a browser and server stateful.

~DDL:
Data Definition Language (DDL) is the subset of the SQL language that allows table structures to be edited.

~DML:
Data Manipulation Language (DML) is the subset of the SQL language that allows querying and updating of table content.

~DEFENSE IN DEPTH:
Defense in depth refers to employing multiple layers or security controls to reduce the likelihood and impact of an attack.

~DENIAL OF SERVICE ATTACK:
A denial-of-service (DOS) attack is an attempt to make a web service or

~DICTIONARY ATTACK:
A dictionary attack is attempt to guess passwords by using well-known words or phrases.

~DIGITAL SIGNATURES:
Digital signatures are used to demonstrate the authenticity of a digital message.

~HTTP:
Hypertext Transfer Protocol (HTTP) is the mechanism that websites and web services use to communicate with user agents such as browsers.

~HTTPS:
Sensitive web traffic should be sent over an encrypted channel -- that's what HTTPS is for.

~HASHING:
You should store user passwords as strong, cryptographic hashes.

~LDAP:
Lightweight Directory Access Protocol (LDAP) is a technology used to create directories of individuals or resources.

~NETMASKS:
Netmasks (or subnet masks) are a shorthand for referring to ranges of consecutive IP addresses in the Internet Protocol. They used for defining networking rules in e.g. routers and firewalls.

~OWASP:
The Open Web Application Security Project (OWASP) is an online community that tracks common vulnerabilities and publishes information about web application security.

~OUATH:
OAuth is an open standard for authorization.

~PASSWORD LISTS:
Users are creatures of habit, which means they tend to choose obvious passwords and re-use them over multiple sites.

~PHISHING:
Phishing is when an attacker sends an email (or other electronic message) to a user, in an attempt to trick them into disclosing sensitive information.

~PRINCIPLE OF LEASTS PRIVILEGE:
Secure organizations often share information on a "need to know" basis, and this model can be applied to technical systems too.

~REST:
REpresentational State Transfer (REST) is a style of web service architecture designed to map create, read, update, and delete operations with their corresponding HTTP verbs.

~RANDOMNESS:
Modern encryption techniques require the generation of random numbers on demand. This is a surprisingly hard problem.

~RELEASES:
Software is rarely unchanging; it is important to have a clear strategy when pushing out new versions.

~SQL:
Structured Query Language (SQL) is a special purpose programming language for accessing and updating data in a relational database.

~SALTING:
Salting refers to adding a random token to a password before hashing it.

~SESSIONS:
A session is a stateful conversation between a website and a user agent, such as a browser.

~SOCIAL ENGINEERING:
Social engineering is when an attacker interacts directly with your users or staff, in an effort to trick them into disclosing sensitive information or performing restricted actions.

~URLS:
A Uniform Resource Locator (URL) -- informally called a web address -- specifies the location of a resource on the internet.

~WORMS:
A worm is a malicious program that replicates itself in order to spread to other systems.

~ZERO DAY EXPLOITS:
A zero-day vulnerability is a vulnerability that the application author has not yet become aware of.

19/04/2023

Internet Users in Pakistan 2023
According to the Digital report published by We Are Social & Meltwater, there are 87.35 million internet users in Pakistan.

As per the recent updates of February 2023 by the Pakistan Telecommunication Authority (PTA) below are the updated numbers.

19/04/2023

Interesting Facts About ChatGPT
Looking for some interesting ChatGPT facts? This section is for you.

1. When was ChatGPT released to the public?

The initial data of the ChatGPT release was on November 30, 2022.

It was launched as initially free to the public. Even now, it is free but it also has a premium version called “ChatGPT Plus” which costs $20 per month.

ChatGPT plus offers exclusive benefits such as access to ChatGPT, even during peak times faster response times, and more.

2. When was GPT-4 released?

GPT-4 (Generative Pretrained Transformer) is the newest OpenAI model released on March 14, 2023. It is currently available ONLY for ChatGPT Plus users.

3. What language ChatGPT is built in?

ChatGPT is built on top of OpenAI’s GPT-3.5 and GPT-4 families of large language models.

4. Does ChatGPT support external plugins?

Yes, ChatGPT supports external plugins from developers such as Expedia, OpenTable, Zapier, Shopify, Slack, and Wolfram.

5. Who are ChatGPT’s competitors?

ChatGPT is facing competition from the following competitors.

Google Bard
Microsoft Bing AI
Chinchilla
Amazon Codewhisperer

6. Does Elon Musk own OpenAI?

No. However, Elon Musk is one of the co-founders of OpenAI. Elon left the company’s board in 2018. Sam Altman and Ilya Sutskever are the masterminds behind OpenAI.

7. Is ChatGPT part of Microsoft?

No, but ChatGPT is backed by Microsoft, Khosla Ventures, and LinkedIn co-founder Reid Hoffman.

8. Is ChatGPT limited to 2021?

Yes, ChatGPT has limited knowledge of events that occurred after September 2021. That means it only has information and knowledge until September 2021.

9. Does ChatGPT learn from your responses?

Yes, ChatGPT remembers previous responses and prompts. It uses large language models and Reinforcement Learning from Human Feedback (RLHF) to understand the context and provide relevant context from the previous discussion.

This ability is the reason why ChatGPT can be extremely helpful in designing interactive AI chatbots.

10. What is the difference between Google search and ChatGPT?

ChatGPT ONLY provides textual answers whereas Google search shows you the information in a wide range of ways including articles, news, videos, images, Maps, featured snippets, and more.

10. What is the difference between Google search and ChatGPT?

ChatGPT ONLY provides textual answers whereas Google search shows you the information in a wide range of ways including articles, news, videos, images, Maps, featured snippets, and more.

ChatGPT Usage Stats
Looking for some latest ChatGPT usage stats? This section is for you.

1. Who uses Open AI the most?

According to SimilarWeb, OpenAI’s audience is 65.13% male and 34.87% female. The largest age group of visitors is 25 – 34-year-olds.

2. Are people using ChatGPT?

Yes, millions of people are using ChatGPT across the world.

Here are some key milestones of ChatGPT;

December 2022 – Crossed 1 Million users
January 2023 – Reached 57 Million users
February 2023 – 100 Million users

According to CBN News, ChatGPT is growing faster than TikTok.

3. What is the market value of ChatGPT?

OpenAI was most recently valued at $29 billion, in a $10 billion funding round by Microsoft.

4. How much is invested in OpenAI?

More than $15 billion so far. Microsoft Corp. is making a $10 billion investment over several years in OpenAI. As of 2023, Microsoft is the BIGGEST stakeholder of OpenAI and ChatGPT.

5. How many people visit ChatGPT?

According to Similarweb, the ChatGPT website has been visited a total of 1 billion times so far and attracts over 25 million daily visits.

ChatGPT Platform Statistics & Facts
Here are some ChatGPT platform-specific stats and facts.

1. How much data does ChatGPT contain?

It is said that ChatGPT’s training dataset contains over 570 GB of text and 300 billion words. It is growing with the introduction of the latest large family language models such as GPT 4.

2. Which GPU does ChatGPT use?

Nvidia and Microsoft recently revealed that thousands of A100 GPUs were used to train ChatGPT.

Microsoft also reveals that ChatGPT’s hardware comprises over 285,000 CPU cores, 10,000 GPUs, and network connectivity of 400 GBs per second per GPU server.

3. What computing platform does ChatGPT use?

ChatGPT uses the Microsoft Azure cloud computing platform. Microsoft’s Azure OpenAI service allows developers to integrate ChatGPT directly into many applications using a token-based pricing system.

That’s how many AI tools like Jasper can use GPT technology to provide features like text generation to users.

What technology does ChatGPT use?

ChatGPT offers two versions and it uses two different technologies. The free version uses the GPT-3.5 language model whereas the ChatGPT Plus version users have access to the latest GPT-4 technology.

5. How many languages does GPT-4 support?

GPT-4 supports almost 26 languages, including English, Arabic, Bengali, Telugu, Italian, Turkish, Marathi, and more.

6. What is the top traffic source to OpenAI?

SimilarWeb reports that the top traffic source to openai.com is Direct traffic, driving 69.10% of desktop visits last month, and Organic Search is the 2nd with 23.54% of traffic.

7. How good is ChatGPT’s GPT-4?

GPT-4 has finished and aced the Uniform Bar Exam (MBE+MEE+MPT) in the top 10% of all scorers with a score of 298/400, compared to the bottom 10% by GPT 3.5. (Source: OpenAI)

Open AI also reports that GPT-4 75% estimated percentile in Medical Knowledge Self-Assessment Program.

8. What countries don’t have access to ChatGPT?

Some of the countries that don’t have access to ChatGPT yet include China, Russia, Ukraine, Afghanistan, Iran, Belarus, and Venezuela.

9. What are all the products developed by OpenAI?

Here are some of the major products created and developed by OpenAI;
DALL-E: It can be used for creating images from text
CLIP: It is used for connecting text and images
Whisper: It transcribes speech into text and translatess many languages into English.
GPT: It is useful as a chatbot, article writer, code editor, etc

10. What are the limitations of ChatGPT?

Here are some of the biggest limitations of ChatGPT;

ChatGPT’s knowledge is limited to the year 2021
It keeps on repeating the same content again and again (it is not useful for bloggers, or writers who want to use it for content creation)
It has difficulty understanding context, especially humor
It can generate biased responses.

13/04/2023

02/04/2023

IN 30 DAYS...

02/04/2023

Microsoft plans to release GPT-4 as early as next week, with the ability to create AI-generated videos from simple text prompts.

Andreas Braun, Chief Technology Officer at Microsoft Germany, recently confirmed that GPT-4 will be unveiled next week at an event called -- AI in Focus -- Digital Kickoff, reports Windows Central.

"We will introduce GPT-4 next week, where we have multimodal models that will offer completely different possibilities - for example, videos," Braun was quoted as saying.
The report said that GPT-4 is the next iteration of OpenAI's Large Language Model (LLM), and it should be significantly more powerful than GPT-3.5, which powers the current version of ChatGPT.

GPT-4 which is 500 Times More powerful than the current will be Released next week.The current version of ChatGPT is built on GPT 3.5 with 175 Billion Machine Learning Parameters.But GPT-4 has 100 TRILLION ML PARAMETERS.

GPT-4 will be able to process multiple types of data including Videos, Images, Sounds, Numbers etc.

ChatGPT and other GPT-3.5-powered technologies are currently limited to text-based responses.

However, Braun's comments imply that this may change with the release of GPT-4.
The multimodal models of the LLM could pave the way for video production and other types of content, according to the report.

Meanwhile, the AI-powered Bing search engine has surpassed 100 million daily active users, as ChatGPT's integration into Bing has helped the company grow its usage within a month like never before.

Its rival Google Search engine has more than 1 billion daily active users.

02/04/2023

Here are some tips and tricks on how to use ChatGPT with short tricks and hidden features:

1. Use Shortcuts: ChatGPT supports a variety of shortcuts to speed up your interactions. For example, you can type "Ctrl + Space" to see a list of available commands, or use "Ctrl + Shift + P" to toggle the command palette.

2. Try different prompts: Experiment with different prompts to get the most out of ChatGPT. You can use prompts like "What are the top 10 tips for..." or "How do I..." to get quick answers to your questions.

3. Use the "Teach me" command: If you want ChatGPT to learn something new, you can use the "Teach me" command. Simply type "Teach me [topic]" and ChatGPT will start learning about that topic.

4. Use context: ChatGPT uses context to understand your queries better. You can provide context by including information about your location, time zone, or previous interactions with ChatGPT.

5.Use multi-turn conversations: ChatGPT supports multi-turn conversations, which means you can have a back-and-forth conversation with it. This is useful when you need more information or want to clarify something.

6. Use different language models: ChatGPT has several language models that you can choose from, each with its own strengths and weaknesses. Experiment with different models to see which one works best for your needs.

7. Use the API: If you're a developer, you can use the ChatGPT API to build your own custom applications. The API allows you to integrate ChatGPT into your website or mobile app.

8. Use custom prompts: You can create your own custom prompts for ChatGPT by using the "Add a prompt" command. This is useful if you have a specific question or topic that you want to learn more about.

9.Use the "Debug" command: If you're having trouble getting ChatGPT to understand your query, you can use the "Debug" command. This will show you what ChatGPT is doing behind the scenes and help you identify any issues.

10.Use the "Personality" command: ChatGPT has several personalities that you can choose from, each with its own unique style and tone. Use the "Personality" command to switch between different personalities and see which one you prefer.

Overall, using these tips and tricks can help you get the most out of ChatGPT and make your interactions more efficient and productive.

12/03/2023

Q. What is Facebook cl0ning?
Ans. Facebook cloning refers to the act of cr3ating a fak3 Facebook accounts.
Q. How people cl0ne?
Ans:
1. Using stol3n cr3dentials:
a. Phi$hing
b. $ocial engine3ring
c. Pas$word cr@cking
d. Malware to st3al l0gin cr3dentials.
e. Se$sion hij@cking: they may intercept the
v!ctim's ses$ion ID or c0okie and use it to
h!jack their Facebook ses$ion, allowing them to l0g in to the acc0unt without the v!ctim's
pa$sword.
e. Ses$ion hij@cking methods..
i. Pack3t sn!ffing
ii. Cr0ss-site scripting: XSS att@ck ways
a. Reflected XSS
b. Stored XSS
c. DOM-based XSS
iii. Man-in-the-middle
2. Facebook scr@ping: Facebook scr@ping is the process of using software or automated tools to extr@ct data fr0m Facebook profiles.
a. Using tools like Scrapy
b. NetVizz tools etc
Note : some people say we can cl0ne using scr!pts but in reality this is not true. We cl0ne acc0unts using some web applications, to0ls, which are programmed in Python, JavaScript language etc..
3. Copying the cont3nt of a l3gitimate account.
4. Cr3ating a similar us3rname.

08/02/2023