Introduction

This is a continuation of the Windows ShellBags article published in the SheHacks Medium. Let’s do a quick recap, Microsoft Windows records the view preferences of folders and Desktop.

Therefore, when the folder is visited again, Windows can remember the location of the folder, view and positions of items. Microsoft Windows store the view preferences in the registry keys and values known as “ShellBags”.

The properties of a folder contained within Windows Shellbags can be significant to a computer forensic investigation, it allows for an assessment on whether the content of the folder could have been viewed simply from…


Introduction

Ever noticed when a user in a windows operating system modifies a folder size by e.g., resizing the window itself. Then going back to that folder at a later date, the customization remains? That is shellbags in action!

There are many sources of digital evidence and is divided into three major forensic categories of devices where evidence can be found: Internet-based, stand-alone computers or devices, and mobile devices. In this article, we will focus on stand-alone computers.


What is vulnerability assessment

This is the systematic review of all the vulnerabilities in an information system. It involves identifying, quantifying and prioritizing vulnerabilities after which you come up with a report with recommendations on whatever needs to be done.

How is vulnerability assessment different from penetration testing?

Vulnerability scans look for known vulnerabilities in your systems and report potential threats. Penetration tests are intended to exploit weaknesses in the architecture of your Information system and determine the degree to which a malicious attacker can gain unauthorized access to your assets. …


Hello aspiring cyber-warriors!

Today in this article we will learn the basic concepts about cross-site request forgery which is a common web application vulnerability. This will be a beginner’s guide for CSRF explaining what exactly is Cross-site scripting entails and how this vulnerability is exploited.

What is cross-site request forgery?

Cross-site request forgery also known as CSRF is a web security vulnerability that allows an attacker to induce users to perform actions that they do not intend to perform. With a little help of social engineering (such as sending a link via email or chat), an attacker may trick the users of a web application…


Welcome back cyber enthusiasts!

Today we will learn how to install and configure DVWA in Docker. I will demonstrate this step by step and explain how to do this on kali Linux. I will briefly explain what docker is and what DVWA entails and later on take you through how to install and configure DVWA on docker.

Docker is a tool designed to make it easier to create, deploy, and run applications by using containers. Containers allow a developer to package up an application with all of the parts it needs, such as libraries and other dependencies, and deploy it…


Wireshark is a free and open-source network protocol analyzer. What we mean by a network protocol analyzer is that it will capture packet data on the network and present it in as much as detail as possible.

Wireshark is a very powerful tool and because of this, we have seen various organizations embracing it and using it within their organization to troubleshoot any network issues that may come up. It is also being used by threat/malware analysts to analyze malicious traffic and understand the actions of a particular malware on a network.

Being a powerful packet sniffer, we have seen…


Introduction

We live in an era where personal data is so valuable that many organizations are now actually built around its collection, and use. In Kenya, citizens give out their information the issuance of their Identity Card. In most organizations, employees provide their bio-data information that serves as a criterion for evaluating or assessing the employee. Social media apps collect user information to customize, improve and market their services.

To regulate this phenomenon, Kenya has enacted two major legislations — DPA Act 2019, Computer Misuse Act 2018 (some parts are suspended) — to at least discourage abuse of Data Handling…


This article originally appeared on eKRAAL Innovation Hub’s blog.

Photo by Dimitri Karastelev on Unsplash

The purpose of this advisory is to assist you in understanding the fundamental changes WhatsApp has updated in its Privacy Policy as part of securing your digital privacy.

Introduction

Edward Snowden and Elon Musk, Tesla CEO recent tweets “Use Signal” caused a massive number of signups for the alternative app to WhatsApp. This was in response to Mark Zuckerberg’s, Facebook Inc. CEO announcement that WhatsApp, a Facebook subsidiary, would update and change its Terms and Conditions starting February 8, 2021. They have since retracted this date to May 13, 2021.

Does WhatsApp collect information?

Yes, it…


Organizations deal with attacks every day. It could be SQL injection attempts, cross-site scripting, brute force attack among others and in order to stop such attempts, solutions need to be put in place. These may involve active network monitoring and use of firewalls to block unknown IPs.

There is a lot of data flowing in our networks (both organizational and personal). This data could be good or bad and knowing this information is quite difficult. Immediately we are connected to the internet, we have data flowing from one node to another. …


The healthcare industry is progressively depending on internet-connected devices and innovations to enhance its productivity in care and operations. There has been an increase in the use of wellness apps and devices which have significantly advanced wellbeing records. Such information is generally stored on the cloud or in databases. Ideally, only approved caregivers should have access to the health data of patients. However, when such data is transmitted wirelessly, there is a high likelihood of eavesdropping.

Securing your network and your devices

The frameworks that health facilities utilize, how the information that is transmitted to and from the medical devices is utilized and what is being…

SheHacks_KE

A community of Women in Cybersecurity from various backgrounds and counties across Kenya. https://shehackske.com/

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store