There is no way it's DNS

There is no way it's DNS

Development
Preamble Some time ago, there was a bit of discussion at the office regarding a new policy from the DKI Jakarta Provincial Government about deactivating Jakarta ID cards for residents who are no longer domiciled in Jakarta. Several colleagues were affected, so others who still had Jakarta ID cards immediately checked their NIK status. However, as we know, many people have had bad experiences accessing digital government services, ranging from slow loading to being completely inaccessible. My …
Read more…
Moving From Disqus to Giscus with Hugo SSG

Moving From Disqus to Giscus with Hugo SSG

Development
Goodbye Disqus, Hello Giscus After using Disqus for a long time as a comment platform, also known as Comment-as-a-service, this website has finally switched to giscus after considering another similar platform that also uses GitHub, namely utterances. Starting When I first built this website, I was confused about which comment system to use. Since this site is an SSG (Static Site Generator) and does not have a database connection, using a third party comment platform was the best option. In …
Read more…
Update Newsfeed RSS to Discord

Update Newsfeed RSS to Discord

Development
As a Cybersecurity worker, we must stay up-to-date with any news, alerts, advisories and others also in the IT field everything is new and growing so fast, especially in cybersecurity To fill this gap I use a RSS aggregator to send the latest update from my favorite blog/news to notify me If you join SHL Discord you’ll be familiar with feeds and feeds-ransom text channel, this is how I configure it
Read more…
Hacking Phishing-as-a-Service

Hacking Phishing-as-a-Service

Development
You may have just clicked on a Phishing Ad I am tired of the ads that appear while watching reels on Facebook. Besides malware ads and online gambling ads, there are also many phishing ads targeting games like Free Fire and Mobile Legends, as well as ads inviting users to join 18+ groups. These ads are designed to steal social media account credentials and can seriously harm users. Phishing, or password fishing, is a method widely used by threat actors to obtain access or credentials to services …
Read more…
Interesting or Suspicious Ads Continued

Interesting or Suspicious Ads Continued

Development
After writing about malware ads using the Google Bard lure, now there is another malware ad that is slightly different, both in terms of the lure and the malware being delivered. This ad promotes a custom Windows taskbar to make it look more attractive. However, the file downloaded is actually malware and there is no custom taskbar installation as advertised. So what does the downloaded file install? Of course, malware. Below is roughly what the installer does.
Read more…
Dictionary Attack

Dictionary Attack

Development
Understanding What a Dictionary Attack Is A dictionary attack is one of the common techniques used in hacking or pentesting. This attack uses a collection of commonly used passwords (wordlists) or passwords that have been leaked on the internet, such as rockyou.txt, ignis, and others. The difference between a brute force attack and a dictionary attack lies in the use of a wordlist. A brute force attack attempts all possible character combinations, which usually takes much longer. A dictionary …
Read more…
Interesting or Suspicious Ads?

Interesting or Suspicious Ads?

Development
Last June, on the 14th to be exact, I was scrolling Facebook and found an interesting ad about Google’s AI called Bard. What made it even more interesting was the comment section, so I immediately checked the comments. Why were all the commenters verified blue check accounts? Why were Indonesian politicians commenting on it? What does politics have to do with Google Bard? The comments also showed mostly positive sentiment.
Read more…
Secure Surfing Practice

Secure Surfing Practice

Development
The internet has become an important part of daily life. Most commonly, it is used as a source of information and entertainment. However, unwise and improper use of the internet can endanger data security and privacy. Below are several steps you can follow to stay safe while browsing the internet: Add Web Protection Install the Malwarebytes Browser Guard extension in your browser. With this extension, Malwarebytes will block access when you accidentally open a suspicious website or a site …
Read more…
Lesson Learned from Ransomware

Lesson Learned from Ransomware

Development
Ransomware Ransomware is a type of malware (malicious software) that encrypts victims’ files, causing them to lose access to their data. The malware will decrypt the files if the ransom has been paid by the victim, but there is no guarantee that all data will be restored. If the victim refuses to pay, some ransomware variants will expose the victim’s files to the internet. Ransomware spreads through fake installers, phishing, exploit kits, remote desktop access, and other methods.
Read more…
Yes, It was DNS!

Yes, It was DNS!

Development
As we know, DNS or Domain Name Server is a service responsible for translating domain names into IP addresses so users do not need to remember complicated IP addresses one by one. Therefore, DNS is a crucial service and must be configured properly. Otherwise, it may cause a domain to become difficult or even impossible for users to access. For example, some time ago a colleague complained to the infrastructure team because they could not access monev.spbe.go.id. Long story short, I asked the …
Read more…