Read More
  • 3 minute read

Combatting SIM Swapping

In today’s world, we use two-factor authentication for security when logging in to everything from our email accounts to our social media accounts, from our internet banking accounts to the accounts that hold the source code of software we develop. When we hear the term two-factor authentication, many of us…
Read More
0
0
0
0
0
Read More
  • 3 minute read

Hooking on Android

Although our topic is the Android world, when it comes to hooking, I first think of the illegal electricity that is drawn by hooking onto energy transmission lines and into homes. In the Android world, we also use a similar method when we want to dynamically analyze or intervene in…
Read More
0
0
0
0
0
Read More
  • 4 minute read

Cerberus Analysis

In February 2020, I received a SMS on my cell phone that made me quite suspicious. When I visited the https://ko[.]tc/hediyekazani web address mentioned in the message, I found that I was redirected to the http://www-bedavainternethediyeuygulama[.]com web address. A short time after receiving the SMS, when I visited the website…
Read More
0
0
0
0
0
Read More
  • 5 minute read

Who Viewed My Profile?

On September 23, 2020, while browsing cybersecurity-related news on Twitter, I noticed the hashtag #profilimekimbaktı in the trending topics. I decided to check the accounts sharing this hashtag as it raised suspicion. One of the accounts had written in their message that the Android app Web Postegro & Lili showed…
Read More
0
0
0
0
0
Read More
  • 3 minute read

Operations Security (OPSEC)

Sometimes when you follow cybersecurity experts on social media or look at cybersecurity presentations, you may come across phrases like “OPSEC FAIL.” These usually refer to significant operational errors made by APT groups and/or malware developers. For those who are curious about what operasyon güvenliği (OPSEC) is, it stands for…
Read More
0
0
0
0
0
Read More
  • 4 minute read

TLS Fingerprinting

For those of you who read my blog post on WordPress Security, you would have seen in the administrator page of my blog that there was a dictionary attack that was conducted for years (up until May 2020) from more than 20 IP addresses, and how I fought against it.…
Read More
0
0
0
0
0
Read More
  • 3 minute read

Magecart Analysis

As you may remember, in my blog post “Fighting Against Magecart” I mentioned that I would cover the analysis of malicious JavaScript code in another article. Until now, I have analyzed malicious JavaScript code many times, and about 3 years ago, I also wrote a blog post titled “Malicious JavaScript…
Read More
0
0
0
0
0
Read More
  • 4 minute read

LinkedIn Scammers

As a cybersecurity researcher who has been actively using social media and the network for many years, you may have noticed that I share cybersecurity articles and news that I read and liked on LinkedIn and Twitter among my connections, especially during the week. Because my Twitter account is protected,…
Read More
0
0
0
0
0
Read More
  • 3 minute read

Fight Against Magecart

Recently, cyber attacks carried out by the Magecart group, which has become the nightmare of companies ranging from e-commerce companies (such as Newegg) to airlines (such as British Airways), to ticketing companies (such as Ticketmaster and Biletix) and media companies (such as ABS-CBN), continue to affect our country and our…
Read More
0
0
0
0
0