Buna Byte Cybersecurity
1k 🥳🥳🥳🥳🥳
🎉 We’ve officially hit 1K! Thank you to every single member for the support and trust. This is just the beginning.
@bunabytecs
@bunabytecs
⚡10❤4🍾4
Forwarded from AfroSec
🎄 Christmas Supply-Chain Nightmare Trust Wallet Extension Backdoored 😂🎄
Version 2.68 of the Trust Wallet browser extension shipped with a silent backdoor that exfiltrated users’ mnemonic phrases straight to attacker-controlled servers. No phishing. No fake sites. Just a poisoned update.
b/c the extension auto-updated, the blast radius was massive
On Dec 25, attackers flipped the switch and began draining wallets.
💸 Tens of millions of dollars gone.
u better go and update the chrome extension 👀
@AfroSec
Version 2.68 of the Trust Wallet browser extension shipped with a silent backdoor that exfiltrated users’ mnemonic phrases straight to attacker-controlled servers. No phishing. No fake sites. Just a poisoned update.
b/c the extension auto-updated, the blast radius was massive
On Dec 25, attackers flipped the switch and began draining wallets.
💸 Tens of millions of dollars gone.
u better go and update the chrome extension 👀
@AfroSec
❤1
bunabyte.com is live❤️.
We’re building this with the community.
Content, labs, and services are coming soon—step by step, done right.
@bunabytecs bunabyte.com
We’re building this with the community.
Content, labs, and services are coming soon—step by step, done right.
@bunabytecs bunabyte.com
🔥13❤5🎉1
Forwarded from Befikadu (0xfke)
Got access to the server room. It was spotless… and hotter than my future after touching production servers. Took the pic and evacuated immediately 😂🔥
@ishareFike
@ishareFike
🤣8😁5👍1
Befikadu (0xfke)
Got access to the server room. It was spotless… and hotter than my future after touching production servers. Took the pic and evacuated immediately 😂🔥 @ishareFike
Servers are introverts they like it clean, quiet, and cold.😅
If your server room feels like a sauna, something upstream is crying.
Cooling isn’t a luxury, it’s infrastructure.
If your server room feels like a sauna, something upstream is crying.
Cooling isn’t a luxury, it’s infrastructure.
👍3💯3
⚠️ ማስጠንቀቂያ፡ የብሔራዊ መታወቂያዎን በኢንተርኔት ላይ ከማጋራት ይቆጠቡ!
የብሔራዊ መታወቂያ (National ID) የእርስዎ ዲጂታል ማንነት መገለጫ ነው። ይህንን መረጃ በማህበራዊ ሚዲያ (Facebook, Telegram, WhatsApp) ወይም ባልተረጋገጡ ድረ-ገጾች ላይ ማጋራት ለከፍተኛ አደጋ ያጋልጥዎታል።
📌 መታወቂያን ማጋራት የሚያስከትላቸው ጉዳቶች፦
የማንነት ስርቆት (Identity Theft)፡ ወንጀለኞች የእርስዎን መረጃ በመጠቀም በእርስዎ ስም የባንክ አካውንት ሊከፍቱ፣ ብድር ሊወስዱ ወይም የተለያዩ ግብይቶችን ሊፈጽሙ ይችላሉ።
የፋይናንስ መጭበርበር፦ ከመታወቂያዎ ላይ የሚገኙ መረጃዎችን በመጠቀም የባንክ አካውንትዎን ወይም የዲጂታል ክፍያ መተግበሪያዎችዎን ሰብረው በመግባት ገንዘብዎን ሊሰርቁ ይችላሉ።
Dark Web ገበያ ሽያጭ፦ የግል መረጃዎች በድብቅ የኢንተርኔት ዓለም (Dark Web) ላይ ለሽያጭ ሊቀርቡ ይችላሉ።
ለተለያዩ ወንጀሎች ተባባሪ መሆን፦ የእርስዎ መታወቂያ ለሌላ ህገ-ወጥ ተግባር (ለምሳሌ ለሲም ካርድ ስም ዝውውር) ቢውል፣ ተጠያቂነቱ የእርስዎ ይሆናል።
✅ እራስዎን እንዴት ይጠብቁ
... Part 2
ስለ ሳይበር ደህንነት (Cybersecurity) የበለጠ መረዳት ይፈልጋሉ?
ከእኛ ጋር በመሆን መረጃዎን ይጠብቁ፦
🌐 ድረ-ገጻችን፦ bunabyte.com
📢 ቴሌግራም፦ t.me/bunabytecs
📧 ኢሜይል፦ info@bunabyte.com
Buna Byte — ለተሻለ የዲጂታል ደህንነት!
የብሔራዊ መታወቂያ (National ID) የእርስዎ ዲጂታል ማንነት መገለጫ ነው። ይህንን መረጃ በማህበራዊ ሚዲያ (Facebook, Telegram, WhatsApp) ወይም ባልተረጋገጡ ድረ-ገጾች ላይ ማጋራት ለከፍተኛ አደጋ ያጋልጥዎታል።
📌 መታወቂያን ማጋራት የሚያስከትላቸው ጉዳቶች፦
የማንነት ስርቆት (Identity Theft)፡ ወንጀለኞች የእርስዎን መረጃ በመጠቀም በእርስዎ ስም የባንክ አካውንት ሊከፍቱ፣ ብድር ሊወስዱ ወይም የተለያዩ ግብይቶችን ሊፈጽሙ ይችላሉ።
የፋይናንስ መጭበርበር፦ ከመታወቂያዎ ላይ የሚገኙ መረጃዎችን በመጠቀም የባንክ አካውንትዎን ወይም የዲጂታል ክፍያ መተግበሪያዎችዎን ሰብረው በመግባት ገንዘብዎን ሊሰርቁ ይችላሉ።
Dark Web ገበያ ሽያጭ፦ የግል መረጃዎች በድብቅ የኢንተርኔት ዓለም (Dark Web) ላይ ለሽያጭ ሊቀርቡ ይችላሉ።
ለተለያዩ ወንጀሎች ተባባሪ መሆን፦ የእርስዎ መታወቂያ ለሌላ ህገ-ወጥ ተግባር (ለምሳሌ ለሲም ካርድ ስም ዝውውር) ቢውል፣ ተጠያቂነቱ የእርስዎ ይሆናል።
✅ እራስዎን እንዴት ይጠብቁ
... Part 2
ስለ ሳይበር ደህንነት (Cybersecurity) የበለጠ መረዳት ይፈልጋሉ?
ከእኛ ጋር በመሆን መረጃዎን ይጠብቁ፦
🌐 ድረ-ገጻችን፦ bunabyte.com
📢 ቴሌግራም፦ t.me/bunabytecs
📧 ኢሜይል፦ info@bunabyte.com
Buna Byte — ለተሻለ የዲጂታል ደህንነት!
👍7❤2
...#Part02
✅ እራስዎን እንዴት ይጠብቁ?
1. መታወቂያዎን ፎቶ አንስተው አይፖስቱ፦ የቱንም ያህል ደስተኛ ቢሆኑ ወይም ለስራ ቢፈለግ፣ በግልጽ የሶሻል ሚዲያ ገጾች ላይ በፍጹም አይልቀቁ።
2. በቴሌግራም ወይም በሜሴንጀር አይላኩ፦ አስፈላጊ ሆኖ ሲገኝ እንኳን ደህንነቱ በተጠበቀ መንገድ እንጂ በግል የመልዕክት መለዋወጫዎች መላክ አደጋ አለው።
3. የማንነት ማረጋገጫ ሲጠየቁ ይጠንቀቁ፦ ማንኛውም ድርጅት መታወቂያዎን ሲጠይቅ ለምን ዓላማ እንደሚውል እና መረጃው እንዴት እንደሚጠበቅ እርግጠኛ ይሁኑ።
ማስታወሻ፦ የእርስዎ ደህንነት ለእኛ ቅድሚያ የምንሰጠው ጉዳይ ነው። ጥንቃቄ በማድረግ ማንነትዎን ከዲጂታል አጭበርባሪዎች ይጠብቁ።
ስለ ሳይበር ደህንነት (Cybersecurity) የበለጠ መረዳት ይፈልጋሉ?
ከእኛ ጋር በመሆን መረጃዎን ይጠብቁ፦
🌐 ድረ-ገጻችን፦ bunabyte.com
📢 ቴሌግራም፦ t.me/bunabytecs
📧 ኢሜይል፦ info@bunabyte.com
Buna Byte — ለተሻለ የዲጂታል ደህንነት!
✅ እራስዎን እንዴት ይጠብቁ?
1. መታወቂያዎን ፎቶ አንስተው አይፖስቱ፦ የቱንም ያህል ደስተኛ ቢሆኑ ወይም ለስራ ቢፈለግ፣ በግልጽ የሶሻል ሚዲያ ገጾች ላይ በፍጹም አይልቀቁ።
2. በቴሌግራም ወይም በሜሴንጀር አይላኩ፦ አስፈላጊ ሆኖ ሲገኝ እንኳን ደህንነቱ በተጠበቀ መንገድ እንጂ በግል የመልዕክት መለዋወጫዎች መላክ አደጋ አለው።
3. የማንነት ማረጋገጫ ሲጠየቁ ይጠንቀቁ፦ ማንኛውም ድርጅት መታወቂያዎን ሲጠይቅ ለምን ዓላማ እንደሚውል እና መረጃው እንዴት እንደሚጠበቅ እርግጠኛ ይሁኑ።
ማስታወሻ፦ የእርስዎ ደህንነት ለእኛ ቅድሚያ የምንሰጠው ጉዳይ ነው። ጥንቃቄ በማድረግ ማንነትዎን ከዲጂታል አጭበርባሪዎች ይጠብቁ።
ስለ ሳይበር ደህንነት (Cybersecurity) የበለጠ መረዳት ይፈልጋሉ?
ከእኛ ጋር በመሆን መረጃዎን ይጠብቁ፦
🌐 ድረ-ገጻችን፦ bunabyte.com
📢 ቴሌግራም፦ t.me/bunabytecs
📧 ኢሜይል፦ info@bunabyte.com
Buna Byte — ለተሻለ የዲጂታል ደህንነት!
👍5🫡3
I was doing some math on the #TryHackMe monthly subnoscription today. The official price is $16.99, which currently converts to roughly 2,640+ ETB at market rates.
For many of us in the local tech community, that’s a significant monthly investment. However, I found a more accessible bridge: @tegene is offering 1-month vouchers for 2,000 ETB.
If you’ve been waiting to start a new learning path or get that "AttackBox" access, this might be the right time to save about 25% on your overhead.
@bunabytecs
bunabyte.com
#CyberSecurity #TryHackMe
For many of us in the local tech community, that’s a significant monthly investment. However, I found a more accessible bridge: @tegene is offering 1-month vouchers for 2,000 ETB.
If you’ve been waiting to start a new learning path or get that "AttackBox" access, this might be the right time to save about 25% on your overhead.
Note: This isn't a sponsorship—just a heads-up for my fellow learners looking to optimize their budget.
@bunabytecs
bunabyte.com
#CyberSecurity #TryHackMe
🔥7😍3🍌1
💯3👌2❤🔥1
We built this TryHackMe room while teaching the BBJST
It’s hands-on Linux fundamentals - not theory, not slides.
This is how we learn. This is how we teach.
🔗 https://tryhackme.com/jr/bbjstlinux
More structured resources coming soon on bunabyte.com
@bunabytecs
Buna Byte Junior Security Tester program batch 03.It’s hands-on Linux fundamentals - not theory, not slides.
This is how we learn. This is how we teach.
🔗 https://tryhackme.com/jr/bbjstlinux
More structured resources coming soon on bunabyte.com
@bunabytecs
🔥9❤🔥3👌2👍1👏1
Buna Byte Cybersecurity
We built this TryHackMe room while teaching the BBJST Buna Byte Junior Security Tester program batch 03. It’s hands-on Linux fundamentals - not theory, not slides. This is how we learn. This is how we teach. 🔗 https://tryhackme.com/jr/bbjstlinux More structured…
YouTube
ሊኑክስን በ3 ሰዓት! Linux fundamentals Full course
#2025 #Amharic #cybersecurity #ethiopia #linux
ሊኑክስን በ3 ሰዓት! ከመሰረቱ እስከ መጨረሻው ሁሉንም በአንድ ቪዲዮ። እንዳያመልጥዎ!
Full Play list: https://www.youtube.com/playlist?list=PLPVCmb8ehZK3Ta5r8C2-7I_8mmoKNpLms
//🕔Timestamps://
0:00 ▶️ Intro
//📱 Stay Connected//
Instagram:…
ሊኑክስን በ3 ሰዓት! ከመሰረቱ እስከ መጨረሻው ሁሉንም በአንድ ቪዲዮ። እንዳያመልጥዎ!
Full Play list: https://www.youtube.com/playlist?list=PLPVCmb8ehZK3Ta5r8C2-7I_8mmoKNpLms
//🕔Timestamps://
0:00 ▶️ Intro
//📱 Stay Connected//
Instagram:…
❤5👌1
$book_name = $_GET['book_name'] ?? '';
$special_chars = array("OR", "or", "AND", "and" , "UNION", "SELECT");
$book_name = str_replace($special_chars, '', $book_name);
$sql = "SELECT * FROM books WHERE book_name = '$book_name'";
echo "<p>Generated SQL Query: $sql</p>";
$result = $conn->query($sql) or die("Error: " . $conn->error . " (Error Code: " . $conn->errno . ")");
if ($result->num_rows > 0) {
while ($row = $result->fetch_assoc()) {
...
..
What makes this code vulnerable?
bunabyte.com
❤7⚡2
Buna Byte Cybersecurity
$book_name = $_GET['book_name'] ?? ''; $special_chars = array("OR", "or", "AND", "and" , "UNION", "SELECT"); $book_name = str_replace($special_chars, '', $book_name); $sql = "SELECT * FROM books WHERE book_name = '$book_name'"; echo "<p>Generated SQL Query:…
Why this code is vulnerable
• User input is directly concatenated into the SQL query
• Once input enters the query string, SQL injection is already possible
Why
• SQL is a grammar-based language, not a keyword list
• Removing words like OR, AND, UNION, SELECT does not change SQL logic
- case-sensitive
- literal
- context-unaware
Attackers can bypass filters using:
- alternative operators
- comments
- encodings
- numeric logic
- functions and comparisons
🙅♂️The critical mistake
• User input is still placed inside quotes
• The database still parses input as executable SQL
• Filtering inside a dangerous context does not make it safe
Additional security issues
• Echoing the SQL query leaks:
- table names
- column names
- filtering logic
• Displaying database errors gives attackers free reconnaissance
Here is the best‑practice version of that code
bunabyte.com
@bunabytecs
• User input is directly concatenated into the SQL query
• Once input enters the query string, SQL injection is already possible
Why
str_replace makes it worse• SQL is a grammar-based language, not a keyword list
• Removing words like OR, AND, UNION, SELECT does not change SQL logic
str_replace is:- case-sensitive
- literal
- context-unaware
Attackers can bypass filters using:
- alternative operators
- comments
- encodings
- numeric logic
- functions and comparisons
🙅♂️The critical mistake
• User input is still placed inside quotes
WHERE book_name = '$book_name'
• The database still parses input as executable SQL
• Filtering inside a dangerous context does not make it safe
Additional security issues
• Echoing the SQL query leaks:
- table names
- column names
- filtering logic
• Displaying database errors gives attackers free reconnaissance
Here is the best‑practice version of that code
$book_name = $_GET['book_name'] ?? '';
$stmt = $conn->prepare(
"SELECT * FROM books WHERE book_name = ?"
);
$stmt->bind_param("s", $book_name);
$stmt->execute();
$result = $stmt->get_result();
if ($result->num_rows > 0) {
while ($row = $result->fetch_assoc()) {
// process result
}
}
☕️ $stmt turns user input from code into data.
bunabyte.com
@bunabytecs
🔥5👌4❤1