In our last post, we had seen how google's Gemma 4 model released for free might be a game changer. We had seen how to download Gemma 4 for Windows PC, but what about Kali linux users? Our blog's core fans! Dont' worry i got you covered!
Today, we are putting Google's 2026 flagship model onto the world's most popular security platform: Kali Linux. Whether you are using it for automated code auditing or private log analysis, this guide is for you.
Chapter 1: Why Kali + Gemma 4?
Running AI on Kali isn't just about "cool factor." In 2026, Data Sovereignty is everything. When you are performing a security audit, you cannot risk sending sensitive scripts or server logs to a cloud provider. You need a Zero-Trust AI Architecture. Also, you cannot google everything, you know what i'm talking about😅
Botnet or Robot network what it is ? and how botnet works ? that's what we're gonna see in today's post. Imagine this: you're sipping your morning coffee, scrolling through your phone, while your smart devices hum in the background—your thermostat keeping the room cozy, your security cameras silently watching over the house. It feels modern, convenient, and safe. But behind the scenes, there’s a hidden risk many people don’t think about.
The title "Do you leave your Digital Fingerprint?? What if i say you do!! Yes, you may be one among the 99% people without your knowledge!" itself explains the content we're gonna see in this post. Yes, about digital footprinting, Browser hardening and so on..
Its been so long, since i wrote a post in this year. Thanks to the pandemic.:(
5G is the hot topic here around the world for a couple of months either its because of its ultra speed connectivity and being advanced than 4G or for new research showing lot of birds dying because of its radiations. And there joins another research from positive technologies that shows all the current 4G and first generation 5G networks are vulnerable to DOS attack.
" 100% of 4G networks are susceptible to denial-of-service attacks and 5G is not immune - Positive Technologies"
If you are not familiar with the word DOS, then i will explain it simple line. DOS is a kind of attack used by malicious person where lot of requests are sent from the one machine requesting for a particular source(mostly),hmmm i guess it would be better if i explain in this way. Imagine like this, you will be able to drink water only till a particular level right ? for example: 1.5 liter continuously after that what will happen ?, you willn't be able to drink or even if you drink you will feel vomiting or something right? . Servers (a group of computers) work in the same way. A Computer will be able to handle only upto a specific kind of requests so post that, it will fail for other requests. And there comes a another terms DDOS which might be useful for you at some place, this ddos is nothing but distributed denial of service. The difference is only one thing. If a attacker uses one computer then its dos and if he uses multiple to attack then its ddos.
Pretty hard to digest, uh! but how is it done? simple its because of the vulnerability exists in the Diameter base signalling protocol. What is this Diameter signal protocol ? first what is a protocol?
"A lot of the major mobile operators are already starting to roll out their 5G networks and so the industry needs to avoid repeating the mistakes of the past by having security front and center of any network design," Dmitry Kurbatov, CTO at Positive Technologies, said in a press release.
A protocol is a set of instructions that are needed to be followed by the system. And most 4G networks follows the above protocol, and this protocol performs AAA function. I.e; Authentication, Authorization and Accounting.
So, when there is a vulnerability in this protocol , imagine the consequences. Anyone can view your (subscriber) detAils, location and even redirect to insecure networks, ofcourse, its worst..
So, why 5G is affected? its just a new technology right? If we think like that, then we are wrong because the team says, the first generation 5g network is built only on top of 4G only.So,"If left unchecked, the 5G networks will not be immune from the same vulnerabilities of previous generation networks."
Any action we can take ? though we cannot take action directly, the only option available is operators has to start enforcing the specialized threat detection systems which can analyze the good one and bad signals by following GSMA guidelines and all i wish is it should be ad-hoc because IoT devices are getting increased day by day and we can't predict which network will be breached next as this is news is out.
Yup, you read at that right. As per the new research paper published by Qiben Yan at SEIT Lab, Michigan State University, Kehai Liu at Chinese Academy of Sciences Qin Zhou at University of Nebraska-Lincoin, Hanqing Guo at SEIT Lab, Michigan State University, Ning Zhang at Washington University in St. Louis... your phone's virtual assistants like Google assistant, Siri, Bixby can be activated using ultrasonic sound waves (inaudible for humans). And can execute commands like read the text messages, make a call or send text messages, etc possibly most of the commands an assistant can do for the user to steal personal information.
The researchers actually tested 17 different phone models, and out of those 15 devices were successful at the first attempt itself/ without changing any OS or code. Those 15 devices were nothing but the popular devices like Pixel , GooglePixel 2, Google Pixel 3, Moto G5, Moto Z4, Samsung Galaxy S7, Samsung Galaxy S9,Xiaomi, Mi 5, Xiaomi Mi 8,Xiaomi Mi 8 Lite,Huawei Honor View 10,Apple iPhone 5, Apple iPhone 5s, Apple iPhone 6+ and Apple iPhone X.
all running at different latest and Old version of Android and iOS.
So, how did they did this or how SurfingAttack works?
Calling it as a Surfing Attack, the team demonstrated that whenever your device is kept on the table,and if they decided to hack then, an attacker can send a voice command, which is of inaudible to normal humans to $5 PZT transducer kept at the bottom of the table. This device will accept the signals and will send the ultrasonic signals to your device. Your device will accept the signals and will reply back to their commands.
Device on table -> Hacker decides to hack ... Attacker sends signal to transducer -> Transducer sends the ultrasonic waves -> Your device microphones picks the signal -> Activates assistant
For example :
If an attacker sends the OK Google or Hey siri, read the text message command then your device's microphone will pick the signal from the transducer. Which will then activate the virtual assistant. This virtual assistant thinking that the you are the one asking the assistant to do the command will read the text message which will be then picked by the device kept under the table and then sent back to the attacker. And if you think your phone will read that aloud, then researchers say we were wrong, because the first step they will do before asking your assistant to read messages is they will reduce your Phone's volume to less than 3. Using the same concept. If they sent reduce volume command, then your device will decrease your volume😞😞So, you might not hear that it is reading out.
Our researchers has actually attempted a communication between another human asking for password like we ask and it was successful (and Of course, your device is capable of that when there is a technology like Google duplex). Another question, What about the vibration ? they have solution for that too..
To activate the voice assistants, the baseband signal v(t)
will embed the wake words such as “OK Google” in front
of the attack commands. We use existing speech synthesis
techniques to generate the wake words of a specific voice,
and the attack commands can be simply generated using TTS
systems. However, in our experiments, we discover that after
the activation command wakes up the assistant, the device
creates a short vibration for haptic feedback to indicate the
assistant is ready. This vibration may negatively affect the
mechanical coupling, and thus reduce the attack success rate
of the subsequent attack commands. In response, we insert
a multi-seconds gap between the wake words and attack
commands to eliminate the vibration’s impact.
This attack was successful on most of the solid materials and upto a distance of 30ft distance, concludes researchers.
I Said 15 out of 17 are successful, So what are the Other two devices that escaped/ Survived?
It was Mate 9 and Samsung Galaxy Note 10 +. those two devices has likely survived because of their curved nature. One has curved back cover and the other one has Curved front screen as well.
"In order to trace the root cause behind the failure, we install LineageOS 16.0 on both Xiaomi Mi 8 and Samsung Note 10+. With the same Android OS, we eliminate the variation brought by different OSs. We launch SurfingAttack towards these two phones equipped with the same LineageOS, and the result shows that SurfingAttack successfully attacks Xiaomi Mi 8, but still fails to attack
Samsung Note 10+, which indicates that the attack failure cannot be attributed to the OS customization. Moreover, we notice that the recorded sound of the ultrasound commands
from Samsung Note 10+ has a very weak strength, which is likely caused by signal dampening over the body of the phone. Therefore, our conclusion is that the failure of the attack is most likely attributed to the structures and materials of the phone body. "
So, what can we do to prevent this kind of attacks ?
Simple disable the assistant on your lock screen and lock your device when putting your device down. And if you are the person who thinks i don't have any sensitive data on my phone then remember here not only your data is at risk, its your Loved one's too (Remember your assistant is capable of sending message to your contact asking me for password, pictures,etc.. thinking its you).
One of the best way to protect Our loved ones is by we actually staying Safe//
Google Chrome 80.0.3987.87 contains fix for 56 bugs including a fix for arbitrary code execution vulnerability CVE-2020-6399 Google confirmed in its blog. So, if you are using Google chrome prior to 80.0.3987.87 then its time for you to update your application.
How to check your chrome version ?
Open Chrome browser -> In the top right corner side you will see three vertical dots , click/tap that -> Help -> About Google Chrome.
That's it you can update your chrome from there, the updated chrome is available for all three Windows, Linux and Mac.
Update : Chrome 80.0.3987.100 will be available soon in the next few days/weeks, so you can install that by skipping this if you have limited bandwidth. Update 2: Bug CVE links are removed from the post because of security issue. Check the Official blog for more info.
BlueFrag, a new Bluetooth vulnerability has been discovered by researchers. This vulnerability CVE-2020-0022 mainly affects Android Phones running Android 9 and Android 8 Operating System, researchers said on its blog.
Avast, the antivirus company which claims it has over 435+ million active users was found to be selling all your data to third party large companies like Google through its subsidiary Jumpshot as per the joint investigation by PCMag and Vice. If you are using the Avast free antivirus, which was once believed to be the trusted and most effective antivirus made free then its time for you to look deep and take actions to safeguard your privacy.
A little bit history/ how it started.. Avast free antivirus and AVG installs an extension in the name of protecting you from third party harmful/malicious websites on most of your browsers, the thing that it will do is simple yet complicated work. It will interfere all the web traffic and will figure out whether the site the user(you) visiting is trust worthy or can it be allowed on the device by comparing previous reviews, behavior from various sources like avast servers on the internet. Once it was found to be trusted site or doesn't have any malicious content, then it will allow the user to visit/access the site, that's how an antivirus extension normally will work. We thought someone/avast is always there for us! But we were wrong ! because, it didn't stop there. The avast and AVG extensions actually collected all your data instead of necessary ones and sent it to Avast servers for a different work as found by palant.de. This was then sold to third party companies with the help of Jumpshot per this new investigation. Result ? all the Avast and AVG extensions were removed from the popular browsers like firefox and chrome temporarily ! And now.. As this was found out, and extensions were removed this Jumpshot, which has 100million+ users and Avast used a different approach. They are no longer installing extensions/collecting data through extensions, instead they are making users opt-in for data collection automatically which is a kind of collecting information with user's permission.
"If you had seen Avast displaying Mind Sharing Some data with us ? and ignored the screen or clicked agree without reading! then you might have been victim already!"
As the screen was designed to show what avast is doing and it had given you an option for to disable sending your data!" Though avast, says the information sent was anonymous and cannot be decoded/ traced back. Its actually possible to trace back to you, as per various experts. A simple example : If you are accessing gmail, then what you will do? you will enter the username and password which are unique to you right? Sometimes, if you are accessing the gmail from a different device or from workplace, then you might have seen google saying "Help us identify whether its really you!" and it will ask you to verify mobile number or use any other verification" to prove its really you! How is this possible ? how do you think google knows you are accessing from different system? this is because their servers will analyse various things like whether the account is getting accessed from the same ip or device used earlier, before giving access to your email folder ! If it suspects something can go wrong, then it will ask for those verification's, else it will allow you to access. So by default, you need to know everything will be logged. Likewise, Avast is logging your deviceid and its sending all your data which includes what is the term you searched on google/bing, at what time you thought of purchasing iPhone or PC, at what time you had clicked on the amazon link, how long you stayed on the webpage,etc things to its web server. Then jumpshot, will sell this data to third parties which will then use this data for understanding user behavior and for various purposes like to serve ads primarily. Its just a simple one, there are many ways to identify its you who actually checked the information! So, if you are the person whom has taken pledge " I won't read terms and conditions, i will directly click agree and continue option" like 5 out of 10 people in the world did then you don't need to worry about your privacy, Yes ! you don't need to worry. The reason for that is because all of your information might be already available with most of the companies in some form. Though its a fact at least, start following safe browsing habits, check what are the information they are collecting and start reading the terms and conditions before you click agree and continue everytime from now on and take control of your privacy. We cannot directly blame those companies for selling our data ! We should blame ourselves! Do you think, a huge company be it be avast or any major company will provide services for free, without expecting nothing from us?, in the world were money decides your lifestyle ? then, think again!
I was always curious how rooting works behind the scenes. After the recent acquisition of the new Eee Pad Slider, a cellular tablet in which so far no one has been able to implement the superuser rights obtained through the very rooting for this amazing equipment with such great potential and it made me finally sit down and find out what rooting is means that this entails from a technical point of view, and how hackers in the wild approach rooting (root is the root of the new device. Although all this information exists, I could not find a good article in which l have the technical level of detail that I expected, and the corresponding introduction to the overall picture, so I decided to write my own.
This is not a guide to rooting a specific Android device. Rather, this is a general explanation of how standard ROMs (Permanent Storage) of Android try to prevent unprivileged access (Regular user access without privileges), how hackers attack this problem and how rooting software uses various exploits to protect against these security mechanisms.
I. Purpose
Let's first take a step back and consider , that it iswe mean “Rooting.” Forget about flashing custom ROMs, turning on a WiFi modem, or installing Superuser.apk; In essence, rooting is getting root access to the underlying Linux system for Android and, thus, gaining absolute control over the software that runs on the device. The things that require root access in a typical Linux system are the introduction and liquidation of file systems, the launch of your favorite SSH (network protocol for the application layer that allows you to remotely control the operating system) or HTTP (protocol for the application layer of data transfer) or DHCP (network protocol, allowing network devices to automatically obtain an IP address and other parameters,everything is on a Linux / Android system, and this is the real goal of rooting.
Android standard builds usually do not allow users to execute arbitrary code as root. In essence, this means that you, as a user, are given only limited control over your own device; You can get your device to complete task X,only if the manufacturer explicitly allowed it and sent a program for this. You will not be able to use third-party applications to perform a task that your manufacturer does not want to perform. WiFi modem is a good example of this. Cellular operators obviously do not want you to connect your phone at no extra charge. Thus, many phones come with their own proprietary applications for the WiFi modem, which require additional costs. But without root access, you cannot install a free alternative, such as Wireless Tether For Root Users (This program includes a modem (via wifi) for "rutted" phones running Android); Why is this a common practice (rutting) a riddle for me? The only difference between mobile phones, tablets and computers is their form factor; but while the PC vendor would have suffered a huge failure if it had tried to prevent users from running arbitrary programs on their machines, cell phone providers are clearly not judged by the same principle. But such arguments belong to another article.
II. Enemy: OEM ROM Protection Mechanisms for Android
Bootloader and Recovery
The bootloader, the first piece of code that is executed when the device is turned on, is responsible for loading the Android OS and recovery system and flashing a new ROM. People call some bootloaders “unlocked” if the user can flash and load arbitrary ROMs without hacking; Unfortunately, many Android devices have locked bootloaders that you will have to crack to force them to do something other than loading a standard ROM. The Samsung smartphone that I used a few months ago had an unlocked bootloader; I could press a certain combination of hardware keys on the phone, connect it to a computer and transfer any custom ROM to it using Samsung utilities without having to bypass any protection mechanisms. The same does not apply to my Motorola Droid 2 Global; loader, as far as I know, you can’t hack. The Eee Pad slider, on the other hand, is an interesting beast; as with other devices based on nVidia Tegra 2, its bootloader is controlled through the nvflash utility, but only if you knowsecure boot key (SBK) of the device. (SBK is the AES private key used to encrypt commands sent to the bootloader; the bootloader will only accept the command if it has been encrypted with a specific device key.) Currently, since the SBK Eee Pad Slider is not publicly known, the bootloader remains unavailable.
System Restore is the second part of low-level code on board any Android device. It is separate from the Android user interface and is usually located in its own section; it is usually loaded by the bootloader when a certain combination of hardware keys is pressed. It is important to understand that this is a completely independent program; Linux and the Android user area do not load when booting into recovery, and here there is no high-level concept such as root. This is a simple program, which is actually very primitive for the OS, and it has absolute control over the system and will do anything you like while the code is embedded in it. The recovery of stocks depends on the manufacturer, but often includes such functions, how to reformat the / data section (return to factory settings) and update firmware ROM (update.zip located in the root of the external microSD card), signed by the manufacturer. Notesigned by the manufacturer ; As a rule, custom update files cannot be flashed unless you receive the manufacturer’s private key and sign your custom update to them, which in most cases is impossible and illegal in certain jurisdictions. However, since the recovery is stored in the / system, / data and / cache sections (more on that later), you can replace it with a recovery order if you have access to the Linux / Android root shell. Most people do this only after rooting their device; ClockworkMod Recovery is a popular third-party recovery image that allows you to flash arbitrary ROMs, create backups and restore partitions, and much more.
DAS
ADB (see.ADB White Papers) allows a PC or Mac to connect to an Android device and perform certain operations. One such operation is to run a simple shell on a device using the adb shell command. The real question is from which user the commands executed by this shell process are executed. It turns out that this depends on the value of the Android system property called ro.secure. (You can view the value of this property by typing getprop ro.secure either through the ADB shell or through the terminal emulator on the device.) If ro.secure = 0, the ADB shell will execute commands as the root user on the device. But if ro.secure = 1, the ADB shell will run commands on the device as an unprivileged user. Guess why ro.secure is installed on almost every standard Android Android build. But can we change the value of ro.secure in the system? The answer is no, as implied by ro in the name of the property. The value of this property is set at boot time from the default.prop file in the root directory. Root directory content essentiallycopied from the partition to the internal storage at boot time, but you cannot write the partition if you are not yet a root user. In other words, this property denies root access through ADB, and the only way to change it is to get root access first. Therefore, it is safe.
Android interface
On Android, all applications that you can see or interact directly with are executed as _un_privileged. Logically, a program running as an unprivileged user cannot run another program that runs as a privileged user; otherwise, any program can simply run another copy in privileged mode and gain privileged access to everything. On the other hand, a program running as root can run another program as root or an unprivileged user. On Linux, privileges are usually exercised using su and sudo programs; they are often the only programs in the system, which are capable of making the setuid (0) system call, this changes the current program from starting as an unprivileged user to starting as root. Applications that designate themselves to require root actually just execute other programs (often just their own binaries that come with the application) su. Not surprisingly, standard OEM discs never come with these su, you cannot just download or copy it; for it, the SUID bit must be set, which indicates to the system that programs are allowed to increase their run-time privileges to root. But, of course, if you are not a root user, you cannot set the SUID bit in the program. To summarize, we can say that this means that any program with which you can interact on Android (and, therefore, working in non-privileged mode) cannot either 1) get privileged access and execute in privileged mode, or 2) run another program that runs in privileged mode. If so, the Android system itself is largely protected from attempted privilege escalation. We will see the loophole used by rooting applications on the device in the next section. III. Struggling with the system
If your device has an unlocked bootloader installed, you are almost done. An example is the Samsung phone that I had. Since the bootloader allowed for the flashing of arbitrary ROMs, someone essentially pulled out a standard ROM from the phone (using dd (UNIX program designed for both copying and converting files)), added su and repacked it to the modified ROM. All I, as a user, had to do was turn off the phone, press a certain combination of hardware keys to start the phone in firmware mode, and use Samsung utilities to flash the modified ROM on the phone.
Believe it or not, some manufacturers do not actually install ro.secure. If so, rooting is even easier; Just connect the phone to the computer and run ADB, and now you have a shell that can execute any program as root. Then you can set the / system function as read-write, read su, and all your dreams will come true
. (Rooted device)
But many other Android devices have blocked bootloaders and ro.secure are configured. As explained above, they should not have root privileges, since you can only interact with unprivileged programs on the system, and they cannot help you execute any privileged code. So what is the solution?
We know that a number of important programs, including low-level system services, must be run with root privileges even on Android in order to gain access to hardware resources. By typing ps on the Android shell (either through ADB or through the terminal emulator on the device), you will get access. These programs are launched by the init process, the first process launched by the kernel (I often feel that the kernel and init process are similar to Adam and Eve - the kernel is spawned by init in a certain way, and init then starts and spawns all the other processes (A rather strange explanation)), which should start as root, because it must run other privileged system processes.
The key idea: if you can hack or trick one of these system processes working in privileged mode to execute arbitrary code, you will get privileged access to the system. Here's how all the methods work with one click, including z4root, gingerbreak, and so on. If you're really curious, I highly recommend this excellent presentation about the various exploits used by current rutting tools., but the details here are not as relevant as the simple idea underlying them. This idea is that in system processes running as superuser in the background, there are vulnerabilities that, if used, will allow us to execute arbitrary code as root. Well, this “arbitrary code” is certainly a piece of code that penetrates the / system in read-write mode and installs a copy of su on the system, so from now on we don’t have to jump through the hoops (Use complex methods) to run programs that we wanted to run in the first place.
Since Android is open source, as well as Linux, people have been thoroughly studying and analyzing the source code of various system services until they find a security hole that they can use. This is becoming increasingly difficult as Google and the accompanying various parts of the code fix these specific vulnerabilities when they are discovered and published, which means that exploits will become obsolete over time with newer devices. But the good news is that manufacturers are not stupid enough to promote OTA updates to fix the vulnerability only to prevent rooting, as it is very expensive for them; In addition, devices on the market always lag behind the latest software releases. So it’s going to be quite a while.. ---Post written by Blueberry, Infosec community.
Though Apple claims, its systems are completely safe Security researchers continue to develop and break the protection shield everyday. One of the bug that will bypass Gatekeeper was released to public by Filippo Cavallarin last month, after he feels Apple doesn't care about that vulnerability was found to be used by hackers to develop new malwares.. .
What is Gatekeeper bug?
To say in simple words, Whenever you download a file from internet, this inbuilt gatekeeper mechanism (a security feature) will scan the file, and will not allow the file to automatically execute without your permission.
Cavallarin demonstrated (POC) how this can be overridden and make your system automatically execute the Malware on his blog (You can read POC here).
As soon as a bug that was left unpatched was released anywhere, there will be a group to develop the malware and ransomware to exploit those...
Security team at intego, has discovered 4 new malware samples that was found to use this unpatched bug in a different way.
Codenamed OSX/Linker this malware was found to use .dmg format (A common extension format used by all the Mac Apps) instead of Cavallarin demonstrated .Zip format. Making it very easier to spread.
You don't need to Panic as of now, because this OSX/ Linker is still found to be in early development stage and was not yet found to infect systems. So apple might release fix for the Widespread..
You can read the complete post on their Official site.
Note: This blog was created to share the key information in Short, so some things might have been slightly altered for everyone to understand, but if you feel the information was wrong or needs to be updated, Kindly let us know using the contact us page or through comments.
