The SQL Truncation vulnerability is a very interesting flaw in the database. The successful exploitation of this issue leads to user account compromise, as it means an attacker can access any users account with his own password. Sounds interesting!
First we will see why this issue occurs in the database. […]
This article walks the readers through debugging Java programs using a command line tool called JDB. Though this article doesn’t touch Android concepts, this is a prerequisite to understand the next article coming in the series, which is “Exploiting Debuggable Android Applications”.
What is JDB?
JDB is a Java debugger, a […]
This paper is intended to explain several Metasploit approaches to exploit the vulnerable Windows 2003 server operating system, especially through msfconsole and msfcli modules, and demonstrates how to access the target computer in a comprehensive hacking life-cycle manner. Metasploit is quite useful in penetration testing, in terms of detecting […]
Android Hacking and Security, Part 4: Exploiting Unintended Data Leakage (Side Channel Data Leakage)
In the previous articles, we discussed attacks associated with activity components, content providers, broadcast receivers, and ways to secure them. In this article, we will discuss “Unintended Data Leakage”, which was formerly known as “Side Channel Data Leakage”.
What is Unintended Data Leakage?
When an application processes sensitive information taken as […]
Remote Access Tool is a piece of software used to remotely access or control a computer. This tool can be used legitimately by system administrators for accessing the client computers. Remote Access tools, when used for malicious purposes, are known as a Remote Access Trojan (RAT). They can be […]
In the first two articles, we discussed attacks associated with Activity Components, content provider leakage and ways to secure them. In this article, we will discuss attacks on broadcast receivers.
What are Broadcast Receivers?
A broadcast receiver is another important component of the Android system. Broadcast receivers are registered for specific […]
API hooking is a technique by which we can instrument and modify the behavior and flow of API calls. API hooking can be done using various methods on Windows. Techniques include memory break point and .DEP and JMP instruction insertion. We will briefly discuss the trampoline insertion techniques.
Hooking can […]
Your goals during information gathering should be to gain accurate information about your targets without revealing your presence or your intentions, to learn how the organization operates, and to determine the best route. Metasploit is the best console for information gathering, as it is a very comprehensive penetration testing […]
Having a cheat sheet is a perfect starting initiative to assist you in generating ideas while penetration testing. A test case cheat sheet is often asked for in security penetration testing, but if there is some problem with this approach it is that security testers then tend to use […]
To the uninitiated, Tor, formerly known as The Onion Router, is probably the most popular proxy network for internet anonmyzing. It’s called an onion router because traffic goes through many layers of encrypting servers. The gateway IP of the user and the destination IP are also encrypted, as opposed […]
Edmand Dester Thipursian – Edmand.email@example.com
Sai Thogarcheti – Harikamurthy9@gmail.com
Abdullah Al Fahad – firstname.lastname@example.org
Chintan Gurjar – email@example.com
Adam Mentsiev – firstname.lastname@example.org
Alams Titus Mammuan – email@example.com
The world is growing rapidly with various technologies, and accordingly, illegal activities are being increased in adopting these new technologies. Every country has its own laws […]
A new version of the popular CompTIA Security+ certification is out, and the content it covers has expanded significantly over the past three years. The six domains the exam covers remain the same, but four new sections were added to deal with cloud computing, incident response, mobile devices and […]
In the previous article, we discussed how an attacker exploits vulnerable Activity Components and ways to secure them. In this article, we will discuss “Content Provider Leakage”.
What are Content Providers?
As per Google’s inbuilt security model, application data is private to an application, hence it is not possible for […]
Mobile Application Security is one of the hottest segments in the security world, as security is really a big concern with growing mobile applications. In this article, we will go through the attacks associated with Android application components.
What are Android Application Components?
Application components are essential building blocks of an […]
As always during reconnaissance, scanning is the initial stage for information gathering.
What is Reconnaissance?
Reconnaissance is to collect as much as information about a target network as possible. From a hacker’s perspective, the information gathered is very helpful to make an attack, so to block that type of malicious attempt, […]
Approaches to Information Gathering in Physical Penetration Testing – Part I: Gathering Information via Photography
The first phase of an attack, and in a security assessment, is to gather as much data on the target as possible. It is actually considered one of the most critical steps when carrying out an attack. But while most articles discuss information gathering through means such as […]
There are plenty of different ways to track the original source of a DoS attack, but those techniques are not efficient enough to track a reflected ICMP attack. When I say “reflected ICMP attack,” that means a SMURF attack. Here I am going to show you a new model […]
Imagine that you’re using your PC, server, smartphone or tablet. The operating system and applications on it aren’t behaving the way they usually do.
You pull up Google’s search page in your web browser. You get redirected to a web page filled with blinking web banners saying “Your computer has […]