In the previous article, we discussed how an attacker exploits vulnerable Activity Components and ways to secure them. In this article, we will discuss “Content Provider Leakage”.
What are Content Providers?
As per Google’s inbuilt security model, application data is private to an application, hence it is not possible for […]
Mobile Application Security is one of the hottest segments in the security world, as security is really a big concern with growing mobile applications. In this article, we will go through the attacks associated with Android application components.
What are Android Application Components?
Application components are essential building blocks of an […]
As always during reconnaissance, scanning is the initial stage for information gathering.
What is Reconnaissance?
Reconnaissance is to collect as much as information about a target network as possible. From a hacker’s perspective, the information gathered is very helpful to make an attack, so to block that type of malicious attempt, […]
Approaches to Information Gathering in Physical Penetration Testing – Part I: Gathering Information via Photography
The first phase of an attack, and in a security assessment, is to gather as much data on the target as possible. It is actually considered one of the most critical steps when carrying out an attack. But while most articles discuss information gathering through means such as […]
There are plenty of different ways to track the original source of a DoS attack, but those techniques are not efficient enough to track a reflected ICMP attack. When I say “reflected ICMP attack,” that means a SMURF attack. Here I am going to show you a new model […]
Imagine that you’re using your PC, server, smartphone or tablet. The operating system and applications on it aren’t behaving the way they usually do.
You pull up Google’s search page in your web browser. You get redirected to a web page filled with blinking web banners saying “Your computer has […]
ICMP stands for Internet Control Message Protocol and is the most used protocol in networking technology. A connectionless protocol, ICMP does not use any port number and works in the network layer. ICMP is commonly used for diagnostic purposes, error reporting or querying any server, and right now attackers […]
In this article we are going to solve another challenge of Xerxes. Xerxes is historically known as a god king, but here Xerxes is a vulnerable machine and our challenge is to capture the flag from it. The machine consists of a Web application which is under construction, but […]
It’s one of the most exciting moments in a security researcher’s work: while looking through an obscure log file, you see strings like “James1984″ and “SecureMe!” scattered throughout the data. Upon closer inspection, you realize that you’ve uncovered hundreds if not thousands of cleartext username/password pairs!
Even as you celebrate […]
In this series of articles, last time we talked about fuzzing and various SQL statement special characters which can be used in fuzzing a web application. In this article, I am going to focus on various prefixes and suffixes of fuzzing in order to fuzz the target web application.
In the previous article, we discussed how to integrate Burp Suite Free Edition with SoapUI to fuzz different parameters of a soap request, how to configure Burp, and how to use different features like Burp Repeater and Intruder. I assume that whoever is going through this article have that […]
In this article we are going to see some major vulnerabilities typical of a remote banking application. We found an interesting vulnerable machine created by PHDays team. We hosted the vulnerable machine in Virtual box and logged in with these credentials: Username:root Password:phd2012. We identified the IP for that […]
In a previous post, I covered the basics on the popular penetration testing Web browser Mantra. That post contains information on how to download Mantra, as well as installation and basic configuration. The Mantra browser comes with a nice GUI and most of the security and penetration testing related […]
When we test a web application, we do not test a single page, but a lot of pages of a single web application. Each page may have more than one variable, so technically you will be engaging with a ton of variables during your web application test. So when […]
This article is the first part of a series on NSA BIOS backdoor internals. Before we begin, I’d like to point out why these malwares are classified as “god mode.” First, most of the malware uses an internal (NSA) codename in the realms of “gods,” such as DEITYBOUNCE, GODSURGE, […]
In the previous article we discussed in what cases we might face challenges performing manual web services penetration testing and how SoapUI will help in those circumstances. Now, what are the logical and business logic test cases when testing a web services, how do we test them, and what […]
Users of web applications are identified by session IDs. An attacker can impersonate users when generated sessions are predictable. This article introduces Burp Suite Sequencer and shows how it can be used to analyze session randomness.
2. Burp Suite Sequencer
The sequencer is part of Burp Suite, which is […]
By Matthew Neely, SecureState Director of Strategic Initiatives
Recently there’s been a lot of talk in the media and at security conferences about using big data tools to detect incidents. As an information security geek, the prospect of using big data tools like Hadoop and NoSQL to plow through piles of IDS alerts […]
The intention of this article is to show how dangerous a cross-site request forgery (CSRF) vulnerability can be. It will be presented for the D-Link DIR-600 router (Hardware Version: Bx; Firmware Version: 2.16, which was the latest version at the moment of writing this article).
The CSRF vulnerability […]