The first volume of this series addressed the hypothesis of the secure socket layer (SSL) in the context of .NET based websites. We have obtained a thorough understanding about SSL internals, such as how they work, the role of digital certificates, and the advantages of SSL implementation on asp.net […]
Securing cookies is an important subject. Think about an authentication cookie. When the attacker is able to grab this cookie, he can impersonate the user. This article describes HttpOnly and secure flags that can enhance security of cookies.
2. HTTP, HTTPS and secure Flag
When HTTP protocol is used, the […]
We have not performed any live investigation. This was a part of our university assignment, wherein we assumed the roles of forensics investigator, determining what methods were applicable. You are welcome to come up with your own findings and resolve the case. We attempted to follow the global […]
Over the last six months the name Edward Snowden has been appearing in the news on an almost daily basis. He has appeared in articles about the US government, the National Security Agency and the CIA and reports have even suggested that he has received death threats from senior […]
Typically, Internet banking and e-commerce websites are considered to be highly secure, with web mechanisms that implement more foolproof solutions for user authentication, such as client-side digital certificates rather than the user name and password combination in order to ensure the safety of user sensitive data. SSL not only […]
If you’re used WinDbg before, you might already know that you can debug the whole Windows operating system with it. To do that, you must have two Windows operating systems, where the first one is the one we’ll be debugging and the second is where we’ll be debugging from. […]
This challenge includes a web application generally designed for image hosting. The application has a few vulnerabilities. The challenge is to exploit the application’s vulnerability and find the hidden message for a date arrangement that Bob sent to Alice.
Host the virtual machine and let’s start by identifying the target […]
The theme of the car hacking is increasingly discussed by the media and within the security community. At one time, the exploits of hackers that have hijacked a car were the subject of movie scenes. Today they are a disturbing reality that we discuss in this article.
One of the […]
In this tutorial we’ll take a look at how we can install and configure the Samba server on a host operating system to create a shared folder, which the guest Qemu virtual machines can use.
The first thing we have to do is install Samba, which we can do with […]
RevEngX is a freely available extension for the Debugging Tools for Windows. It offers several new commands to simplify the work of reverse engineering, code injection, hooking and other types of instrumentation that are useful when analyzing 3rd party software, malware, or developing commercial Windows applications that utilize code […]
In this tutorial we’ll talk about OpenVPN client connection settings, which come in handy when the connection to the OpenVPN server does not work. We’ll be using GopenVPN GUI client program that can be very useful to connect/disconnect to certain OpenVPN network right from the desktop without entering command […]
Introduction to Docker
In this article, we’ll first introduce Docker and try to explain how it works. After setting the stage, we’ll simulate the file upload vulnerability by copying the shell into the Redmine Docker image. This is effectively the same as if an attacker would find and exploit the […]
In this article, I will write about how to get started with Damn Vulnerable iOS Application. Damn Vulnerable iOS App (DVIA) is an iOS application that I wrote to provide a platform to mobile security enthusiasts/professionals or students to test their iOS penetration testing skills in a legal environment. […]
It’s one of the most exciting moments in a security researcher’s work: while looking through an obscure log file, you see strings like “James1984″ and “SecureMe!” scattered throughout the data. Upon closer inspection, you realize that you’ve uncovered hundreds if not thousands of cleartext username/password pairs!
Even as you celebrate […]
Android is one of the most open, versatile, and customizable mobile operating systems out there. Android is a Linux-based operating system with market share – 79.70% in smart phones. Android is a software stack for mobile devices that includes an operating system, middleware and key applications.
Android operating system […]
The documents leaked by Edward Snowden revealed to the world the amazing spying machine built by US intelligence, its capabilities appears virtually infinite, the US agents, in fact, are able to infect targets even if they are not online, they are able to control any communication and can practically […]
This paper especially demonstrating, how to encrypt sensitive data resided in website URL which usually travels across diverse network. Website usually can be compromised or subtle information can be disclosed by exploiting this inherent vulnerability. This article is elaborating such mechanism over ASP.NET website in step by step form […]
Application Whitelisting is a technology that has been in use in the security world for quite a long time. For those who may not already be familiar with AWL, it is, as the name would imply, the opposite approach to blacklisting. Everyone is definitely familiar with blacklisting, because it […]
Users of web applications are recognized by session IDs. That’s why it’s obvious that session management is an important subject. Session management flaws are related to weaknesses in the following categories:
- Generation of session IDs (think about the session IDs that can be predicted)
- Life cycle of session […]
As the Internet becomes more and more important to our lives, the challenge is to enjoy the conveniences of online activities while reducing the risks of privacy violations. A good understanding of the privacy threats is an important factor for preventing privacy violations. In order to provide such […]