Over the past twenty years or more, corporations in nearly all industries have been outsourcing and offshoring at hyperdrive.
Venture capitalist firms, public shareholders, various types of financial firms, and corporate executives are driven by the temptation of reducing labor expenses, so they’re delegating accountability and responsibility to foreign parties. […]
Download the code associated with this article by filling out the the form below.
Once we’ve already gained access to the system, we can use various post-mortem attack vectors to exploit the system further. There might be various reasons for doing that, but attackers mostly use them for hiding the […]
IOS Application Security Part 31 – The problem with using third party libraries for securing your apps
In this article, we will talk about why we shouldn’t completely rely on using third party libraries for securing our apps. Usually, some of the things we try to do in our application are adding checks to detect piracy, jailbroken device etc. It is such a pain to write […]
1. Introduction to the Problem
Crypton is an open-source project provided by SpiderOak with the purpose of solving privacy and security problems through cloud applications. Before introducing the solution, we must first talk about the problem. The main problem with cloud-based applications is that the user’s data is stored in […]
Malware analysis is not a new topic for security analysts, and all engineers are pretty aware of the process and procedures that need to be followed, which are neatly explained in other articles. I would like to showcase the process by citing an example of the Shylock Trojan.
The Shylock […]
Approaches to Information Gathering in Physical Penetration Testing – Part I: Gathering Information via Photography
The first phase of an attack, and in a security assessment, is to gather as much data on the target as possible. It is actually considered one of the most critical steps when carrying out an attack. But while most articles discuss information gathering through means such as […]
There are plenty of different ways to track the original source of a DoS attack, but those techniques are not efficient enough to track a reflected ICMP attack. When I say “reflected ICMP attack,” that means a SMURF attack. Here I am going to show you a new model […]
Preface: “Modern Cars”
As Dr. Charlie Miller & Chris Valasek stated in their research paper Adventures in Automotive Networks and Control Units, “Automobiles are no longer just mechanical devices. Today’s automobiles contain a number of different electronic components networked together that as a whole are responsible for monitoring the state […]
Imagine that you’re using your PC, server, smartphone or tablet. The operating system and applications on it aren’t behaving the way they usually do.
You pull up Google’s search page in your web browser. You get redirected to a web page filled with blinking web banners saying “Your computer has […]
ICMP stands for Internet Control Message Protocol and is the most used protocol in networking technology. A connectionless protocol, ICMP does not use any port number and works in the network layer. ICMP is commonly used for diagnostic purposes, error reporting or querying any server, and right now attackers […]
In this article I am going to tell you about biometric template security and current technologies in which researchers are working to improve biometric template security. But this won’t be a normal, traditional article of mine. I am going to write this article in question/answer format. Before reading this […]
In this article we are going to solve another challenge of Xerxes. Xerxes is historically known as a god king, but here Xerxes is a vulnerable machine and our challenge is to capture the flag from it. The machine consists of a Web application which is under construction, but […]
The year 2014 started with a diplomatic crisis in Crimes and Ukraine. The tension rose just after the 2014 Ukrainian revolution, in which the government of President Viktor Yanukovych was ousted after a popular revolt in Kiev. In the region there are groups contrary to the protest that desire […]
In this article, we will look at how we can use a feature in iOS named url schemes to exploit an application. URL schemes are used by applications to communicate with each other. Every application can register for a particular url scheme. For e.g, the Damn Vulnerable iOS application […]
In this paper, I’ll describe how to start reverse code engineering in Android devices. In this tutorial, you’ll learn:
Installation & configuration of Android Virtual Device.
How to build your debugging environment.
Short ARM assembly description.
Debugging with GDB inside your Android device.
Remote Debugging using gdbserver.
Remote debugging using IDA.
1. Installation & configuration of […]
The first volume of this series addressed the hypothesis of the secure socket layer (SSL) in the context of .NET based websites. We have obtained a thorough understanding about SSL internals, such as how they work, the role of digital certificates, and the advantages of SSL implementation on asp.net […]
Securing cookies is an important subject. Think about an authentication cookie. When the attacker is able to grab this cookie, he can impersonate the user. This article describes HttpOnly and secure flags that can enhance security of cookies.
2. HTTP, HTTPS and secure Flag
When HTTP protocol is used, the […]
We have not performed any live investigation. This was a part of our university assignment, wherein we assumed the roles of forensics investigator, determining what methods were applicable. You are welcome to come up with your own findings and resolve the case. We attempted to follow the global […]
Over the last six months the name Edward Snowden has been appearing in the news on an almost daily basis. He has appeared in articles about the US government, the National Security Agency and the CIA and reports have even suggested that he has received death threats from senior […]
Typically, Internet banking and e-commerce websites are considered to be highly secure, with web mechanisms that implement more foolproof solutions for user authentication, such as client-side digital certificates rather than the user name and password combination in order to ensure the safety of user sensitive data. SSL not only […]