This article introduces two types of risk analysis (quantitative, qualitative) and presents how to perform qualitative risk analysis with the DREAD model .
2. Quantitative vs. Qualitative Risk Analysis
Quantitative risk analysis is […]
According to recent research, the amount of mobile phone users is larger than PC users. At the same time, the number of people who own Android phones is increasing rapidly. Android phones bring people a lot of convenience, in that it helps people do as much work as they […]
In my previous article, I told the story of the very first worms and viruses. Interestingly, a groundbreaking mathemetician, John von Neumann, and a science fiction novelist, John Brunner, conceptualized them before anyone ever coded them.
We often see this sort of thing in the world of science and technology. […]
Nmap Cheat Sheet: From Discovery to Exploits, Part 2: Advance Port Scanning with Nmap And Custom Idle Scan
This is our second installment of Nmap cheat sheet. Basically, we will discuss some advanced techniques for Nmap scanning and we will conduct a Man In The Middle Attack (MITM). Let’s start our game now.
TCP SYN Scan
SYN scan is the default and most popular scan option, for good reasons. […]
In our last part of this series (Android Application Security Testing Guide: Part 1), we discussed static analysis of Android APK files on the security background, and we tried to find any sensitive information which we can collect. In this part, we will head to our second phase, i.e. […]
By now, everybody who hasn’t been living under a rock since April 7th this year has heard of Heartbleed. Most know that it is a devastating blow to security which can lead to the loss of a wealth of sensitive information from affected servers and that vulnerable machines were […]
With rising trends and forms of attacks, most organizations today deploy a Security Incident and Event Management (SIEM) solution as a proactive measure for threat management, to get a centralized view of their organization’s security posture and for advanced reporting of security incidents. This article discuss the use cases […]
The Dirty decrypter is a crypto ransomware; its intention is to encrypt the compromised user’s pictures, documents, videos etc making them unusable. The malware coerces you to pay large sums of money to decrypt any of these files. Failure to pay this sum will cause the malware to destroy […]
Are you a Backtrack/Kali freak? Ever thought of having a similar distribution in your arsenal dedicated for Android Security? “Android Tamer” is the solution to fulfill your needs.
What is Android Tamer?
Android Tamer is a Linux based distribution developed for Android Security Professionals. This distribution is based on Ubuntu 10.04LTS, […]
The SQL Truncation vulnerability is a very interesting flaw in the database. The successful exploitation of this issue leads to user account compromise, as it means an attacker can access any users account with his own password. Sounds interesting!
First we will see why this issue occurs in the database. […]
These days, malware is an everyday concern, even among ordinary end users. A countless amount of money is lost every year worldwide due to malware, possibly in the hundreds of billions, but it’s difficult to accurately quantify.
The money lost has causes ranging from lost hours of office productivity, to […]
This article walks the readers through debugging Java programs using a command line tool called JDB. Though this article doesn’t touch Android concepts, this is a prerequisite to understand the next article coming in the series, which is “Exploiting Debuggable Android Applications”.
What is JDB?
JDB is a Java debugger, a […]
2013 may be remembered as the “year of the retailer breach”. This statement was reported in the last Verizon Data Breach Investigation Report 2014, and reminds us that last year was considered by security experts as one of the worst years due the impressive number of data breaches […]
Obfuscation is a distinctive mechanism equivalent to hiding, often applied by security developers, to harden or protect the source code (which is deemed as intellectual property of the vendor) from reversing. The goal of such an approach is to transform the source code into new encrypted byzantine source code […]
In today’s electronic world where everything is done online, “trust” is hard to come by. Conversations can be snooped on, credit card numbers can be stolen, identities can be exchanged and unseen eyes are everywhere. Imagine business emails being maliciously read by competitors, company’s proposals being leaked and even […]
Have you ever stopped to consider the sensitivity and potential value of the information you have distributed using the many widely available file sharing websites?
These types of sites have seen considerable uptake in recent years, as users struggle to share large files whilst battling standard email file size and […]
In the previous articles, we have seen how applications like Snoop-it can trace method calls specific to the application at runtime. This is very important in deducing the flow of the application. The same process can be performed by using a perl script named Logify.pl that comes installed with […]
Portspoof is meant to be a lightweight, fast, portable, and secure addition to any firewall system or security system. The general goal of the program is to make the information-gathering phase slow and bothersome for your attackers as much as possible. This is quite a change to the standard […]
Android Hacking and Security, Part 4: Exploiting Unintended Data Leakage (Side Channel Data Leakage)
In the previous articles, we discussed attacks associated with activity components, content providers, broadcast receivers, and ways to secure them. In this article, we will discuss “Unintended Data Leakage”, which was formerly known as “Side Channel Data Leakage”.
What is Unintended Data Leakage?
When an application processes sensitive information taken as […]
This paper is designed to demonstrate the common IIS web server security specifications in the form of a checklist that aids web masters or penetration testers to implement a secure web server infrastructure swiftly. It is mandatory for a web application to be duly full proof from vicious attacks […]