Fortunately fashion is not key to helping us win the Cyber-War because sartorial elegance has never been a strong suit of the IT profession, but David and Goliath certainly teaches us some classic lessons. Growing up, many of us learned the famous story of David and Goliath, and even […]
In December, Amazon.com, the world’s largest online retailer, announced that it is testing unmanned drones to deliver products ordered by its customers. The service was experimental, and it could probably take up to five years to start. In discussion is the possibility to adopt unmanned aerial vehicles (UAV) for […]
Remote Access Tool is a piece of software used to remotely access or control a computer. This tool can be used legitimately by system administrators for accessing the client computers. Remote Access tools, when used for malicious purposes, are known as a Remote Access Trojan (RAT). They can be […]
In the first two articles, we discussed attacks associated with Activity Components, content provider leakage and ways to secure them. In this article, we will discuss attacks on broadcast receivers.
What are Broadcast Receivers?
A broadcast receiver is another important component of the Android system. Broadcast receivers are registered for specific […]
This paper attempts to explain one of the critical buffer overﬂow vulnerabilities and its detection approaches that check the referenced buffers at run time, moreover suggesting other protection mechanics applied during software deployment configuration. Programs typically written in C or C++ language are inherently susceptible to buffer overflow attacks, […]
API hooking is a technique by which we can instrument and modify the behavior and flow of API calls. API hooking can be done using various methods on Windows. Techniques include memory break point and .DEP and JMP instruction insertion. We will briefly discuss the trampoline insertion techniques.
Hooking can […]
Surfing the internet through untrustworthy public networks whether wired or wireless has been known to be risky for a long time now. We all think twice before logging into our bank account or accessing any kind of sensitive information, but what about simply browsing our favourite site?
A Man in […]
Attention Retailers and Restaurants: Three Simple Ways to Avoid What Happened to Michaels, Target and Neiman Marcus
I feel like I’m stuck in Bill Murray’s Groundhog Day. Yet again, it came to my attention that a major American retailer has been hit with POS (point-of-sale) malware. This time, it’s hobby shop giant Michaels.
I hear that Target’s POS malware crisis, which made international headlines last December and […]
In some of the previous articles in this series, we have looked at how we can modify the behaviour of an application by patching it using IDA Pro, Hopper etc. However, doing this hasn’t been quite straightforward always. We can also use Cycript to modify the behaviour of an […]
This article explains the Heartbleed bug and shows how it can be exploited.
Heartbleed is a flaw in implementing the Heartbeat extension of OpenSSL. It is just an extension of OpenSSL which keeps the session alive for HTTPS connections, much like the Keep-Alive header in HTTP.
As per RFC, the formal […]
In this article I am going to discuss a few of the most important vulnerabilities which exist in almost all applications in the world. They are cracking the authentication mechanism, poor session handling, and accessing different paths of the operating system via exploiting the path traversal vulnerability.
Cause of the […]
This article explains the techniques of inline Assembly programming by linking or invoking the CPU-dependent Native Assembly 32-bit code to C#.NET managed code. The .NET framework in fact doesn’t support assembly code execution explicitly via the CLR compiler because it JITs the IL code to native code, and there […]
In 1945, Léon Theremin, a Russian inventor, invented one of the first covert listening devices, also known as “bugs.” The device was a predecessor of the Radio-frequency identification (RFID) technology. RFID technology can be defined as the wireless non-contact use of radio-frequency electromagnetic fields to transfer data with […]
Organisations are giving more priority to development of information security policies, as protecting their assets is one of the prominent things that needs to be considered. Lack of clarity in InfoSec policies can lead to catastrophic damages which cannot be recovered. So an organisation makes different strategies in implementing […]
MASM is maintained by Microsoft and is an x86 assembler that consumes Windows and Intel syntax to produce a COFF executable. It is compatible for both 16 bit and 32 bit sources. Fortunately, Microsoft’s Visual Studio IDE endorses MASM programming tasks just by making a couple of project property […]
In cloud computing, there are a number of components used to build the cloud infrastructure. At the lowest layer there are actual hardware components like servers, network attached storage and network components. In order to limit the possibility of spreading an infection, networks need be properly separated into multiple […]
Darn, I had to change my Dropbox password a few days ago. For good measure, I changed my Google password, too. Although I only use it for OAuth these days, well, especially for OAuth, I changed my Facebook password, too.
Do you notice when you buy things online or log […]
Your goals during information gathering should be to gain accurate information about your targets without revealing your presence or your intentions, to learn how the organization operates, and to determine the best route. Metasploit is the best console for information gathering, as it is a very comprehensive penetration testing […]
Prohibition of Perfidy
Article 37 of AP I – Prohibition of perfidy
1. It is prohibited to kill, injure or capture an adversary by resorting to perfidy. Acts inviting the confidence of an adversary to lead him to believe that he is entitled to, or is obliged to accord, protection under […]