Recent Posts

Categories

Archives

Pwning with Responder – A Pentester’s Guide

May 3, 2017

Overview: Responder is a great tool that every pentester needs in their arsenal. If a client/target cannot resolve a name via DNS it will fall back to name resolution via LLMNR (introduced in Windows Vista) and NBT-NS. Now, assuming we have Responder running we will essentially say ‘yeah, this is… Read More

MS17-010, the new MS08-067?

April 17, 2017

This past Good Friday, @ShadowBrokers group (https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation) leaked a number of hacking tools/exploits from the NSA’s Arsenal. This leak contained operational notes from the NSA’s actively targeting of banks in the Middle East and their collection of exploitation tools targetting Microsoft Windows systems ranging from XP to Windows 8 and… Read More

Anatomy of a Hack: SQLi via Crypto

April 12, 2017

Cryptography has various advantages including confidentiality of information. However overzealous reliance on cryptography for securing applications is a bad idea. In this blog Sunil Yadav our lead trainer for “Appsec for Developers” training class, will discuss a case study where a SQL injection vulnerability was identified and exploited via an… Read More

Anatomy of a hack: Docker Registry

April 6, 2017

Docker is a popular container technology and has been very well accepted by industries across the world. It is used in production as well as UAT environments. However, with every new layer in the technology stack, a number of security issues can be introduced either because of loose configurations, insecure… Read More

Pentesting Android Apps Using Frida

March 17, 2017

Introduction to Frida In this blog post, Rohit Salecha guides newbie pentesters on how to use Frida to audit Android applications for security vulnerabilities. No android application review goes without performing reverse engineering of the app to find out what’s actually running in the background. This post focusses on the… Read More