Recent Posts

Categories

Archives

Pentesting Android Apps Using Frida

March 17, 2017

Introduction to Frida In this blog post, Rohit Salecha guides newbie pentesters on how to use Frida to audit Android applications for security vulnerabilities. No android application review goes without performing reverse engineering of the app to find out what’s actually running in the background. This post focusses on the… Read More

Active Directory Delegation and Manual Analysis

December 2, 2016

In many well secured environments you’ll probably find that the classic target groups of “Domain Admins” and “Enterprise Admins” are sparsely populated, and the accounts are used when only deemed necessary, or in dire emergencies. More often than not Active Directory delegation is utilised*. In this brief post, we’ll demonstrate… Read More

Hacking Crypto For Fun and Profit

July 5, 2016

In this blog post we will discuss a case study where we were successful in exploiting a faulty password reset functionality. The end result was that we were able to set  a new password on any arbitrary user account. We could do this because of a weak cryptographic implementation, in this case… Read More

Crafting your way through JSON Web Tokens

May 3, 2016

JSON Web Token is a compact mechanism used for transferring claims between two parties. These are generally represented as JSON objects and can be signed to protect the integrity of the underlying message using a Message Authentication Code (MAC) and/or encrypted. The mechanism followed by JWTs is governed by the… Read More

Bypassing Jailbreak Detection in iOS

February 5, 2016

In today’s connected modern world every organization wants to have a mobile application for its own services. This also requires that these applications go through a security check / penetration test. We at NotSoSecure constantly receive such requests and work on various mobile assessments. In this blog post Anto Joseph… Read More