Saturday, July 23, 2016

iOS Application Security - xCON Switch - Enable/Disable Detection without removing xCON Application from Cydia

I was searching for the xCon switch in order to enable/disable injecting xCon file to each application that is launched under iOS device. However, I was unable to find any such resource. So I decided to digg little into that.

Monday, May 2, 2016

Hack Banking Infrastructure Like Pro - Part 3

In last part of this article if you can recall the network diagram, we have compromised gateway 192.168.101.6. In this article I am going to compromise ssh and terminal system which has IPs respectively 172.16.0.6 and 192.167.0.2.

Sunday, April 10, 2016

Hack Banking Infrastructure Like Pro - Part 2

If you have not seen the part 1 of this series then kindly refer that first. You must have seen that how I compromised site(172.16.0.1). Now it is time to attach the cabinet system which has IP 172.16.0.2.

Friday, April 8, 2016

Hack Banking Infrastructure Like Pro - Part 1

Test Lab is an online penetration testing lab which has total 12 system/servers/network devices. Those are purposely mis configured. Upon hacking each single node, you will get token, which needs to be submitted on the website for the verification that will tell whether you have hacked that server successfully or not. Lets dive into.

Wednesday, April 6, 2016

Data Center Security/Safety Review & Audit Checklist

Your data center hosts critical data and contains your core assets, including customer information, intellectual property and other business-critical data. And with emerging trends such as Big Data, bring-your-own-device (BYOD) mobility and global online collaboration sparking an explosion of data, the data center will only become more important to your organization and will continue to be the target of advanced malware and other cyber attacks.

Sunday, November 15, 2015

Bugbounty - Password returned in the response in cleartext

Another interesting bug, that I found in www.tagged.com. As you know www.tagged.com & www.hi5.com are pretty famous and old social media. Design and functionality of these two domains are pretty similar.

BugBounty-Unexpected application behaviour causing self DoS attack

Hi Guys,
From now onwards I am starting real world bug hunting case studies of mine. This is the first draft of it. I was performing blackbox testing of this website.

Sunday, August 23, 2015

Ncat - Swiss Army Knife - Summary

Its been a while, I haven't written any blog due to my busy job schedule + client side projects.I was just furnishing knowledge so decided to practice netcat. So this is single tutorial for netcat which includes all necessary information about it.