Sunday, October 9, 2016

Android Application Hardening Checklist For Developers

This checklist will help android developers to harden their application during the development phase. This checklist is essential for the developers to secure their application while in development phase only. Post development if security analyst/pentester find any loophole then it becomes tedious to dive into the existing code in order to implement the security control if there is no workaround for that loophole.

Friday, September 16, 2016

Xiaomi’s Analytics Application Security & Privacy Concern

You might have heard about the recent blogspot of Reverse Engineering Xiaomi’s Analytics app at
Summary - Basically there is an application called Analystics which is there by default on every MIUI user's phone. This application runs in background 24*7 and it also re appears without user interaction even if you delete it.

Wednesday, September 7, 2016

Android Application Security - Using hmacSHA256 Encryption For Tamper Proof Request & Response

It was all started from SSL pinning implementation. I implemented SSL pinning in our application using 3 different method as mentioned below.However I failed to implement using all 3 mechanism for obvious reasons that there are open source tools available to bypass SSL pinning.

For android there are Justtrustme, Android-SSL-TrustKiller. In iOS there is ios-SSL-Killswitch. I posted question over stackoverflow in order to find the concrete solution for the ssl pinning. However, I ended up getting nothing. Link for the stackoverflow is mentioned below.

Below are the methods I tried to implement for ssl pinning.

Saturday, July 23, 2016

iOS Application Security - xCON Switch - Enable/Disable Detection without removing xCON Application from Cydia

I was searching for the xCon switch in order to enable/disable injecting xCon file to each application that is launched under iOS device. However, I was unable to find any such resource. So I decided to digg little into that.

Monday, May 2, 2016

Hack Banking Infrastructure Like Pro - Part 3

In last part of this article if you can recall the network diagram, we have compromised gateway In this article I am going to compromise ssh and terminal system which has IPs respectively and

Sunday, April 10, 2016

Hack Banking Infrastructure Like Pro - Part 2

If you have not seen the part 1 of this series then kindly refer that first. You must have seen that how I compromised site( Now it is time to attach the cabinet system which has IP

Friday, April 8, 2016

Hack Banking Infrastructure Like Pro - Part 1

Test Lab is an online penetration testing lab which has total 12 system/servers/network devices. Those are purposely mis configured. Upon hacking each single node, you will get token, which needs to be submitted on the website for the verification that will tell whether you have hacked that server successfully or not. Lets dive into.

Wednesday, April 6, 2016

Data Center Security/Safety Review & Audit Checklist

Your data center hosts critical data and contains your core assets, including customer information, intellectual property and other business-critical data. And with emerging trends such as Big Data, bring-your-own-device (BYOD) mobility and global online collaboration sparking an explosion of data, the data center will only become more important to your organization and will continue to be the target of advanced malware and other cyber attacks.