Jan 112017
 

Part I: The Prologue – Android rooting Background In the game, Watchdogs, the hacker ‘Aiden Pierce’ uses his cell phone alone to hack into organizations or perform MITMs (Man in the Middle Attacks). This got me thinking, what if I could build my own mobile pen-testing device and started my research on the same. After 2 years of intermittent toying around and bricking 2 Sony Xperia devices, I could successfully build a mobile low-budget but Read More…

Dec 212016
 

Introduction Over the past few years, bug bounties have begun to garner mainstream attention. With over 150 companies offering their own bug bounty programs and hundreds of others working with the likes of BugCrowd and HackerOne, it is really no longer a question of whether you should start a bug bounty program or not, but rather when and how you should be running it. Let’s begin by taking a look at the various possible options: Read More…

Aug 292016
 

Introduction Ransomware is a malware which encrypts all files on disk and prevents the users from accessing their system. It has become a raging epidemic and has impacted thousands of organizations all across the globe. The new generation of ransomware, such as Locky and Zepto are delivered via spam e-mails with the common aim to extract money from the prey. Source of Infection Most organisations have substantial information security appliances such as anti-virus software, IPS/IDS Read More…

Aug 242016
 

Penetration Testing as per PCI DSS version 3.2 As per PCI DSS v3.2, Requirement 11.3 addresses penetration testing activity for organizations following PCI DSS compliance. The requirement is further divided into following sub requirements: Requirement 11.3.1: Conduct external penetration testing at least annually or after any significant change has occurred in organization’s environment Requirement 11.3.2: Conduct internal penetration testing at least annually or after any significant change has occurred in organization’s environment Requirement 11.3.3: Exploitable Read More…

Aug 152016
 

One of the key security devices in a lot of organizations is an HSM – Hardware Security Module. All banks use it to store your debit card and credit card PINs. An HSM can be used to store any super-secret piece of information. Administration of the HSM is done via a custom client or CLI or directly on the physical panel of the HSM. This article outlines an audit methodology for an HSM that extends the PCI Council’s Read More…

Aug 052016
 

As per PCI DSS v3.2, Requirement 11.3 addresses penetration testing activity for organizations following PCI DSS compliance. The requirement is further divided into following sub requirements: Requirement 11.3.1: Conduct external penetration testing at least annually or after any significant change has occurred in organization’s environment Requirement 11.3.2: Conduct internal penetration testing at least annually or after any significant change has occurred in organization’s environment Requirement 11.3.3: Exploitable vulnerabilities identified during testing shall be corrected and Read More…

Aug 052016
 

Vendor Patches: Google Releases Security Update for Chrome Cisco Releases Security Update Oracle Releases Security Bulletin Apple Releases Multiple Security Updates Drupal Releases Security Advisory Security Breaches: Disney Playdom forums shut down following data breach Pokémon GO Creator’s Twitter Account Hacked North Korean hackers gain access to personal data of dozens of South Korean diplomats and security officials Clash of Kings official forum hacked, data of 1.6 million accounts leaked Hillary Clinton’s Presidential Campaign also Read More…