Feb 022017
 

Part III: Cracking the Lid – Rooting and Unlocking Bootloaders This is part 3 of building your own mobile pen-testing device. Here’s the link to part 2 and part 1. Before we get started to cracking our device, let’s take a look at how our end device would look like: Oneplus One with Alfa NHR in monitor mode Full-fledged Kali with xfce environment running on Oneplus One So let’s get started and let me clear Read More…

Jan 312017
 

INTRODUCTION GSM also known as “Global System for Mobiles” is a world-wide standard for digital cellular telephony, it is a published standard by the European Telecommunications Standards Institute (ETSI), and it is widely implemented in Europe, Asia and, increasingly, America. The GSM network is divided into three major systems: the Network Switching System (NSS), the Base Station Subsystem (BSS), and the Operation and Support System (OSS). As we know that GSM is a broken protocol Read More…

Jan 182017
 

Part II: The Technicalities – Linux Kernels and chroots This is part 2 of building your own mobile pen-testing device. Here’s the link to part 1. So, now that we know how basic rooting and flashing works, let’s get a bit deeper into the internals of the Android system and see to what extent it is similar to the Linux operating system. The main core of the Android system is the kernel, and this is Read More…

Jan 112017
 

Part I: The Prologue – Android rooting Background In the game, Watchdogs, the hacker ‘Aiden Pierce’ uses his cell phone alone to hack into organizations or perform MITMs (Man in the Middle Attacks). This got me thinking, what if I could build my own mobile pen-testing device and started my research on the same. After 2 years of intermittent toying around and bricking 2 Sony Xperia devices, I could successfully build a mobile low-budget but Read More…

Dec 212016
 

Introduction Over the past few years, bug bounties have begun to garner mainstream attention. With over 150 companies offering their own bug bounty programs and hundreds of others working with the likes of BugCrowd and HackerOne, it is really no longer a question of whether you should start a bug bounty program or not, but rather when and how you should be running it. Let’s begin by taking a look at the various possible options: Read More…

Aug 292016
 

Introduction Ransomware is a malware which encrypts all files on disk and prevents the users from accessing their system. It has become a raging epidemic and has impacted thousands of organizations all across the globe. The new generation of ransomware, such as Locky and Zepto are delivered via spam e-mails with the common aim to extract money from the prey. Source of Infection Most organisations have substantial information security appliances such as anti-virus software, IPS/IDS Read More…

Aug 242016
 

Penetration Testing as per PCI DSS version 3.2 As per PCI DSS v3.2, Requirement 11.3 addresses penetration testing activity for organizations following PCI DSS compliance. The requirement is further divided into following sub requirements: Requirement 11.3.1: Conduct external penetration testing at least annually or after any significant change has occurred in organization’s environment Requirement 11.3.2: Conduct internal penetration testing at least annually or after any significant change has occurred in organization’s environment Requirement 11.3.3: Exploitable Read More…