The Mobile Pentesting Device: Birth of Anarchy
Part I: The Prologue – Android rooting Background In the game, Watchdogs, the hacker ‘Aiden Pierce’ uses his cell phone alone to hack into organizations […]
Category: Security Testing
Hardware Security Module (HSM) security testing checklist
One of the key security devices in a lot of organizations is an HSM – Hardware Security Module. All banks use it to store your debit […]
Exfiltration Using Powershell & Outlook
Introduction When an attacker compromises an end-point system in an organization, he needs some sort of confirmation that: his code was executed on the targeted […]
Windows Kernel Exploitation
This write-up summarizes a workshop/humla conducted by Ashfaq Ansari on the basics of various kinds of attacks available for exploiting the Windows Kernel as of […]
Thick Client Application Security Testing
Introduction A thick client is a computer application runs as an executable on the client’s system and connects to an application server or sometimes directly […]
Server Side Request Forgery (SSRF)
Introduction Is your server protected against port scanning? The general answer will be “Yes, I have a firewall which restricts access to internal servers from […]
The Lesser Known XE Attack
The Meaning XE which stands for XML Entity is a standard for representing sets of data. Meanwhile, Entities are more like shortcuts to standard text […]
ATM Application Whitelisting Security Assessment
During a recent engagement, we were asked to test the security level of an application white-listing solution deployed on the Windows XP ATMs of one […]