Identifying UART Pins Without a Multi-Meter

As someone who likes to tinker with hardware, we often find ourselves opening up a device to find UART pins which are originally meant for debugging and testing We often use these to connect to the device. But most of us hit a small snag here. Snag No 1: More often than not the pins […]

Arm Exploitation Series #1 — Introduction to the ARM Architecture

With the increasing growth in Internet-Of-Things (IoT) devices, it is an absolute necessity to scrutinize the security of these devices too, especially when they’re going to be right in our homes. What better way to start, than at the very instruction set architecture (ISA) that’s most commonly found on these devices — ARM. ARM, or […]

Exploring, Exploiting Active Directory Pen Test

Active Directory (Pen Test ) is most commonly used in the Enterprise Infrastructure to manage 1000’s of computers in the organization with a single point of control as “Domain Controller”. Performing Penetration Testing of Active Directory is more interesting and are mainly targeted by many APT Groups with a lot of different techniques. We will […]

OWASP Top 10 – What are Different Types of XSS ?

Cross Site Scripting (XSS) is the most popular web application vulnerability. It is a code injection attack that allows attackers to execute malicious JavaScript code in user’s browser. In this approach of attack, the attackers exploit the vulnerability in a website that the user visits, hence the website itself deliver the malicious JavaScript to the […]

Drozer! The Game changer tool for android pen testing

Today we are going to learn about the Drozer!  The game changer tool for android Pentesting.  Drozer(Mercury) is the pentesting framework for the android. Drozer allow you to find security flaw in the app and devices. Drozer is developed by MWR info security. It works as a client-server model. You can download the Drozer.  You […]

Understanding Android OS Architecture

Android is the most widely used operating system (presently 82.8%) in the world. Below is the Android’s architecture diagram. It contains various layers like application layer, Application framework, Libraries, Android Runtime and Linux kernel. We will explore each and every layer in details. Application Layer: User only interacts with mobile apps at application layer. When we install […]

API Penetration Testing with OWASP 2017 Test Cases

Brief about API Penetration Testing: API Penetration Testing is one of the favourite attack surfaces, where the attacker can use to gain into further access to the application or server. During the blog reading, I’ve described the OWASP 2017 Test Cases which is applicable for a general application pen test. I’m going to cover basics […]

Gratis Winter Pen Test 2019 Program

Overview : Free Penetration Testing For Open Source Application. We love to help to secure Open Source application and that’s a primary reason every year we provide the free Free Penetration Testing of the open source application. Under the Gratis Pentest in last 3 years, we have evaluated security postures of open source applications such as- Refinery […]

Basic Understanding of Command and Control Malware Server

Reading time: 8/10 minutes   Folks!! In this blog, I will talk about Command and Control Servers (C&Cs) and diverse procedures utilized by “assailants” “attacker” to fabricate a powerful and dependable C&C foundation. The most well-known engineering utilized by aggressors for correspondence is the brought together design which depends on standard HTTP or IRC conventions. They have likewise developed […]