Drozer! The Game changer tool for android pen testing

Today we are going to learn about the Drozer!  The game changer tool for android Pentesting.  Drozer(Mercury) is the pentesting framework for the android. Drozer allow you to find security flaw in the app and devices. Drozer is developed by MWR info security. It works as a client-server model. You can download the Drozer.  You […]

Understanding Android OS Architecture

Android is the most widely used operating system (presently 82.8%) in the world. Below is the Android’s architecture diagram. It contains various layers like application layer, Application framework, Libraries, Android Runtime and Linux kernel. We will explore each and every layer in details. Application Layer: User only interacts with mobile apps at application layer. When we install […]

API Penetration Testing with OWASP 2017 Test Cases

Brief about API Penetration Testing: API Penetration Testing is one of the favourite attack surfaces, where the attacker can use to gain into further access to the application or server. During the blog reading, I’ve described the OWASP 2017 Test Cases which is applicable for a general application pen test. I’m going to cover basics […]

Gratis Winter Pen Test 2019 Program

Overview : Free Penetration Testing For Open Source Application. We love to help to secure Open Source application and that’s a primary reason every year we provide the free Free Penetration Testing of the open source application. Under the Gratis Pentest in last 3 years, we have evaluated security postures of open source applications such as- Refinery […]

Basic Understanding of Command and Control Malware Server

Reading time: 8/10 minutes   Folks!! In this blog, I will talk about Command and Control Servers (C&Cs) and diverse procedures utilized by “assailants” “attacker” to fabricate a powerful and dependable C&C foundation. The most well-known engineering utilized by aggressors for correspondence is the brought together design which depends on standard HTTP or IRC conventions. They have likewise developed […]

My Six Months Journey in SecureLayer7

Before I step into the new year, I would like to share about my delightful journey in SecureLayer7, in short SecureLayer7 Review. Six months back, I had completed my graduation and was looking forward to start my career in the Information Security industry. I was guided by my friend, @rakeshnagekar who holds six years of […]

SecureLayer7 at Japan’s Code Blue International Conference, Nov 2018.

Hey there, I wanted to talk about my experience at SecureLayer7 at Japan’s Code Blue International Conference, Nov 2018. I’m a Security Consultant at SecureLayer7 who is an Information Security enthusiast with keen interest in learning latest technologies along with playing CTFs’.I learnt that SecureLayer7 is one of the sponsors for the Code Blue International […]

Abusing SUDO Advance for Linux Privilege Escalation – RedTeam Tips

Abusing SUDO Advance for Linux Privilege Escalation If you have a limited shell that has access to some programs using thesudocommand you might be able to escalate your privileges. here I show some of the binary which helps you to escalate privilege using the sudo command. If you already read my previous article(Abusing Sudo) then you can skip […]

Time to Disable TP-Link Home WiFi Router (CVE-2018-11714)

Hello Folks, We are BlackFog Team, some days before one of our team member found a very interesting bug in TP-Links Wifi Home Routers which gives full permission on a router without login to the router’s admin panel.  In short, we can Bypass the Authentication Mechanism just using a simple trick. Index Vendor Description Vulnerable Routers […]