My Six Months Journey in SecureLayer7

Before I step into the new year, I would like to share about my delightful journey in SecureLayer7, in short SecureLayer7 Review. Six months back, I had completed my graduation and was looking forward to start my career in the Information Security industry. I was guided by my friend, @rakeshnagekar who holds six years of […]

SecureLayer7 at Japan’s Code Blue International Conference, Nov 2018.

Hey there, I wanted to talk about my experience at SecureLayer7 at Japan’s Code Blue International Conference, Nov 2018. I’m a Security Consultant at SecureLayer7 who is an Information Security enthusiast with keen interest in learning latest technologies along with playing CTFs’.I learnt that SecureLayer7 is one of the sponsors for the Code Blue International […]

Abusing SUDO Advance for Linux Privilege Escalation – RedTeam Tips

Abusing SUDO Advance for Linux Privilege Escalation If you have a limited shell that has access to some programs using thesudocommand you might be able to escalate your privileges. here I show some of the binary which helps you to escalate privilege using the sudo command. If you already read my previous article(Abusing Sudo) then you can skip […]

Time to Disable TP-Link Home WiFi Router (CVE-2018-11714)

Hello Folks, We are BlackFog Team, some days before one of our team member found a very interesting bug in TP-Links Wifi Home Routers which gives full permission on a router without login to the router’s admin panel.  In short, we can Bypass the Authentication Mechanism just using a simple trick. Index Vendor Description Vulnerable Routers […]

Web Services and API Penetration Testing Part #2

Welcome readers to Part 2 of Web Services Penetration Testing. In this part, we will take a quick look into the various test cases, tools and method for security testing of Web Services. Black box Web Services Penetration Testing pre-requisite: -> Web Service Description Language (WSDL) file Grey box Web Services Penetration Testing pre-requisite: -> […]

Tabnabbing – An art of phishing

This blog is about a technique used by attackers to perform phishing attack by using the Tabnabbing. Although, this was technique was invented long time ago, but there are very few articles on this. Hence, I thought to write something on this topic. What is tabnabbing?p Tabnabbing is a client side attack web based attack. […]

Web Services and API Penetration Testing Part #1

Hi Readers, today we will learn about another interesting part of web services and API penetration testing part, this revolves around Security assessments of web services. To start with let’s take a look at what web services are made of: A web service is software composed of standardized XML messaging system. The benefit of web […]

Intercepting thick clients sans domain: Thick Client Penetration Testing – Part 5

For carrying out penetration testing assessments, our main aim has been to resolve the actual domain to the loopback IP address, by adding an entry to the hosts file. Let us know consider a situation where the thick Client application does not send the request to a domain or a host name, then what happens? […]

Dark Web: Accessing the hidden content Part #2

Using I2P to access the dark web – Part #2 I2P Intro: According to Wikipedia, The Invisible Internet Project (I2P) is an anonymous network layer that allows for  peer to peer communication via encrypting the user’s traffic and sending it through a volunteer-run network of roughly 55,000 computers distributed around the world. The software that implements this layer is called […]

Dark Web: Accessing the hidden content Part- 1

  Curiosity towards hidden and unknown things is natural to people. For the general folks, Internet is existence of websites indexed via popular search engines like Google, however the Deep Dark web is beyond the traditional search engines which are hidden and inaccessible through standard web browsers. It is an interesting fact to know that […]