Skip to main content

Posts

Install Virtual Box On Kali Rolling

If you facing problem with virtualbox installation on kali rolling edition because of its outdated kernel 4.3.0-kali1-amd64 then this post is for you only. Step1: Install latest kernel. First search the cache for list of available ones apt-cache search linux-headers Depending upon the list choose one from the set and install install it. you can download kernel file using wget from ubuntu source also. example: wget kernel.ubuntu.com/~kernel-ppa/mainline/v4.4.3-wily/linux-image-4.4.3-040403-generic_4.4.3-040403.201602251634_amd64.deb for more refer to this post: link Step2: Edit the boot entry /boot/vmlinuz-(New Linux kernel Version) & /boot/initrd.img-(New Linux kernel version) in grub menu. Before making boot entry changes be sure these files exist in the /boot directory after running install command. In my case following new file got created in /boot folder: 1)vmlinuz-4.6.0-kali1-amd64 2)initrd.img-4.6.0-kali1-amd64 Thats all you need to do to install any vir...
Recent posts

Hacking Windows 10 UWP App: DLL Injection & common Vulnerabilities

I recently started working on  widows 10 Apps( Apps not Applications) security. Before diving deep in hacking terms lets try to understand what's new in Windows 10 UWP( Universal Platform) as compared to old Apps. Lets begin with how apps actually work on windows 10(desktop/tablet). Now windows 10 comes with a container only for running apps inside the isolated environment. By default, /APPCONTAINER(Linker Flag) is off. This option modifies an executable to indicate whether the app must be run in the appcontainer process-isolation environment. Specify /APPCONTAINER for an app that must run in the appcontainer environment—for example, a Windows Store app. (The option is set automatically in Visual Studio when you create a Windows Store app from a template.) For a desktop app, specify /APPCONTAINER:NO or just omit the option. The /APPCONTAINER option was introduced in Windows 8. Now there is no registry entry concept for these app in the System HIVE rather they install they own hiv...

Android Hooking: Writing Xposed Modules

1. Declare the module in  AndroidManifest.xml < manifest xmlns:android = "http://schemas.android.com/apk/res/android"     package = "com.example.xpomodfc"     android:versionCode = "1"     android:versionName = "1.0" >     < uses-sdk         android:minSdkVersion = "8"         android:targetSdkVersion = "15" />     < application         android:allowBackup = "true"         android:icon = "@drawable/ic_launcher"         android:label = "@string/app_name"         android:theme = "@style/AppTheme" >           < meta-data             android:name =...

Security Risks: Owasp's/Best Way to Differentiate

Application Security Risks Type Of Risks Reference: Link

Pentesting Amazon Web Services with KALI Sana

The installation through the AWS EC2 interface is dead simple. Point, click. Cutting keys and firing up ssh is also easy. But before you get too comfortable, there’s a few things you should know. First, unlike every preceding version of BackTrack and Kali, you do not just log in as root and leave it there. In order to meet the Amazon terms of service, you must log in as a lower-level user (in this case, user “kali”) and then su to root:     $ sudo su     # <-- and you are root! Note no password is required. You should consider running ‘passwd’ to ensure your instance requires one. No one will ever, ever guess ‘toor’. You’re welcome. Second, you should also know this is a “barebones” install. I couldn’t find what the “barebones” term meant anywhere on the kali.org website or support forums. Well it actually means “The Kali Amazon image is what we call a ‘minimal image’, meaning, no tools pre-installed. You can install any tools you need individually, or...

Microsoft Patch Reverse Engineering: 1-DAY Exploits

DarunGrim is a binary diffing tool. DarunGrim is a free diffing tool which provides binary diffing functionality.Binary diffing is a powerful technique to reverse-engineer patches released by software vendors like Microsoft. Especially by analyzing security patches you can dig into the details of the vulnerabilities it's fixing. You can use that information to learn what causes software break. Also that information can help you write some protection codes for those specific vulnerabilities. It's also used to write 1-day exploits by malware writers or security researchers.This binary diffing technique is especially useful for Microsoft binaries. Not like other vendors they are releasing patch regularly and the patched vulnerabilities are relatively concentrated in small areas in the code. That makes the patched part more visible and apparent to the patch analyzers. Lets now try to reverse a latest microsoft security patch{well in my next post I'll show how to use DarunG...

Automating security Scans:Part-1

Running daily scans manually is a very cumbersome and boring task. So I thought of automating them for ease and fast processing. So Zaproxy is very well known OWASP vulnerability scanner that can be very helpful for webapps pentesting and lot more. So here are few steps to get started with OWASP Zaproxy: Step1: Download ZAProxy from here Step2: You can run Zaproxy in GUI mode to get feel and things that are available on this beautiful scanner. But in order to automated I prefer it running in daemon mode. So I use follwoing command: ./zap.sh -daemon -config api.disablekey=true & So this command will start ZAP in daemon mode with ZAP APIs listening  on 8080  by default. Oh I forget to tell you that this scanner comes with REST API which you can access using python, java or ruby also. Everything that you can do from gui is also supported by these APIs. I generally use python so I installed owasp-zapv2 using pip. pip install python-owasp-zap-v2.4 If you want to rea...