Skip to main content


Showing posts from 2015

Security Risks: Owasp's/Best Way to Differentiate

Application Security Risks

Type Of Risks


Pentesting Amazon Web Services with KALI Sana

The installation through the AWS EC2 interface is dead simple. Point, click. Cutting keys and firing up ssh is also easy. But before you get too comfortable, there’s a few things you should know.

First, unlike every preceding version of BackTrack and Kali, you do not just log in as root and leave it there. In order to meet the Amazon terms of service, you must log in as a lower-level user (in this case, user “kali”) and then su to root:

    $ sudo su
    # <-- and you are root!

Note no password is required. You should consider running ‘passwd’ to ensure your instance requires one. No one will ever, ever guess ‘toor’. You’re welcome.

Second, you should also know this is a “barebones” install. I couldn’t find what the “barebones” term meant anywhere on the website or support forums. Well it actually means “The Kali Amazon image is what we call a ‘minimal image’, meaning, no tools pre-installed. You can install any tools you need individually, or install them all with the kali-lin…

Microsoft Patch Reverse Engineering: 1-DAY Exploits

DarunGrim is a binary diffing tool. DarunGrim is a free diffing tool which provides binary diffing functionality.Binary diffing is a powerful technique to reverse-engineer patches released by software vendors like Microsoft. Especially by analyzing security patches you can dig into the details of the vulnerabilities it's fixing. You can use that information to learn what causes software break. Also that information can help you write some protection codes for those specific vulnerabilities. It's also used to write 1-day exploits by malware writers or security researchers.This binary diffing technique is especially useful for Microsoft binaries. Not like other vendors they are releasing patch regularly and the patched vulnerabilities are relatively concentrated in small areas in the code. That makes the patched part more visible and apparent to the patch analyzers.

Lets now try to reverse a latest microsoft security patch{well in my next post I'll show how to use DarunGrim…

Automating security Scans:Part-1

Running daily scans manually is a very cumbersome and boring task. So I thought of automating them for ease and fast processing. So Zaproxy is very well known OWASP vulnerability scanner that can be very helpful for webapps pentesting and lot more. So here are few steps to get started with OWASP Zaproxy:
Step1: Download ZAProxy from here
Step2: You can run Zaproxy in GUI mode to get feel and things that are available on this beautiful scanner. But in order to automated I prefer it running in daemon mode. So I use follwoing command:

./ -daemon -config api.disablekey=true &

So this command will start ZAP in daemon mode with ZAP APIs listening  on 8080  by default. Oh I forget to tell you that this scanner comes with REST API which you can access using python, java or ruby also. Everything that you can do from gui is also supported by these APIs.
I generally use python so I installed owasp-zapv2 using pip.

pip install python-owasp-zap-v2.4

If you want to read more about python Zap…

Resize AVD: Android Emulator

The emulator file system is ext4. You can re-size the userdata.img using standard Linux tools. Try this only when you are facing problem increasing AVD size using Android-SDK GUI.

# Navigate to AVD cd ~/.android/avd/{name-of-avd}# Delete old image rm userdata-qemu.*# Re-size the image resize2fs userdata.img 1512M# Start the emulator and enjoy#BePatient it may take some time to create new partition emulator {name-of-avd}OR e2fsck -f userdata-qemu.img resize2fs userdata-qemu.img 512M

Installing vmware-11.0 on Ubuntu 15.04 Using kernel Patch

curl -o /tmp/vmnet-3.19.patchcd /usr/lib/vmware/modules/sourcetar -xf vmnet.tarpatch -p0 -i /tmp/vmnet-3.19.patchtar -cf vmnet.tar vmnet-onlyrm -r *-onlyvmware-modconfig --console --install-all

Facebook Porn Tag SPAM

I bet if you are an active facebook user then you might have already seen such post. They lurk user into opening the link and then a background script will automatically tag all the victim friends to that same video or it can also prompt you to install malicious software in order to view the same. If you are not logged in then it will prompt you to login like  shown below:

So better next time before opening any link or installing any unknown  software be sure whether you trust the content originator fully or not. As an advice always open external links in incognito mode of same browser or different browser in which you are not logged in.

Android ADB Shell: Extract Device Properties