View RSS Feed


Entries with no category

  1. Maldrone the First Backdoor for drones.

    Hi Guys,


    You read it right. I am going to give a quick demo for the first ever drone backdoor aka Maldrone [Malware Drone] .

    There are over 70 nations building remotely controllable drones. Most of these drones are capable of making autonomous decisions. Countries buy drones from there neighbors. What are the possibilities that there could be a backdoor in the drone you brought. What are the possible ways you can backdoor a drone. What ...
  2. Cracking a Captcha . Nullcon| EMC2 CTF 2015

    Last week EMC2/nullcon CTF got over . Even though I really wanted to I did not have enough time to play the ctf. I was/am busy working on my "hacking Drones" research for Nullcon .

    Last year I was one among the top 30 finilist of EMC2 defenders league and stood 5th in the final ranking. ...
  3. Pentesting a DVB-C network .Hacking your cable TV Network Part 1

    Here is my ekoparty video on hacking cable tv networks .

    DVB-C stands for "Digital Video Broadcasting - Cable" and it is the DVB European consortium standard for the broadcast transmission of digital television over cable. This system transmits an MPEG-2 or MPEG-4 family digital audio/digital video stream, using a QAM modulation with channel coding. The standard was first published by the ETSI in 1994, and subsequently became ...
  4. Everything you need to know about CVE-2014-6271


    HTML Code:
    Code execution possible on CGI Web Applications:  	Yes [Critical ]
    Code execution possible on SSH                 : 	       Yes [Not critical or is based on architecture ]
    Working Payload for getting reverse Shell Available:      Yes
    Is the Current patch complete:                                    No
    Where was the Bug:

    Bash supports exporting not just shell variables, but also shell functions to other

    Updated 10-01-2014 at 03:36 PM by 41.w4r10r

  5. Low hanging Web Application bugs in Digital Cable :Hacking Cable TV Networks Part 1

    Hacking your cable TV Networks: Low Hanging Web Application bugs in Digital Cable TV.

    Check out previous blog :
    Hacking Your Cable TV Networks : HITB Security Conference Part 0.

    We did two presentations on the security issues in Digital Cable TV network back in February at Nullcon[Goa] and another at HITB [Amsterdam ] . We disclosed few of the many security issues we reported to a large cable network ...
  6. How the Internet Bug bounty Killed an Exploit Kit.

    Name:  BUGCROWD.jpg
Views: 13143
Size:  10.5 KB
    It is been 4 years since the Internet [Web] bug bounty programs kicked in. It would be great to see what changes it has brought to the Security community. From what I understood is the most no of reported bugs to bug-bounty programs are XSS . Yes Cross Site scripting. We are writing about an Infamous Phishing/Exploit kit named Chillyfisher that was used by few APT groups that utilized xss and phishing emails to hack their targets.

    Name:  exploit-kits.jpg
Views: 21077
Size:  49.3 KB ...
    Attached Thumbnails Attached Images  
  7. Hacking Your Cable TV Networks : HITB Security Conference Part 0.

    Name:  300-200-hitb2014ams-01.jpg
Views: 24916
Size:  68.7 KB
    I would be presenting at HITB Amsterdam this 29th - 30th on Digital Cable TV security . I am from an application security computer science background and the talk is all about appsec in Digital Cable TV implementations. But certain digital signal concepts were bit hard for me to remember. So in this pre-con blogpost I would add few short notes on few terms I would be referring to in my talk .

    Television is one way medium unlike internet , so if ...
    Attached Thumbnails Attached Images  
  8. CVE-2014-0160 Heartbleed Attack POC and Mass Scanner .

    TLS Heart Bleed Attack.

    This is one of the most scary bugs I have seen in the last few years. A lot of discussion is going on and there are quite a number of blogs regarding this. But I couldn't find anything that explicitly talks about the vulnerability and exploitation methods. Also many organizations have multiple https servers using openssl. So I have created this mas auditing tool that could scan them all in one click. ...
  9. Sandy: Opensource Exploit Analysis Framework .

    Client side exploits are inevitable part of the security Industry. And no matter how much new security is added to these products they would be always exploited. As long as Government and Individuals need to hack into others confidential data there would be a requirement for exploits. So when there's demand, someone will supply.

    Name:  download.jpeg
Views: 15959
Size:  3.2 KBName:  images.jpeg
Views: 15278
Size:  4.2 KBName:  Screen Shot 2014-04-07 at 3.19.33 pm.jpg
Views: 15116
Size:  5.8 KB

    I started developing Sandy an Exploit Analysis and Automation ...
  10. Trusting 302 Redirects and Content Security Policies security.

    My new year resolution is to blog as much as possible. My writing skills sucks and there's just too great a chance, i'll lower the standards. Any way the show must go on. So am planning to share my weekend notes here from now on.

    Name:  CSP_Shield_Logo.jpg
Views: 33401
Size:  19.4 KB

    Few weeks back I had to design a solution for a challenging web application issue.

    The scenario was as follows.

    A secure Web Application has a Secret Access token . This token ...
Page 1 of 4 123 ... LastLast