Category Archives: Hacking

HTTP Request Hijacking for iOS

Researchers from Skycure have revealed an interesting vulnerability which we tried out in our labs. This vulnerability has the potential to hijack a number of apps on the iOS platform. The attack is a variant of Man in the middle attack. If an app is used on an insecure Wi-Fi network, an attacker can intercept requests… Read More »

IOS fingerprint scanner hacked!

Within few days of its launch, Apple iPhone 5S has faced the wrath of hackers from Germany. The chaos computer club were quoted saying: “Biometrics are not safe” who provided video showing how they could use a fake fingerprint to bypass phone’s security lock screen. See this Youtube video which demonstrates the Hack. “…. fingerprint… Read More »

DC9180 – Hunting bugs the Bounty way

This talk informs you all you should know about finding bug bounty. Various scenarios, tools, procedure, real time replies etc. About the speaker: Nikhil P Kulkarni a.k.a Intrud3r Web application Pentester | Blogger | Bug Hunter | Researcher at CSPF | Listed in various hall of fames   You can find the full presentation at… Read More »

DC9180 – OWASP Xenotix XSS Exploit FRAMEWORK

This presentation covers XSS vulnerability to gain reverse shell access to the system. The PDF copy of the presentation can be downloaded here –  pwningwithxss-defconbanglore-130820063858-phpapp01 About the speaker: Name: Ajin Abraham •Info Sec Enthusiast •OWASP Xenotix XSS Exploit Framework •Free and Open Info Sec Education Supporter (Kerala Cyber Force) •Runs a DEFCON chapter Defcon Kerala

Facebook URL redirection bug

Facebook suffers from a URL redirection bug which never got patched even after responsible disclosure.  But when they patch it they fail to give credit to the reporter. This bug has been reported by many hunters, and had gone to deaf ears. I am attaching few screenshots here of the bug which will give an… Read More »

Advanced Persistent Threats – Attack and Defence

Advanced Persistent Threats (APT) was originally coined while nations were involved in cyber-espionage. These techniques are used by cyber-criminals to steal data for monetary gains. Unlike other threats, these threats are advanced, often targeted, persistent in nature, and evasive too. APTs target particular organizations unlike other usually found malwares, which sweep down random millions of… Read More »

Quick and Dirty Burpsuite Tutorial

  Hi all, In this article, we are going to see another powerful framework that is used widely in pen-testing. Burp suite is an integration of various tools put together to work in an effective manner to help the pen-tester in the entire testing process, from the mapping phase to identifying vulnerabilities and exploiting the… Read More »