Category Archives: Uncategorized

Remote Password Changer – GRC Tool for Corporate

Rpasswordchanger: This is useful for organisation which are on Microsoft active directory(AD) domain controllers. One of the problem system administrator face is they are not able to change the local admin password of the desktops of the users. There are two issue when local admin passwords are not changed regularly Organisation which have implemented some… Read More »

Vulnerability Chart for India(Across Vertical)

This is vulnerability chart from different vertical in India from a sample of 60 organization(includes corporate/BFSI) Please download the PDF file: Corporate Cyber Security – Ocean of Vulnerabilities Portends Bad Weather

Genisis Secure USB Drive – Security Bugs

Genisis securedrive is a hardware/software based encrypted USB device used in high security situation. Report of bugs: securedrive Video of USB working without the hardware encryption chip: https://drive.google.com/file/d/0BwjcnnWhy4E3bUFDdWlPT2NBbW8/view?usp=sharing Contributed by Mr. sathish, Jalandar  

CSPF develops custom modsecurity rules for public use

CSPF has developed modsecurity rules that can protect servers from malicious hackers. This is written by Mr. Manish Tanwar & Mr. Suriya Prakash Though OWASP CRS covers a lot of vulnerabilities it does not protect against most backdoor’s and latest bypasses. The other rules sets that are available are commercial in nature. So CSPF is… Read More »

China and Hongkong Protesters

Did Hong kong protesters use simple app in their mobile to evade Chinese switching off & monitoring cellphone towers. Apps are coming out which works without cell phone towers/mobile internet. It uses technology like bluetooth,NFC – crowd can use such technology to message each other. Should other governments learn from this??? Hongkong Protest using Firechat

Has Finspy(from Finfisher) been used on Indian Computers

Analysis of Spyfiles4 released by WikiLeaks shows Finfisher(the most famous intrusion system from Germany) may have been used to hack into Indian computer systems. Its important that CERTIn/other gov departments develop mechanism to prevent intrusion in future/detect any existing compromise. An Indian Perspective Full Report: An Indian perspective_finspy

APT Attack Technical Analysis

We have got this sample from corporate management computer from US & India. This word document was sent to CEO emails. Once opened it could monitor his entire activity(keystrokes) and upload files(document,excel, PPT) from his computer to a server which is hosted by the hacker. We have sent the samples to most of the antivirus/security… Read More »