Archive for analysis

[tekwalk] Scanning VoIP Service for SIP-based Vulnerabilities

Posted in Blogroll, security with tags , , , , , , on March 5, 2011 by abhishekkr

http://tekwalk.blogspot.com [26-Jan-2011]

http://tekwalk.blogspot.com/2011/01/app-security-scanning-voip-service-for.html

Scanning VoIP Service for SIP-based Vulnerabilities
(the version details and product specifcs belong to 2010)
Task Detail:
Scanning the state of SIP implementation in VoIP Service.

Background:
SIP (Session Initiation Protocol) is a popular protocol used for…..

Execution Method:
Attackers are actively seeking exposed PBX systems to launch Phishing Scams & route fake calls.
In recent years scams have evolved to include SMS Solicitations…..

…..click here to read the full blog-post

[tekwalk] Security Analysis of WiFi implementation WPA2-AES

Posted in Blogroll, security with tags , , , , , , , on March 5, 2011 by abhishekkr

http://tekwalk.blogspot.com [26-Jan-2011]

http://tekwalk.blogspot.com/2011/01/net-security-security-analysis-of-wifi.html

Security Analysis of WiFi implementation WPA2-AES

Background:
WiFi has several vulnerable protocols still in use for backward compatibility. There have been new updates made available for the WiFi implementations, but still they all can be exploited in some way.

Execution Method:[] The best WiFi setup you can have is WPA2-AES, its the most secure but not hacker-proof…..

…..click here to read fill blog-post

[tekwalk] all need Authentication, most need Domain Controllers ‘n hackers love it

Posted in Blogroll, security with tags , , , , , , , , , on January 20, 2011 by abhishekkr

@ tekwalk.blogspot.com [19/Jan/2011]

http://tekwalk.blogspot.com/2011/01/security-all-need-authentication-most.html

[security] all need Authentication most need Domain Controllers ‘n hackers love it

Domain Controllers are devices responsible for maintenance of data about all corporate user accounts, software resources and user ACLs. So, specific vulnerability assessment was required for them. We were…
………

…clikc here to read full blogpost

[tekwalk] Internal Network Scan : major NeXpose work

Posted in Blogroll, security with tags , , , , , , , , on January 20, 2011 by abhishekkr

@ tekwalk.blogspot.com [19/Jan/2011]

http://tekwalk.blogspot.com/2011/01/security-internal-network-scan-major.html

[security] Internal Network Scan : major NeXpose work

Even if a network has strong intrusion detection and prevention mechanism implemented, it is as safe as machines present within the network. If any network device within the network is infected with…
………

…clikc here to read full blogpost

[tekwalk] sometimes dumbest try hits hardest, our lovely ‘Port Scan’

Posted in Blogroll, history & technology, security with tags , , , , on January 19, 2011 by abhishekkr

@ tekwalk.blogspot.com [17/Jan/2011]

http://tekwalk.blogspot.com/2011/01/security-sometimes-dumbest-try-hits.html

[security] sometimes dumbest try hits hardest, our lovely ‘Port Scan’

even the………….
almost every Network Techie knows its importance and ways to secure them,
still everyone does leave a gap or even if no gap is left… its too hard to make network services hide their basic instincts and leave no trace…
…click here to read full blog-post

[hackersmag] bypass user level restrictions, bug-case in ‘Scribd.com’

Posted in AbhishekKr, ABK Labs, security with tags , , , , , , , , , , on December 21, 2010 by abhishekkr

@ hackersmag.blogspot.com [21/Dec/2010]

entry@Blogpost: http://hackersmag.blogspot.com/2010/12/bypass-of-user-level-restrictions-case.html

view-video@Youtube: http://www.youtube.com/watch?v=g-ETsFjRhqs
access-video@Vimeo: http://vimeo.com/18020569 [view/download original nice resolution video here]

bypass of user level restrictions, a case of bug in ‘Scribd.com’

So, here is a bug (which  has now been fixed) in Scribd.com… that allowed users to get a local copy of documents which were devoid of download and print options.

It’s how layered limitation can be broken, and why restrictions must be implemented root-level-up and not just as user-level module.

…click here to read full blog-post and view real-case video

[abionic.blogspot.com] GitHub’s “purely artificial and poorly intelligent” A.I.

Posted in AbhishekKr, Blogroll with tags , , , , , , , , , on December 20, 2010 by abhishekkr

@ abionic.blogspot.com [20/Dec/2010]

http://abionic.blogspot.com/2010/12/encounter-with-githubs-ai-which-is.html

encounter with GitHub’s A.I. which is “purely artificial and poorly intelligent”

Recently, I had an interesting encounter with GitHub’s A.I. which was purely artificial and poorly intelligent.
I have a repo at ‘https://github.com/abhishekkr/sitehoster‘; it’s an experimental web-server developed in ‘Java’ but it has been marked as ‘Javascript’.

Now I’m a bit hard at things which don’t work to their potential… but I don’t think their is anything wrong in it.

So yeah there is an ‘Artificially Poorly Inferenced Logic‘ implemented in so advanced GitHub
which could have been ‘Smartly Easily Granted Control‘ to not so artificially intelligent Users…

…click here to read full blog post