Archive for audit

[tekwalk] Scanning VoIP Service for SIP-based Vulnerabilities

Posted in Blogroll, security with tags , , , , , , on March 5, 2011 by abhishekkr

http://tekwalk.blogspot.com [26-Jan-2011]

http://tekwalk.blogspot.com/2011/01/app-security-scanning-voip-service-for.html

Scanning VoIP Service for SIP-based Vulnerabilities
(the version details and product specifcs belong to 2010)
Task Detail:
Scanning the state of SIP implementation in VoIP Service.

Background:
SIP (Session Initiation Protocol) is a popular protocol used for…..

Execution Method:
Attackers are actively seeking exposed PBX systems to launch Phishing Scams & route fake calls.
In recent years scams have evolved to include SMS Solicitations…..

…..click here to read the full blog-post

[tekwalk] Security Analysis of WiFi implementation WPA2-AES

Posted in Blogroll, security with tags , , , , , , , on March 5, 2011 by abhishekkr

http://tekwalk.blogspot.com [26-Jan-2011]

http://tekwalk.blogspot.com/2011/01/net-security-security-analysis-of-wifi.html

Security Analysis of WiFi implementation WPA2-AES

Background:
WiFi has several vulnerable protocols still in use for backward compatibility. There have been new updates made available for the WiFi implementations, but still they all can be exploited in some way.

Execution Method:[] The best WiFi setup you can have is WPA2-AES, its the most secure but not hacker-proof…..

…..click here to read fill blog-post

[tekwalk] Subset Scan for Old Clients At New Networks

Posted in Blogroll, security with tags , , , , on March 5, 2011 by abhishekkr

@ http://tekwalk.blogspot.com [26-Jan-2011]

http://tekwalk.blogspot.com/2011/01/net-security-subset-scan-for-old.html

Subset Scan for Old Clients At New Networks

WHY? Subset Scan for Old Clients At New Networks

Task Detail:
If you are supposed to perform vulnerability assessment of a new network for some client you have already worked for.
They might have all newly conf…..

…..click here to read full blog-post

[tekwalk] all need Authentication, most need Domain Controllers ‘n hackers love it

Posted in Blogroll, security with tags , , , , , , , , , on January 20, 2011 by abhishekkr

@ tekwalk.blogspot.com [19/Jan/2011]

http://tekwalk.blogspot.com/2011/01/security-all-need-authentication-most.html

[security] all need Authentication most need Domain Controllers ‘n hackers love it

Domain Controllers are devices responsible for maintenance of data about all corporate user accounts, software resources and user ACLs. So, specific vulnerability assessment was required for them. We were…
………

…clikc here to read full blogpost

[tekwalk] Internal Network Scan : major NeXpose work

Posted in Blogroll, security with tags , , , , , , , , on January 20, 2011 by abhishekkr

@ tekwalk.blogspot.com [19/Jan/2011]

http://tekwalk.blogspot.com/2011/01/security-internal-network-scan-major.html

[security] Internal Network Scan : major NeXpose work

Even if a network has strong intrusion detection and prevention mechanism implemented, it is as safe as machines present within the network. If any network device within the network is infected with…
………

…clikc here to read full blogpost

[tekwalk] sometimes dumbest try hits hardest, our lovely ‘Port Scan’

Posted in Blogroll, history & technology, security with tags , , , , on January 19, 2011 by abhishekkr

@ tekwalk.blogspot.com [17/Jan/2011]

http://tekwalk.blogspot.com/2011/01/security-sometimes-dumbest-try-hits.html

[security] sometimes dumbest try hits hardest, our lovely ‘Port Scan’

even the………….
almost every Network Techie knows its importance and ways to secure them,
still everyone does leave a gap or even if no gap is left… its too hard to make network services hide their basic instincts and leave no trace…
…click here to read full blog-post

[hackersmag] bypass user level restrictions, bug-case in ‘Scribd.com’

Posted in AbhishekKr, ABK Labs, security with tags , , , , , , , , , , on December 21, 2010 by abhishekkr

@ hackersmag.blogspot.com [21/Dec/2010]

entry@Blogpost: http://hackersmag.blogspot.com/2010/12/bypass-of-user-level-restrictions-case.html

view-video@Youtube: http://www.youtube.com/watch?v=g-ETsFjRhqs
access-video@Vimeo: http://vimeo.com/18020569 [view/download original nice resolution video here]

bypass of user level restrictions, a case of bug in ‘Scribd.com’

So, here is a bug (which  has now been fixed) in Scribd.com… that allowed users to get a local copy of documents which were devoid of download and print options.

It’s how layered limitation can be broken, and why restrictions must be implemented root-level-up and not just as user-level module.

…click here to read full blog-post and view real-case video