Archive for hacking

[hackersmag] Social Engineering ~ Eden Guide to Hacking

Posted in AbhishekKr, security with tags , , , , , , , on November 14, 2011 by abhishekkr

@ hackersmag.blogspot.com [3-October-2011]

http://hackersmag.blogspot.com/2011/10/eden-guide-to-hacking-httpsgithub.html

@github…..Active_Recon/article2_Social_Engineering.txt

Most creative non-technical hacker practice known to mankind.

a.) It’s Art of Communication with People for ‘Information Leakage‘.

You have a ‘Victim’ identified by now and…..

…..click here to read in detail

 

Advertisements

[hackersmag] Open Intelligence Gathering ~ Eden Guide to Hacking

Posted in security, Uncategorized with tags , , , , , , , on November 14, 2011 by abhishekkr

@ hackersmag.blogspot.com [13-September-2011]

http://hackersmag.blogspot.com/2011/09/open-intelligence-gathering-for-passive.html

@github…..chapter4_Reconnaissance/section0_Passive_Recon/article0_Open_Intelligence_Gathering.txt

|
 |[+] What Is Open Intelligence?
 |
 |[+] Legal Documents Got Them
 |
 |[+] Search Engines Sort Them
 |
 |[+] Web Activity Caught Them
 | |
 | |[+] You Blog/Comment
 | |[+] You Socialize.....

…..click here to read in detail

[hackersmag] Don’t SSL-ify full site until SSL is itself Secure

Posted in ABK Labs, security with tags , , , , , , , , , on April 3, 2011 by abhishekkr

http://hackersmag.blogspot.com [30/03/2011]

http://hackersmag.blogspot.com/2011/03/full-site-ssl-ification-is-not-option.html

Full Site SSL-ification is not an option, need to make SSL secure first

I have  heard (Recently and in past) security aware lives wasting a lot of their potential over the argument like
+ ‘Basic HTTP is insecure‘ {sometimes in novice past}
+ ‘SSL-ify entire web service‘ {still a lot push is there}
Now, ‘Basic HTTP’ being insecure is not a flaw by design… but a flaw by choice.

……….
Though it has been haunting the websites by attacks like
+[] SSL Stripping:
It’s due to……….
+[] Sidejacking:
It occurs……….
……….
Then, ‘Full Site SSL-ification’ is a good choice from theoretical security point-of-view, but just in theory.
Different SSL-Defeating attacks involving
+[] Flaws in Libraries like NSS:
There was a……….
+[] Fake SSL Certificate generation:
Not a flaw……….
……….
So, if you will look deeper into serial-murder case file of   SSL Certificates, you’ll see it ain’t safe…
and so there is no point in argument over its mixed/full   implementation.
…click here to read in detail

[hackersmag] Presentation on “XSS Defeating Concept in (secure)SiteHoster” : ‘nullcon-2011’

Posted in ABK Labs, Blogroll, security with tags , , , , , , , on March 5, 2011 by abhishekkr

http://hackersmag.blogspot.com [5-Mar-2011]

http://hackersmag.blogspot.com/2011/03/presentation-on-xss-defeating-concept.html

Presentation on “XSS Defeating Concept in (secure)SiteHoster” : ‘nullcon-2011’
it’s mainly regarding preventing XSS Attacks with an entire new Concept based on ‘Bug-As-A-Service’ and ‘Attacking-The-Attacker’…
any views/questions/comments/critics/confusions
———-
Presentation & Concept-WhitePaper:
View more presentations and documents from Abhishek Kumar

…..click here to read the full blogpost

[tekwalk] Scanning VoIP Service for SIP-based Vulnerabilities

Posted in Blogroll, security with tags , , , , , , on March 5, 2011 by abhishekkr

http://tekwalk.blogspot.com [26-Jan-2011]

http://tekwalk.blogspot.com/2011/01/app-security-scanning-voip-service-for.html

Scanning VoIP Service for SIP-based Vulnerabilities
(the version details and product specifcs belong to 2010)
Task Detail:
Scanning the state of SIP implementation in VoIP Service.

Background:
SIP (Session Initiation Protocol) is a popular protocol used for…..

Execution Method:
Attackers are actively seeking exposed PBX systems to launch Phishing Scams & route fake calls.
In recent years scams have evolved to include SMS Solicitations…..

…..click here to read the full blog-post

[tekwalk] Security Analysis of WiFi implementation WPA2-AES

Posted in Blogroll, security with tags , , , , , , , on March 5, 2011 by abhishekkr

http://tekwalk.blogspot.com [26-Jan-2011]

http://tekwalk.blogspot.com/2011/01/net-security-security-analysis-of-wifi.html

Security Analysis of WiFi implementation WPA2-AES

Background:
WiFi has several vulnerable protocols still in use for backward compatibility. There have been new updates made available for the WiFi implementations, but still they all can be exploited in some way.

Execution Method:[] The best WiFi setup you can have is WPA2-AES, its the most secure but not hacker-proof…..

…..click here to read fill blog-post

[hackersmag] Apache SOLR ~ a talented yet careless server

Posted in Blogroll, security with tags , , , , on March 5, 2011 by abhishekkr

hackersmag.blogspot.com [8-Feb-2011]

http://hackersmag.blogspot.com/2011/02/apache-solr-talented-yet-careless.html

Apache SOLR ~ a talented yet careless server

SOLR… what it is?
SOLR Security Consideration… are clearly stated

[] Solr does not concern itself with security either at the document level or the communication level.
[] It strongly recommends that the……….

…click here to read full blogPost