SecurityLearn
12.9K views | +0 today
Follow
SecurityLearn
A place to learn new hacking techniques
Curated by satishb3
Your new post is loading...
Your new post is loading...
Scooped by satishb3
Scoop.it!

A brief overview of same-origin policy

Can My JavaScript Access Your Page Elements? We all know that using JavaScript you can do many things for example read elements on a page, analyze the DOM etc.
more...
No comment yet.
Scooped by satishb3
Scoop.it!

Advanced Exploitation using XSS-SHELL

Advanced Exploitation using XSS-SHELL | SecurityLearn | Scoop.it
Before getting into XSS Shell, let us recollect few basics of XSS (Cross Site Scripting). XSS is one of the most common vulnerability that exists in many of the web applications today.
more...
No comment yet.
Scooped by satishb3
Scoop.it!

BREACH Attack Explained

BREACH Attack Explained | SecurityLearn | Scoop.it
Back in 2012, when Juliano Rizzo and Thai Duong announced the CRIME attack, TLS / SSL Compression attack against HTTPS, the ability to recover selected parts of the traffic through side channel attacks has been proved.
more...
No comment yet.
Scooped by satishb3
Scoop.it!

LaunchKey Mobile Vulnerabilities : Bug Bounty Experience

LaunchKey Mobile Vulnerabilities : Bug Bounty Experience | SecurityLearn | Scoop.it
Below are the vulnerabilities which I have found in the LaunchKey iPhone application. Insecure Storage – passcode & auth token are stored in clear text LaunchKey app allows its users to set a passcode to protect their information.
more...
No comment yet.
Scooped by satishb3
Scoop.it!

Mobile Security Basic Challenges

“Data stored on the device is worth more than the device” Introduction: The above quote might well apply to desktops and laptops as well. But it’s highly probable that your mobile device might be u...
more...
No comment yet.
Scooped by satishb3
Scoop.it!

Android Forensics

Android Forensics | SecurityLearn | Scoop.it
The article tries to cover various Android forensic techniques which can be helpful in a variety of situations. The techniques or discussions below can be either logical or physical however we will...
more...
No comment yet.
Scooped by satishb3
Scoop.it!

The Paraben’s iRecovery Stick Review

The Paraben’s iRecovery Stick Review | SecurityLearn | Scoop.it
The Paraben’s iRecovery Stick is an USB flash drive designed to recover deleted data from the Apple iOS devices like iPhone, iPad & iPod touch. The product allows the investigators to recover d...
more...
No comment yet.
Scooped by satishb3
Scoop.it!

SQL Injection exploitation and dumping the database

SQL Injection: SQL Injection is a web based attack used by attackers to steal sensitive information from organizations through web applications. It is one of the most common application layer attac...
more...
No comment yet.
Scooped by satishb3
Scoop.it!

Padding oracle attack explained

In cryptography, the padding oracle attack is an attack on the CBC mode of operation, where the server leaks data about whether the padding of an encrypted message is correct or not. oracle refers ...
more...
No comment yet.
Scooped by satishb3
Scoop.it!

Extracting Entitlements from iOS applications

Entitlements defines the specific capabilities or permissions of an applications. On a Jailbroken iPhone, entitlements of an iOS application can be extracted with ldid tool. On recent iOS versions ...
more...
No comment yet.
Scooped by satishb3
Scoop.it!

Pentesting Web Applications

I use these slides for my training. Initially I thought of not sharing with anyone. Later I felt, even if someone use my slides, they cannot teach like me Slides:
more...
No comment yet.
Scooped by satishb3
Scoop.it!

Decrypting the iPhone keychain from backups

In iTunes backup, the iPhone Keychain sqlite database is stored as a Plist file. The Keychain file gets stored with 51a4616e576dd33cd2abadfea874eb8ff246bf0e file name in the iTunes backup folder. K...
more...
No comment yet.
Scooped by satishb3
Scoop.it!

Hacking and Securing iOS Applications : Slides

A deck of slides which I have used for my presentation @ Clubhack 2012, India. Abstract iOS applications share common set of classes and highly depends on the operating system solutions for data co...
more...
No comment yet.
Scooped by satishb3
Scoop.it!

Elliptic Curve Cryptography: A Case for Mobile Encryption

Elliptic Curve Cryptography: A Case for Mobile Encryption | SecurityLearn | Scoop.it
It is needless to start this article explaining about the rise of mobile devices in the last few years. We all know about how smart phones have swept the world.
more...
No comment yet.
Scooped by satishb3
Scoop.it!

SSL Attacks

SSL Attacks | SecurityLearn | Scoop.it
In the last few years, we have witnessed a wide range of attacks on the SSL/TLS mechanism. In this article, we will try to cover various attacks that were prominent in the field of cryptography.
more...
No comment yet.
Scooped by satishb3
Scoop.it!

Android Master Key Vulnerability POC

Android Master Key Vulnerability POC | SecurityLearn | Scoop.it
A few weeks back, a vulnerability dubbed as ‘Android Master key vulnerability’ was revealed. This vulnerability allows attackers to inject malicious code into legitimate Android applications without invalidating the digital signature.
more...
No comment yet.
Scooped by satishb3
Scoop.it!

Google Play Store on Android Emulator

Google Play Store on Android Emulator | SecurityLearn | Scoop.it
Most of you must have noticed that the Google Play Store is not available in the Android Emulator. But having Play store on the emulator would be very handy when you want to access different applic...
more...
No comment yet.
Scooped by satishb3
Scoop.it!

Penetration testing of iPhone Applications - Part 5

Penetration testing of iPhone Applications - Part 5 | SecurityLearn | Scoop.it
In the First part of the article, we have discussed about the iPhone application traffic analysis. Second part, Third part and Fourth part of the article covered in-depth analysis of insecure data ...
more...
No comment yet.
Scooped by satishb3
Scoop.it!

Disable ASLR on iOS applications

Disable ASLR on iOS applications | SecurityLearn | Scoop.it
ASLR - Address Space Layout Randomization is an important exploit mitigation technique introduced in iOS 4.3. ASLR makes the remote exploitation of memory corruption vulnerabilities significantly m...
more...
No comment yet.
Scooped by satishb3
Scoop.it!

Sqlite data leakage in iOS applications

Sqlite data leakage in iOS applications | SecurityLearn | Scoop.it
Most of the iOS applications store sensitive information like usernames, passwords & transaction details, etc.. either permanently or temporarily on the iPhone to provide offline access for the...
more...
No comment yet.
Scooped by satishb3
Scoop.it!

Web Application Hacking Lab Setup

To learn & practice hacking we have to setup our lab environment because hacking real sites is a crime. Setting up a lab environment requires a lot of effort and time. To overcome all these pro...
more...
No comment yet.
Scooped by satishb3
Scoop.it!

Pentesting iPhone Applications

I have given a presentation on Pentesting iPhone Applications in c0c0n. This presentation mainly focuses on methodology, techniques and the tools that will help security testers while assessing the...
more...
No comment yet.
Scooped by satishb3
Scoop.it!

Update metasploit on backtrack

To  update the existing metasploit, in the backtrack terminal type > msfupdate           (or) >svn update /petnest/exploits/framework3 (or) >sudo bash >cd /opt/framework3/msf3/ >svn ...
more...
No comment yet.
Scooped by satishb3
Scoop.it!

Microsoft Bing webmaster tools CSRF Vulnerability

I have noticed a CSRF vulnerability in the Bing webmaster tools website when I was working on SEO stuff for my site. I have reported the vulnerability to Microsoft and they fixed it now. CSRF attac...
more...
No comment yet.
Scooped by satishb3
Scoop.it!

Useful Cydia Apps for pentesting

For pentesting iPhone applications, we need to download a lot of tools from Cydia. Some of the necessary  tools are - OpenSSH – Allows to connect to the iPhone remotely over SSH Adv-cmds : Comes wi...
more...
No comment yet.