Information Security Monthly Newsletter – Dec 2018

The newsletter consists of high-level executive summary of most of the important news, articles, data breaches and Microsoft patches details that have been published on information security. Each news item is very briefly summarized and includes a reference on the web for detailed information. We…

Android Mobile Application Penetration Testing

Android is a mobile operating system developed by Google, designed mainly for the touchscreen devices like smartphones and tablets. Android operating system was originally released on 23rd September 2008. There are total 11 version of android operating system available till date from Gingerbread to Pie….

XML External Entity Attacks

XML External Entity (XXE) is an attack where application process user-provided data without disabling the reference to external resource this is due to the weakly configured XML parser for the document type declaration (DTD). XML parser in the application supports external reference by-default even though…

Information Gathering through MS-Office Macros

Hi Readers, In this post discussing how Microsoft Office Word Macros can be used to gather information of a remote system. A Macro is a series of commands or instructions grouped together as a single command to accomplish a task automatically. These are seen in…

Best Practices for Securing Crypto Currency exchange

In our last blog on crypto we discussed on a case study related to penetration testing of crypto exchange. Today we are going to discuss on best security practices for securing crypto exchange sites. Web Application Level 1) Implement Two factor authentication at login and…

IMPINJ SPEEDWAY R420 RFID READER

IMPINJ is an organization which connects billions of everyday items such as apparel, medical supplies and automobile parts to consumer and business applications such as inventory management, patient safety, and assets tracking. The impinj platform uses RFID to deliver timely information about these items to…

Case Study – Penetration Testing Crypto Currency Exchange

Recently we have performed a pentest for a crypto currency exchange site and below are the complete case study of the engagement. Case Study – Penetration Testing Crypto Currency Exchange Introduction: This case study of a start-up company in India who have started Crypto currency exchange…