Reverse Engineering For Beginners – XOR encryption – Windows x64

Prologue In the previous blogpost, we reverse engineered a binary and extracted the password from within it. This binary however contained a plaintext password. This was good to start for beginners, but you won’t really find such types of binaries in today’s world. In real life, passwords are mostly obfuscated or encrypted. Most of the […]

Malware Development – Welcome to the Dark Side: Part 1

If you are in cybersecurity, especially Red Teaming, writing a full-undetectable (FUD) malware is a great skill to have. Folks tend to use Metasploit combined with Veil-Evasion or PE injectors like LordPE or Shelter, to generate a binary which can bypass the antivirus. Sometimes this works and sometimes it does not. The worst thing that […]

The Mobile Pentesting Device: Birth of Anarchy

Part IV: Customizations – Custom Kernels and building Chroots This is the blog part 4 of building your custom Pentesting device. If you haven’t read the previous blogs, here are the links to them: – Part I Part II Part III So, now let’s get started with adding our own set of firmware support and […]

The Mobile Pentesting Device: Birth of Anarchy

Part I: The Prologue – Android rooting Background In the game, Watchdogs, the hacker ‘Aiden Pierce’ uses his cell phone alone to hack into organizations or perform MITMs (Man in the Middle Attacks). This got me thinking, what if I could build my own mobile pen-testing device and started my research on the same. After […]

Penetration Testing as per PCI DSS version 3.2

As per PCI DSS v3.2, Requirement 11.3 addresses penetration testing activity for organizations following PCI DSS compliance. The requirement is further divided into following sub requirements: Requirement 11.3.1: Conduct external penetration testing at least annually or after any significant change has occurred in organization’s environment Requirement 11.3.2: Conduct internal penetration testing at least annually or […]