Introduction “For those on the ramparts of the world’s sole superpower, the digital winds are blowing an icy chill through the triumphant glow of the post-Cold War,” reads the tagline for the article titled, “Farewell to arms,” by journalist and writer, John Carlin. The article that delves into the potentially devastating effects of cyber-warfare became […]
Introduction Host header injections have been around for a while now, and sometimes the developer just does not know how to get rid of them! Configuring virtual hosts, adding host verification codes to redirection pages, etc. All of this can be time-consuming or stressful for some! So, I will be explaining a simple technique that […]
Few months back, I had the opportunity to conduct two workshops at BSidesDelhi and CSI Mumbai on the above topic. Both sessions were great experiences and allowed me to see the growing interest among the information security folks for the opensource ELK stack. Those who know me personally or follow me on social media (Twitter/Linkedin) […]
If you are looking to navigate your way through the complexities of Big Data and its use in Security, here are some links to get you off the ground: Big Data Basics What is Big Data Which are the major technologies used for Big Data Hadoop (Apache’s open-source implementation of Google’s MapReduce algo) Elastic Search, […]
Scenario: One of our clients observed a suspicious behavior in a program and wanted us to analyze and identify if any malicious activities were being performed by the same. The program wasn’t detected by their anti-virus solution during ‘file access operations’. However, some unusual outbound network traffic triggered alerts from the network monitoring team. Filename […]
What is Data Leakage Prevention? Data Leakage Prevention is the category of solutions which help an organization to apply controls for preventing the unwanted accidental or malicious leakage of sensitive information to unauthorized entities in or outside the organization. Here sensitive information may refer to organization’s internal process documents, strategic business plans, intellectual property, financial […]
I was reading the Joomla Update, http://developer.joomla.org/security/news/563-20130801-core-unauthorised-uploads A bug in Joomla Core and having the criticality is always awesome to see 🙂 I decided to give the bug a look to see what the actual problem was. I looked at the diffs (changes made) to the latest version 2.5.14 https://github.com/joomla/joomla-cms/commit/fa5645208eefd70f521cd2e4d53d5378622133d8 From the commits, there are […]
For my research, I chose to analyze a popular Android application for malwares. But why select a Russian version? Well, it made a compelling case study from analysis perspective that I later found out during my research. The application I selected was popular game called FruitNinja downloaded from Russian Fake Android Store (Figure 1). Figure […]
In this article we will learn on how to do the forensic of USB devices, how to correlate the USB device with the drive letter and how to see at what time the USB device was plugged in and plugged out. This article may be very useful for the military forces as they can easily […]
by Bhushan Shah, NII Consulting Mrs Carol L. Stimmel has taken upon her to start a Computer Forensic Volunteer Project to provide low-cost services to those who cannot assert advantage from our skills. Here is a bit taken from the press release:- “As expert members of the international computer forensics community which provides unique and […]
