If you are a newbie in Penetration Testing and afraid of OSCP preparation, do not worry. Even I was once an amateur before starting on my OSCP journey. In this blog, I will provide you with a strategy for OSCP preparation. I will also share some resources that I found useful during my preparation. Here […]

[[Post was originally posted on 23rd May, 2017 at invadersam.com]] Microsoft Office Word / Wordpad remote code execution vulnerability allows a remote attacker to execute arbitrary code on the system. An attacker can send specially crafted files which can cause the MS Word / Wordpad to download a remote shell and the attacker can gain […]

Before we start to configure our decoys and put it in our production environment, let’s take a look at what exactly it is and how it differs from the usual honeypot. Honeypots are vulnerable systems configured to lure the attacker who is present in an organization. This attacker need not be from outside the environment. […]

Most organizations face a barrage of attacks every day from threat actors around the globe. Among the various vectors, attackers have found relatively high degree of success by (spear) phishing employees of the organization. This allows attackers to bypass perimeter defences and gain a foothold in the internal network. SOC teams have multiple approaches to […]

Part IV: Customizations – Custom Kernels and building Chroots This is the blog part 4 of building your custom Pentesting device. If you haven’t read the previous blogs, here are the links to them: – Part I Part II Part III So, now let’s get started with adding our own set of firmware support and […]

Part III: Cracking the Lid – Rooting and Unlocking Bootloaders This is part 3 of building your own mobile pen-testing device. Here’s the link to part 2 and part 1. Before we get started to cracking our device, let’s take a look at how our end device would look like: Oneplus One with Alfa NHR […]

INTRODUCTION GSM also known as “Global System for Mobiles” is a world-wide standard for digital cellular telephony, it is a published standard by the European Telecommunications Standards Institute (ETSI), and it is widely implemented in Europe, Asia and, increasingly, America. The GSM network is divided into three major systems: the Network Switching System (NSS), the […]

Part II: The Technicalities – Linux Kernels and chroots This is part 2 of building your own mobile pen-testing device. Here’s the link to part 1. So, now that we know how basic rooting and flashing works, let’s get a bit deeper into the internals of the Android system and see to what extent it […]

Part I: The Prologue – Android rooting Background In the game, Watchdogs, the hacker ‘Aiden Pierce’ uses his cell phone alone to hack into organizations or perform MITMs (Man in the Middle Attacks). This got me thinking, what if I could build my own mobile pen-testing device and started my research on the same. After […]