Author: Viswa

This week, we will be looking at another Hardcoded issue and how to trace along the App. As we saw last week developers tend to hard code while developing certain functionalities during development phase and sometimes, they are plainly hidden which is difficult to uncover....

We will be looking at Hardcoded issues this week. At times developers tend to hard code while developing certain functionalities during the development phase. Let us look at DIVA – hardcoded functionality and how to uncover it.   Click on “2. Hardcoded Issues – Part 1”,...

Continuing to previous post, download the Damn Insecure and Vulnerable App (DIVA). Download the tar file from the below location and unzip for .apk file: http://www.payatu.com/wp-content/uploads/2016/01/diva-beta.tar.gz    Installing .apk into Emulator adb install diva-beta.apk – New App Diva installed in Android device    If installation has completed successfully, following screen should...

Continuing from the previous post (Part 1: Android Mobile Penetration Testing), let’s install some important tools. The virtual device is used so that you can test a combination of different versions of android mobile devices and mobile operating systems for vulnerabilities with the tools mentioned...

Android is an Open source Mobile operating system, Linux based with modification to use devices such as mobile phones, computer tablets, and smart watches. Today’s market is being dominated by Android followed by iOS. The above figure shows the Android market taken from http://www.statista.com. Let us...

Summary How Microsoft Word can be potentially dangerous on phishing scenario. Objective To exploit Microsoft Word Macro functionality to return a shell to a remote machine (attacker). Lets look at Microsoft Word and effectively the Macro functionality can be taken to our advantage in phishing scenario.  This attack is...

Summary How a simple Dynamic Data Exchange (DDE) can be vicious and leave users open to attack! Objective To exploit Excel's DDE functionality to return a shell to a remote machine (attacker). This week I wished to demonstrate how using the standard functionality in excel, it would be possible...