In this post, we talk about using various third party Chart APIs to display a trend graph on any SharePoint site (or a blog). These graphs delivers a quick summary of the vulnerabilities identified during various security assessments. This can be embedded in a Security SharePoint portal or a dashboard which will be accessed by [...]
This batch file decompiles an apk to its corresponding java sources. People who are looking forward to do a code review on an android app who’s source code is not readily available can utilize this bat. This batch runs various free tools available on the internet in a sequence to obtain the java source files. [...]
List of chrome browser extensions that can be useful while performing application security assessments. Some of the extensions are already discussed earlier in our blog. On the sidenote, a similar collection exists for Firefox users – check SecFox at Mozilla Addons Collection site Note: Below table will be updated regularly. If you find any addons [...]
This post explains about rooting a Tmobile G2/HTC Vision and then installing Cyanogenmod 7 (Gingerbread) while retaining the apps and data that were in use with stock ROM. Entire process from rooting till installation of Cyanogenmod should not take more than half an hour.
AdBlock is one of the most popular browser extension that prevents ads or annoying page elements those are usually displayed in any webpage. It works by matching the pattern of unwanted elements in the page with what is available in its database and filters them. Adblock can be made more efficient by adding custom patterns [...]
This Python script by the author ‘sickness’ updates many of the tools present in Backtrack suite, which otherwise would’ve to be updated manually.
Get the script
Screenshot
Backtrack5 Update Script
Source: backtrack-linux.org
| Backtrack5 Update Script Info | |
|---|---|
| App Name | Backtrack5 Update Script |
| License | free |
| Type | code |
| App URL |
 |
| More Info | link |
In this post, we talk about using various third party Chart APIs to display a trend graph on any SharePoint site (or a blog). These graphs delivers a quick summary of the vulnerabilities identified during various security assessments. This can be embedded in a Security SharePoint portal or a dashboard which will be accessed by clients/higher management.
For applications that are assessed at the end of every release cycle (version change), from this graph, one can visualize the trend of vulnerability detection. Here severity scale – Critical, High, Medium & Low (Info) is also displayed in the graph.
We will have a look at 2 charting APIs to achieve this – Google Charts and Highcharts
By using Google Charts API, we try to embed the following chart on our SharePoint site. Once the code is embedded, user can hover over the data points to get its value and other information.
There are various obvious reasons for choosing a chart API over a static image inserted into the site.
This batch file decompiles an apk to its corresponding java sources. People who are looking forward to do a code review on an android app who’s source code is not readily available can utilize this bat. This batch runs various free tools available on the internet in a sequence to obtain the java source files.
This is not made to encourage piracy/plagiarism in any case.
1. Extract batch file and lib folder to C:\apk2java\ (or any folder that doesnt have space in its path)
2. Backup the target app’s apk from phone to PC via ASTRO Browser (check this post for details)
3. Keep the target apk in the root folder where batch file is present
4. Run ‘apk2java.bat target.apk’ in cmd
c:\apk2java>apk2java.bat target.apk
This post talks about process of extracting apk file of any app available in market and then decompiling it to Java source. This can be helpful for those who perform code review (for security vulnerabilities) on apps whose source code is not available. Once Java source code is obtained, we can either do manual code review or run any free/commercial automated code scanners.
List of chrome browser extensions that can be useful while performing application security assessments. Some of the extensions are already discussed earlier in our blog. On the sidenote, a similar collection exists for Firefox users – check SecFox at Mozilla Addons Collection site
Note: Below table will be updated regularly. If you find any addons that are not listed but might be useful while conducting pentests, please mention in comments.
This post explains about rooting a Tmobile G2/HTC Vision and then installing Cyanogenmod 7 (Gingerbread) while retaining the apps and data that were in use with stock ROM. Entire process from rooting till installation of Cyanogenmod should not take more than half an hour.
Proxy Switchy! is an advanced proxy manager for Google Chrome, it allows users to manage and switch between multiple proxy profiles quickly and easily.
This will be one must-have addition to the chrome addons that helps for security testing which we had discussed earlier here. While conducting blackbox security assessments, we normally do analysis on communication between the server and the browser (client). This is done with the help of various software proxy interceptors such as Paros, Webscarb, Burp etc. by redirecting traffic to these proxies.
Most of the times its required to change the browser proxy settings to
1. Change the port to switch the listener (proxy) that intercepts web traffic
2. Filter the URLs that are not in our scope to reduce the overhead on the proxy.
3. Match the URLs to send to different listeners based on certain patterns.
Proxy switch can help to easily overcome the situations mentioned above.
NotScripts gives you a high degree of “NoScript” like control over what javascript, iframes, and plugins runs in your browser to increase security and lower the CPU usage. It is useful to help mitigate some attacks like certain cross-site scripting (XSS) vulnerabilities and drive by downloads by blocking the third-party content before it even runs with it’s default deny policy.
You can whitelist the sites you want through an easy to use url bar icon and drop down menu.
NotScripts uses a unique and novel method to provide this “NoScript” like functionality in Google Chrome that was not previously possible. It introduces a break through technique of intelligent HTML5 storage caching to over come the limitations in Google Chrome that prevented an extension like this from being made before. NotScripts blocks third-party content BEFORE they load and it does this while also having a whitelist. This is one of the key extensions that many people have been waiting for since Google Chrome came out.
AdBlock is one of the most popular browser extension that prevents ads or annoying page elements those are usually displayed in any webpage. It works by matching the pattern of unwanted elements in the page with what is available in its database and filters them.
Adblock can be made more efficient by adding custom patterns for the elements to be filtered.. This feature of AdBlock can be extended to block not only the ads but also the malicious content those are injected in seemingly genuine sites. This is done by adding MalwareDomains subscription to our Adblock preferences. MalwareDomain contains a list of domains that are known to be used to propagate malware and spyware. Adblock verifies whether there are any cross domain content loaded from any of malicious websites present in that list and if there is, then it blocks those elements.
Note: Subscribing to this list can increase the load time of the site. Increase in security at the cost of slight reduction in performance.
Here, we illustrate the steps to add the MalwareDomain list to our Adblock addon available for Chrome and Firefox browsers.
Download Adblock for Chrome here.
1. Access the AdBlock Options from the Chrome Extensions page and add MalwareDomains URL (http://malwaredomains.lanik.us/malwaredomains_full.txt)
2. Entered URL will now display in the subscriptions list. Make sure that its checked.
We can extract the images or any media content present in the word document by opening it as an archive and extracting the files with the help of un-archival tools like 7zip.
1. A word document containing images to be extracted.
3d access addons apps appsec automate batch chrome code command concept customize Download files Firefox free google Graphics greasemonkey icon imageEditing linux mail mp3 online organize passwords pics Portable rightclick scan scripts Secfox store sync systools tips updates usb va versions videos webdesign xss youtube
WP Cumulus Flash tag cloud by Roy Tanck and Luke Morton requires Flash Player 9 or better.
