Posts


Sep. 11, 2020

Decoding the hacker in 'C U Soon'

C U Soon is a recent Malayalam film released on Amazon Prime. The movie caught my attention especially because of the way they made this movie with minimal logistics during the COVID-19 lockdown, but still managed to justify the visuals to the narrative and the technicalities involved in the making. By far this is the only Malayalam movie which justifies the role of a cybersecurity professional a.k.a hacker character in the most believable and real manner.

Nov. 24, 2016

Understanding HTTP.sys Denial of Service(BSoD)

Introduction A remote code execution vulnerability was announced by Microsoft in early 2015 and was found being widely abused across internet. Though it was announced that this security issue could let an unauthenticated remote attacker to execute arbitrary codes, I have not seen any working PoCs for RCE publically disclosed. However, there are PoCs available to do Denial of Service in the form of BSoD on the affected systems. Microsoft released a patch MS15-034 for this critical vulnerability in April 2015.

Sep. 14, 2015

Nmap XML Parser 2.0

This happened over the weekend. I was in a mood of taking a break from work after so many working weekends. As usual I was about to wind up my day at a coffee shop near by on a Friday evening, and I got a call from a fellow researcher seeking help to solve a problem at his work desk. He had to scan hundreds of IP addresses with multiple ranges, both internal and external.

Aug. 6, 2015

Null Humla Write-up on Mastering Nmap Script Engine

As I promised here is a detailed write-up on null humla conducted on Mastering Nmap Script Engine at Mumbai null chapter on 18 July 2015. The basic agenda of the session is to learn how to write Nmap Scripts from scratch. Introduction Nmap has been playing an inevitable role in the security community over more than one and half decades. Though the project started as a simple network port scanner, it has been evolved into a massive toolset to do complete reconnaissance with a ton of impressive advanced techniques.

Jul. 30, 2013

How did I start writing NSE

I started my career in information security as a trainer with very simple responsibility of teaching people about ethical hacking and defensive measures to protect digital data from such hacking threats. This task was slightly heavy for me initially being a silent spectator in my past days. Also, it demanded my energy for the whole day talking about the phases of performing ethical hacking exercises. Still I was enjoying this learning phase being a newbie in the field.

Jul. 6, 2013

What are those colors in Wireshark screen ?

This is the most stupid question I asked to my boss (in my memory) in my entire career. Ages after I now recollect this question with a laugh inside my heart and wanted to write on it as this is typically a common and silly doubt in most of newborn security babies may have in their heads when they first look at Wireshark capture window. Wireshark uses packet colorization; in a nutshell, Wireshark has a predefined coloring rules for certain packets.

Jun. 7, 2013

Windows Meterpreterless Post Exploitation

Introduction This is just the web version of my paper published on Exploit-DB back in 2013. The full PDF version of this post is available here. “Metasploit”ing the target machine is a fascinating subject to all security professionals. The rich list of exploit codes and other handy modules of Metasploit Framework make the penetrators’ life quite easier. It gives a ton of other options and toolsets for exploit development too. This document mainly explores the post exploitation modules with generic shell rather than meterpreter shell.

Mar. 15, 2012

Sqlmap Plugin for BurpSuite

This is a video demonstration of sqlmap plugin with burpsuite explained in by https://buguroo.com/es/sqlmap-plugin-for-burpsuite by ggdaniel The plugin download is here : http://code.google.com/p/gason/downloads/list The following command will integrate Burp with the plugin: In Linux java -classpath burpplugins.jar:"BurpSuite_v1.4.01.jar" burp.StartBurp In Windows java -classpath burpsuite_v1.4.01.jar;burpplugins.jar burp.StartBurp Note : please modify the command depend on the file name of burp and plugin, in this case, Burp version is “v1.4.01”; Video below

Dec. 29, 2011

Sha Bang Covert Action

Let’s think about logging. A smart hacker will always go for covert mode of action, this require the knowledge of how the logging is happening in the target system, get the privilege to access those files, and clean the entries. Now considering the first step, linux system stores all sort of logs in a default location /var/log/. This location contains multiple log files depends of the application running on the system.