OSINT on Decentralised / Federated Softwares (Mastodon, Pixelfed and more)

Decentralized federated social medium (aka fediverse) is the talk of the town especially with the twitter drama that’s unfolding right now. To know more about fediverse softwares https://fediverse.party/en/miscellaneous/ is the best list of softwares. I was curious about OSINT activities that are possible with this ecosystem. I have been spending some time exploring mastodon, pixelfed …

OSINT on Decentralised / Federated Softwares (Mastodon, Pixelfed and more) Read More »

Fun with PHP Meterpreter

While building Vulnerable Docker VM, I encountered some interesting behaviour from PHP meterpreter shell. This blog post documents what was identified as issues and what were the solutions for the same.

A story of forgotten disclosure and DOM XSS

This post is about a vulnerability disclosure around DOM XSS which as forgotten somewhere during the process and i encountered it recently and then went on my way to get it fixed. This post outlines various learnings and observations i made during this effort.

Adventure with .git folder

This post outlines my experiments when i found a .git folder was publicly exposed during one of the pentests and realized all known methods and articles were not helping.

Mission attachment protection

Earlier today @Rsnake posted about a flaw in how wordpress handles the attachments I just tested this on a big celeb gossip site and it worked, the horror: http://t.co/Chbl6RQlWi — Robert Hansen (@RSnake) July 18, 2013 Here is my observation on the same listed below

SVN Extractor for Web Pentesters

Many a times web application pen-testers are encountered with the presence of .svn folders. For those not aware .svn folder is used by SVN version control system to perform its operations. For a blackbox pentester this folder contains huge amount of information.

LSB new twist : text based Stegnograph

Today i am going to discuss about a simple twist in existing Stegnography and text base data hiding techniques. While creating challenges for Preconference hacking challenge “HACKIM” for nullcon conference. we cameup with text based LSB hiding challenge as crypto challenge part 5. today i am releasing tools i used to encoding and decoding such …

LSB new twist : text based Stegnograph Read More »

Whitepaper : Security Issues in Android Custom ROM's

Today i am releasing the paper which i presented recently at C0C0N conference at ernakulam. this paper outlines where security misconfiguration that can lead to device compromise, data theft and so on. Hope this helps in secure development and deployment of custom ROM’s. http://anantshri.info/articles/android_cust_rom_security.html The link contains download for both my slidepack as well as …

Whitepaper : Security Issues in Android Custom ROM's Read More »

Scroll to Top