HTTP Response Splitting

This blog post describes about the lesser known attack, targeted towards HTTP Headers due to improper input validation. It also describes on how other attacks can be mounted using this mechanism.

Android Security 101 -- IG Learner(Part-3)

Please check the first part of this series on Android 101, if you want to check the necessary tools and how to prepare for the app assessment.

Android Security 101 -- IG Learner(Part-2)

Please check the first part of this series on Android 101, if you want to check the necessary  tools and how to prepare for the app assessment.

Android Security 101 -- IG Learner

This app was released in this year’s Shmoocon’13 by Intrepidus Group. You can get the app from the Google play store. This app as the name suggests is an android security learner app, there are deliberate vulnerabilities in this app from bad logging to intent manipulation. There will series of blog posts which gives  a walk through of each lesson.

29c3ctf - minesweeper

Challenge Overview

Escaping Python Sandboxes

Note: This is all written for Python 2.7.3. These details might be different in other versions of Python - especially 3+!

CSAW CTF: HorseForce Writeup

This time around, I’d written a challenge for CSAW CTF. There were 32 challenges, in all sorts of topics such as Web, Reversing, Exploitation, etc. The challenge I wrote was the 300 point Web challenge, HorseForce.

Tracing Bugs in Wireshark

So word spread pretty quickly about the wireshark bugs being thrown around Defcon 20 CTF. After I got my hands on acme pharms packet capture I quickly set out to recover the evil packets and weaponize them :)