Apple iBoot – iOS 9- Source Code Leaked !

Apple source code for a core component of iPhone’s operating system has purportedly been leaked on GitHub, that could allow hackers and researchers to discover currently unknown zero-day vulnerabilities to develop persistent malware and iPhone jailbreaks. The source code appears to be for iBoot—the critical part of the iOS operating system that’s responsible for all security […]

Secure your API – Best Practices

Why API’s need special attention? As an increasing number of organizations provide API access to make their information available to a wider audience, securing that access is likewise of increasing importance. With the growing adoption of cloud, mobile, and hybrid environments the risks are increasing. Cyber threats and DDoS attacks are targeting enterprise applications as […]

Compile NGINX with NAXSI – Part#1

Why Re-Invent the Wheel ? ? ? ? In this tutorial/walkthrough, I shall be providing you detailed instructions on how to compile and configure NAXSI on NGINX on Ubuntu 14.04 as the ubuntu standard repos have a very old version of NAXSI built NGINX  which I have personally found to be very buggy ! Schedule: […]

GIBON Ransomware – Decryption Tool Available

A new ransomware dubbed as “GIBON”  was spotted by the ProofPoint researcher Matthew Mesa that observed it being distributed by malware spam. The researcher dubbed the ransomware “GIBON” because of the presence of the string in two places: User-Agent String of the malware containing the string “GIBON” while it communicating with its Control & Command Center Admin panel for the ransomware’s […]

The Fight with Fake Facebook Bots !

FacebookIPLIsts Daily Checked and Updated if Facebook modifies their list. Am sure most of the web admins are tired with the FAKE Facebook Bots that set their User-Agents manually to facebook bots impersonating it and keep scraping the data Hence here are the Lists for  IPv4 and IPv6 addresses in order to whitelist the real […]

Google PlayStore 3rd Party Apps Bug Bounty Hunt Starts !

  Google has introduced a new program to help root out vulnerabilities in third-party apps in its Google Play storefront. The “Google Play Security Reward Program” will pay researchers who discover problems in popular Android apps found in the store. Google has maintained bug bounty programs for products such as Chrome, Chrome OS and others, paying […]

Secure SDLC

Introduction: SDLC stands for Software Development LifeCycle. WHY do we need to Secure it when it is already a global standard across any development cycle ? ? ? Remember the quote? A stitch in time, saves nine ! ! ! S-SDLC is a preventive process to avoid any security mishaps once a product is out […]

Generate BKS Certificates for SSL Pinning in Android Apps

  Ensure that the Certificate against which we are generating the certificate is already loaded on the web server Generate the PKCS12 format Certificate from the PEM Certs using the command below: openssl pkcs12 -export -out cert-complete.pfx -inkey cert-key.pem -in cert-leaf.pem -certfile cert-chain.pem Enter Export Password: Verifying – Enter Export Password: Ensure that a strong […]