GIBON Ransomware – Decryption Tool Available

A new ransomware dubbed as “GIBON”  was spotted by the ProofPoint researcher Matthew Mesa that observed it being distributed by malware spam. The researcher dubbed the ransomware “GIBON” because of the presence of the string in two places: User-Agent String of the malware containing the string “GIBON” while it communicating with its Control & Command Center Admin panel for the ransomware’s […]

The Fight with Fake Facebook Bots !

FacebookIPLIsts Daily Checked and Updated if Facebook modifies their list. Am sure most of the web admins are tired with the FAKE Facebook Bots that set their User-Agents manually to facebook bots impersonating it and keep scraping the data Hence here are the Lists for  IPv4 and IPv6 addresses in order to whitelist the real […]

Google PlayStore 3rd Party Apps Bug Bounty Hunt Starts !

  Google has introduced a new program to help root out vulnerabilities in third-party apps in its Google Play storefront. The “Google Play Security Reward Program” will pay researchers who discover problems in popular Android apps found in the store. Google has maintained bug bounty programs for products such as Chrome, Chrome OS and others, paying […]

Secure SDLC

Introduction: SDLC stands for Software Development LifeCycle. WHY do we need to Secure it when it is already a global standard across any development cycle ? ? ? Remember the quote? A stitch in time, saves nine ! ! ! S-SDLC is a preventive process to avoid any security mishaps once a product is out […]

Generate BKS Certificates for SSL Pinning in Android Apps

  Ensure that the Certificate against which we are generating the certificate is already loaded on the web server Generate the PKCS12 format Certificate from the PEM Certs using the command below: openssl pkcs12 -export -out cert-complete.pfx -inkey cert-key.pem -in cert-leaf.pem -certfile cert-chain.pem Enter Export Password: Verifying – Enter Export Password: Ensure that a strong […]

Build your own DoS/DDoS/Bot Mitigation Gear & Fighting Fake Google/Yahoo/Bing/Apple Bots

HAPROXY(Rate Limiter + BadUser Detection) NGINX(rDNS + GeoIP) Platforms used are completely Open Source. Please refer to their respective documentation from the respective links below: NGINX: HAPROXY: In this article I shall be discussing on how can we build our own Service Protection Layer which shall include modules to protect our web application […]

What is SSL – A Deep Dive

SSL/TLS are protocols used for encrypting information between two points. It is usually between server and client, but there are times when server to server and client to client encryption are needed. For the purpose of this blog, I will focus only on the negotiation between server and client. For SSL/TLS negotiation to take place, […]