Showing posts with label Penetration Testing. Show all posts
Showing posts with label Penetration Testing. Show all posts

Wednesday, 18 July 2018

SECURITY TASKS USING POWERSHELL


SECURITY TASKS USING POWERSHELL


PowerShell is a  advanced admin tool for Windows operating system. End users with advanced knowledge or those who have worked with an older version of windows may be much familiar with the command prompt via which you can run commands and scripts. PowerShell is similar but a lot more advanced regarding functionality.
This blog gives you some advanced functions for configuring management and automated tasks. Powershell includes both scripting language and command line shell. It is built on.Net Framework. Its also offers you Integrated Scripting Environment (ISE), which gives you a GUI where you can naturally do all your scripting.
we will see how effectively we can use PowerShell on security-related tasks,

CONTENTS

  1. Understanding Execution Policy
  2. Overriding Execution Policy
  3. Listing NTFS Permissions
  4. Clone NTFS Permissions
  5. Adding Permissions
  6. Removing Permissions
  7. Checking Administrator Privileges

UNDERSTANDING EXECUTION POLICY

 Execution policy enables a user to determine which PowerShell scripts will be allowed to run on your computer. There are four different execution policies are available in the PowerShell.
They are
  • Restricted – no scripts can run. Interactive mode only can be used.
  • AllSigned – the scripts which are signed by the trusted publisher can be able to run
  • RemoteSigned –   scripts which are downloaded must be approved by a trusted publisher before they run.
  • Unrestricted – there will be no restriction on running any PowerShell scripts.

This command will show you current execution policy.
 PS C:\Users\proxy_000> Get-ExecutionPolicy
Restricted
End users should use the RemoteSigned. It will allow the user to run local scripts, but it won’t enable scripts from outside the network or downloaded scripts from the internet.
Professional scripters can use “Bypass” which allow you to run any script regardless of location.
Here is a command to change execution policy for your user account.
PS C:\Users\proxy_000> Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy Bypass -Force

PS C:\Users\proxy_000> Get-ExecutionPolicy
Bypass
PS C:\Users\proxy_000>

OVERRIDING EXECUTION POLICY

 Execution policy is not a security boundary to protect you from attackers. It just acts as a seat belt to protect you. There are many other ways to override the execution policy and execute the scripts or commands.
PS C:\Users\proxy_000> Get-Content ‘c:\evilscript.ps1’ -Raw | powershell.exe -nonprofile -

LISTING NTFS PERMISSIONS

 To view  NTFS permission for folders and files use Get-Act. At first, It won’t show you the actual permission. But we can make visible using this :
PS C:\Users\proxy_000> Get-Acl -path $env:windir | Select-Object -ExpandProperty Access

CLONE NTFS PERMISSIONS

  NTFS access permission is complicated and tricky. To quickly assign NTFS permission to a new folder, you can merely clone permission from another folder that you know has the correct permission applied.
$OriginalPath = “$env:temp\sample”
New-Item -Path $OriginalPath -ItemType Directory
 to assign correct permission to folder “proxy” manually
Explorer.exe “/Select,$OriginalPath.”
 Right-click the proxy folder and choose properties and then click the security tab. Now add security permission you need to apply
When your prototype folder is correctly configured. Use this code to read information about security
$sddl = (Get-Acl $OriginalPath).Sddl
 From this point, you don’t need your prototype folder anymore. It was required to create SDDL definition string.
$newpath = “$env:temp\NewFolder”
md $newpath
$sd = Get-Acl -Path $newpath
$sd.SetSecurityDescriptorSddlForm($sddl)
Set-Acl -Path $newpath -Aclobject $sd

ADDING PERMISSIONS

Adding new permission to an existing security descriptor, first, create an appropriate AccessRule object and configure it.
This script adds a new FileSystemAccessRule to the security descriptor of a file, granting read and write access to proxydomain\proxyaccount.
Make sure you adjust both user account and filename before you test the code:
$colRights = [System.Security.AccessControl.FileSystemRights]’Read, Write’
$InheritanceFlag = [System.Security.AccessControl.InheritanceFlags]::None
$PropagationFlag = [System.Security.AccessControl.PropagationFlags]::None
$objType =[System.Security.AccessControl.AccessControlType]::Allow
$objUser = New-Object System.Security.Principal.NTAccount(‘proxydomain\proxyaccount.’)
$objACE = New-Object System.Security.AccessControl.FileSystemAccessRule `
($objUser, $colRights, $InheritanceFlag, $PropagationFlag, $objType)
# get original SD
$catACL = Get-Acl ‘C:\proxy\pr0xy.txt’
 # add permission
$catACL.AddAccessRule($objACE)
 # write back the appended SD
Set-Acl ‘C:\proxy\pr0xy.txt’ $catACL

REMOVING PERMISSIONS

 To remove a permission from a security descriptor, get access to the Acl entries, and pick the ones to delete and write back the changed security descriptor.
 $catACL = Get-Acl c:\proxy\pr0xy.txt
$unwanted = $catACL.Access |
Where-Object { $_.IdentityReference.Value -eq ‘proxydomain\proxyaccount’ }
$unwanted | ForEach-Object { $null = $catACL.RemoveAccessRule($_) }
Set-Acl -Path c:\proxy\pr0xy.txt -AclObject $catACL

CHECKING ADMINISTRATOR PRIVILEGES

There are many ways to find out if a script runs been elevated. Here’s a straightforward approach that uses whoami.exe (works withWin7/Server 200 R2 or better):
 (whoami.exe /all | Select-String S-1-16-12288) -ne $null
If you do not have whoami.exe, or if you are looking for a more integrated way, you can use a line that is a little longer but identifies Admin status directly, without calling an external program:
(New-Object System.Security.Principal.WindowsPrincipal([System.Security.
Principal.WindowsIdentity]::GetCurrent())).IsInRole([System.Security.Principal.
WindowsBuiltInRole]::Administrator)

CONCLUSION :

 As we discussed in this blog, PowerShell is an advanced admin tool which is capable of performing above mentioned task. By executing these tasks, the admin could save much time. This allows  to avoid attackers to get into our system .
Briskinfosec offers periodic system hardening solutions to bring down the risk level in the organization, our constructive and customized solution will help organization from serious threats against system hardening.

AUTHOR

Venkatesh C.S
Security Engineer
Briskinfosec Technology and Consulting PVT LTD
Find  me @ https://www.linkedin.com/in/venkatesh-c-s-44174711b/
Related Blogs :
  1.   Two Phases of Powershell- Offensive and Defensive
  2.  How to use Powershell as Handy like Shell Script?
Posted by at No comments:
Labels: , , , , , , ,

Wednesday, 30 May 2018

HOST HEADER INJECTION


HOST HEADER INJECTION


Most of the common web servers are configured in the form of the same server to host many web applications with the same IP address this type of configuration is the reason for the Host Header issues. Here we are going to deal with the host header injection attack in various forms, its impact and mitigation.

CONTENTS:

  1. HOST HEADER ISSUES
  2. RISK
  3. HOW ATTACKERS UTILIZE HOST HEADER ATTACK
  4. WHY HOST HEADER HAPPEN
  5. HOW TO FIND HOST HEADER ISSUES
  6. PHASES OF HOST HEADER ISSUES
  7. IMPACT OF HOST HEADER ISSUES
  8. MITIGATIONS FOR HOST HEADER ATTACK
  9. CONCLUSION

HOST HEADER ISSUES:

An attacker can manually divert the code to produce the hacker desired output simply by editing the host header. Most probably web servers are configured to pass the host header to the first virtual host in the list without proper reorganisation, So It is possible to send the HTTP requests with arbitrary host headers to the first virtual host. In that case, if we specify an invalid Host means the web server process it and pass the invalid host header to the first virtual host in the list.
An attacker can modify the host name by giving a fake web page or a vulnerable website and deliver it to the user and fraud the users.
Example:
The result will redirect the user to the attacker’s website by simply modifying the host header

RISK:

Most probably many websites use the values provided in the user input field and uses it afterwards without an improper input validation. Commonly this will not have that much impact on the application, but in some cases, if the application accepts the host header, the risk lays there. There may occur,
  • URL redirection problems.
  • Username and password credentials may be theft.
  • Financial loss may happen in Finance sectors.

HOW ATTACKERS UTILIZE HOST HEADER ATTACK:

The exploitation is based on the logic of the web application. If the application does not use the user input value, then there is no risk. But the host header attack is considered as a serious issue at the time of resetting our password. When we are resetting our forgotten password, or we change our password for our privacy, the web application generates a link dynamically there it uses the host header provided in the request. In this scenario, the hacker uses this header for their evil cause. The hackers use some social engineering and phishing attacks for getting the link. So, the developer should realise the importance of the host header attack.

WHY HOST HEADER HAPPEN:

It is an injection type of attack that done on the HTTP headers.
  • HTTP headers are dynamically generated based on the input of the user. User inputs can be edited or spoof by attackers. It is accessible by everyone.
  • Any website that does not correctly validate or verify the HTTP Host headers.

HOW TO FIND HOST HEADER ISSUES:

Verify the header of the request. Inject other domain in the header field and check the response in the browser.

PHASES OF HOST HEADER ISSUES:

  1. WEB CACHE POISONING WITH SINGLE HOST HEADER:

Web cache poisoning is a kind of technique used by a hacker to manipulate a web cache that serves a poisoned content for those who requests that webpage. For this attack, the hacker needs to poison a caching proxy run by the website itself, or content delivery networks (CND’s), or other caching mechanisms are carried out between the client and the server. In this scenario where caching is enabled, A hacker will potentially embed a remote URL as the base-URL for any website. This scenario then causes other users who request the site will be redirected unknowingly. Thus if an application fails to prevent the user from using the X-Forwarded-Host header, it will effectively override the Host header. The cache will serve the poisoned content to everyone those who request the webpage without the knowledge of the victim.
EXAMPLE:
 

  1. X-FORWARDED HOST HEADER:

Host header injection is mitigated by preventing the tampering of Host header. It means if any request is made with tampered host header, the application responds with an error message like “404 Not Found”. Another way to pass arbitrary Host headers is to use the X-Forwarded-Host header. In some configurations, this header will rewrite the value of the Host header. Therefore it’s possible to make the following request.
EXAMPLE:

  1. WEB POISONING WITH MULTIPLE HOST HEADERS:

It is one of the forms of web cache poisoning attack. It is similar to that of the web cache poisoning using the single header. The only difference is that in this type is that it use multiple headers more than one to the users those who request the website. By tampering with the header, it is possible. The web cache will deliver the wrong content to the user with their knowledge.
EXAMPLE:
GET / HTTP/1.1
Host: www.evil.com

  1. PASSWORD RESET POISONING:

 The significant impact of Host header attack lies in the password resetting functionality. The most common scenario of this attack the hacker generates a secret token and sends a mail that has a link that contains the mysterious symbol of the hacker. The hacker urges the user to make use of his link, and to requests, a password reset link which redirects the user to him. In this case, if the web application makes use of this host header value when composing with the reset link and when the user clicks the poisoned reset link in the mail, then the user will become a victim to the hacker. The attacker will obtain the password reset token and make use of his password for his destructive purposes.
EXAMPLE:
 

IMPACT OF HOST HEADER ISSUES:

  1. A hacker can modify the legitimate host header with a wrong host in the request, and it poisons the cache of the web application server and the proxy. It has nothing to do with the browser. When the authorised user tries to access the host, but still the cache of the web server is poisoned with the hacker’s domain that redirects the licensed user to the domain of the hacker.
  2. If the host headers are used for writing links without a proper HTML encoding, there may be a possibility for Cross-site
  3. Access to the internal
  4. HTML INJECTION also can be done.

MITIGATIONS FOR HOST HEADER ATTACK:

  • Proper sanitation of input values.
  • Proper verification of the request that it came from the original target host or not.
  • Mitigate the Host header attack in Apache and Nginx by creating a dummy virtual host that catches all requests from unrecognised Host headers.
  • Whitelist the trusted domains at the initial phase of the web application.
  • Respective Mapping of the domains that received in the host header of each HTTP request with itself.
  • Use secure server configuration.
  • Disable the support for the X-Forwarded-Host header option.

CONCLUSION:

Many application developers did not realise that the HTTP host header is accessible and controlled by all user. In an application security perspective, the input given by the user is always deceivable, and it is unsafe to trust. So, a web developer should consider host header issues as a dangerous thing not to and neglect it; we should find the impacts caused by the host header and follow the mitigation to safeguard ourselves.
We Briskinfosec is Center for Cyber Security Excellence passionate to protect you from all application security threats on your budget. Talk to our experts contact@briskinfosec.com

AUTHOR

Alex Daniel Raj
Security Engineer
Briskinfosec Technology and Consulting Pvt Ltd.,
follow me @https://www.linkedin.com/in/alex-daniel-raj-xavier-b77869145/
Posted by at No comments:
Labels: , , , , , ,

Wednesday, 16 May 2018

INTRODUCTION & CHANGES IN PCI-DSS v3.2


INTRODUCTION & CHANGES IN PCI-DSS V3.2


The Payment Card Industry Data Security Standard (PCI- DSS) was developed to follow the policy and standards of cardholder data security which consistent data security measures globally. PCI- DSS provides a minimum of technical and operational requirements to protect data of the cardholders. PCI -DSS applies to all operation which involved in payment card processing of cardholder data.
The below describes the changes in PCI-DSS v3.2 from version 3.1.

AREAS EMPHASISED IN V3.2:

  • CHANGE MANAGEMENT PROCESS:

    • The Change Management Process is done to perform the secure changes during the process based on the business requirement.

  • ADMINISTRATIVE ACCESSING:

    • The Administrative privilege is given only to the single user were the particular can gain the read, write and execute access to the changes in the environment.

  • INCIDENT RESPONSE:

    • Incident response is nothing but when there is an issue raised in the environment the action is taken based on the severity of the problems.

  • E-COMMERCE – A-EP ENVIRONMENTS:

    • the “Expected Testing” column is based on the testing procedures in the PCI DSS and provides a high-level description of the types of testing activities should be performed to verify that a requirement has met.

SAQ VERSION
# QUESTIONS V3.1
# QUESTIONS V3.2
DIFFERENCE

SAQ D-SP347369+22
SAQ D-MER326331+5
SAQ C139162+23
SAQ A-EP139193+54
SAQ B-IP8384+1
SAQ C-VT7380
+7
SAQ B41410
SAQ P2PE-HW3533-2
SAQ A1422+8

MASKING THE PAN NUMBER

  • DISPLAYING THE PRIMARY ACCOUNT NUMBER

    • First six and last four digits of PAN can be displayed based on the current requirement.
For a legitimate business need the pan number must be encrypted. Follow Requirement 3.3 for further reference.

CHANGE CONTROL

  • CHANGES IN CHANGE CONTROL IN V3.2

    • Maintain proper documentation when any change control issued.
    • Implement all the necessary control in all the new and existing systems or devices.
    • Change control processes must include verification of PCI DSS requirements impacted by a (significant) change. Fallow Requirement 6.4.6 which is effective from Feb 1, 2018.

HIGH-RISK VULNERABILITY MANAGEMENT

  • INTEGRATE VULNERABILITIES INTO THE RISK ASSESSMENT PROCESS

    • Ensure all “high risk” vulnerabilities must be addressed for internal scans and resolved.
    • By the vulnerability ranking as per Requirement 6.1 and 6.2 in PCI-DSS scope.
    • After resolving the vulnerabilities ensure the risk has been cleared by rescanning.

REMOTE ADMINISTRATOR ACCESS TO CDE

  • ANY NON-CONSOLE ADMINISTRATOR ACCESS TO CDE

    • All the non-console access into CDE for personnel with administrative access must implement the multi-factor authentication.
    • The current requirement for multi-factor authentication for remote access to CDE for personnel with administrative access still applies according to the PCI-DSS scope.
    • Fallow PCI-DSS scope 8.3.1 and 8.3.2 mandatorily from Jan 31, 2018.

RESOURCE

  • Refer the following document for the PCI-DSS scope.
  • LINK: pcisecuritystandards.org/document_library?category=pcidss

AUTHOR

Dharmesh B
Security Engineer
Briskinfosec Technology and Consulting Pvt Ltd.,
https://www.linkedin.com/in/dharmeshbaskaran/
Posted by at No comments:
Labels: , , , , ,

Monday, 2 April 2018

CRYPTOCURRENCY MINING IN AN OFFENSIVE WAY


CRYPTOCURRENCY MINING IN AN OFFENSIVE WAY


Cryptocurrency mining is a kind of digital currency which transfer across the internet, By using cryptocurrency mining people started to earn money in online
In recent days many people began to make money by this process, where it calculates the hash rate for every payment for (e.g.) if you are transferring money through online the interest rate of the required transaction is shared to the bank by which he moved capital
Here Cryptocurrency mining started to capture the hash rate for each payment, and some required share get passed to the person who mines it and by each transaction, it generated a blockchain and based on its other new bitcoins gets created

CRYPTOCURRENCY MINING MALWARE INFECTED OVER HALF-MILLION PCS USING NSA EXPLOIT

Several Cybersecurity firms are reporting on new cryptocurrency mining viruses that are being spread using Eternal Blue NSA exploit the hacking group Shadow Brokers leaked that
Researchers from Proof point discovered a massive global botnet dubbed “Smominru” that is using Eternal Blue SMB exploit (CVE-2017-0144) is the primary function is used to infect Windows computer to secretly mine Monero cryptocurrency, worth about millions of dollars, for its master
In 2017, Smominru botnet has already infected more than 526,000 Windows computers, most of which are believed to be servers running unpatched versions of Windows. According to researchers and based on the hash power obtained by Monero Payment address the control of the botnet get raised twice than the regular botnets
This botnet has already mined over 8,900 Monero, valued about a range of $3.6 million, at the rate of roughly 24 Monero per day and by using it they started to steal millions of computers, and it mainly affects over Russia, India and Taiwan
A proof point of researchers says that cybercriminals are using at least 25 machines to scan the internet to find vulnerable Windows computer and also using leaked NSA’s RDP protocol exploit of Esteem Audit (CVE-2017-0176) for infection.
Want amine is one of the recent Eternal Blue exploit to infect computers to mine Monero cryptocurrency, and it’s was harder to detect by any antivirus, and it affects many companies for nearly about weeks or over months
Attackers started to use Crypto jacking, used as a browser-based JavaScript code, and cryptocurrency miners utilise this method for  website visitors CPUs power to mine cryptocurrencies for monetisation

BROWSER-BASED CRYPTOCURRENCY MINING:

Browser-based cryptocurrency mining is a part of mining process that performed through your browser, and it’s one of the oldest methods launched in 2011, and it works on based on some scripts and it different from file-based cryptocurrency which involves downloading and executing a detectable files
Bitcoin plus is one of the methods to mine your browser. we can generate a JavaScript code, and once we inject the JavaScript code on the web page when a visitor gets signup to the page automatically the page gets mined, and browser-based mining takes place, and the mined Javascript code for your reference
Example Script:
  1. < Script src = https: //testphp.vulnweb.com/lib/testphp.min.js></script>
  2. < Script > Var miner = newcognitive.User(‘ < site - key > ’, ‘john - days’);
  3. Start(); < /Script>
Once the required codes get executed on your website your browser gets started to mine, and it also increases the load of your CPU session, and by this method, the end user can be easily get profited

PREVENTION FROM BROWSER CRYPTOCURRENCY MINING:

Apart from ransomware the cryptocurrency mining malware place a vital role in our daily life and this mining is mainly used to mine your website
Most attackers use Pirate bay to look over the CPU process usage, we can also use it to detect the CPU usage of your system, and we can check out if any unknown website or mining website are running over, by the way
By the way, we can detect many mined sites, or we also have several browsers add-on to identify the mined websites, and they are as follows.
  • Use No Coin Extension
  • Use Minor Block Chrome Extension
  • Block coin mining domains in hosts file
  • Use no scripts in Firefox

HOW CRYPTOCURRENCY MINING ACHIEVED THROUGH RANSOMWARE:

Cryptocurrency mining can also be done using ransomware techniques, and here a new ransomware miner called the Trojan-Ransom.Win32.Linkup a new kind of ransomware it does not encrypt your files it just creates a mining robot on your system
Link-up ransomware creates a fake websites get created on your system and by this site if a person uses it redirect your site to some other site and by this through the add on’s on fake site credits some share amount to the miner
By this ransom it ask you to download some malware files, and once you installed it automatically download some bitcoin mining software
When  the  victim clicks the required software it gets processed and it makes your CPU or system runs faster and consumes higher energy
It further leads to increase your electric bill rate higher, based on the electric energy consumed  the crypto miners get some shares6
Linkup ransomware is also a different type of other malware like crypto locker, and it was also ransomware which hits  a virus on US police department and asked to pay $800 bitcoins, and the virus is removed once the demanded amount paid to render it more concerning than linkup

MOBILE CRYPTOCURRENCY MALWARE ATTACKS:

Cryptocurrency Mining malware attacks are started to affect mobile devices by passing mined code on android apps, and it’s been affecting most of the android users who download some legitimate-looking apps that are packed with some codes that “mines” for hackers without the user’s knowledge
These attacks are already happening in North America and Russia, and half of the cryptocurrency mining malware attacks are in Russia, and 20 percent are in the US, and a recent spate of attackers started to send some fake message of phishing attacks in Australia, and it tries to convince the victim to download some mining malware to their phones
One example of mobile cryptocurrency mining malware that Symantec sends a Motherboard appeared to be a fully-functioning crossword puzzle game, app but in the background, it was fetching some mining cryptocurrencies and by running the mined apps may drain your battery and make your Phone less responsive be aware before you started to use an unknown apps

OVERALL CRYPTOCURRENCY MINING USED BY THE ATTACKERS:

CONCLUSION:

Cryptocurrency mining attacks can spread using various phases like botnets, browser-based using JavaScript mined codes, and it also affects mobile phone through some malicious apps and by using this cryptocurrency mining many attackers started to earn money, and you can check it through some bitcoin apps that are available on the internet
Reference Links:

AUTHOR

RamKumar G
SecurityEngineer
BriskInfoSec Technology and Consulting PVT LTD
Find  me @ https://www.linkedin.com/in/ram-kumar-3439b511a/
Posted by at No comments:
Labels: , , , , ,

Thursday, 15 February 2018

MARA FRAMEWORK


MARA FRAMEWORK


Mobile Application and Reverse Engineering and Analysis Framework and it’s a tool that contains some major reverse engineering and analysis tools for Mobile Application testing and using this framework we can decompile a particular APK file and analyze the major issues in OWASP Mobile Top and this tool is been mainly used by the Penetration testers, security researchers, and application developers.
We can also use the various features of the APK file like
  • APK Reverse Engineering
  • APK DE obfuscation
  • APK Analysis
  • APK Manifest Analysis
  • Domain Analysis
  • Security Analysis etc.

APK REVERSE ENGINEERING:

  • Disassembling Dalvik bytecode to smali bytecode via baksmali and apktool
  • Disassembling Dalvik bytecode to java bytecode via enjarify
  • Decompiling APK to Java source code via jadxgui

APK DEOBFUSCATION:

We can extract the APK and analyze the code using Jadx-gui and it shows the codes that has been available for a selected APK File

APK ANALYSIS:

  • Parsing smali files for analysis via smalisca
  • Dump all assets, libraries and resources
  • Extracting certificate data via openssl
  • Identify methods and classes via classyshark
  • It Extracts the Manifest File in XML format
  • Scan for apk vulnerabilities via androbug framework
  • Analyse the APK for Potential malicious behavior like androwarn

APK MANIFEST ANALYSIS:

  • It Extracts the Intent and exported activities
  • It Extracts the Manifest Files and services
  • Extract exported services
  • Checks if the APK is debuggable
  • Checks if the APK allows Databackup
  • Check if the APK receives any binary SMS

DOMAIN AND SECURITY ANALYSIS:

Domain analysis is been fetched from the WhatsWeb and the security analysis is checked from the OWASP mobile TOP 10 Checklist

INSTALLATION:

I have downloaded the MARA Framework from Github and listed the option in the framework
We need to launch MARA framework by using the command ./mara.sh

OPTIONS IN FRAMEWORK:

Here In the particular folder of MARA Framework you can see the option by the command of ./mara.sh
And I have downloaded a vulnerable app and configured in the Mara framework

APK ANALYSIS AND REVERSE ENGINEERING:

And after the analysis of the APK it gets saved in the particular folder as given in the below screenshot
Particular Folder that has been saved on the PC is by the below screenshot
Here the decompiled files get saved on the MARA-Framework folders and by viewing this files you can check for the required issues by the vulnerable APK-file.

CONCLUSION:

A multiple set of test tools will be necessary for a more thorough and comprehensive testing process .I have given an overview of the MARA Framework setup process and how it can expedite your android app reverse engineering and static analysis process.
BriskInfosec holds utmost experience in Mobile App Penetration Test to identify potential vulnerabilities and insure coding practises in android application
To know more get in touch with us

AUTHOR

Rajesh
Security Researcher
BriskInfoSec Technology and Consulting PVT LTD
Posted by at No comments:
Labels: , , , , , ,
Subscribe to: Posts (Atom)