Programmable Logic Controllers (PLCs) are industrial computers used to control different electro-mechanical processes for use in manufacturing, plants, or other automation environments. PLCs can range from small modular devices with tens of inputs and outputs (I/O) in a housing integral with the processor, to large rack-mounted modular devices with a count of thousands of I/O,...
In this blog we are going to discuss Broken Cryptography in Android Applications. When application developers wish to use encryption in their apps, they have to be aware of broken cryptography attacks. This blog discusses how vulnerabilities caused by faulty encryption might be introduced into Android apps. We’ll also look at some of the ways...
There are situations where On-site penetration testing is not always feasible. It’s better to go for a remote “pentest dropbox” in such cases. The pentest dropbox, in this context, is a Raspberry Pi 4 which is shipped to a remote customer/client. The client will either connect the dropbox to an ethernet port or set the...
Part 1 of “Android Pentesting Methodology” covered Android architecture. Part 2 covered APKs, basic app reversing, and popular debugging tools. In this blog post (part 3 of the same series), we will examine static analysis and dive into the inner workings of the AndroidManifest.xml file. Static Analysis Static program analysis is the analysis of computer...
In part 1 of the “Android Pentesting Methodology” series, we briefly discussed the Android architecture. In part 2 of the same series, we’re going to explore what APKs are, start reversing Android applications and discuss popular debugging tools. Android is a very developer-friendly platform (OS). Unlike other mobile operating systems, Android is an open-source platform that allows...
What is OT Security? Operational technology (OT) is hardware and software that detects or causes a change, through the direct monitoring and/or control of industrial equipment, assets, processes and events. Industrial control systems (ICS) are a main component of operational technology. Operational technology is in charge of procedures that, if compromised, might result in critical...
In this blog, we’ll discuss Android architecture and the different layers of Android architecture. This blog is part 1 of the “Android Pentesting Methodology” series and forms a basis for our upcoming blog. Before we get into the nitty-gritty of the Android Pentesting Methodology, it’s crucial to understand the inner workings of the Android platform. ...
The subject of whether startups require a penetration test comes up frequently when talking to entrepreneurs. Unfortunately, cyber criminals think differently. Adversaries are aware of their weak security postures, and as a result they become easy targets. Penetration testing or pen testing is the practice of evaluating a system’s security measures against a determined cyber-criminal. Startup...
In this blog, we’ll discuss how the zonote Electron app can be exploited via the infamous CVE-2020-35717 vulnerability. The CVE reads zonote through 0.4.0 allows XSS via a crafted note, with resultant Remote Code Execution (because node Integration in webPreferences is true). Electron Applications Electron is a well-known open-source library that is used by well-established firms including...
