Broken Cryptography in Android Applications
Broken Cryptography in Android Applications May 26, 2022 Android Redfox Security Team In this blog we are going to discuss Broken Cryptography in Android Applications. When application developers wish to use encryption in their apps, they have to be aware of broken cryptography attacks. This blog discusses how vulnerabilities caused by faulty encryption might be […]
Raspberry PI Pentest Dropbox
Raspberry PI Pentest Dropbox May 20, 2022 Hardware Hacking Redfox Security Team There are situations where On-site penetration testing is not always feasible. It’s better to go for a remote “pentest dropbox” in such cases. The pentest dropbox, in this context, is a Raspberry Pi 4 which is shipped to a remote customer/client. The client […]
Android Pentesting Methodology (Pt. 3)
Android Pentesting Methodology (Pt. 3) May 17, 2022 Android Redfox Security Team Part 1 of “Android Pentesting Methodology” covered Android architecture. Part 2 covered APKs, basic app reversing, and popular debugging tools. In this blog post (part 3 of the same series), we will examine static analysis and dive into the inner workings of the […]
Android Pentesting Methodology (Pt. 2)
Android Pentesting Methodology (Pt. 2) May 08, 2022 Android Redfox Security Team In part 1 of the “Android Pentesting Methodology” series, we briefly discussed the Android architecture. In part 2 of the same series, we’re going to explore what APKs are, start reversing Android applications and discuss popular debugging tools. Android is a very developer-friendly […]
Purdue Model for OT Security
Purdue Model for OT Security May 06, 2022 Informational Redfox Security Team What is OT Security? Operational technology (OT) is hardware and software that detects or causes a change, through the direct monitoring and/or control of industrial equipment, assets, processes and events. Industrial control systems (ICS) are a main component of operational technology. Operational technology […]
Android Pentesting Methodology (Pt. 1)
Android Pentesting Methodology (Pt. 1) May 06, 2022 Informational Redfox Security Team In this blog, we’ll discuss Android architecture and the different layers of Android architecture. This blog is part 1 of the “Android Pentesting Methodology” series and forms a basis for our upcoming blog. Before we get into the nitty-gritty of the Android Pentesting […]
Why Start-ups need Penetration Testing?
Why Start-ups need Penetration Testing? May 05, 2022 Informational Karan Patel The subject of whether startups require a penetration test comes up frequently when talking to entrepreneurs. Unfortunately, cyber criminals think differently. Adversaries are aware of their weak security postures, and as a result they become easy targets. Penetration testing or pen testing is the practice […]
Hacking Electron Apps
Hacking Electron Apps May 01, 2022 Hardware Hacking Redfox Security Team zonote through 0.4.0 allows XSS via a crafted note, with resultant Remote Code Execution (because node Integration in webPreferences is true). Electron Applications Electron is a well-known open-source library that is used by well-established firms including Microsoft, Facebook, Slack, and Docker. Using just HTML, […]
Vlan Hopping
Vlan Hopping April 30, 2022 Informational Redfox Security Team Introduction to VLAN Virtual LAN is a logical method of grouping Layer-2 switchports on a local switch into different broadcast domains. VLANs can help to segment a physical network switch to multiple virtual networks. VLANs can be set up by configuring network switches with a specific […]
Vulnerability Scanning Vs Penetration Testing
Vulnerability Scanning Vs Penetration Testing April 28, 2022 Informational Karan Patel Synopsis Organizations who don’t know the difference between penetration testing and vulnerability scanning are often losing out on an essential piece of their overall security posture. Vulnerability scanning looks for known security flaws. A penetration test actively seeks out and exploits these security issues. […]