#securelayer7 | Explore Tumblr posts and blogs

iabhi3069 · 5 years ago

Text

Top 10 Mobile Penetration Testing In India

Mobile Penetration Testing :-

In this digital world great walls, formidable borders and barriers seem ridiculously meaningless. Mobile Penetration is a burning issue in the field of technology . As we can’t deny this fact that the this is the era of Mobile revolution, where the number of mobile users has gone up rapidly. With this advancement in this field the crime has become easier, sitting in their room persons operating a computer can spirit away Billions of Dollars from Mobile banking or the internet banking.Here comes the role of Mobile Penetration testing to strengthen the security of system from the unauthorised access or the exploits.

Mobile Penetration Testing is a methodology that provides organisation the ability to check for the vulnerability or loopholes in the network that must be resolved before the transmission of data takes place.

Many companies are working on this field to make these networks more secure for the users to rely upon. Few of them are listed below:-

ISECURION

Indian Cyber Security Solution (ICSS)

Suma Soft

Kratikal Tech Pvt. Ltd.

Secugenius

Pristine InfoSolution

Entersoft

Secfence

SecureLayer7

Cryptus Cyber Security Pvt.Ltd.

Insecurion

It helps their customers manage their information Security risk and compliance with their wide range of technical service expertise and products. It is a team of spirited professionals who are dedicated to provide highest quality of service for the customers. Along with identifying critical loopholes in our client systems, Isecurion also provides support in remediation by aligning them with industry best practices and compliance requirements.

Headquarters: Bangalore, India Founded: 2015 Employees: 20 Revenue: $2M – $5M

Services Provided By the company :

Penetration Testing, Vulnerability Assessment, Mobile Application Security, Red team Penetration Testing, Network Security, Source Code Audit, Blockchain Security, ISO 27001 Implementation & Certification, Compliance Audits, SCADA Security Audits, SAP Security Assessment, etc.

Tie-ups:

Mphasis, Wipro, SLK Global, Trusted Source, RLE India, Khosla Labs, Healthplix, Option3, Infrrd, Racetrack, Remidio, Urbansoul, etc.

Official Link: https://isecurion.com/

Indian Cyber Security Solutions (ICSS)

Cyber Security scenario had changed dramatically in India in the recent past where ICSS as an organization caters to the need of technology based risk management & cyber security solution in India. By this time it has gathered a good deal of momentum and has reached a distinguished position out of the leading firms in this domain in the country. We provide all sorts of solutions to our clients & protect them from the manifold of cyber-attacks they are exposed to in their day-to-day activities.

We assure them all round shield against data theft, security breaches, hacking, network vulnerability, virus attacks, system compromise, frauds etc. through our expertise solution package of cyber security audit & assurance, I.T. service management, information security and business technology advisory. We have designed & devised a plethora of cyber security solution services taking into account the needs of the hour in the present context. We build up B 2 C relationships not only in producing solution package but also by creating a long standing support system through our talented and dynamic professionals who are committed to the cause. We assure all round cyber security solution to our clients in risk management and ensure their protection vise-a-vise optimal sustainable performance. We are working for the last decade with professionally certified ethical hackers & ISO 27001 Auditors. Our expertise lies in WAPT(Web Application Penetration Testing), NPT(Network Penetration Testing), Android App Penetration Testing, Hack Proof website development, White Hat Digital Marketing to rank high in search engines, Source code review for Android Application and Web site, secure Android App Development for businesses and Digital Forensics and Data Recovery services to corporate houses and government agencies to track cyber criminals.

Headquarters: Kolkata, India Founded: 2013 Employees: 10 – 50 Revenue: $5M – $7M

Services Provided By the company :

Web/Network/Android Penetration Testing, Secure Web Development, Secure Code Review, Android App Development, Data Recovery, Digital Marketing etc.

Tie-ups:

C – Quel, IRCTC, Titan, ISLE of Fortune, M B Control & System Pvt.Ltd., MSH Group, Odisha Pollution Control Board, KFC, Kolkata Police etc.

Official Link: https://indiancybersecuritysolutions.com/

Topic Related Link: https://indiancybersecuritysolutions.com/mobile-app-penetration-testing/

To read more about other companies, Click Here

#cybersecurity #mobile testing

0 notes

terabitweb · 6 years ago

Text

Original Post from Rapid7 Author: Brendan Watters

Fall is in the air, October is on the way, and it is Friday the 13th. We have a lot of updates and features that landed this week, though none are particularly spooky, and unfortunately, none are json-related…1

We recently updated our digital signing keys, and some users may have seen warnings that their Metasploit packages were not signed. We’ve fixed this as of this week—apologies for any confusion. If you are still experiencing signing issues, you may need to re-download Metasploit installers that failed verification. It may take a few days for our partners to update the installers they host to pick up the new signature.

@sinn3r’s zipslip exploit works against multiple targets utilizing unsafe extraction code that fails to check for directory traversal attacks. Make sure that any time you accept unknown (and maybe even known) zip files, you check the directory list for anything containing the folder-up character sequence ‘..’.

Under the heading of “Free Space”, our own space-r7 dropped a new exploit module targeting LibreNMS Collectd service.

Rapid7’s @tychos_moose teamed up with community contributor, timwr, and through a fortunate misunderstanding created two different bypassuac modules targeting the Windows 10 Store cache reset binary, WSReset.exe. While verifying Tim’s module, it looked nothing like the PoC I found online. It turns out that WSReset.exe auto elevates and then runs both a dll file subject to hijacking and whatever exe is listed in a low-privileged registry key. The modules were based on work by ACTIVELabs and sailay1996. It turns out that not only does WSReset.exe have a dll hijacking vulnerability, it also has a registry hijacking vulnerability, too!

Evasion modules have been getting more attention lately, and a good bit of why is community member NickTyrer. They came through again and added a new evasion module that evadesSoftware Restriction Policies and Applocker by using the trusted binary Microsoft.Workflow.Compiler.exe

Everyone’s favorite exploit, BlueKeep, is still being community-developed as a pull request before we release it officially as part of framework. Feel free to grab it and play, and feel even more free to help us make it better!

1 If this joke missed you, see: https://en.wikipedia.org/wiki/Friday_the_13th_(franchise)

New modules (7)

LibreNMS Collectd Command Injection by Eldar Marcussen and Shelby Pace, which exploits CVE-2019-10669

Generic Zip Slip Traversal Vulnerability by sinn3r and Snyk

October CMS Upload Protection Bypass Code Execution by Anti Räis, SecureLayer7.net, and Touhid M.Shaikh, which exploits CVE-2017-1000119

Windows 10 UAC Protection Bypass Via Windows Store (WSReset.exe) by ACTIVELabs, sailay1996, and timwr

Windows 10 UAC Protection Bypass Via Windows Store (WSReset.exe) and Registry by ACTIVELabs, bwatters-r7, and sailay1996

OpenEMR 5.0.1 Patch 6 SQLi Dump by Will Porter, which exploits CVE-2018-17179

Applocker Evasion – Microsoft Workflow Compiler by Matt Graeber and Nick Tyrer

Enhancements and features

We added a lot of features and enhancements this time around with the release of a big update to the metasploit-payloads package. AmAMong fixes and updates, timwr sent us a new payloads feature that allows a Meterpreter session to send keystrokes to the user workspace. Check it out: https://github.com/rapid7/metasploit-framework/pull/11984

Bugs fixed

Several bug-fixes went out with the payload update including fixes to better support python3, removing NDK from our android build process, improvements to the PHP cryptTLV negotiation, more accurate output for modern Windows server versions, and improvements to the java payloads ‘ls’ command to make it behave more naturally.

Get it

As always, you can update to the latest Metasploit Framework with msfupdate and you can get more details on the changes since the last blog post from GitHub:

Pull Requests 5.0.46…5.0.47

Full diff 5.0.46…5.0.47

We recently announced the release of Metasploit 5. You can get it by cloning the Metasploit Framework repo (master branch). To install fresh without using git, you can use the open-source-only Nightly Installers or the binary installers (which also include the commercial editions).

#gallery-0-5 { margin: auto; } #gallery-0-5 .gallery-item { float: left; margin-top: 10px; text-align: center; width: 33%; } #gallery-0-5 img { border: 2px solid #cfcfcf; } #gallery-0-5 .gallery-caption { margin-left: 0; } /* see gallery_shortcode() in wp-includes/media.php */

Go to Source Author: Brendan Watters Metasploit Wrap-Up Original Post from Rapid7 Author: Brendan Watters Fall is in the air, October is on the way, and it is Friday the 13th.

#Rapid7

0 notes