Anant Shrivastava : Techno Enthusiast

Whitepaper : Security Issues in Android Custom ROM’s

anantshri — Sun, 16 Oct 2011 23:25:30 +0000

Today i am releasing the paper which i presented recently at C0C0N conference at ernakulam. this paper outlines where security misconfiguration that can lead to device compromise, data theft and so on. Hope this helps in secure development and deployment of custom ROM’s. http://anantshri.info/articles/android_cust_rom_security.html The link contains download for both my slidepack as well as [...]

Android File system Graphical View

anantshri — Wed, 12 Oct 2011 12:09:03 +0000

Today i am presenting a simple HTML page which everyone can use to visualize the file system layout of Android Phones. http://anantshri.info/andro/file_system.html I have tried to keep vendor specific stuff out of the list however if you think this needs correction feel free to point out and correct it out. Link : http://anantshri.info/andro/file_system.html

Android : Running Standalone Python

anantshri — Thu, 11 Aug 2011 18:19:24 +0000

This is not yet another post on android-scripting project or SL4A or python for android. This post is for a specific purpose to empower the terminal again and make users again feel the power of terminal. Current state we can run perl, python, PHP, ruby, beanshell in SL4A interface or as a standalone apk with [...]

MyLife : Hack : Yahoo Open HackDay 2011

anantshri — Sun, 31 Jul 2011 08:16:48 +0000

This was my first time attending Yahoo open hackday the event is all fun and a quick way to hacking onto the yahoo api’s. I specifically focused on one API YQL, which basically claims to do the following select * from internet now that raises an eyebrow, in simpler term this is what is we [...]

White Paper : Web Application Finger Printing : Methods/Techniques and Prevention

anantshri — Sun, 17 Jul 2011 12:34:31 +0000

Today I am presenting my work for past some days in form of a white paper. This white paper basically outlines the automated finger printing methods, techniques and ideas for prevention automated methods to work on your site. BTW those who are having wappalyzer on there browsers just enjoy visiting my Joomla Powered Website. Here [...]

Chrome Extensions for Security Professionals

anantshri — Sun, 10 Jul 2011 10:02:20 +0000

During Recent days we have seen a phenomenal increase in usage of Google Chrome Browser, however Security Professionals are still looking at Firefox for there day to day life usage, the basic reason behind it is large set of firefox extensions backing it up, we have also custom builds like OWASP Mantra doing the round. [...]

Database protection Techniques : a different prespective

anantshri — Tue, 28 Jun 2011 12:24:02 +0000

Tips for Db Security Disclaimer : This post keeps in mind the web frontends and web applications based attacks on DB Servers in mind. Any Userid used for web application connectivity should be clipped to specific ip addresses that could be localhost in case of same server usage for Db and App server. If two [...]

Nessus Reporting Karma – Presentation Null Meet : May 2011

anantshri — Thu, 02 Jun 2011 15:03:16 +0000

Hi, Posting here as a reference of presentation that i gave in May 2011. Nessus and Reporting Karma View more presentations from n|u – The Open Security Community

Nullcon CTF BattleUnderground 2011 Walkthrough

anantshri — Tue, 31 May 2011 15:48:40 +0000

Finally after nearly 3 months i have been able to compile the complete walkthrough. So presenting the walkthrough for Battle underground. Please keep some notes in mind 1) Most of the stuff is done after servers were shutdown so i have to manage with directions only and not screenshots. 2) Feel free to ask questions [...]

protection wordpress username enumeration

anantshri — Mon, 30 May 2011 17:54:51 +0000

After my last post exploiting username enumeration i have looked deep and found a simple workaround to patch your blog for this vulnerability till wordpress has something to add to it. I am right now using a wordpress plugin : Redirections https://wordpress.org/extend/plugins/redirection/ Inside the plugin page which comes under : tools -> redirections Add a [...]