The behaviour of retaining Auth headers by OkHttp during redirection

Image for post
Image for post

Are you an Android developer who is inclined towards security or an application security guy who’s keen to connect multiple dots to identify a cool security bug? Were you oblivious that OkHttp, the Friend of Android developers retains auth headers during redirection? If yes, then this story would be interesting for you. It talks about the behaviour of OkHttp to retain auth headers during redirection to third-party domains.

To better understand this, let us first brush up some fundamental things around the issue. …


The Secrets of Avoiding Hardcoded Secrets

Image for post
Image for post

I remember the early days of my application security journey where we used to identify hardcoded secrets in the backend code, in almost every source code review engagement and at that time I used to struggle a lot to come up with the best remediation considering the cost and overall architecture.

Based on a little experience of learning and unlearning things around this very common issue of hardcoded secrets I thought of writing something on this. In this story, I would be discussing the issue related to hardcoded secrets and the ways in which we can effectively resolve the issue.

At last, we would also quickly compare the solution provided by cloud market leader AWS and HashiCorp’s Vault to effectively and securely manage secrets. …


A Simple Python Utility To Perform Passive Enumeration On Android Binaries

Image for post
Image for post

Reconnaissance is indeed the most critical and time-consuming phase of a penetration test. In this phase, we collect as much information as possible about the target. The more information we have, the more are the chances of successful exploitation.

Over the past few years, I have had multiple experiences where the mobile front of applications are missing the fundamental security practices whereas corresponding web applications are far more robust. This is definitely an area of opportunity for red teamers, penetration tester and bug bounty hunters wherein they could identify some cool security issues.

With all that in mind and COVID-19 lockdown, I thought of brushing up my scripting skills to come up with a passive enumeration utility for Android applications. The script takes APK file as an input, performs reverse engineering and gathers information from the decompiled binary. As of now, the script provides the following information by searching the decompiled…


Utilities That Might Help You Earn/Save Few Hundred Thousand Dollars! 🤑

Image for post
Image for post

Introduction

AWS is indeed a leading cloud platform and is widely used for various types of cloud services by tech giants such as Netflix, Airbnb, Lyft, Deliveroo, etc. In this story, I would be talking about the automated detection of AWS NS Takeover, a security issue related to the misconfiguration in AWS Route 53 service. The tool can be used by Infrastructure Security Engineers, DevSecOps Engineers, Penetration Testers and Bug Bounty Hunters(🤑) for automated detection of NS Takeover.

If you are unaware of AWS NS Takeover, I strongly recommend you to first go through the following story to better understand the issue. The story also talks about exploitation techniques using NSBrute which can be leveraged by Penetration Testers and Bug Bounty Hunters to generate a valid proof of concept. …


Ever wondered the deep links that you have in your application is one of the doors for an attacker to crack your application?

Image for post
Image for post

In the current era of hybrid mobile architecture, the Webviews and Deep Links are extensively used hand in hand. The former one is used to deliver dynamic web content while the latter one is used to make the applications more interactive.

In this story, we would be discussing the common security misconfiguration pertaining to the mingling of Webview and Deep Link. We would majorly be discussing the amazing security research performed by Bagipro on Insufficient URL Validation and later we would be ending it with some recommendations to mitigate this issue.

The story is also meant for the security evangelists who might not have the understanding of fundamental concepts of Android system. The Prerequisites section covers a few of the concepts which are later used in the story if you are already clear with these fundamental concepts feel free to skip this section. …


For the people who say we are on the cloud and it is implicitly secure :P

From 101 to Detection and Exploitation!

Image for post
Image for post

I hope you would have heard of a conventional subdomain takeover because of a dangling CNAME entry. Recently while going through these amazing blogs( Taking Over 120K Domains via a DNS Vulnerability in AWS, Google Cloud, Rackspace and Digital Ocean and Subdomain Takeover: Going beyond CNAME) I got to know about this cool, non-conventional domain takeover which allows an adversary to have complete control over a vulnerable domain.

Prerequisite

Before we go ahead and get our hands dirty you need to have a fair understanding of the following concepts:

  1. DNS(Domain Name Service)
  2. Fundamentals of AWS(especially Route53 service)

The Misconfiguration

Image for post
Image for post

Usually while setting up a domain, we avail domain registration services from the registrar and provide the authoritative nameservers which stores and provides the respective DNS resource records. The security issue is regarding the misconfiguration while setting up authoritative nameservers for a domain. …


Are you still unsure regarding the security of your user’s device?

Friend of Security Engineers and Architects!

Image for post
Image for post
Android Leading Market Share

Android is leading the current era of mobility with more than 75% of the market share. Nowadays, mobile applications are not only used leisure purposes but are also used for the business critical operations wherein there is a huge flow of sensitive data.

Although, Android supports the beautiful concept of sandboxing which disallows an application to access the data of any other application in the normal scenario. It is still suggested that the applications dealing with sensitive data should consider the edge cases to securely handle sensitive data.

Android Keystore released in API level 18 came out to be as friends of security architect and developers. The keystore is still growing and has grown significantly since its release. Without spending much time let’s discuss another gem added to Android security crown called Android Key Attestation. …

About

Shiv Sahni

Security Engineer |Security Consultant |Infosec Trainer | Author | Lecturer | Open Source Contributor | Learner https://www.linkedin.com/in/shivsahni/

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store