Conversations From Black Hat 2017!

Well – It was about Security, Data Science, Machine Learning!

I was told that BlackHat is the largest professional hacking event of its kind. It is one thing to hear about it and one thing to experience it. I was awestruck standing in the conference space at Mandalay Bay and actually seeing 15,000 people wearing Black Hat badges, over 400 researchers presenting content and 250 vendors displaying their latest product offerings. I realized that Blackhat is not a sprint, it is an ultra-marathon lasting a week. Due to the sheer number of security experts the event draws it is easy to find, collaborate and learn about everything that is new and cutting-edge in the security space. Believe me, when I say this, some of the research and products that challenged the status-quo changed my understanding of the security world entirely.

I made new friends, met with old ones, and discussed the status of Cyber Security, Data Privacy, Artificial Intelligence, Mobile AppSec, IoT exploitation and OSINT (Open Source Intelligence).

See you next year folks!

I fork OWASP MASVS, Did you?

How to Contribute

The MASVS is an open source effort and we welcome contributions and feedback. If you want to contribute additional content, or improve existing content, we suggest that you first contact us on the OWASP MSTG Slack channel:

You can sign up here:

To add or edit content, simply fork the repository and make your changes, then create a pull request when you are finished. We’ll review the changes before we merge them with the master branch in the main repo. In case there’s conflicting opinions, we’ll create an issue for discussing the changes.

Read Individual Sections of the MASVS Here

PCI DSS 3.1 is here. Are you ready?

PCI DSS 3.1 is here. Are you ready?

How to record your iPhone, iPad or iPod touch on your Mac?

  1. Connect the iOS device to your Mac using the Lightning cable.
  2. Open the Applications folder.
  3. Double-click on QuickTime Player.
  4. Click on the File menu.
  5. Select New Movie Recording.
  6. Click on the downward-facing arrow to the right of the record button.
  7. Under Camera, select the name of your iOS device.
  8. If you wish to record audio from the device, select its name in the Audio source list.
  9. Click on the red record button to begin recording video from your iPhone.
  10. When you’re done, click on the button again to stop recording.

Screen recording

I fork OWASP ASVS, Did you?

OWASP has released the next version of their Application Security Verification Standard (ASVS v3). The ASVS is an extensive document listing out 19 verification requirements organised as a checklist – Here

If you are security geek and wanted to contribute something  – Why don’t you start helping us in building up next generation application security verification standards?

Abhinav Sejpal

Join me at APP SEC USA 2015

Android is the leading Operating system. It is used not just in Smartphones / Tablet but also is used as base for interactive Television, gaming console and lot more systems. The obvious resultant is that there is a large focus towards developing applications for this platform and to maintain its security. This is an one hour crash course on “By passing root detection” for android based dummy internet banking app, This dummy internet banking application has features such as adding a beneficiary account, fund transfer, view statements, OTP, Pin sign-in, etc. to provide attendees a real world application scenario.

Android APK file architecture and Setting up the emulator.
Reversing the APK file package
Understanding, patching smali code (JAVA – Class – Dex – smali – APK)
Bypass the business logic for the root detection

Who Should Attend
– Security Professionals
– Mobile Application Developers
– People interested to start into Android security
– Web Application Pentesters
– Beginners mobile app malware auditor

What to expect :
– Getting started with Android Security
– Reversing and Auditing of Android applications
– Hands-on on Finding vulnerabilities and patching the binary;&sidebar=yes&bg=no#.VenMMNOqrDU

Mail Ru stores passcode in clear text – Insecure Data Storage

I found vulnerability with Mail RU iOS App, it allows its users to set a passcode to protect their information. This passcode is stored in clear text in the keychain, which can be obtained using keychain_dumper tool.


Mirroring your iOS Device

One of the simplest way to capture video is by mirroring your iPhone/ipad on to your PC with the help of Reflector App. And then use third party recording tools such as Camtasia or WebEx to record any scenario. Please note that the Airplay feature works only for the mentioned devices

iPhone 4s and above
iPad 2 or later
iPad mini
iPod Touch (5th Generation)
Apple TV (2nd or 3rd Generation)


  •   PC /laptop connected to a Wi-Fi.
  •   Third Party Recording Tool like Camtasia, Cisco WebEx Recorder to be installed in PC/laptop.
  •   Above mentioned iPhone/iPad connected to the Wi-Fi.
  •   Installing the Reflector Software into your PC.

Reflector Software can downloaded and Installed from

Mirroring the Device into your PC

A.    Open the Reflector
B.    Allow Access if Blocked by Firewall
C.    Right Click on the Reflector icon and Click on the  Show preferences
D.    Select the Optimum resolution for your device and Add password

E.    Turn on the iPad/iPhone and make sure it’s connected to Wi-Fi Router.
F.     Check the bottom of the Device.

Step 1

G.   Tap on the Airplay icon

Step 2


H. Computer name will be seen on the popup as seen above. Enter the password which was entered in the preferences and tap on the connect button.
I.  Turn mirroring on and the device should be seen on your PC.

J. Right Click and you can exit full Screen (Alt+F).

Step 3

K. Now we can use any third party recording tools such as camtasia or Cisco WebEx recorder to record a scenario from the PC.

Note: Trial mode of Reflector Software can run only up to 10 Mins.

How to download an APK file from Google Play store

I have been getting many queries in last couple of days for the android mobile binary download from the Google playstore, many folks are unaware about how to get the binary.  If you have rooted device, once you installed the binary – Binary will be stored @ /Data/APP/[Package name].

If you want to download the APK file using a browser extension at your PC then getting yourself an extension for Chrome or Firefox is probably a good idea. you can download one of the Downloader : CodeKiem’s APK Downloader extension version which supports both Chrome and Firefox browsers.

androidpit-apk-downloader              This is one of many APK Downloader extensions available for Chrome

Once you’ve added the extension to your desktop browser, you need to enter your email address, which will be stored in the Chrome extension associated with your Google Play account, and also your device ID for later requests.

To get your device ID, download an app called Device ID, which will bring up your Android ID when you open it. You should also use one of the e-mail addresses listed in Device ID- along with its associated password – to log into APK Downloader.

Device ID

You can then proceed and download the APK to your computer, once complete, it is ready to install to your Android device using the side loading method.

Download APK


Start a Simple Web Server from Any Directory using Python

If you need a quick web server running and you don’t want to mess with setting up apache or something similar, then Python can help. Python comes with a simple builtin HTTP server.

Assume that I would like to share the directory which is located at   /Users/BugWrangler/Desktop/{Any Share directory} and my local network IP address is (other words

Navigate to same directory and enter the following command

python Simple HTTP Server

Now, Navigate to browser in the same machine or other machine which is located in same network.

Navigate to the below address :

Python HTTP Server

If the directory has a file named index.html, that file will be served as the initial file. If there is no index.html, then the files in the directory will be listed.

If you wish to change the port that’s used start the program via

© 2018 Abhinav Sejpal

Theme by Anders NorénUp ↑