Mobile backend for mobile hacker

Currently, the backends focused on certain needs of application developers are actively “built” upon “low-level” cloud systems (bare virtual servers and virtual file storages). The so-called backend as a service (BaaS) are in really good demand with mobile software developers, due to which now the differences between BaaS and Mobile BaaS (MBaaS) are almost blurred out. MBaaS-services are very popular with online-games developers and start-up projects, because they help spare an ocean of resources and time for development and maintenance of server infrastructure. Today it’s possible both to connect client side to cloud storage, user maintenance service, social services, etc., and to bring the working prototype to operation within several hours and free of charge.

Read full article →


Let’s learn the basics of build automation with the help of Rake

Any software development project is always associated with the automation of related routine tasks. Initially, IDE and a pair of manual operations will be enough for you. Then, the number of body movements begins to grow: you need to perform multiple sets of tests, embed various certificates, execute scripts in the database, generate documentation on the code, and so on. You also need to perform these and other operations on the Continuous Integration server. In addition, you may need to deploy applications on production servers (if we’re talking about a client-server solution). To automate such tasks, programmers sometimes create sets of batch or shell scripts, but more often, the team of developers comes to some consolidated decision.

Read full article →


TOP–10 ways to boost your privileges in Windows systems

Well, how could we ‘boost’ privileges on Windows? First of all, we should say that there were found, lately, a lot of vulnerabilities regarding fonts parsing which make the process of privileges elevation rather simple as long as we have a proper exploit. If you use the Metasploit then you need only one command to get the system shell. However, it will only work if the system is not fully patched. In case if the machine has all the updates installed, despite the Linux, we will not be able to find SUID-binaries in here, furthermore the environmental variables usually do not transmitted to services or processes with higher privileges. So, what we can do then?

Read full article →


BDFProxy

I guess you have heard about Evilgrade framework that allows to “fix” the update mechanism of the most popular programs (Windows update, Apple update and so on and so forth) by replacing valid files with malicious ones. You probably think that only the application’s updates are vulnerable? Well, you are wrong. I shall be honest with you, it is not that secure to download files from the web as it might be seemed from the first sight. Don’t believe me? Then look, or better say, read.

Read full article →


A small injection for memcached

What is memcached?

But at first let us consider a small introduction. So memcached is a free and open high-performance distributed system for caching objects in memory. It is a storage of “key-value” type located in the operating memory and designed for small “portions” of arbitrary data (string values, numerical values, not infrequently serialized objects in the form of string values) such as results of queries to DB, results of API calls or generation of pages. In addition, memcached is a fully open development, is assembled and operated under UNIX, Windows, OS X and distributed under an open license. It is used by many popular web projects, for example, LiveJournal, Twitter, Flickr, YouTube, Wikipedia, etc. It is a normal network service with host-base authentication, which is operated in loopback interface on port 11211. memcached daemon supports UDP- and TCP-sockets and provides two different protocols for interaction with itself: text and binary. I suppose that this is all what we are to know about the patient so far.

Read full article →