Research Team is working to make this place better and safer


Once upon a time, an old man walked down a Spanish beach at dawn, he saw ahead of him what he thought to be a dancer. The young man was running across the sand, rhythmically bending down to pick up a stranded starfish and throw it far into the sea.

The old man gazed in wonder as the young soul again and again threw the small starfish from the sand into the water. The old man approached him and asked why he spent so much energy doing what seemed a waste of time. The young man explained that the stranded starfish would die if left until the morning sun. “But there are thousands of miles of beach, and miles and miles of starfish. How can your effort make any difference?” The young man looked down at the small starfish in his hand, and as he threw it to safety in the sea, said, “It makes a difference to this one!”

Our research team is doing same work in ocean of websites. Their efforts are definitely making a difference to one.

Web security is as much essential as web development these days but many web based applications are not taking it seriously. You are not mugged till now it doesn’t mean robbers do not exist. Our security research and analysis team picks random servers from internet and find the vulnerabilities. They act like an ethical hacker and inform them about vulnerabilities.

One of the vulnerability we found in the site asapp is Built by a team of leading scientists, software engineers and designers. We reported them and got reply from their young and dynamic founder and advisor Marcus Westin. First he did not believe but when we showed him proof, he was surprised. He wanted to know how it was possible for us to hack into their system. Our security researchers not only showed him the steps, they also suggested their team to fix the vulnerability.

Another incident was with the site It is a site to play poker online. When we sent an email about their vulnerable site, they did not believe but two months later we got an email from site owner Kirill about their site is hacked and it was exact same way what we mentioned in mail. But now it was too late. Their data could not be recovered. Hacker dropped the all the databases.

When they asked our help, we provided solutions to make their site more secure and robust on security front.

A seven-year-old remote code execution vulnerability that is affecting Samba versions 3.5.0 and higher is making news this week. The vulnerability is billed as the WannaCry equivalent for *nix operating systems, and some are even calling it SambaCry since it affects the SMB protocol implementation and is potentially wormable – which can cause it to spread from system to system.

A malicious samba client that has write access to a samba share could use this flaw to execute arbitrary code typically as root.

Points :

1. CVE-2017-74942 has a CVSS Score of 7.5 (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)3.
2. This vulnerability is the Linux version of WannaCry, appropriately named SambaCry. A malicious samba client that has write access to a samba share could use this flaw to execute arbitrary code typically as root.
3. The flaw allows a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it with the privileges of smbd (typically root).
4. This flaw affects all versions of Samba from 3.5.0 onwards, except for the most recent releases of Samba 4.6.4, 4.5.10 and 4.4.14.


Exploit samba vulnerability



Solution :

Updating SAMBA will fix this vulnerability.

Subtitle Hack Leaves 200 Million Vulnerable to Remote Code Execution


Check Point researchers revealed a new attack vector which threatens millions of users worldwide – attack by subtitles. By crafting malicious subtitle files, which are then downloaded by a victim’s media player, attackers can take complete control over any type of device via vulnerabilities found in many popular streaming platforms, including VLC, Kodi (XBMC), Popcorn-Time and

It’s common to see subtitle files (usually a .srt or .sub) included in torrents and other less-than-legal movie downloads, so people tend to simply ignore them. You can load this file into most video players to display subtitles in the chosen language synced to the video. Check Point says that there are roughly 200 million installations of video players vulnerable to this exploit including VLC, Kodi, Popcorn-Time, and

Details can be found here


Solution :  Download Subtitle Hack Fix

Check Point researchers contacted the developers of the affected media players in April 2017. Thankfully, the security patches have been released.

In the case of VLC, the attacker can leverage memory corruption bug. The media player had four vulnerabilities (CVE-2017-8310, CVE-2017-8311, CVE-2017-8312 and CVE-2017-8313) which have been fixed by VideoLan.

A fix for VLC is available as the latest version which is present on the VideoLan’s website. The same is the case of Stremio.

WannaCry is the ransomware computer worm that targets computers running Microsoft Windows. Initially, the worm uses the EternalBlue exploit to enter a computer, taking advantage of a vulnerability in Microsoft’s implementation of the Server Message Block (SMB) protocol. It installs DoublePulsar, a backdoor implant tool, which then transfers and runs the WannaCry ransomware package. It is also being called WanaCrypt0r 2.0.



Main Functionality


The WinMain of this executable first tries to connect to the website It doesn’t actually download anything there, just tries to connect. If the connection succeeds, the binary exits.

It was probably some kind of kill switch or anti-sandbox technique. Whichever it is, it has backfired on the authors of the worm, as the domain has been sinkholed and the host in question now resolves to an IP address that hosts a website. Therefore, nothing will happen on any new systems that runs the executable. This only applies to the binary with the hash listed above; there may well be new versions released in the future. The second argument to InternetOpenA is 1 (INTERNET_OPEN_TYPE_DIRECT), so the worm will still work on any system that requires a proxy to access the Internet, which is the case on the majority of corporate networks.



After this check passes, the first thing the worm does is check the number of arguments it was launched with. If it was run with less than two arguments passed, it installs a service called mssecsvc2.0 with display name Microsoft Security Center (2.0) Service (where the binary ran is itself with two arguments), starts that service, drops the ransomware binary located in the resources of the worm, and runs it.

If it was run with two arguments or more—in other words, if it was run as a service—execution eventually falls through to the worm function.



The initialization function called first calls WSAStartup() to initialize networking, then CryptAcquireContext() to initialize the crypto API so it can use a cryptographically-secure pseudo-random number generator. It then calls a function that initializes two buffers used for storing the worm payload DLLs, one x86 and one x64. It copies the payload DLLs from the .data section of the worm and then copies the entire worm binary after it.



The code of each payload DLL is very small, just getting the resource content (i.e. the worm binary), dropping to disk as C:\WINDOWS\mssecsvc.exe (this path is actually hardcoded) and executing it.



SMB Vulnerability


After initializing the functionality used by the worm, two threads are created. The first thread scans hosts on the LAN. The second thread gets created 128 times and scans hosts on the wider Internet.

The first thread (in charge of scanning LAN) uses GetAdaptersInfo() to get a list of IP ranges on the local network, then creates an array of every IP in those ranges to scan.



The LAN scanning is multithreaded itself, and there is code to prevent scanning more than 10 IP addresses on the LAN at a time.



The scanning thread tries to connect to port 445, and if so creates a new thread to try to exploit the system using MS17-010/EternalBlue. If the exploitation attempts take over 10 minutes, then the exploitation thread is stopped.



The threads that scan the Internet generate a random IP address, using either the OS’s cryptographically secure pseudo-random number generator initialized earlier, or a weaker pseudo-random number generator if the CSPRNG failed to initialize. If connection to port 445 on that random IP address succeeds, the entire /24 range is scanned, and if port 445 is open, exploit attempts are made. This time, exploitation timeout for each IP happens not after 10 minutes but after one hour.


In December-2016, attackers were exploiting misconfigured open-source MongoDB databases and holding them for ransom. Bitcoin chart The ransomware attacks against MongoDB were first publicly reported by GDI Foundation security researcher Victor Gevers on Dec. Bitcoin exchange chart 27, 2016, and have been steadily growing ever since, with at least five different groups of hackers taking control of over 10,000 database instances.

Mongo databases which were not password protected have paid heavy price for this vulnerability. Well it was not a vulnerability. Vulnerability is a quality or state of being exposed to the possibility of being attacked or harmed. It was ignorance and when you ignore serious aspects like security, you have to pay unbearable price.



Above is a screenshot, which shows how hacker hacked into vulnerable mongo databases. Now after taking control of the database, they are simply removing the existing db and putting a ransom note in the table.

In above example, they removed the database and created a db name warning.

Here is ransom note in collection warning :

Send 0.1 Bitcoin to walletaddress 131qpnP9v2qGKbrAQirCZzunyw5x3dADsB and contact to get your databases back.


Remedy :

Mongo DB admin must need to implement strong password for their databases as well as if code is on same server, they need to close the port 27017. They do not need an opened port for remote access if code is able to access database locally.

There are many variations of passages of Lorem Ipsum available, but the majority have suffered alteration in some form, by injected humour, or randomised words which don’t look even slightly believable. If you are going to use a passage of Lorem Ipsum, you need to be sure there isn’t anything embarrassing hidden in the middle of text. All the Lorem Ipsum generators on the Internet tend to repeat predefined chunks as necessary, making this the first true generator on the Internet. It uses a dictionary of over 200 Latin words, combined with a handful of model sentence structures, to generate Lorem Ipsum which looks reasonable. The generated Lorem Ipsum is therefore always free from repetition, injected humour, or non-characteristic words etc.