Monday, August 22, 2016

Web Watcher - Why you need to crawl the web for confidential data leaks of your company?

Abstract: Understanding the need to crawl notorious sites of the World Wide Web for Leaked/Compromised/Hacked data and to place a mechanism in place to report such findings so that the necessary action may be taken at a quicker pace to minimize the impact of the attack.

As we know in today’s world no amount of security can assure a system impenetrable, the least we can do is step up our guard and place a mechanism in place that minimizes damage in case of a worst case scenario.
Hackers have perfected few techniques to exploit money from their plunders of hacked data.
Hacked Data may contain email credentials, credentials of social networks, API keys, Subnet IPs, Password hashes, Machine configuration info etc. They sell the data to the victim’s rivals/competitors or in certain cases they end up blackmailing the victim.

Hackers /cyber criminals tend to share the results of their data heist on the open web on sites such as pastebin, slexy, reddit, 4chan and many other loosely moderated sites. They often share glimpses of the hacked data in order to gain attention and to pull up some interested buyers for their entire data dump.

This makes it evident that we need to be on the constant lookout for such data leaks in various forums, text sharing sites, social media etc. Since the data to be monitored is large it would be impractical to do it manually, hence we need a system/application in place to do the same. Once the data that is leaked comes through to us, it is upto the security team to take the necessary action which may be anything from changing the passwords/api keys or suspending the accounts etc or whatever action is apt for the situation.

To define a monitoring system which identifies data leaks of a specific Individual/company along with plausible data sources and tools which generate reports. The action to be taken on the data leak completely depends on the type of the system/data which is not in the scope of this 

Everyone Else is doing it?
Yes! A lot of the big companies do have a system in place for the sole purpose of looking for data leaks of their respective companies on the open web. Ever since the infamous hack “50 days of Lulz” everyone is rushing towards this approach. Cyber Security related companies constantly do this.

Overview of the system that needs to be in place to look for data leaks.

Data Source 1: As you can see in the above diagram, the data from text sharing sites are pulled up for analysis via their API and using regular expressions in our Pattern matching engine we shall pull up any leaked data.
Data Source 2: There are few twitter bots out there such as @dumpmon which monitor hacker’s playgrounds, forums and their popular sharing platforms and tweet in case of any leaks detected.

Data from such bots can be useful as it provides a defined amount of data to search, passing it to our PR-Engine will do the rest of filtering.
Data Source 3: Using custom search engine searches and using tools such as scumblr and integrating it with our system would help us get the leaked data at a quicker rate.

The key thing to be considered here is how quick we can get the data that interests us and make sure it is attained with minimum resource consumed.

Tools: There are no fully fledged commercial tools for this purpose. On exploring I found a few good tools.
Scrumblr & Sketchy: This is a tool developed and open sourced by Netflix. The purpose of the tool is to collect information on the web that interests you/ your company. This tool is currently being used by Netflix Security team.

HaveIBeenPwned: This is a online tool where you can search for a keyword it shows you if your account is compromised. It has API support too.

Amazon also monitors the web; there have been multiple instances where users are alerted that their API keys of their instances are on the open web. We are not aware which tool they use for this purpose.
However there is an open source tool called Security Monkey which monitors policy changes and alerts on insecure configurations in an AWS account. 

I happened to try out pystemon which is an open sourced tool built using python.
Below are the results.
Step 1: I posted a test email Id with some data to the text sharing site called slexy.

Step 2: I configured my system to be able to run pystemon.
Step 3: I set up the regular expression I was looking for in the tool configuration.

Step 4: Run the program

Step 5: Within a minute, I managed to find the text which I had shared in step 1 downloaded along with all the information surrounding it into the Alerts folder.

This is just a simple demonstration on how humongous data can be mined easily with the tools available, on customizing such tools we can set the path to effective monitoring of the web for confidential data leaks. The thing common in all tools is that they have used python.  Python is usually used to scrape data from large dumps and it is effective in doing so.

Conclusion: Using the information in this document as a precursor and setting up an effective system or an application consisting of multiple inbound data sources, to monitor the wide web and minimize the impact on the customers/victims thereby adding more Trust towards the brand which would not only be essential but pivotal in today’s world where security can be an illusion.


Wednesday, July 20, 2016

Beware of Apps caching unwanted images

When you surf certain apps, the images are cached in your phone to help load the application fast next time. 
While some applications delete them or make them non readable it is still accessible and readable with some searching and tweaking, without any root access. 

I found this in the previous versions of tumblr and twitter using "Ess file Manager"

Browse to the sdcard/Android/data (    In this directory you will find all apps which cache data.  )

Further browse to sdcard/android/data/com.tumblr or you will find lot of files with alphanumeric names.

Select all and proceed to rename all with option provided by "Ess file Manager" and in the extension field give ".jpg"

You will now see most of the images that you had browsed in the app. 

So be careful next time, remember to clean up such folders. You may choose to clear the cached data of all the apps as given in this link . But it will also erase your login details making you reenter your credentials the next time you log into tumblr/insta/ or any app that requires your credentials. Hence be wise and clear the data of only that apps, that you desperately want to. 

Whatsapp has a separate sent folder, which never appeared in my gallery for some reason.
It contains all the videos and pics which you forward to others. 

using "Ess file Manager" browse to /sdcard/WhatsApp/Media/WhatsAppImages/Sent and /sdcard/WhatsApp/Media/WhatsAppVideos/Sent 

Delete the contents of these folders if you want nothing to do with those images/videos.

Saturday, July 16, 2016

Tackling "Phone storage full"

When you don't have an extendable memory slot and you thought that 16 gb /less was enough for your needs, you might find yourself in a shock when you get this problem.

Other than the fact that you managed to fill up your phone with data most of which you don't need, you might still be able to create some space by clearing up some of the junk you never use or which is created by your phone.

Below are a few quick ways to free up some space on your android phone. (no root)

Disable apps which you do not use.

For example, you may not be using google+ . Go to application manager, select the app and force stop it before hitting the disable button.(you can always enable it again) Also before doing this, you can uninstall the updates of such apps that come with the phone. Incase your phone does not come with this app disabling feature, then you would have to install some app of the playstore, such as "disable bloatware" or "app Freeze"

Uninstall apps that you never use.

Apps keep getting heavier after each update, so if you have not being using an app for a long time, you can uninstall it. If you still feel like you may use the app in the near future, back up the apk file using an app like "Ess file Manager" and then uninstall the apps.

Delete Big Files  / duplicated files

Use " Big File Locator " to find the large files in your phone and delete them if they are of no use to you.

Backup your files.

You can use "dropbox "or "box" or any reliable backup service that suits your needs. I use dropbox, it has 2 GB free storage available.(Box has 10gb) You can move your pictures or files to it and clear up the space on your phone.With some settings in such app, you can schedule your uploads or folder that you want to back up at certain intervals.

Misc: Few common tips.

  • You can always root your phone if you want to get rid of the apps, that come bundled in your phone.
  • Turn auto update app feature OFF. You can select the apps that you want to update.
  • Use websites instead of app, wherever possible. (All websites promote their apps, but not all apps are good for you)
  • Do not use apps like clean master or apps with such functionalities, they may do more damage than good.

Sunday, January 17, 2016

One quick way to save battery on android

Install a firewall - mobiwol app

This firewall doesn't need your phone to be rooted.

It has a simple interface. Configure the apps that you want it to access the internet via your data pack or Wifi. Like in the below screenshot.

   Mobiwol: NoRoot Firewall- screenshot

For example you can set an app to access internet only via wifi and not your data pack hence saving you your expensive data pack by a few mbs per app.

On selecting only the apps which you want to access the internet, you are disabling

  • Frequent update checks
  • Frequent version checks etc.

Which inturn reduces the battery usages.

( Explanation: Even if you have an app that you never used, it would still make calls to its servers to check for updates. The frequency of this depends on the app. Once you install this app on checking upon the logs you can find out those apps and block em temporarily )

There are a lot of other basic rules like, 
1. Use wifi less , manage it well, there are apps that can schedule it to run every once in 15 mins or whatever time period you set.
2. turn off GPS when not in use.
3. Uninstall apps that you dont use
4. Charge your phone once it is below 10% not above it. (purchase a portable charger if it would help your cause.)
5. Set Datasaver ON on your Chrome Browser / any other browser that provides the feature
Chrome - Settings - Data Saver - On

I have been using my moto x for some time now. I use mobiwol, you can try other apps in the store. For me this app has reduced my battery drain and saved considerable amount of data usage.

Note:This firewall uses a VPN for more info checkout Android forums.

Sunday, November 22, 2015

SQL keyboard shorcuts for Frequently used queries

If you work extensively with MS SQL SSMS, you would be looking for a way to reuse the queries instead of typing it all over again. Something like a shortcut for the frequently used queries.

I Use the following ways and methods to access the SQL queries that I frequently use

Setting keyboard shortcuts in SSMS.

Tools > Option > Environment > KeyBoard
There are 11 available shortcuts u can set.

To execute, in the query window
for example the table Orders in the DB NorthWind
you need to just write "Orders" in your query window and select the word and hit Ctrl+0 
As you can see in the screenshot above, it will exec the statement
"Select * from Orders" and get you all the records in your DB.

Unfortunately We are not able to add more shortcuts to SSMS. after lil googling , I found this cool tool called Clavier+

where you can store all your frequently used queries

The other Feature of this is that, you can launch any program with a shortcut, also you can use it to launch any file that you frequently open.


Note: Suppose you set a shortcut for keys such as Ctrl+C , V then the action that you specify here will take place instead of the OS's Copy Paste function.

Tuesday, September 15, 2015

SSIS Log Simplifier

Here's a simple tool made on winforms that will help you simplify the log files generated by the execution of SSIS packages .

Analysis of the log file may take up large quantities of time,
ie. to find an error that occurred during the execution of the packages we use search function in notepad to traverse through the log file generated by the package execution. 

This tool will help ease up the process by providing a parsed HTML file which is readable version of the log file, highlighting and grouping the errors and warnings thus making it easy to find the error quicker. 

Read on to find out more

1. Launch SSIS PILL .exe

2. Click on Get Files after 

  •     Selecting your folder that contains the SSIS log files
  •     Click on Get Files - on the left side all files in the selected directory will be displayed
  •     This will show the status of the file like success or failure and time taken
  •     This is a pictorial indication that the file is a success
  •     These are where warnings are displayed

3. On selection of file with error records

  •     Now the picture is different for log files with ERRORS.
  •     The first grid shows the ERRORS and the second the WARNINGS
  •     This thing works full screen too

4. Click on Open In HTML for Parsed Log File, the parsed file will open in browser.
As you can see this is in  a better readable format.

  • Has status of execution at the top
  • First grid is of ERRORS
  • Second Grid is of WARNINGS

5. Other buttons

Export to HTML will Create a directory in the same as your parent directory of your log folder and place the Parsed HTML files there.

Open in HTML will open the selected log file's parsed format like in step 4 in the browser

Open in Text - will open normally in a text editor

6. Mail
Export - Mail will add the attachment of the parsed log file and open up outlook ready to send.

(you can configure default path for the log folder and the email id to which mail needs to be sent in the config file )

If the above setup file doesnt work then use the one below, extract from the zip folder and run the SSISLogSimplifier.exe file

Monday, September 1, 2014

Rooting and flashing Sony Xperia J ST26i

Writing this post after successfully flashing Sony Xperia J ST26i with DARK MOON AVD ROM

I followed the instructions given in


Take a backup of your contacts, sd card etc. I used My phone Explorer

Update the phone's firmware
Go to Settings > About phone > Software updates > System updates
or use SONY PC Companion


Unlock BootLoader
Followed the steps given here

How to Unlock Bootloader of Sony Xperia Devices (official and universal tutorial)
  1. Go here and check whether your smartphone is on the “unlock bootloader” list or not. If your phone is not listed there it means that you cannot use this guide for unlocking the system.
  2. Also, on your handset type and dial: *#*#7378423#*#*; then go to “Service info -> Configuration -> Rooting Status” and check if the “Bootloader unlock allowed” says yes. If the “no” answer will be displayed then you will not be able to unlock the bootloader of your device.
  3. Now, extract the file named “” (which has been downloaded before) on your computer.
  4. Then, copy the obtained file (“android_winusb.inf”) to path c:\android-sdk\extras\google\usb_driver.
  5. Click yes if asked to overwrite something.
  6. Type *#06# on your phone and get the IMEI number; write it down as you will need it a little bit later.
  7. Now, go here.
  8. On the first page click on “Yes, I’m sure”.
  9. Agree to Sony’s legal terms and then hit “I accept”.
  10. On the next page enter your name, email and your device’s IMEI number and click on “Submit”.
  11. An unlock code will now be offered; note it down.
  12. Turn off your device and connect the same with the computer by pressing on the Menu button (for the Xperia arc, Xperia arc S, Xperia neo, Xperia neo V, Xperia pro handsets), or on the Search button (for the Xperia Play device) or on the Volume Up button (for the Xperia mini, Xperia mini pro, Xperia ray, Xperia active, Live with Walkman, Xperia S smartphones).
  13. Install the drivers on the path mentioned above (c:\android-sdk\extras\google\usb_driver).
  14. Now, on your computer open command prompt: “start -> run -> type cmd”.
  15. On the cmd window enter the following commands (one at a time): cd C:\android-sdk\platform-tools; fastboot.exe -i 0x0fce getvar version; fastboot.exe -i 0x0fce oem unlock 0xKEY (replace key with the code obtained before).
  16. That’s all, now the bootloader will be unlocked.
  17. In the end, remove the USB cable and reboot your smartphone.

Problem Faced: STEP 13  The driver to be installed was not accepted by the system.
Hold down the Windows key on your keyboard and press the letter C to open the Charm menu, then click the gear icon (Settings).

Click More PC Settings.

Click General.

Under Advanced Startup, click Restart Now.

NOTE: In Windows 8.1, the ‘Restart Now’ button has moved to ‘PC Setting -> Update & Recovery -> Recovery.’

After restarting, click Troubleshoot.

Click Advanced Options.

Click Windows Startup Settings.

Click Restart.

After restarting your computer a second time, choose Disable driver signature enforcement from the list by typing the number 7 on your keyboard.

Your computer will restart automatically.

After restarting, you will be able to install the  drivers normally; however, Windows will display a warning message. When the warning appears, click Install this driver software anyway

Soln from:

So after unlocking your bootLoader.


Download from here
AVD Rom Latest Release

Addon Archive

Kernel ftf

place Rom & Addon zip on externel sdcard

Place the downloaded file ClockworkMod- into the folder  C:\android-sdk\platform-tools

  • Download ClockworkMod from the link above
  • Switch off phone
  • Hold Vol-UP button
  • Insert USB cable, wait for blue light
On the cmd window enter the following commands (one at a time): cd C:\android-sdk\platform-tools
run fastboot flash boot ClockworkMod-

and then type
run fastboot reboot

  • when the purple LED shines, press and hold the Vol-UP button
You are now in ClockworkMod Recovery!

Wipe data/factory reset, wipe cache partiton, go to advanced wipe dalvik cache. then go to mounts & storage format system.

Go to install zip from sdcard choose zip from externel sdcard. flash rom

when installation is finished go back to advanced choose fix permissions


Now we need to download and install flashtool 
After installing it. 

The Kernel ftf  that you downloaded
"st26i_11.2.A.0.31 Kernel By Gavster26@XDA_Central Europe.ftf" needs to be extracted. 
You need to have 7Zip or any other file extracting programs.
Once you are done extracting you will find a file called kernel.sin 

follow the instructions in the video
Note: u need to browse for the kernel.sin file that you extracted.

Note:Be careful while browsing and selecting the right file, I happened to choose the wrong one and my phone would not startUp but I retried with the right file and it worked.
Now Flashing of new kernel is done.


Next for Addon Package: It is the same as the instructions in part 3. 
Except that here we select the addon package zip from sd card 
After that follow PART 4 (Flash the kernel again)

The file you downloaded extract it and place the files on sd card.

Download Root Browser place it on ur phone SD card.

Start your phone and install the RootBrowser APK that you downloaded.

Now open it up and copy systemui.apk from the extracted files of to /system/app give permissions rw-r-r
Note: there will already be a copy of systemui.apk rename it to sytemui_copy.apk and then push/copy the file. Tap and hold on the file for long and select permissions from the menu and give it as rw-r-r

Similarly copy  framework.jar to system/framework give permissions rw-r-r
Note: there will already be a copy of framework.jar rename it to framework.jar_copy.apk and then push/copy the file. Tap and hold on the file for long and select permissions from the menu and give it as rw-r-r

You are done.
Be careful while flashing/rooting/unlocking as the methods vary from each model.
Refer XDA forums when in doubt.


Blog Widget by LinkWithin