Sunday, November 24, 2019

Guidelines for Corporate Email Audit

Many security firms often provide audit assurance to their clients. As a part of their many activities, auditing corporate email system is one of their principal activity. In this article, I have 40 guidelines which an auditor or manager can use to audit their clients' corporate email system. It includes some technical and more procedural guidelines.

Auditing remote access process and procedures

In this article, I am going to share a small checklist that will help auditors and testers to provide assurance on remote access processes and procedures for any company. This is not a technical article but controls defined in this list can be well-reviewed by managers and to be discussed with clients. For each part, if they want to go in-depth, they can.

Thursday, September 26, 2019

Integrate Threat Intelligence program into your daily security operations - Phase 3 - Effectiveness of the Analysis Process

This is the fourth article of 5 articles series on integrating threat intelligence into daily security operations. If you have not gone through the first three articles, then I highly recommend you reading that as all articles are connected to one another in a proper sequence. In this article, I am going to talk about the effectiveness of the analysis process. Here is article 1, article 2 and article 3.

Tuesday, September 17, 2019

Integrate Threat Intelligence program into your daily security operations - Phase 2 - Collecting Intelligence

This is the third article of 5 articles series on threat integrating threat intelligence into daily security operations. If you have not gone through the first two articles, then I highly recommend you reading that as all articles are connected to one another in a proper sequence. In this article, we are going to talk about phase 2 in which we will discuss what would be the intelligence collection strategy, methods and procedures. Here is article 1 and article 2.

Saturday, May 18, 2019

Integrate Threat Intelligence program into your daily security operations - Phase 1 - Planning and Preparation

From the last article located at here, we have now a majority of information to start the preparation and planning. In this article, I am going to explain how we can initiate the project and start preparing plans and procedures. This can be done in two phases.

Initial meetings with internal team to discuss the current threat landscape of an organisation.

Review observations that can help to prepare a perfect plan.

Wednesday, May 15, 2019

Integrate the Threat Intelligence program into your daily security operations - Phase 0 - Introduction


There is a huge amount of the increasing use of sophisticated malware, and often organisations fail to understand the real intent of such activities by a large group of hackers, nation-sponsored attacks, organized cybercrimes, cyber terrorists. These attacks result in revenue disruption, damaging public and private reputation and demolishing business processes and workflow.

Intelligence is staying ahead of the next threat targeting to your organisation by implementing protective measures to protect your brand reputation, data, people, process and technology infrastructure. I am assuming whoever reading this article has a little bit of background knowledge on threat intelligence terminology.

Just having a Threat intelligence product itself is not sufficient, data should be collected, classified and correlated with hacking tools, tactics and techniques.

Sunday, May 6, 2018

Stealing NTLM hash with BadPDF - A Technique to bypass AV and Endpoint protections


On April 26, 2018 checkpoint research team discovered the malicious exploit which can be embedded in PDF files to send further to the victims. After opening the malicious PDF file, victim’s machine will leak NTLM hash via SMB protocol.

I created the malicious PDF and tested on my personal machine which was fully equipped with cutting edge end-point protection technology. It leaked NTLM hash to the attacker. If SMB protocol is opened on victim’s machine, it will leak the hash through it.

I thought disabling SMB protocol will patch this issue. So I turned off the SMB protocol on the machine, downloaded the PDF via the web browser and opened it through the Chrome browser only. In that case, the browser made an HTTP request to attacker’s machine for leaking the NTLM hash value.

Saturday, April 21, 2018

Android OS/Phone Security Hardening Guide

In this article, I am going to list down all security features which can be hardened for any Android phone operating system in order to improve the security of user phone. I believe that there are plenty of articles available online for the same, however, they are missing one or other thing. Hence, my try here is to list down every possible feature that we can use to improve Android phone security.