OWASP Seraphimdroid android security published


Case of the cyber war: Kosovo conflict


Kosovo conflict was a conflict that started during the 1998 between FR Yugoslavia police and military forces and Albanian separatists in Kosovo. During the 1999. NATO launched air strike campaign against FR Yugoslavia. The air strikes lasted for 78 days, after which FR Yugoslavia agreed to withdraw forces out of Kosovo. This was the first war with quite extensive activity in cyber space or the internet. Many attacks happened during these 78 days. However, even thou the military conflict ended after the Kumanovo peace treaty, the conflict remained in diplomatic space and in cyber space. Since NATO proclaimed to be neutral (which it sometimes is, but sometimes is not), NATO facilities stopped to be targets, but we can say


Introducing OWASP Seraphimdroid

About 2 months ago I started thinking about creating Android security application. I was looking where the other application are weak, since there are a lot of android device protection and anti malware application available on Google play. Thing I found that most of those application don’t use application permissions as indicator that some other application is malicious. Other thing I also found is that a lot of features, that are quite easy to develop are premium. As I was looking for project to train myself, and help others to train developing android security tools that had not that luck to be employed by some anti virus company, I decided to create open source project. There will be no other

Social engineering head

Introduction to Social engineering

Social engineering is one of the main security issues these days. Most of companies invest to infrastructure to be hardly hackable, but they don’t educate people. Social engineering is quite common attack since the begining of 1980′. And many big corporate networks were infiltrated using these attacks. And the only way to prevent them is to educate your employees. Every one of them. If you have one person that cannot say no on phonecall asking to reset or give some password, IP addresses ranges or anything else, your entire organization is at risk.

Social engineering head

What is Social Engineering?

Social engineering is a term that describes a

social engineering

Gmail social engineering attack

This morning I recieved email that was signed as Gmail Team and that was saying:

Re: Due to recent upgrade in our database, we are terminatin​g all unverified accounts permanentl​y. Reply and give the informatio​n below:User​name,Passw​ord,Date of Birth,Phon​e&Country. Note! You have one week to comply. Gmail Inc. All rights reserved.

Email address it was sent from was [email protected]

This is classical example of phishing and social engineering attack. First of all email address is wrong, and Google would not use adress like [email protected] to tell you that you should verify account. Next thing is the signature – Gmail Inc. Company like that does not exist, Gmail is part of Google. Here we have used people’s trust in Gmail and


Story about OWASP Serbia


Finily I got some time to write about open source community in Serbia that I am leading. I hope it will help also a bit to make it more popular and also I hope it will give some advices to new OWASP chapter leaders or people who want to create some technical community. Feel free to comment also if you have some advices for us.

OWASP Serbia

What is OWASP

Question that is offen asked. Especially in countries like Serbia where web security is not well covered topic. So let’s start from the basics.

The Open Web

mobile app threat agents

Notes on history of mobile malware

Mobile malware came not so long ago as PC malware. Mobile malware is almost 20 years younger, but today since almost everyone has mobile device it evolved to quite dangerous tools for attackers. Also mobile manifacturers were doing their job, creating sandbox environement in mobile operating systems, so users can be quite secure. Sandboxes helped a lot to elemenate some of the threats, but not all.

Brief history

It all started in 2004 with malware called Cabir. Cabir is a worm that was originally developed as a proof of concept by a coder named Vallez who worked as a part of the 29A group of virus writers. Cabir was written to infect Symbian-based devices and spread via Bluetooth as a


Train with Game Over.iso

Today I have tried to set up GameOver.iso, one of many interesting live linux environement that is meant to be training tool for learning about web application security. I must admit that I like it, altrough I had a little problems and confusion in start. Actually it is linux live CD that set up web server with vulnerable web applications that you can try to hack. As I had used some of the linux distributions that are ment to be training environement like OWASP live CD, I expected also some graphical environement. Tried startx command from console, but nothing happened. Then I learned that it just starts server, and you had to access vulnerable websites from other machine via


Pwned by the owner

Couple of months ago I saw one video from Defcon 18, called “Pwned by the owner”. I really liked the story, also the way the presentation was held. So would like to recomend this video both to security guys and to soft skills guys. In short, presentation is actually a story about stolen computer. But hackers’ stolen computer. So it is a story about getting access to own computer, but in hands of the stealer. Speaker explains how he got access to different type of accounts, how he gathered information, lost data, and how he get known with his victim. In other words how he pwned person who stole his computer. Its funny, and you can learn a lot from it. Check it here: