Starting Inspiratron talks podcast


Komentari na Zakon o informacionoj bezbednosti/Comments on Serbian law on information security

Srpska verzija

Nedavno je u Skupštini republike Srbije usvojen Zakon o informacionoj bezbednosti. Tekst usvojenog zakona se može pronaći na sajtu parlamenta. Tokom leta je bila u toku javna rasprava o zakonu, tokom koje sam se i ja uključio sa mojim komentarima. Moji komentari se mogu videti niže u embedovanom PDF dokumentu (telefone i email adresu sam sakrio, dok je ostatak originalni dokument koji je bio poslat i ministarstvu nadležnom za zakon). Iz ministartsva sam dobio povratnu informaciju da su moji komentari korisni i da će biti uzeti u obzir. Radi poređenja, ovde se može naći nacrt zakona u formi od jula 2015., kada su komentari i nastali.

Neću mnogo komentaristati usvojen zakon, osim toga da se nije


Introduction to reverse engineering

1. Introduction

Reverse engineering is the process of discovering the technological principles of a device, object, or system through analysis of its structure, function, and operation. This involves taking some device, system or software and breaking it apart, analyze it and conclude how it works. When reverse engineer conclude how system works he can take advantage of it, he can recreate it, document it or fix flaws. Reverse engineering is commonly used to document system that is poorly documented and designers are no longer available, to retrieve lost source code and fix problems, to use undocumented API for interoperability, to create competitive project similar as reversed project or to overcome protection. Here we will focus on software reverse engineering in

OWASP Seraphimdroid

New version of OWASP Seraphimdroid (v2.0) is published

Dear users and security aware people, we have a great announcement. The new version of OWASP Seraphimdroid is published with some very interesting breakthrough features. If you liked OWASP Seraphimdroid before, now you will probably love it. We have improved machine learning aided permission scanner, new settings scanner, improved SMS interceptor, improved application locker, and some more. OWASP organized OWASP Code Summer Sprint, where OWASP Seraphimdroid participated as one of the project. Student that was proposed some and was selected to develop improvements on OWASP Seraphimdroid was Kartik Kohli. I had opportunity to mentor him as OWASP Seraphimdroid project leader. So let’s start explaining the major improvements.

If you are not aware or do not know what features


Chasing script-kiddies and hackers on my blog

This morning, I was wondering over my admin dashboard and realized there are couple of guys (hackers or script-kiddies) trying to hack me. Well, to be hones guess my user name and password. So far, they were failing, but some of them were returning and trying every couple of hours, when my blocking mechanism release the block. Particularly, one guy from Moldova, one from Romania and one from Ukraine. To say it on the beginning… I ain’t gonna say something very smart here, I was just playing a bits of forensics here and there, to find out who they are. And to be honest, I am not satisfied, since I have not found much apart from IP address of machine


USSD Code List for Android Smartphone

Unstructured Supplementary Service Data (USSD) is a protocol used by GSM cellular telephones to communicate with the service provider’s computers. USSD can be used for WAP browsing, prepaid callback service, mobile-money services, location-based content services, menu-based information services, and as part of configuring the phone on the network.

USSD messages are up to 182 alphanumeric characters in length. Unlike Short Message Service (SMS) messages, USSD messages create a real-time connection during a USSD session. The connection remains open, allowing a two-way exchange of a sequence of data. This makes USSD more responsive than services that use SMS.

Some of these codes may lead you to a menu use the option key (far left soft key) to navigate. Some of the


Case of the cyber war: Kosovo conflict


Kosovo conflict was a conflict that started during the 1998 between FR Yugoslavia police and military forces and Albanian separatists in Kosovo. During the 1999. NATO launched air strike campaign against FR Yugoslavia. The air strikes lasted for 78 days, after which FR Yugoslavia agreed to withdraw forces out of Kosovo. This was the first war with quite extensive activity in cyber space or the internet. Many attacks happened during these 78 days. However, even thou the military conflict ended after the Kumanovo peace treaty, the conflict remained in diplomatic space and in cyber space. Since NATO proclaimed to be neutral (which it sometimes is, but sometimes is not), NATO facilities stopped to be targets, but we can say


Introducing OWASP Seraphimdroid

About 2 months ago I started thinking about creating Android security application. I was looking where the other application are weak, since there are a lot of android device protection and anti malware application available on Google play. Thing I found that most of those application don’t use application permissions as indicator that some other application is malicious. Other thing I also found is that a lot of features, that are quite easy to develop are premium. As I was looking for project to train myself, and help others to train developing android security tools that had not that luck to be employed by some anti virus company, I decided to create open source project. There will be no other

Social engineering head

Introduction to Social engineering

Social engineering is one of the main security issues these days. Most of companies invest to infrastructure to be hardly hackable, but they don’t educate people. Social engineering is quite common attack since the begining of 1980′. And many big corporate networks were infiltrated using these attacks. And the only way to prevent them is to educate your employees. Every one of them. If you have one person that cannot say no on phonecall asking to reset or give some password, IP addresses ranges or anything else, your entire organization is at risk.

Social engineering head

What is Social Engineering?

Social engineering is a term that describes a

social engineering

Gmail social engineering attack

This morning I recieved email that was signed as Gmail Team and that was saying:

Re: Due to recent upgrade in our database, we are terminatin​g all unverified accounts permanentl​y. Reply and give the informatio​n below:User​name,Passw​ord,Date of Birth,Phon​e&Country. Note! You have one week to comply. Gmail Inc. All rights reserved.

Email address it was sent from was [email protected]

This is classical example of phishing and social engineering attack. First of all email address is wrong, and Google would not use adress like [email protected] to tell you that you should verify account. Next thing is the signature – Gmail Inc. Company like that does not exist, Gmail is part of Google. Here we have used people’s trust in Gmail and