Stay up to date with Payatu blog


Stay up to date with Payatu blog

Close the overlay

I am looking for
Please click one!


IoT Security - Part 11 (Introduction To CoAP Protocol And Security)

This blog is part of the IoT Security series where we discuss the basic concepts pertaining to the IoT/IIoT eco-system and its security. If you have not gone through the previous blogs in the series, ...


SEC4ML Part-2: Adversarial Machine Learning attacks

This is the SEC4ML subsection of the Machine Learning series. Here we will discuss potential vulnerabilities in Machine Learning applications. SEC4ML will cover attacks like Adversarial Learning, Mode...


IoT Security - Part 10 (Introduction To MQTT Protocol and Security)

This blog is part of IoT Security series where we discuss the basic concepts pertaining to the IoT/IIoT eco-system and its security. If you have not gone through the previous blogs in the series, I wo...


IoT Security – Part 9 (Introduction to software defined radio)

Introduction This blog is part of the “IoT Security” series. If you haven’t read the previous blogs (parts 1 - 8) in the series, I urge you to go through them first unless you are already fa...


Security and privacy of AI/ML applications - A layman's guide

Machine Learning(ML) is under exponential growth these days. Businesses, Academia and tech enthusiasts are really hyped about trying out ML to solve their problems. Students are driven to learn this n...


A guide to Linux Privilege Escalation

What is Privilege escalation? Most computer systems are designed for use with multiple users. Privileges mean what a user is permitted to do. Common privileges include viewing and editing files, or modifying system files. Privilege escalation means a user receives privileges they are not entitled to. These privileges can be used to delete files, view private information, or install unwanted programs such as viruses. It usually occurs when a system has a bug that allows security to be bypassed or, alternatively, has flawed design assumptions about how it will be used. Privilege escalation is the act of exploiting a bug, design flaw or configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user. The result is that an application with more privileges than intended by the application developer or system administrator can perform unauthorized actions. While organizations are statistically likely to have more Windows clients, Linux privilege escalation attacks are significant threats to account for when considering an organization’s information security posture. Consider that an organization’s most critical infrastructure, such as web servers, databases, firewalls, etc. are very likely running a Linux operating system. Compromises to these critical devices have the potential to severely disrupt an organization’s operations, if not destroy them entirely. Furthermore, Internet of Things (IoT) and embedded systems are becoming ubiquitous in the workplace, thereby increasing the number of potential targets for malicious hackers. Given the prevalence of Linux devices in the workplace, it is of paramount importance that organizations harden and secure these devices. Objective In this blog, we will talk in detail as what security issues could lead to a successful privilege escalation attack on any Linux based systems. We would also discuss as how an attacker can use the possible known techniques to successfully elevate his privileges on a remote host and how we can protect our systems from any such attack. At the end, examples would be demonstrated as how we achieved privilege escalation on different Linux systems under different conditions....


Vulnhub SickOs 1.2 – Walkthrough

The objective was to break into and read the flag kept under /root/7d03aaa2bf93d80040f3f22ec6ad9d5a.txt Attacker’s IP is So lets start !!! 1. Started with netdiscover to locate the victim IP address. Victim was at 2. Scanned for open ports using nmap and found port 22 and 80 open. A lighttpd web server is running on port 80....


Vulnhub Stapler – Walkthrough

on here. 1. First I tried checking the IP address using netdiscover. The victim appears to be sitting at The attacker machine is at 2. Next nmap helped us in checking the open ports and the respective services running. ...


Kioptrix Level -1 Walkthrough

Unlike other walk-throughs, this will be a crisp manual. Without wasting much time I’d be showing the final steps and not go into the details of reconnaissance and failure steps. The VMs were hosted/setup up back in 2010 and while solving challenge 1, I ran into a couple of issues which I was able to eventually resolve. I downloaded the VM from here and using Virtual Box 4.3.36 on an Ubuntu host. Both victim machine (Kioptrix 1 VM) and attacker machine (Kali 2.0) are kept on “Host Only” network configuration. Attacker’s IP : In order to find the victim within the local network, we’ll be using netdiscover utility. Victim appears to be sitting at ...