Blog

Stay up to date with Payatu blog

Blog

Stay up to date with Payatu blog

Close the overlay

I am looking for
Please click one!

12/07/2020

SEC4ML Part-2: Adversarial Machine Learning attacks



nikhilj

This is the SEC4ML subsection of the Machine Learning series. Here we will discuss potential vulnerabilities in Machine Learning applications. SEC4ML will cover attacks like Adversarial Learning, Mode

Read more
26/06/2020

IoT Security - Part 10 (Introduction To MQTT Protocol and Security)



aseem

This blog is part of IoT Security series where we discuss the basic concepts pertaining to the IoT/IIoT eco-system and its security. If you have not gone through the previous blogs in the series, I wo

Read more
25/06/2020

IoT Security – Part 9 (Introduction to software defined radio)



appar

Introduction This blog is part of the “IoT Security” series. If you haven’t read the previous blogs (parts 1 - 8) in the series, I urge you to go through them first unless you are already fa

Read more
10/06/2020

Security and privacy of AI/ML applications - A layman's guide



nikhilj

Machine Learning(ML) is under exponential growth these days. Businesses, Academia and tech enthusiasts are really hyped about trying out ML to solve their problems. Students are driven to learn this n

Read more
20/02/2018

A guide to Linux Privilege Escalation



Rashid-Feroze

What is Privilege escalation? Most computer systems are designed for use with multiple users. Privileges mean what a user is permitted to do. Common privileges include viewing and editing files, or modifying system files. Privilege escalation means a user receives privileges they are not entitled to. These privileges can be used to delete files, view private information, or install unwanted programs such as viruses. It usually occurs when a system has a bug that allows security to be bypassed or, alternatively, has flawed design assumptions about how it will be used. Privilege escalation is the act of exploiting a bug, design flaw or configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user. The result is that an application with more privileges than intended by the application developer or system administrator can perform unauthorized actions. While organizations are statistically likely to have more Windows clients, Linux privilege escalation attacks are significant threats to account for when considering an organization’s information security posture. Consider that an organization’s most critical infrastructure, such as web servers, databases, firewalls, etc. are very likely running a Linux operating system. Compromises to these critical devices have the potential to severely disrupt an organization’s operations, if not destroy them entirely. Furthermore, Internet of Things (IoT) and embedded systems are becoming ubiquitous in the workplace, thereby increasing the number of potential targets for malicious hackers. Given the prevalence of Linux devices in the workplace, it is of paramount importance that organizations harden and secure these devices. Objective In this blog, we will talk in detail as what security issues could lead to a successful privilege escalation attack on any Linux based systems. We would also discuss as how an attacker can use the possible known techniques to successfully elevate his privileges on a remote host and how we can protect our systems from any such attack. At the end, examples would be demonstrated as how we achieved privilege escalation on different Linux systems under different conditions.

Read more
04/09/2017

Vulnhub SickOs 1.2 – Walkthrough



Harish-Tiwari

The objective was to break into and read the flag kept under /root/7d03aaa2bf93d80040f3f22ec6ad9d5a.txt Attacker’s IP is 192.168.56.101 So lets start !!! 1. Started with netdiscover to locate the victim IP address. Victim was at 192.168.56.102 2. Scanned for open ports using nmap and found port 22 and 80 open. A lighttpd web server is running on port 80.

Read more
03/09/2017

Vulnhub Stapler – Walkthrough



Harish-Tiwari

on here. 1. First I tried checking the IP address using netdiscover. The victim appears to be sitting at 10.0.2.9. The attacker machine is at 10.0.2.11 2. Next nmap helped us in checking the open ports and the respective services running.

Read more
01/09/2017

Kioptrix Level -1 Walkthrough



Harish-Tiwari

Unlike other walk-throughs, this will be a crisp manual. Without wasting much time I’d be showing the final steps and not go into the details of reconnaissance and failure steps. The VMs were hosted/setup up back in 2010 and while solving challenge 1, I ran into a couple of issues which I was able to eventually resolve. I downloaded the VM from here and using Virtual Box 4.3.36 on an Ubuntu host. Both victim machine (Kioptrix 1 VM) and attacker machine (Kali 2.0) are kept on “Host Only” network configuration. Attacker’s IP : 192.168.56.101 In order to find the victim within the local network, we’ll be using netdiscover utility. Victim appears to be sitting at 192.168.56.102

Read more