
Cloud Security Posture Management – A Walkthrough
The term ‘security posture’ is all about the current state of security and can be categorized productively as CSPM. Cloud security posture management (CSPM) identifies
The term ‘security posture’ is all about the current state of security and can be categorized productively as CSPM. Cloud security posture management (CSPM) identifies
Introduction As India’s power sector becomes increasingly dependent on digital technologies and faces a sharp rise in cyber threats, the Central Electricity Authority (CEA) has released the
Introduction Automation significantly enhances the efficiency and productivity of our work. It spares the human effort involved in doing a repetitive task manually. By writing
Defence is important for staying safe from cyber-attacks, but how do you make sure the defence is equipped enough to stop a full-fledged attack from
After understanding the Hermes bytecode and bypassing SSL certificate pinning, it’s now time for the final blog of the React Native Pentesting for Android Masterclass!
In the last blog of the React Native Pentesting for Android Masterclass, we covered understanding the Hermes bytecode. Let’s move forward! What is SSL certificate
The React Native Pentesting for Android Masterclass has taught us how to edit and patch React Native apps in the previous blog. Let’s now move
In the previous blog of the React Native Pentesting for Android Security Masterclass, we covered methods for decompiling APK files and analyzing their structure. Let’s
The React Native Pentesting for Android Security Masterclass has taught us how to reverse engineer react native applications by now, so we’ll explore both methods for
In the previous blog of the React Native Pentesting for Android Security Masterclass, we understood what React Native is and why it is important. The
Introduction Nowadays, there is an emergence of cross-platform hybrid applications on a large scale. Many top organizations are adapting different frameworks to develop or even
What are GitHub Runners? GitHub offers hosted virtual machines to run workflows. The virtual machine contains an environment of tools, packages, and settings available for
Inter-Process Communication (IPC) is a critical aspect of modern computing, enabling different processes within an operating system to exchange data and coordinate actions. Through various
In this post, we’ll discuss a technique you can employ to read data from an eMMC chip and proceed with further analysis. The eMMC chip featured in this blog post is sourced from an EV scooter.
Artificial Intelligence (AI) is emerging as a pillar of innovation in the digital age, driving advancements across various industries, including cybersecurity. At the forefront of
Stream ciphers operate on each bit of data in the message rather than on a chunk of data at a time. Encryption and decryption are
Introduction Secure Code Review is the process of auditing and reviewing the source code manually and using automated tools to identify flaws in the codebase.
Hello everyone, this blog series demonstrates how to get started with cryptography challenges in CTFs and learn about common cryptography attacks in general. This blog
Introduction In today’s digital age, cybersecurity has become a significant concern for individuals and organizations alike. As mobile devices continue to grow in popularity, it’s
As more and more organizations adapt to the cloud, security concerns are on the rise as well. Let’s take a look at the top 7 cloud security concerns in the current landscape.
Drones have rapidly emerged as a cutting-edge technology that has transformed various industries and everyday activities. These flying machines are equipped with advanced sensors, cameras,
Introduction: In the dynamic landscape of web and mobile applications, security remains a paramount concern. In this blog, we will delve into the world of
Introduction : Embarking on a journey into the realm of Active Directory (AD) can be both exciting and overwhelming. In this blog series, we’ll unravel
Introduction One of our recent assessments required us to pentest a thick client application, for which we needed to inspect the HTTP communication between the
Server-Side Template Injection (SSTI) is one of the most common web vulnerabilities found in web applications and usually arises due to the dynamic generation of
The previous article, Denial Of Service In Windows 11 22H2, described an infinite recursion bug triggered by a crafted SetParent WINAPI call in the Windows
Introduction In this article, I delve into the potential vulnerabilities of OAuth Implicit Flow, specifically in gaining unauthorized access to user accounts due to a
What is a deep link? Deep linking is the practice of embedding hyperlinks to specific content within a mobile application. This technique directs users to
A thick client is a software application that has most of the resources installed locally for processing on typically a personal computer. Thick Clients follows
What is XPATH? XPATH is a standard language used to query and navigate XML documents. It makes use of Path expressions to select node from
As a part of our efforts to fuzz Windows Kernel using in-house WinK fuzzer [1], we were able to fuzz Windows 11 22H2 v22621.2283, x64
What is an HTTP Host Header? The HTTP Host header is a mandatory header field in an HTTP request that specifies the domain name of
My Journey of Signal Intelligence Disclaimer: Transmission of radio signals is prohibitive in India. Please go through the following link before performing any activity with
About The Digital Personal Data Protection Act, 2023 The Digital Personal Data Protection Act was passed by the President of India on 11th August, 2023.
In the present era of seamless communication and always-available phones, call spoofing is a new and unexpected concern. This scam manages caller identifying (Caller ID)
Software is essential to our lives in today’s digital world, from communication to national security. The ecosystem of software in India is expanding rapidly and
Payatu Bandits played the HackTheBox Business CTF 2023 and secured 1st rank in India, but overall, we secured 31st by the end of the tournament.
Introduction In recent times, it has become more convenient for smartphone users to use a mobile application instead of browsing a website. If any organization
The growth of smartphone usage worldwide is nothing less than remarkable, with Android being the most popular mobile Operating System globally. According to the latest
You might have come across both “same-site” and “same-origin”, and although they look and sound similar, these terms are among the highly cited but often
Background Currently, I work as a security consultant at Payatu, primarily focusing on web penetration testing and source code review. I also have approximately 2
Due to the rapid advancement of technology, there has been a surge in popularity of the Internet of Things (IoT) and 5G networks. These advancements
Keeping up with new vulnerabilities and attack vectors is essential in the always changing world of web application security. Recent years have seen an increase
Web services attacks are a type of cyber-attack that target web-based applications and services. These attacks are designed to exploit vulnerabilities in web services, which
The HTTP Request Smuggling vulnerability, also known as the HTTP Desync Attack, has been around for a while but was brought back to attention by
Smali is a type of assembly language for the Dalvik virtual machine, which is used by Android devices. It is used to modify and reverse
Smart contracts are self-executing contracts with the terms of the agreement between buyer and seller being directly written into lines of code. They are immutable
Machine Name: Object Difficulty: Hard OS: Windows Rating: 5.0/5.0 Summary Object is a hard Windows machine (Retired) in hackthebox. It gives us hands-on experience working
Flash loans are a relatively new financial instrument that are enabled by smart contracts on blockchain networks such as Ethereum. A flash loan is an
KIOSK machines are self-service endpoints that allow users to complete tasks on their own, at their preferred pace and time. These machines bring a restricted
As penetration testers/security researchers, we often encounter firewalls configured with rules that make it difficult to discover and test open ports. In this blog, we
Authentication bypass is the process of removing the limitations imposed by Apple on iOS devices, allowing users to install and run apps that are not
We have seen HTTP request smuggling attacks by modifying the Content-Length and Transfer-Encoding header. These methods exploit the execution of the headers on the client-side
This blog describes the attempts, as part of the Payatu Research Team, to fuzz and find vulnerabilities in Windows Kernel. We start the blog by
When it comes to privilege, it is important that the processes and applications should only be granted whatever is required to carry the respective tasks.
Why Pentest Mapper? Burp Suite’s Pentest Mapper plugin integrates a unique application testing checklist with request logging capabilities of Burp Suite. An easy-to-follow flow is
Managed security service providers (MSSPs) have become an essential component of modern cybersecurity strategies. With the increasing complexity and sophistication of cyber threats, organizations of
As penetration testers/security researchers you often come across firewalls configured with egress/ingress filtering that makes it difficult to spawn a shell. In this blog, we
Why ATOR? The Authentication Token Obtain and Replace (ATOR) Burp plugin handles complex login sequences because it allows the user to obtain and replace authentication
An active directory allows network administrators to manage domains, users, and objects in a respective network. Now, as the network grows, the AD provides a
In a network, computers are addressed with numerical values called IP addresses. Computers use these IP address to communicate with each other. Since these values
Introduction Cross-platform applications have been emerging in recent years. The React Native framework is also gaining lots of traction in the world of mobile application
Reentrancy attacks are a serious vulnerability that occur in smart contracts, and are becoming increasingly popular in decentralized finance (DeFi). The infamous “The DAO” incident,
The scripts, programs and files we used for the above steps are available on GitHub.
Mobile devices have become an integral part of our daily lives, and with the increasing use of smartphones and tablets, the need for following security
In one of our previous blogs, Starters Guide To Cyber Threat Intelligence, we get an understanding of the basics of Cyber Threat Intelligence, its types, and the
NoSQL databases are becoming quite popular due to their advantage over SQL databases in scalability and easy-to-use schema. With the introduction of a new database,
This blog is part of the “IoT Security” Series. If you haven’t read the previous blogs (parts 1 – 5) in the series, I urge
What is JWT (JSON Web Token)? JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely
So, in my last blog I showed you guys to set up the iOS devices to start your journey in testing iOS Applications. I have
Threat Intelligence Vendor is a modern-day necessity for every organization. It has become paramount for companies who want to protect themselves through reactive components, which
The majority of applications use JavaScript, and you must know that XSS is a JavaScript-based issue. Cross-site scripting (also known as XSS) is a web security vulnerability
What is a Buffer? The term “buffer” is a generic term that refers to a place to store or hold something temporarily before using it. In
This blog is part of the IoT Security series where we discuss the basic concepts pertaining to the IoT/IIoT eco-system and its security. If you
What is Server Side Includes? Server-Side Includes is a mechanism that help developers insert dynamic content into HTML files without requiring knowledge of the server
We stumble upon various cyber-security incidents in our day-to-day life and get worried about securing our data and services and then move on with our
Blockchain & Smart contracts are the buzz. It is not just about bitcoin and Ethereum like cryptocurrencies but altogether a different ball game. There are
What is SPN? A service principal name (SPN) is a unique service instance identifier. Kerberos authentication uses SPNs to link a service instance to a
The purpose of this blog is to explain how websites work and how browsers transform the Hyper Text Mark-up Language (HTML) used to describe web
Introduction Autorize is an extension aimed at helping the penetration tester to detect authorization vulnerabilities. Also, Authorization testing is the most time-consuming task in a web
Passive GSM sniffing with software-defined radio (SDR) is a technique used to intercept and decode the communication between mobile devices and cellular networks. With the
In this blog, we will demonstrate the Use of Frida for dynamic instrumentation of Android Application while doing android Application Pentesting. also explain the Frida
What is Flask? Flask is a lightweight WSGI web application framework that is very popular for making APIs and microservices. However, it is also an amazing framework
Understanding the Basic of Kerberosting Kerberoasting is one of the most common attacks against domain controllers. It is used to crack a Kerberos (encrypted password)
Data Protection Bill 2022 In light of digitalization and growth of the economy enabling citizens of India to access the internet for various purposes, the
Welcome to the 2nd post in Radio Hacking series. I hope you have gone through the 1st part. If not please check Part-1. Also, I hope
Code Injection Code Injection is the general term for attack types which consist of injecting code that is then interpreted/executed by the application. This type
What is CTI? CTI or Cyber Threat Intelligence in essence is a continuous process of gathering intriguing intelligence in order to protect against any possible
What is the MITRE ATT&CK Framework? MITRE ATT&CK stands for MITRE Adversarial Tactics, Techniques, and Common Knowledge. It was created in 2013 as a result of
What is JWT ? JWT, or JSON Web Token, is an open standard (RFC 7519) used to exchange security information between a client and a
Introduction Due to the varied structure and nature of diverse manufacturing processes, selecting an ICS cybersecurity services/solutions vendor can be quite challenging. Also, OT security
Mobile applications have become a staple in our lives as they make everyday tasks easier, from checking our email to social media and online shopping.
Web application attacks are emerging every day and even the oldest of the attacks has not lost its significance. As the attacks are being evolved
Introduction DevSecOps stands for Development, Security, and Operations. It is a practice where security is seamlessly integrated into CI /CD pipelines. The goal is to
Introduction OVAA (Oversecured Vulnerable Android App) is a vulnerable android application that aggregates all the platform’s known and popular security vulnerabilities. In my last post,
JavaScript, often abbreviated JS, is a programming language that is one of the core technologies of the World Wide Web, alongside HTML and CSS. As
Insecure Deserialization Computer data is generally organized in data structures such as arrays, records, graphs, classes, or other configurations for efficiency. When data structures need
Introduction SSH is a very common and widely utilized protocol to securely interact with machines. Many developers and those with technical duties in the wide
Introduction This blog will cover some vulnerabilities that researchers commonly encounter while doing assessment; this blog will be all about the authorization flaws that exist
Content Security Policy (CSP) is an added layer of security for the mitigation of cross site scripting (XSS) attacks. However, an attacker can leverage misconfiguration in CSP
Introduction Favicons are one of the most overlooked assets of a website and are at best serving the purpose of helping you identify a particular
Name: Debugger Unchained Difficulty: Easy Category: Web Description: Our SOC team has discovered a new strain of malware in one of the workstations. They extracted
Indroduction Semgrep is a static analysis tool that is loved by developers as well as the AppSec community for its ease of use. It supports
Introduction How did an IDOR (Insecure Direct Object Reference) Vulnerability lead me to delete anyone’s account? This is a tale about a particular application that
In this blog, we will investigate why IoT Security Compliances are of utmost importance for IoT products and who all should be aware of such
In this blog, we will discuss why we need to do an OT Security Assessment. This not only applies to the facts for the previously
Introduction Cyber assaults pose a significant danger to businesses, governments, and other entities. Recent assaults on big corporates as well as private businesses highlight the
For a long time, insecure iOS applications have been a major source of concern. As a result of the popularity of these apps, the number
Introduction: OVAA (Oversecured Vulnerable Android App) is an Android app that aggregates all the platform’s known and popular security vulnerabilities. As of writing this post,
Introduction Ever since spring4shell came out in the news, the infosec community has been comparing it to the log4shell that took the internet by storm.
In this Blog, I am going to discuss one of the interesting scenarios that I came across while testing an application. A scenario of exploiting
Containers have seen widespread adoption across the tech industry. They provide a lightweight method of packaging and deploying applications in a standardized way across many
Introduction In red teaming assessment, red teamers simulate the real-world attack scenarios in order to achieve their goals. Phishing is one of the attack scenarios
Hey guys today, I will be talking about Authentication. This blog post will cover each and every possible vulnerability which falls under broken authentication Difference
Hello everyone, in this blog series we will look into firmware emulation of bare-metal devices with the help of a CPU emulator called Unicorn. You
The Cyber Security market has grown exponentially in the past decade and will continue to grow to meet the ever-increasing demand. Every organization is currently
On its journey to actively updating compliance standards to tackle modern-day cyber security threats to the Payment Card Industry, the PCI SSC (Payment Card Industry
Today smartphones have become one of the most significant aspects of our lives, omnipresent even! In today’s era smartphones are rapidly replacing computers in the
Introduction In this article, we will learn about the most common security vulnerabilities encountered in applications that use the OAuth protocol. The protocol itself is
We have seen SQL Injection during dynamic testing using some interception tools like BurpSuite. In this blog I will throw some light on source code
We have finally reached the last part of the GraphQL exploitation series. If you are visiting this blog without going through previous parts, we recommend
Introduction Hi Folks, Do you want to try performing electron application penetration testing? but having trouble in knowing where to start? If you’re looking for
Introduction JsonP is an abbreviation for Json with padding. JsonP It was created to enable cross-origin access to JavaScript and it operates as an exception
Introduction While browsing the web, you’ve almost certainly come across sites that let you log in using your social media account. There is a high
Introduction Today we are going to take a dive into WebSockets and how we can exploit vulnerabilities/misconfigurations in WebSockets. At the end, we will also
Introduction Phones have now become an integral part of everyday lives. You can’t go one day without using your phone. Now, this usage is directly
Introduction Welcome back! I hope you have gone through the previous blogs, where we discussed about can-utils. In this blog we will try to look
Today I’ll be discussing about the IDOR (insecure direct object reference) vulnerability in an application. Where I was able to take over the account via
PostMessages are widely used to send messages from one window to another. Over time, there have been many security implications in post messages as many
AD Enumeration Without External Scripts While doing red teaming many a time we encounter implimentation of internal VDI with no internet excess to external network
Log4j Vulnerability-An overview to the un-noticed open window in your application. Log4jShell !!! Log4j vulnerability !!! Log4j RCE !!! , you are probably getting all
Penetrate the Protected Component in Android Introduction Hello guys, in our last blog of the series we discussed basic fundamentals about Android applications and their
Welcome back! I hope you have gone through the previous blogs, where we discussed about “CAN Bus protocol”. In this blog we will look into
I hope you have gone through the previous blogs, where we discussed about OBD-II. In this blog we will look into can-utils. Which contains user
Hi All. I welcome you again. In this particular blog post we’ll code our own tool in C++ to gather information (list of running processes)
Signal Processing in Side Channel Attacks From this blog series, we will start looking in the depth of Side-channel Attack (SCA) details. In this blog,
Broken Access Control: Pentester’s Gold Mine Hey folks, hope you all are doing well! Recently OWASP Top 10 2021 was released and the Broken Access
Automotive Security – Part 3 (Intro to CAN Bus Protocol – 101) Welcome back! I hope you have gone through the previous blogs, where we
An easy guide to Credential Stuffing Attacks – How businesses can Detect and Prevent it? Wondering if you have been a victim of a Credential
Cloud Storage Security: Attacking & Auditing Introduction This blog series aims to help you get started with cloud storage security. We will be looking how
With the last quarter around the corner, most businesses are gearing up to prep for the QBR meeting and setting up new OKRs and budgets
Automotive Security – Part 1 (101 – Automotive Security Introduction) Introduction Welcome back! I hope you have gone through the previous blog “Automotive Security –
Automotive Security – Part 1 (101 – Automotive Security Introduction) Introduction Automotive Security is not just physically hacking a car/vehicle. It is only a very
As you know AMSI is something that you will most likely come across almost in every Red Team engagement. As of today bypassing AMSI is
Exploration of Native Modules on Android with Frida In this blog, we will demonstrate the Use of Frida for instrumentation of Native Modules in Android
Introduction This is the second blog of the series. If you have not gone through the first blog that is PCB Designing – Basics, then
Wi-Fi Penetration Testing – Part 2 (PreConnection Attack) So, this is the Part-2 of Wi-fi Penetration Testing series in which we are going to learn
Wi-Fi Penetration Testing – Part 1 Hello everyone, this blog series demonstrates how to set up your Wi-Fi Penetration Testing Machine and how you can
Exploiting IAM Vulnerabilities in AWS In this blog, we are going to discuss various IAM flaws found in AWS Cloud with the help of various
Introduction In this blog, we will cover another type of attack on GraphQL which is also a prominent category of attack in OWASP top 10,
MineSweeper, with no luck – An Introductory blog to Reverse Engineering Hello Folks, This blog articulates the start of my Reverse Engineering journey. As this
Introduction: Thick Client Thick client applications, called desktop applications, are full-featured computers that are connected to a network. Unlike thin clients, which lack hard drives
PCB Designing-Basics Introduction This is the first blog of the series to discuss and learn the basics of PCB designing. In this blog we will
Privilege Escalation Attack : Attacking AWS IAM permission misconfigurations This blog series aims to help you get started with cloud security. We will be looking
Introduction In part1 , we understood the basic of graphql that we need to know before we exploit it nicely. In this part, we will
The social media giant, Facebook, suffered a devastating data breach of about 533 million of its worldwide userbase. The victims of this breach are mainly
Azure Storage Security: Attacking & Auditing Hello Guys, in my last blog, I showed you guys how to get started with cloud storage security &
In this article, we will explain XML External Entity (XXE) Injection, When will XXE vulnerability arise, the most common scenarios to test for XXE vulnerability,
Hello Guys, In our last blog, we discussed some basic fundamentals about Android applications and their architecture. If you have not read my previous blog
Have you ever thought of writing your own Burp Suite extension? This post will walk you through the entire process of writing your own burp
Cloud Storage Security: Attacking & Auditing Introduction This blog series aims to help you get started with cloud storage security. We will be looking how
I have observed that people often lost their path when they start learning security. They have many questions like “How do I start learning security?” or
What is SSRF? SSRF (Server Side Request Forgery) is the attack that allows an attacker to send a request on behalf of the server, It
Introduction Operating systems are configured with multiple access roles from low privilege to high privilege for restriction of access to a data or resource. But
Introduction This blog will give you a good look at Graphql and necessary information that will help you in understanding how graphql can be so
The first year of the new decade was plagued with several catastrophic events around the globe. It also saw a steep rise in the number
Introduction The blog series aims to help you get started with performing Android pentesting. This blog helps you to understand the fundamentals that you should
Introduction To address the threat and vulnerability issues encountered by IoT devices for consumers,industry and critical infrastructure, a variety of IoT security standards have been
This is part 3 of our SEC4ML subsection from machine learning blog series. In SEC4ML we will discuss possible attacks like Adversarial Learning, Model Stealing,
Introduction This is the first blog of the series to discuss security issues in the automotive domain. With the connected car concept the bidirectional vehicle
Introduction This blog is part of the IoT Security series, where we discuss the basic concepts about the IoT/IIoT ecosystem and its security. If you
IoT devices introduce 32.7% of all the infections in the mobile networks, Nokia stated. This number in 2020 was double than the previous year. The
This blog is part of the IoT Security series, where we discuss the basic concepts about the IoT/IIoT ecosystem and its security.If you have not
This blog is part of the IoT Security series, where we discuss the basic concepts about the IoT/IIoT ecosystem and its security. If you have
“If you think that the internet has changed your life, think again. The IoT is about to change it all over again”, a few very
This blog is part of the IoT Security series, where we discuss the basic concepts about the IoT/IIoT ecosystem and its security. If you have
An eminent 2020 study revealed that as many as 74% of organizations plan to shift a good part of their workforce to work in a
This blog is part of the IoT Security series, where we discuss the basic concepts about the IoT/IIoT eco-system and its security. If you have
In the words of the famous investment guru himself, Warren Buffet, “Wide diversification is only required when investors do not understand what they are doing.”
This blog is part of the IoT Security series, where we discuss the basic concepts about the IoT/IIoT eco-system and its security. If you have
Hello Guys, There are tons of blogs and resources available over the internet for helping you start your journey with Android Security Assessment but only
Introduction 33 billion data records to be stolen in 2023 alone, that’s the number predicted by Juniper Research, and by some accounts, it might be
This blog is part of the IoT Security series, where we discuss the basic concepts of the IoT/IIoT eco-system and its security. If you have
7 things that can go wrong with a faulty Business Application Security System It’s no secret that cyberattacks have been on the rise both in
IoT Security Part 13 (Introduction to Hardware Recon) This blog is part of the IoT Security series where we discuss the basic concepts pertaining to
MQTT Broker Security – 101 This blog is part of IoT Security series where we discuss the basic concepts pertaining to the IoT/IIoT eco-system and
My hacking adventures with Safari reader mode Summary In March 2020, I wrote a blogpost on Executing Scripts In Safari Reader Mode To CSP Bypass,
Ten Security Objectives to consider while Building an IoT/IIoT product As calculated by former Cisco researcher David Evans, every second, 127 new IoT devices are
This is the SEC4ML subsection of the Machine Learning series. Here we will discuss potential vulnerabilities in Machine Learning applications. SEC4ML will cover attacks like
Nowadays we often see that, to pentest an application first we have to connect into the client’s network and for which we have to set
Introduction This blog is part of the “IoT Security” series. If you haven’t read the previous blogs (parts 1 – 8) in the series, I
Introduction This blog is part of the “IoT Security” series. If you haven’t read the previous blogs (parts 1 – 7) in the series, I
Welcome to Part-2 of ARM firmware emulation blog series. If you haven’t gone through part 1 of Firmware Emulation, I would recommend to go through
Machine Learning(ML) is under exponential growth these days. Businesses, Academia and tech enthusiasts are really hyped about trying out ML to solve their problems. Students
Story: Few months back I was reading a security news on one of the famous news site, and by mistake I typed some characters in the
CVE Details ID : CVE-2020-12763 Advisory Description TrendNet ProView Wireless camera TV-IP512WN (version v1.0R) is vulnerable to buffer overflow in handling RTSP packet in firmware
Zoom Security Issues: An analysis of Zoom’s take on Security & Privacy issues: Because of lockdown due to COVID-19 in most parts of the world,
The Emerging $5 Trillion Economy to Receive a Cybersecurity Policy Upgrade in 2020 The National Security Council Secretariat sought suggestions and comments to form the
Introduction : Encrypted Firmware Security analysis of the device firmware is a very crucial part of IoT Security Auditing. Obtaining firmware is amongst the many
Recently, we came across an Android game of Minesweeper. The game has been nicely developed and was fun to play. Although it was very tough
Navigating the High Cost of a Data Breach In the first article in this two-part series, we covered the factors that add to the cost
Nowadays, the security of the applications being used has become a significant concern for organizations, companies, and citizens in general, as they are becoming a
Calculating the cost of a data breach Data breaches eat away at customer trust, brand image, and the overall reputation of a company. By November
What is Safari Reader Mode? Reading mode is a feature implemented in most browsers that allow users to read articles in a clutter-free view i.e
Sometime back, I decided to look at bookmarks API available for browser extensions. This API sounds interesting to me because it allows you to play
Introduction: ARM Trusted Firmware Hello everyone, this blog demonstrates how to simulate/virtualize the ARM trusted firmware in your system. This blog is for the people
Stack exploitation based on buffer overflow has been one of the well-known security exploits. Refer here for the basic understanding of buffer overflow based vulnerabilities
A few days back I was looking for a tool to maintain my notes and important code snippets and I came across a tool called
In browsers, an address bar represents the current web address. Safari address bar spoof vulnerability It is an ability to keep legit URL in the
This is the SEC4ML subsection of the Machine Learning series. Here we will discuss potential vulnerabilities in Machine Learning applications. SEC4ML will cover attacks like
One of the most common ways to navigate to a website or URLs is by typing website address in the browser address bar But this
Introduction to Kubernetes Kubernetes is an open-source container orchestration system for automating application deployment, scaling, and management. kubectl provides a CLI interface to manage Kubernetes clusters. Kubectl enables
Motive With a couple of my friends I recently organized nullcon’s HackIM ctf. I authored 0bfusc8 much An RE chall that had 11 solves during the CTF and I got
csaw ctf: 1nsayne (rev-250) We are given a binary. 1$ file 1nsayne 21nsayne: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for
Tokens, Accounts, Processes: On a Windows system, there are various user accounts, some are default to Windows and some are created explicitly. Some of the default user accounts are Local
Browser Extensions A browser extension is a plug-in that extends the functionality of a web browser. Extensions are capable of managing cookies, bookmarks, storage, and
The purpose of this blog post is to understand the implementation of Tcache bins from the perspective of exploit development, and intended for the people
Hello and Welcome everyone!!!! When performing a pentesting either it is web, network, mobile or IoT the essential thing the pentester should have is its
What is DIVA? DIVA (Damn insecure and vulnerable App) is an App intentionally designed to be insecure. We are releasing the Android version of Diva.
Introduction I have been wanting to write this blog for quite some time, either I was busy or lazy. I have been asked by so
Introduction: This is my another case of a vulnerable IoT device. In my previous blogs, we talked about vulnerabilities there was found in Smart lock and beacons. This one
Introduction: With the advent of IoT, everything is getting connected to the internet. Bluetooth is one such protocol which is used to connect devices to
I am back with a another blog after a long time. I have been buying lot of random things from aliexpress/banggood and smart locks are
This is a continuation to the last blog in the series – RedTeaming from Zero to One – Part 1. I strongly recommend everyone who is
Prologue This post is particularly aimed at beginners who want to dive deep into red teaming and move a step ahead from traditional penetration testing.
CloudFuzz is an integrated software framework for security based fuzzing. The end goal is to provide a workflow that will allow continuous fuzzing and generate
Machine learning is becoming a very ubiquitous technology. It is used to solve problems that are difficult or impossible to be solved by defining explicit
In this blog we will see Machine learning techniques that can be used to perform effective fuzzing on a software system. This system will be
Hi Guys! I came across stack based buffer overflow but could not actually get it at first so I decided to write a simple blog
I am writing this post to discuss how to use Tiredful API and what are the intended solution for the challenges. If you are reading
Hello and Welcome everyone!!!! Nowadays, there are many web applications and frameworks being developed which allow users to export the data saved in database into
IoT and smart devices are dominating the market at a tremendous rate. But with growing competition in the market, these devices often forgo proper standard
CSAW CTF Finals were held from 9-11th Nov. We (chaitan94, jaiverma and sudhackar) participated as a team and finished overall 14th globally. We solved a couple of RE
I have been working with Bluetooth for quite some time. I chose to reverse engineer a smart device to prove how crazy is the security
In this post, we are going to discuss different authentication schemes which are generally used by web services (REST API) for authenticating a user/consumer. Before
A year ago, I got an opportunity to work on a project on IVR pentesting which involved the security assessment of a major financial IVR
In this blog, I’ll be solving Sick OS 1.2 machine posted by D4rk. The objective was to break into and read the flag kept under /root/7d03aaa2bf93d80040f3f22ec6ad9d5a.txt
In this write-up, will be showing the steps to take root access on Stapler machine created by g0tmi1k. All the VM related details can be
We’ll be solving Kioptrix VM Challenges/games in here. According to the Kioptrix website the purpose of these games are to learn the basic tools and techniques in
Have you ever wondered as what happens when you turn on your mobile phone? How does it communicate to the network in a secure manner?
In the last blog, we learnt how to do passive sniffing of gsm data using a RTL-SDR. I don’t wanna get much into what can be
Automating Stuff with Python What is Automation? The use of any machine or computer to perform your task efficiently and in very less time can
OAuth (Open Authorization) is an open standard protocol for authentication and authorization that enables the third-party application to obtain a limited access to an HTTP service.
Hello Everyone and Welcome !! In this blog series, we will be learning about Radio Frequency (henceforth RF) theory, various modulation techniques and how to
This will be a writeup for inst_prof from Google CTF 2017. Please help test our new compiler micro-service Challenge running at inst-prof.ctfcompetition.com:1337 I don’t know
You have got the basic concepts of REST API and how it is implemented. Now let’s get started with the main motto of this post
With more and more web applications are developed on top of the web services (RESTful API) many web application penetration tester are wondering exactly how
I started to study and pen testing on BLE devices since 6 months, there are some blogs and articles about BLE reversing but it’s not
Introduction Firmware analysis gives more understanding about the embedded device and what it contains. It helps to, Identify vulnerabilities in the embedded device firmware. Improve
This blog is a simple guide for performing runtime analysis on iOS apps using GDB. With use of GDB we can get an in-depth knowledge
While available shelf penetration programs/tools are used widely, there can be situations when certain tools might fail. Security Professionals love to automate pentesting tasks and
Captcha is the challenge-solving test used in computing to distinguish between the human and machine. It is implemented as one of the security features to
INTRODUCTION We are going to discuss about use of Uninitialized Stack Variable vulnerability. This post will brief you about what is an uninitialized variable, what could be the adverse effect
OUT OF BOUND READ BUG : INTRODUCTION This is a story of an Out of Bound Read bug in Internet Explorer 9-11. This is almost 5 years old bug which
INTRODUCTION HackSys Extreme Vulnerable Driver is intentionally vulnerable Windows driver developed for security enthusiasts to learn and polish their exploitation skills at Kernel level. HackSys Extreme Vulnerable Driver caters wide range
Research Powered Cybersecurity Services and Training. Eliminate security threats through our innovative and extensive security assessments.
Let’s make cyberspace secure together!
Requirements
What our clients are saying!
Trusted by
Fill in your details and get your copy of the datasheet in few seconds
Fill in your details and get your copy of the ebook in your inbox
Fill in your details and get your copy of sample report in few seconds
Fill in your details and get your copy of sample report in few seconds
Fill in your details and get your copy of sample report in few seconds
Fill in your details and get your copy of sample report in few seconds
Fill in your details and get your copy of sample report in few seconds
Fill in your details and get your copy of sample report in few seconds
Fill in your details and get your copy of sample report in few seconds
Fill in your details and get your copy of sample report in few seconds
Fill in your details and get your copy of sample report in few seconds
Fill in your details and get your copy of sample report in few seconds