Tiredful-API: Vulnerable REST API App
What is Tiredful API? Tiredful API is intentionally designed broken app. The aim of this web app is to teach developers, QA or security professionals about flaws present in webservice (REST…
Quick Heal Anti-Virus Security Assessment
Introduction Payatu Research Team performed vulnerability research on QuickHeal Anti-virus and we were able to find few vulnerabilities in the AV which could be exploited to compromise the victim machine. Vendor www.quickheal.co.in Product Quick Heal Anti-Virus Description Around…
Uninitialized Stack Variable – Windows Kernel Exploitation
Introduction We are going to discuss about use of Uninitialized Stack Variable vulnerability. This post will brief you about what is an uninitialized variable, what could be the adverse effect of…
From Crash to Exploit: CVE-2015-6086 – Out of Bound Read/ASLR Bypass
Introduction This is a story of an Out of Bound Read bug in Internet Explorer 9-11. This is almost 5 years old bug which got discovered in April 2015. It is…
DIVA
What is DIVA? DIVA (Damn insecure and vulnerable App) is an App intentionally designed to be insecure. We are releasing the Android version of Diva. We thought it would be a…
HackSys Extreme Vulnerable Driver
Introduction HackSys Extreme Vulnerable Driver is intentionally vulnerable Windows driver developed for security enthusiasts to learn and polish their exploitation skills at Kernel level. HackSys Extreme Vulnerable Driver caters wide range of vulnerabilities ranging from simple Buffer Overflows to complex Use After Frees and Pool…
Hijacking Kankun IoT Smart socket
Introduction: The Internet of Things (IoT) space is very interesting as it encompasses hardware, mobile and cloud/web. Its a very good mix of technologies to hack around where you can sharpen…