Modern software development doesn’t really start from a blank file anymore. Instead, most of the time, it’s about putting things together. We build by connecting

MIME type confusion, content sniffing abuse, and a sneaky bypass of a previous Firefox patch This bug is a bypass. It doesn’t introduce any new

In our last 20 IoT security assessments across automotive, MedTech, and consumer electronics, 17 devices had at least one debug interface (UART or JTAG) left fully accessible in

Web applications today rely heavily on caching to improve performance and reduce server load. CDNs like Cloudflare, Akamai, and reverse proxies like Nginx store frequently

India finally has its data protection law. Europe has had one since 2018. If your organisation sits at the intersection of both, you are now

The cybersecurity landscape in India has evolved dramatically over the past decade. What began as basic antivirus and firewall implementations has transformed into sophisticated security operations encompassing

The Internet of Things has transformed how businesses operate, from smart manufacturing floors to connected healthcare devices and intelligent building systems. However, this connectivity comes with

In today’s threat landscape, traditional penetration testing often isn’t enough. Organisations need to understand how they’d fare against sophisticated, persistent attackers who use social engineering, physical breaches, and advanced

Introduction If you’re just getting started in OT or industrial systems, you’ve probably heard people mention the Purdue Model -sometimes with a mix of mystery and reverence.

Azure AD/Entra ID  Azure Active Directory (Azure AD) is Microsoft’s cloud-based identity and access management (IAM) service. It powers authentication and authorisation for Microsoft’s own

🎯Goal of This Blog Understand the foundational components that make up modern Industrial Control Systems (ICS)—from traditional devices like sensors, actuators, PLCs, RTUs  HMIs, SCADA

Introduction: What is Credential Dumping? Credential dumping refers to the systematic extraction of usernames, passwords, and other sensitive information from operating systems by malicious actors.

Introduction  AI is revolutionising healthcare. From diagnostics to patient interaction, Large Language Models (LLMs) are helping MedTech companies enhance outcomes and efficiency. But with this

Introduction The rollout of WPA3 was hailed as the long-awaited fix for the well-known weaknesses of WPA2, a modern standard designed to secure wireless communications

IT vs OT  Ever heard someone casually say, “OT is just IT with industrial devices”? I get the temptation—but it’s way off the mark. Moral

What is OT Cybersecurity? Understanding the Foundations of Industrial, ICS, and Cyber-Physical Security Welcome to the first part of Payatu’s comprehensive Masterclass on Operational Technology

In 2024, 60% of cloud data breaches were caused by incorrect settings, which cost firms an average of $4.9 million per time (IBM Cost of

Introduction NoSQL databases have transformed how modern applications handle large volumes of data. From social platforms to e-commerce backends, tools like MongoDB and CouchDB offer

The term ‘security posture’ is all about the current state of security and can be categorized productively as CSPM.  Cloud security posture management (CSPM) identifies

Introduction As India’s power sector becomes increasingly dependent on digital technologies and faces a sharp rise in cyber threats, the Central Electricity Authority (CEA)  has released the

Introduction Automation significantly enhances the efficiency and productivity of our work. It spares the human effort involved in doing a repetitive task manually. By writing

Defence is important for staying safe from cyber-attacks, but how do you make sure the defence is equipped enough to stop a full-fledged attack from

After understanding the Hermes bytecode and bypassing SSL certificate pinning, it’s now time for the final blog of the React Native Pentesting for Android Masterclass! 

In the last blog of the React Native Pentesting for Android Masterclass, we covered understanding the Hermes bytecode. Let’s move forward!  What is SSL certificate

The React Native Pentesting for Android Masterclass has taught us how to edit and patch React Native apps in the previous blog. Let’s now move

In the previous blog of the React Native Pentesting for Android Security Masterclass, we covered methods for decompiling APK files and analyzing their structure.   Let’s

The React Native Pentesting for Android Security Masterclass has taught us how to reverse engineer react native applications by now, so we’ll explore both methods for

In the previous blog of the React Native Pentesting for Android Security Masterclass, we understood what React Native is and why it is important. The

Introduction Nowadays, there is an emergence of cross-platform hybrid applications on a large scale. Many top organizations are adapting different frameworks to develop or even

What are GitHub Runners? GitHub offers hosted virtual machines to run workflows. The virtual machine contains an environment of tools, packages, and settings available for

Inter-Process Communication (IPC) is a critical aspect of modern computing, enabling different processes within an operating system to exchange data and coordinate actions. Through various

Stream ciphers operate on each bit of data in the message rather than on a chunk of data at a time. Encryption and decryption are

Hello everyone, this blog series demonstrates how to get started with cryptography challenges in CTFs and learn about common cryptography attacks in general. This blog

Introduction In today’s digital age, cybersecurity has become a significant concern for individuals and organizations alike. As mobile devices continue to grow in popularity, it’s

As more and more organizations adapt to the cloud, security concerns are on the rise as well. Let’s take a look at the top 7 cloud security concerns in the current landscape.

reverse-engineer-gdb-5

Introduction : Embarking on a journey into the realm of Active Directory (AD) can be both exciting and overwhelming. In this blog series, we’ll unravel

Introduction One of our recent assessments required us to pentest a thick client application, for which we needed to inspect the HTTP communication between the

Server-Side Template Injection (SSTI) is one of the most common web vulnerabilities found in web applications and usually arises due to the dynamic generation of

The previous article, Denial Of Service In Windows 11 22H2, described an infinite recursion bug triggered by a crafted SetParent WINAPI call in the Windows

Introduction In this article, I delve into the potential vulnerabilities of OAuth Implicit Flow, specifically in gaining unauthorized access to user accounts due to a

What is a deep link? Deep linking is the practice of embedding hyperlinks to specific content within a mobile application. This technique directs users to

A thick client is a software application that has most of the resources installed locally for processing on typically a personal computer. Thick Clients follows

What is XPATH? XPATH is a standard language used to query and navigate XML documents. It makes use of Path expressions to select node from

As a part of our efforts to fuzz Windows Kernel using in-house WinK fuzzer [1], we were able to fuzz Windows 11 22H2 v22621.2283, x64

What is an HTTP Host Header? The HTTP Host header is a mandatory header field in an HTTP request that specifies the domain name of

My Journey of Signal Intelligence Disclaimer: Transmission of radio signals is prohibitive in India. Please go through the following link before performing any activity with

About The Digital Personal Data Protection Act, 2023 The Digital Personal Data Protection Act was passed by the President of India on 11th August, 2023. 

Payatu Bandits played the HackTheBox Business CTF 2023 and secured 1st rank in India, but overall, we secured 31st by the end of the tournament.

Introduction In recent times, it has become more convenient for smartphone users to use a mobile application instead of browsing a website. If any organization

The growth of smartphone usage worldwide is nothing less than remarkable, with Android being the most popular mobile Operating System globally. According to the latest

You might have come across both “same-site” and “same-origin”, and although they look and sound similar, these terms are among the highly cited but often

Background  Currently, I work as a security consultant at Payatu, primarily focusing on web penetration testing and source code review. I also have approximately 2

Due to the rapid advancement of technology, there has been a surge in popularity of the Internet of Things (IoT) and 5G networks. These advancements

The HTTP Request Smuggling vulnerability, also known as the HTTP Desync Attack, has been around for a while but was brought back to attention by

Smart contracts are self-executing contracts with the terms of the agreement between buyer and seller being directly written into lines of code. They are immutable

Machine Name: Object  Difficulty: Hard  OS: Windows  Rating: 5.0/5.0  Summary  Object is a hard Windows machine (Retired) in hackthebox. It gives us hands-on experience working

Flash loans are a relatively new financial instrument that are enabled by smart contracts on blockchain networks such as Ethereum. A flash loan is an

KIOSK machines are self-service endpoints that allow users to complete tasks on their own, at their preferred pace and time. These machines bring a restricted

We have seen HTTP request smuggling attacks by modifying the Content-Length and Transfer-Encoding header. These methods exploit the execution of the headers on the client-side

When it comes to privilege, it is important that the processes and applications should only be granted whatever is required to carry the respective tasks.

As penetration testers/security researchers you often come across firewalls configured with egress/ingress filtering that makes it difficult to spawn a shell. In this blog, we

Why ATOR? The Authentication Token Obtain and Replace (ATOR) Burp plugin handles complex login sequences because it allows the user to obtain and replace authentication

Reentrancy attacks are a serious vulnerability that occur in smart contracts, and are becoming increasingly popular in decentralized finance (DeFi). The infamous “The DAO” incident,

What is JWT (JSON Web Token)? JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely

The majority of applications use JavaScript, and you must know that XSS is a JavaScript-based issue. Cross-site scripting (also known as XSS) is a web security vulnerability

What is a Buffer?  The term “buffer” is a generic term that refers to a place to store or hold something temporarily before using it. In

What is Server Side Includes?  Server-Side Includes is a mechanism that help developers insert dynamic content into HTML files without requiring knowledge of the server

We stumble upon various cyber-security incidents in our day-to-day life and get worried about securing our data and services and then move on with our

Passive GSM sniffing with software-defined radio (SDR) is a technique used to intercept and decode the communication between mobile devices and cellular networks. With the

Data Protection Bill 2022 In light of digitalization and growth of the economy enabling citizens of India to access the internet for various purposes, the

Welcome to the 2nd post in Radio Hacking series. I hope you have gone through the 1st part. If not please check Part-1. Also, I hope

Code Injection Code Injection is the general term for attack types which consist of injecting code that is then interpreted/executed by the application. This type

What is CTI? CTI or Cyber Threat Intelligence in essence is a continuous process of gathering intriguing intelligence in order to protect against any possible

What is the MITRE ATT&CK Framework? MITRE ATT&CK stands for MITRE Adversarial Tactics, Techniques, and Common Knowledge. It was created in 2013 as a result of

What is JWT ? JWT, or JSON Web Token, is an open standard (RFC 7519) used to exchange security information between a client and a

Introduction Due to the varied structure and nature of diverse manufacturing processes, selecting an ICS cybersecurity services/solutions vendor can be quite challenging. Also, OT security

Mobile applications have become a staple in our lives as they make everyday tasks easier, from checking our email to social media and online shopping.

Web application attacks are emerging every day and even the oldest of the attacks has not lost its significance. As the attacks are being evolved

Introduction DevSecOps stands for Development, Security, and Operations. It is a practice where security is seamlessly integrated into CI /CD pipelines. The goal is to

Introduction OVAA (Oversecured Vulnerable Android App) is a vulnerable android application that aggregates all the platform’s known and popular security vulnerabilities. In my last post,

Insecure Deserialization Computer data is generally organized in data structures such as arrays, records, graphs, classes, or other configurations for efficiency. When data structures need

Introduction SSH is a very common and widely utilized protocol to securely interact with machines. Many developers and those with technical duties in the wide

Introduction This blog will cover some vulnerabilities that researchers commonly encounter while doing assessment; this blog will be all about the authorization flaws that exist

Content Security Policy (CSP) is an added layer of security for the mitigation of cross site scripting (XSS) attacks. However, an attacker can leverage misconfiguration in CSP

Introduction Favicons are one of the most overlooked assets of a website and are at best serving the purpose of helping you identify a particular

Name: Debugger Unchained Difficulty: Easy Category: Web Description: Our SOC team has discovered a new strain of malware in one of the workstations. They extracted

Indroduction Semgrep is a static analysis tool that is loved by developers as well as the AppSec community for its ease of use. It supports

Hey guys today, I will be talking about Authentication. This blog post will cover each and every possible vulnerability which falls under broken authentication Difference

Introduction In this article, we will learn about the most common security vulnerabilities encountered in applications that use the OAuth protocol. The protocol itself is

We have seen SQL Injection during dynamic testing using some interception tools like BurpSuite. In this blog I will throw some light on source code

Introduction JsonP is an abbreviation for Json with padding. JsonP It was created to enable cross-origin access to JavaScript and it operates as an exception

Introduction Welcome back! I hope you have gone through the previous blogs, where we discussed about can-utils. In this blog we will try to look

PostMessages are widely used to send messages from one window to another. Over time, there have been many security implications in post messages as many

MineSweeper, with no luck – An Introductory blog to Reverse Engineering Hello Folks, This blog articulates the start of my Reverse Engineering journey. As this

7 things that can go wrong with a faulty Business Application Security System It’s no secret that cyberattacks have been on the rise both in

IoT Security Part 13 (Introduction to Hardware Recon) This blog is part of the IoT Security series where we discuss the basic concepts pertaining to

My hacking adventures with Safari reader mode Summary In March 2020, I wrote a blogpost on Executing Scripts In Safari Reader Mode To CSP Bypass,

This is the SEC4ML subsection of the Machine Learning series. Here we will discuss potential vulnerabilities in Machine Learning applications. SEC4ML will cover attacks like

Nowadays we often see that, to pentest an application first we have to connect into the client’s network and for which we have to set

Introduction This blog is part of the “IoT Security” series. If you haven’t read the previous blogs (parts 1 – 7) in the series, I

Welcome to Part-2 of ARM firmware emulation blog series. If you haven’t gone through part 1 of Firmware Emulation, I would recommend to go through

Story: Few months back I was reading a security news on one of the famous news site, and by mistake I typed some characters in the

Zoom Security Issues: An analysis of Zoom’s take on Security & Privacy issues: Because of lockdown due to COVID-19 in most parts of the world,

Recently, we came across an Android game of Minesweeper. The game has been nicely developed and was fun to play. Although it was very tough

Sometime back, I decided to look at bookmarks API available for browser extensions. This API sounds interesting to me because it allows you to play

Introduction: ARM Trusted Firmware Hello everyone, this blog demonstrates how to simulate/virtualize the ARM trusted firmware in your system. This blog is for the people

A few days back I was looking for a tool to maintain my notes and important code snippets and I came across a tool called

In browsers, an address bar represents the current web address. Safari address bar spoof vulnerability It is an ability to keep legit URL in the

This is the SEC4ML subsection of the Machine Learning series. Here we will discuss potential vulnerabilities in Machine Learning applications. SEC4ML will cover attacks like

One of the most common ways to navigate to a website or URLs is by typing website address in the browser address bar But this

Introduction to Kubernetes Kubernetes is an open-source container orchestration system for automating application deployment, scaling, and management. kubectl provides a CLI interface to manage Kubernetes clusters. Kubectl enables

Motive With a couple of my friends I recently organized nullcon’s HackIM ctf. I authored 0bfusc8 much An RE chall that had 11 solves during the CTF and I got

csaw ctf: 1nsayne (rev-250) We are given a binary. 1$ file 1nsayne 21nsayne: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for

Tokens, Accounts, Processes: On a Windows system, there are various user accounts, some are default to Windows and some are created explicitly. Some of the default user accounts are Local

Browser Extensions A browser extension is a plug-in that extends the functionality of a web browser. Extensions are capable of managing cookies, bookmarks, storage, and

The purpose of this blog post is to understand the implementation of Tcache bins from the perspective of exploit development, and intended for the people

Hello and Welcome everyone!!!! When performing a pentesting either it is web, network, mobile or IoT the essential thing the pentester should have is its

What is DIVA? DIVA (Damn insecure and vulnerable App) is an App intentionally designed to be insecure. We are releasing the Android version of Diva.

Introduction I have been wanting to write this blog for quite some time, either I was busy or lazy. I have been asked by so

Introduction: This is my another case of a vulnerable IoT device. In my previous blogs, we talked about vulnerabilities there was found in Smart lock and beacons. This one

Introduction: With the advent of IoT, everything is getting connected to the internet. Bluetooth is one such protocol which is used to connect devices to

I am back with a another blog after a long time. I have been buying lot of random things from aliexpress/banggood and smart locks are

This is a continuation to the last blog in the series – RedTeaming from Zero to One – Part 1. I strongly recommend everyone who is

Prologue This post is particularly aimed at beginners who want to dive deep into red teaming and move a step ahead from traditional penetration testing.

CloudFuzz is an integrated software framework for security based fuzzing. The end goal is to provide a workflow that will allow continuous fuzzing and generate

Machine learning is becoming a very ubiquitous technology. It is used to solve problems that are difficult or impossible to be solved by defining explicit

In this blog we will see Machine learning techniques that can be used to perform effective fuzzing on a software system. This system will be

Hi Guys! I came across stack based buffer overflow but could not actually get it at first so I decided to write a simple blog

I am writing this post to discuss how to use Tiredful API and what are the intended solution for the challenges. If you are reading

Hello and Welcome everyone!!!! Nowadays, there are many web applications and frameworks being developed which allow users to export the data saved in database into

IoT and smart devices are dominating the market at a tremendous rate. But with growing competition in the market, these devices often forgo proper standard

CSAW CTF Finals were held from 9-11th Nov. We (chaitan94, jaiverma and sudhackar) participated as a team and finished overall 14th globally. We solved a couple of RE

I have been working with Bluetooth for quite some time. I chose to reverse engineer a smart device to prove how crazy is the security

In this post, we are going to discuss different authentication schemes which are generally used by web services (REST API) for authenticating a user/consumer. Before

A year ago, I got an opportunity to work on a project on IVR pentesting which involved the security assessment of a major financial IVR

In this blog, I’ll be solving Sick OS 1.2 machine posted by D4rk. The objective was to break into and read the flag kept under /root/7d03aaa2bf93d80040f3f22ec6ad9d5a.txt

In this write-up, will be showing the steps to take root access on Stapler machine created by g0tmi1k. All the VM related details can be

We’ll be solving Kioptrix VM Challenges/games in here. According to the Kioptrix website the purpose of these games are to learn the basic tools and techniques in

Have you ever wondered as what happens when you turn on your mobile phone? How does it communicate to the network in a secure manner?

In the last blog, we learnt how to do passive sniffing of gsm data using a RTL-SDR. I don’t wanna get much into what can be

Automating Stuff with Python What is Automation? The use of any machine or computer to perform your task efficiently and in very less time can

OAuth (Open Authorization) is an open standard protocol for authentication and authorization that enables the third-party application to obtain a limited access to an HTTP service.

Hello Everyone and Welcome !! In this blog series, we will be learning about Radio Frequency (henceforth RF) theory, various modulation techniques and how to

This will be a writeup for inst_prof from Google CTF 2017. Please help test our new compiler micro-service Challenge running at inst-prof.ctfcompetition.com:1337 I don’t know

You have got the basic concepts of REST API and how it is implemented. Now let’s get started with the main motto of this post

With more and more web applications are developed on top of the web services (RESTful API) many web application penetration tester are wondering exactly how

I started to study and pen testing on BLE devices since 6 months, there are some blogs and articles about BLE reversing but it’s not

Introduction Firmware analysis gives more understanding about the embedded device and what it contains. It helps to, Identify vulnerabilities in the embedded device firmware. Improve

This blog is a simple guide for performing runtime analysis on iOS apps using GDB. With use of GDB we can get an in-depth knowledge

While available shelf penetration programs/tools are used widely, there can be situations when certain tools might fail. Security Professionals love to automate pentesting tasks and

Captcha is the challenge-solving test used in computing to distinguish between the human and machine. It is implemented as one of the security features to

INTRODUCTION We are going to discuss about use of Uninitialized Stack Variable vulnerability. This post will brief you about what is an uninitialized variable, what could be the adverse effect

OUT OF BOUND READ BUG : INTRODUCTION This is a story of an Out of Bound Read bug in Internet Explorer 9-11. This is almost 5 years old bug which

INTRODUCTION HackSys Extreme Vulnerable Driver is intentionally vulnerable Windows driver developed for security enthusiasts to learn and polish their exploitation skills at Kernel level. HackSys Extreme Vulnerable Driver caters wide range