Dissecting Akira Ransomware: Techniques, Payloads, and Lessons Learned
Posted inCyber Security

Dissecting Akira Ransomware: Techniques, Payloads, and Lessons Learned

Introduction

We will move our discussion ahead from our last topic on Ransomware and will go through a ransomware Akira. In the crowded and ever-evolving ransomware landscape, Akira has quickly established itself as one of the most disruptive players. Emerging in March 2023, Akira targets organizations with a double extortion playbook — exfiltrating sensitive data before encrypting systems, forcing victims into a pay-or-leak dilemma.
Its cross-platform capabilities (Windows, Linux, ESXi) and rapid evolution, including a Rust-based variant dubbed Megazord, have made it a growing concern for sectors worldwide.

Akira is a Ransomware-as-a-Service (RaaS) family first observed in 2023 and highly active through 2024–2025, responsible for many incidents across industries and regions. It typically performs data exfiltration followed by encryption (double-extortion). CISAVeeam Software

Posted inCyber Security

Ransomware 101: Understanding the Threat

Introduction

Ransomware has evolved from being a nuisance for individual computer users to one of the most damaging threats to modern organizations.
It’s not just about encrypting files anymore — the latest ransomware operations have become full-fledged criminal enterprises, combining data theft, extortion, and public shaming into a single high-pressure attack model.

In this blog, we’ll establish a baseline understanding of ransomware — what it is, how it works, the different types, and why it remains a critical threat.
This foundation will set the stage for our upcoming deep dives into specific ransomware families and practical detection techniques.

Legacy code and deserialization
Posted inWeb Security

Insecure Deserialization in .NET: Risk and Fixing Legacy Code

Introduction

We have discussed in the previous post regarding the introduction, basically Insecure deserialization is a critical vulnerability that often lurks in legacy systems and internal applications. Serialization and deserialization are foundational operations in modern software development, enabling communication between systems, data storage, and object persistence. However, improper use of deserialization—particularly with unsafe serializers like .NET’s BinaryFormatter—can open the door to severe vulnerabilities, including remote code execution (RCE).

This blog post will unpack the risks associated with insecure deserialization, illustrate real-world vulnerable patterns, and explore multiple remediation strategies. We’ll focus especially on the dangers of the legacy BinaryFormatter class and how developers can safely move away from it.

Insecure Deserialization: A Silent Killer in Modern Applications
Posted inWeb Security

Insecure Deserialization: A Silent Killer in Modern Applications

In the realm of cybersecurity, one vulnerability that continues to haunt developers and security professionals alike is insecure deserialization. This seemingly innocuous process, crucial for transferring data between systems, harbors a myriad of risks when implemented carelessly. We delve deep into the intricacies of insecure deserialization, uncover its potential threats. I will also demonstrate practical examples in PHP, Java, and Python.

What is serialization

Serialization is the process of converting complex data structures, such as objects and their fields, into a “flatter” format that can be sent and received as a sequential stream of bytes. Serializing data makes it much simpler to:

  • Write complex data to inter-process memory, a file, or a database
  • Send complex data, for example, over a network, between different components of an application, or in an API call

Crucially, when serializing an object, its state is also persisted. In other words, the object’s attributes are preserved, along with their assigned values.

Appsec Automation : Why we need this hot cake
Posted inWeb Security

Appsec Automation : Why we need this hot cake

Hello guys !! Hope all good at your side of the screen. Today we will discuss about the topic which everybody is talking about. I am sure we all have a same answer if someone asks how we will if our all tasks will get automated and we can sit back and relax. A big Yes, right ? But yeah, we need lots of effort and money to complete that part. Application security automation is no different from this. Appsec automation has gathered all the limelight and has a tremendous exposure since past a year or so.

What is Appsec Automation

In today’s fast-paced digital landscape, the importance of robust application security (AppSec) cannot be overstated. With cyber threats growing in sophistication and frequency, organizations must prioritise the protection of their applications and data. Enter AppSec automation – a game-changing approach to security that promises to streamline processes, enhance efficiency, and bolster defenses against evolving threats.

AWS S3 Bucket Discovery
Posted inCloud Security

AWS S3 Bucket Discovery

Amazon Web Services (AWS) is a leading cloud computing platform that provides organizations. It has a wide range of services to build and deploy applications, store data, and manage infrastructure. One of the core services offered by AWS is Amazon Simple Storage Service (S3), a scalable object storage solution designed to store and retrieve data securely. However, misconfigurations or oversights can lead to the exposure of sensitive data stored in S3 buckets, posing significant risks to organizations. In this blog post, we’ll delve into what AWS and S3 buckets are, why they’re important, and how to identify open S3 buckets belonging to external organizations using practical commands.

Navigating the Cyber Landscape: Top Security Trends for 2024
Posted inCyber Security

Navigating the Cyber Landscape: Top Security Trends for 2024

As we stride into the future, the digital landscape continues to evolve, presenting new challenges and opportunities in the realm of cybersecurity. With cyber threats growing in complexity and sophistication, it’s crucial for organizations to stay abreast of the latest trends to safeguard their assets effectively. In this article, we’ll delve into the top security trends anticipated to shape the cybersecurity landscape in 2024, empowering organizations to fortify their defenses and stay ahead of emerging threats.

Context Triggered Piecewise Hashes (CTPH) and SSDEEP
Posted inCryptography

Context Triggered Piecewise Hashes (CTPH) and SSDEEP

It has been a while since I posted anything here, but then life had another plans for me in past three years. Anyways cutting short the crap, today I will discuss about hashes. To be more precise, CONTEXT TRIGGERED PIECEWISE HASHES (CTPH).

This term came into my mind when I was going through the Pyramid of Pain, which happens to be a simple diagram that shows the relationship between the types of indicators you might use to detect an adversary’s activities and how much pain it will cause them when you are able to deny those indicators to them. We can discuss Pyramid of pain some other day. Lets’s talk about hashes first.

Posted inWeb Security

Advanced Exploitation with Sqlmap

We have learnt the basic exploitation of Sql Injection with the help of Sqlmap in our previous posts. But there is always a step further. In this post we will see most advanced exploitation with Sqlmap.

Once again 3 cheers to Kunal for helping me out for this post.

In our first post of Sqlmap, we have explained few basic options of Sqlmap. We will see some more.

Advanced Exploitation with Sqlmap

Whenever I meet people and talk about any vulnerability, my first and final ask remains the same what is most extreme thing we can do by exploiting that vulnerability. In the case of SQL Injection most of my peers don’t discuss beyond downloading or altering the database. Although we can go beyond it and take the control of the application completely with the help of shell. we can run the os-commands, upload a file, read an existing file and what not.

Posted inWeb Security

Form based SQL Injection with Sqlmap

In previous post we have seen the basic tutorial of Sqlmap and the exploitation.

The exploitation was about the GET request or where the vulnerable parameter is passing in the URL. There is another aspect of Sql Injection where it happens in form based submissions. In more technical terms a POST request where the certain parameters are being sent to server. In this post we will exploit form based SQL Injection with Sqlmap.

This post could have been delayed without the help of Kunal Pachauri, so just a shoutout for him before I start this post.