Ideas, Observations & Stories in Cybersecurity
In the realm of cybersecurity, one vulnerability that continues to haunt developers and security professionals alike is insecure deserialization. This seemingly innocuous process, crucial for transferring data between systems, harbors a myriad of risks when implemented carelessly. We delve deep into the intricacies of insecure deserialization, uncover its potential threats. I will also demonstrate practical…
Amazon Web Services (AWS) is a leading cloud computing platform that provides organizations. It has a wide range of services to build and deploy applications, store data, and manage infrastructure. One of the core services offered by AWS is Amazon Simple Storage Service (S3), a scalable object storage solution designed to store and retrieve data…
As we stride into the future, the digital landscape continues to evolve, presenting new challenges and opportunities in the realm of cybersecurity. With cyber threats growing in complexity and sophistication, it’s crucial for organizations to stay abreast of the latest trends to safeguard their assets effectively. In this article, we’ll delve into the top security…
It has been a while since I posted anything here, but then life had another plans for me in past three years. Anyways cutting short the crap, today I will discuss about hashes. To be more precise, CONTEXT TRIGGERED PIECEWISE HASHES (CTPH). This term came into my mind when I was going through the Pyramid…
In previous post we have seen the basic tutorial of Sqlmap and the exploitation. The exploitation was about the GET request or where the vulnerable parameter is passing in the URL. There is another aspect of Sql Injection where it happens in form based submissions. In more technical terms a POST request where the certain…
As I discussed in my previous post that we can exploit Union Based SQL Injection with the help of manual SQL queries. now we will do the same exercise with a Python based tool SQLMAP. Note:- This tutorial is being carried out on demo test site provided by ACUNETIX, You can also try on the same website. Sqlmap…
Sqlmap is arguably the most popular tool for exploitation of sql injection vulnerability and database takeover. It is completely automated and customization depending upon the server or database configurations. This tool provides wide ranges of flags which can be used to trigger an attack in an effective manner. It is completely open-source in terms of…
What is OS Command Injection OS Command Injection is a vulnerability which describes improper neutralization of special elements. It can result in modification of the intended OS command that is sent to a downstream component. So, OS command injection weaknesses can expose an environment to an attacker even if he does not have direct access…
