info@arridae.com 9019854583
PetitPotam

The role of threat intelligence in SOC operations

Threat intelligence is a critical component of effective Security Operations Centre (SOC) operations. In today's threat landscape, where attackers are constantly evolving their tactics, techniques, and procedures (TTPs), organizations need to stay informed about the latest threats and vulnerabilities in order to keep their systems and data secure.

PetitPotam

PetitPotam (CVE-2021-36942)

PetitPotam is an NTLM relay attack that could be used against a Windows server, forcing it to share credentials and then relaying these to generate an authentication certificate. This method could be used by an attacker to take complete control of a domain from a domain controller.

twitter-zero-day-attack

Twitter Zero – day Attack

Twitter, a social media site, acknowledged that they had a now-patched zero-day vulnerability that allowed attackers to access the personal data of 5.4 million users by linking their email addresses and phone numbers to their accounts.

cve-2022

CVE 2022 – 36804 ATLASSIAN BITBUCKET SERVER RCE

Remote code execution is used to expose vulnerabilities in the form of user input that can be exploited when user input is injected into a file or string and the entire package is run through a programming language parser. It is not the type of behaviour exhibited by web application developers.

insider-threat

INSIDER THREATS

Insider threats refer to cybersecurity risks that originate from within an organization. This typically occurs when a current or former employee, contractor, vendor, or partner with legitimate user credentials abuses access to damage an organization's networks, systems, and data.

RAINBOW-TABLE-ATTACK

RAINBOW TABLE ATTACK

A Rainbow Table Attack is a password-cracking technique that uses a rainbow table to crack password hashes in a database. Cybercriminals used rainbow table compilation as an easy way to crack passwords to allow unauthorized access to systems.

remote-working

Security Breach in Remote Working

A security breach is an incident that leads to unauthorized access to system data, applications, networks, or devices. Where the information can be accessed without the authorization of the person. It occurs when the intruders bypass the security mechanism.

Zero-Day-Attacks

Zero-Day Attacks

A zero-day attack is an attack in which a vulnerability is exploited before a fix is available or widely deployed. These attacks can be particularly damaging because traditional cyber defense strategies are ineffective in protecting against them. Many of these strategies rely on signature-based detection, which only works if the malware's signature is publicly available.

Broken-Access-Control

Broken Access Control: A Gold Mine for Pen tester’s

Access control (Authorization) is a method that allows us to differentiate between which system, data, functions, and resources are permitted to which people and groups. This is done by publishing policies that determine access privileges. Authentication and session management are dependent on web applications in Access control. Access Control issues are frequent, and they can result in serious security concerns and vulnerabilities.

insecure-data-storage

INSECURE DATA STORAGE- ANDROID

Insecure data storage vulnerabilities occur when application store sensitive information such as username, password, and credit cards numbers in plain text. For storing this kind of data, we need a strong security mechanism. Sometimes developers use databases or saved settings to store these kinds of data in web and server-based application however in mobile application it will not work always.

host-header-attack

Host Header Attack

The use of HTTP Host header is to identify which component the client wants to communicate with. Nowadays web servers are configured with more than one web application using same IP address. Several misconfigurations and flaws can expose the web application to a different types of host header attacks. Before going more about host header attack, lets understand some basic term.

http-parameter-pollution

Cross-Site Scripting(XSS)

Malicious scripts are injected into otherwise trustworthy and innocent websites in Cross-Site Scripting (XSS) attacks. XSS attacks take place when an attacker sends malicious code, typically in the form of a browser side script, to a separate end user using an online application. These attacks can be successfully conducted everywhere a web application incorporates user input without verifying or encoding it into the output it produces.

http-parameter-pollution

Password spraying attack

Numerous different types of assaults are being used by attackers to compromise business-critical data. Zero-day attacks, supply chain attacks, and other types of attacks are the best examples. Still, one of the easiest ways for attackers to gain access to your organisation is through password compromise. In this blog we will speak about what are known as "password spraying attacks" and how we can defend against them.

http-parameter-pollution

HTTP PARAMETER POLLUTION

HTTP parameter pollution is a web application vulnerability in which it pollutes the HTTP parameters to achieve the specific task which are different from the intended behaviour of the web application. In HTTP Parameter pollution, attacker will append an extra parameter to an HTTP request to perform an unintended behaviour.

json-web-token

JSON WEB TOKEN (JWT)

JWT, or JSON Web Token, is an open standard (RFC 7519) that allows two parties to securely exchange data. JSON web tokens are a type of access control that is widely used for authorization purposes. It is based on JSON format and includes a signature which ensures the integrity of the token.

Android

Introduction to Mobile Application Penetration Testing - Part 2

COMPONENTS OF AN ANDROID APPLICATION

There are some necessary building blocks that an Android application consists of. These loosely coupled components are bound by the application manifest file which contains the description of each component and how they interact. The manifest file also contains the app’s metadata, its hardware configuration, and platform requirements, external libraries, and required permissions. There are the following main components of an android app.

Android

Introduction to Mobile Application Penetration Testing - Part 1

Mobile application penetration testing is a form of security testing that is used by companies to evaluate security from inside of a mobile environment. Mobile penetration testing is built on OWASP mobile application security verification standard. Mobile pentesting performed by qualified reputable specialists is focused on client-side safety, file system, hardware, and network security.

PHP-Deserialization

Fundamentals of Process Injection

PHP provides a mechanism for storing and loading data with PHP types across multiple HTTP requests. This mechanism boils down to two functions: serialize() and unserialize(). This may sound complicated but let’s look at the following easy example.

WhatsApp-Facebook Policy

WhatsApp - Facebook Policy

Template Injection, also known as Server-Side Template Injection (SSTI) is a vulnerability class that has established the foundations for the exploitation techniques in multiple template engines. The exploitation of this type of issue will require specific knowledge of the template library or the language being used under the hood.

Server Side Template Injection

Server-Side Template Injection (aka Template Injection)

Template Injection, also known as Server-Side Template Injection (SSTI) is a vulnerability class that has established the foundations for the exploitation techniques in multiple template engines. The exploitation of this type of issue will require specific knowledge of the template library or the language being used under the hood.

Mirai botnet

Mirai botnet

A bot is a computer that has been compromised through a malware infection and can be controlled remotely by a cybercriminal. The cybercriminal can then use the bot (also known as a zombie computer) to launch more attacks, or to bring it into a collection of controlled computers, known as a botnet.

Security-Risks-in-Containers

Security Risks in Containers

Before containers became popular, developers had to focus their energy on application log-ic and application details such as specific software versions and configurations specific to the app. But now, developers need to just focus on application logic.

Bypassing Content Security Policy

The content security policy (CSP) is a special HTTP header used to mitigate certain types of attacks such as cross site scripting (XSS). Some engineers think the CSP is a magic bullet against vulnerabilities like XSS but if setup improperly, you could introduce misconfigurations which could allow attackers to completely bypass the CSP.

AI in Cybersecurity

Emerging technologies put cybersecurity at risk. Even the new advancements in defensive strategies of security professionals fail at some point. Besides, as offensive-defensive strategies and innovations are running in a never-ending cycle, the complexity and volume of cyberattacks have increased

Exploiting HTTP PUT method

An attacker could get a local or root shell on the system using publicly accessible put method also known as one of Webdav method. WebDAV is a term given to a collection of HTTP methods. HTTP requests can use a range of methods other than the standard GET and POST methods.

XXE

XML External Entity (XXE) Injection

XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML data. It often allows an attacker to view files on the application server filesystem, and to interact with any backend or external systems that the application itself can access.

Shell-coding

Shell Coding

A shellcode is a small piece of code used as the payload while exploiting. It is used to start a command shell from which the attacker can control the compromised machine. Shell coding is basically a list of carefully crafted instructions that can be executed once the code is injected into a running application. The kernel understands what the shellcode is what to do with it.

Virtual-Dispersive-Networking

Virtual Dispersive Networking

Data that was once securely encrypted can now be broken by parallel processing power. SSL and Virtual Private Networks can’t always protect messages as they travel across intermediary pathways. So, that where virtual Dispersive networking comes in