Category: InfoSec
-
OAuth 2.0 – Part Three
Hello everyone, in this final installation of the OAuth blog series, we’ll be covering two vulnerabilities in the OAuth implementation. If you haven’t checked out the previous parts you can check out part one here and part two here. Before we get started, a big thanks to PortSwigger and their Web Security Academy Labs! The…
-
Zero-Trust 101
Zero-Trust is an up and coming security concept which says a simple thing: “Continuously validate all users, against set security configurations, before they are being granted permissions or are allowed to keep their existing access to resources & information”. This architecture assumes there is no implicit trust granted to assets or user accounts based solely…
-
OAuth 2.0 – Part two
Continuing our previous post, where we discussed the basics of how OAuth 2.0 authentication worked, some known issues which arise due to either lack of understanding of the framework itself, or poor configuration of the same. In this blog, we’ll talk a little bit in detail of the vulnerabilities we had previously discussed. Vulnerabilities in…
-
OAuth 2.0 – Part one
At least once till date, you must’ve come across sites that let you log in using your social media account [Facebook, LinkedIn, Google & various such platforms] The chances are that this feature is built using the well known OAuth 2.0 framework. This framework is liked by Pentesters because it is; Extremely common. Vulnerable due…
-
PowerShell History File
Hello everyone, we are all aware about Linux systems, its .bash_history and how it provides information about file locations, passwords passed in command arguments, a variety of scripts and so on. But did you know, something similar to it now also exists in PowerShell? That’s precisely what I will be sharing about in today’s blog…
-
Too Sticky for a Note
Hello everyone, A little over a week ago, we discussed about how we can leverage the saved state of deleted file left in the recycle bin and grab it for content in a data exfiltration scenario. You can read more about it here. Today, I want to share with you yet another data exfiltration possibility. It…
-
“Bin” There, Exfilled That
Hello everyone. Today, I want to share with you another data exfiltration possibility. The last time, we discussed about how we can leverage the saved state of “temporary” files created by modern day editors, you can read about it here, if you haven’t already, do check it out! Just last night, I was going through…
-
Peeking Under the Hood of Modern Day Editors
Hello everyone, it’s been a while since my last post, almost a year actually. I got caught up with some real world stuff like working, studying and it did not leave me with much time to write blogs. So without further ado, let us get into this one. So it all began while discussing red…
-
Penetration Test Reporting – Some thoughts
Hello everyone, it’s been a while since my last post (sometimes you get stuck in the corporate loop). As you must have guessed from the title, today we’re going to get a little non-technical and talk about what constitutes a good penetration testing report and how you can improve writing one. This topic is helpful…
-
Breaking Down Nmap – Part 3
Welcome to the third & final installation of the series Breaking Down Nmap. In this post, we’re going to talk about basics of Timing & Performance as well as Firewall / IDS Evasion. Note: Some of the options are going to be left unexplained, take this opportunity to experiment with it 😀 –data, –data-string, –data-length, –proxies, –ip-options,…
acc3ssp0int 