Wi-Fi stands for wireless network technology. It establishes wireless network connections using radio waves. Malicious hackers frequently opt to penetrate firms by compromising their Wi-Fi networks, mainly due to the nature of Wi-Fi and its methods for enabling network access. Households are also at risk, owing to the proliferation of IoT-connected devices and appliances. In...
Synopsis A sequence of Tweets (that are now deleted) from a Chinese Twitter account was posted on March 29th, 2022, displaying pictures of a new POC of a 0-day vulnerability in one of the most popular Java frameworks, known as Spring Core. Internet Users refer to it as the ‘Spring4Shell’ or ‘Spring Shell’ vulnerability. What...
In Part 2 of the Hacking GraphQL series, we discussed the GraphQL DoS attack. In Part 3, we’re going to try to exploit the SQLi vulnerability, included in the OWASP Top Ten Web Application Security Risks. In this blog post, we will use the same setup as Part 1 of the series i.e., GraphQL Security Labs. A...
SSRF vulnerabilities allow an attacker to send crafted malicious requests from the back-end server of a vulnerable application. Criminals usually operate SSRF attacks to target internal systems that are behind firewalls and are not unrestricted from the external network. An attacker may also leverage SSRF to access services known through the loopback interface of the...
In Part 1 of our Antivirus Evasion series, we managed to get a meterpreter reverse shell while evading Windows Defender by writing an .exe file to disk and then executing it. Malware can also be run entirely in memory to avoid leaving any data on disk. One way to do this is by utilizing .NET...
In part 1 of the Hacking GraphQL series, we discussed about the basics of GraphQL. In part 2 of this series, we’re going to try the DoS attack vector and see how adversaries can leverage them. In this post, we are going to use the same setup as part 1 of the series i.e. GraphQL...
NoSQL Injection refers to cyber-attacks that inject malicious payloads into non-SQL databases like MongoDB. Due to the new demand for modern-day applications, there has been wide adoption of NoSQL databases which could conveniently facilitate the distribution of data across numerous servers. NoSQL databases give an avenue for wide scalability, and they require a single database...
Antivirus Evasion in general use signature-based and heuristics-based malware detection mechanisms. In this blog, we will learn and test some techniques to try and bypass such defences, and to get a fully functional meterpreter reverse shell from an updated Windows Server 2016 running Windows Defender. We will be utilizing multiple win32 APIs using C# and...
