GPO Abuse
GPO Abuse July 31, 2023 Active Directory Shaunak Khosla Group Policy Objects (GPOs) are a powerful tool administrators use to manage and enforce security policies across a domain. However, in the wrong hands, GPOs can become a potent weapon for attackers. In this blog, we will explore the concept of GPO abuse and how it […]
Introduction to C2 Frameworks
Introduction to C2 Frameworks July 27, 2023 Android Shashikant Prasad Command and Control (C2) frameworks have emerged as a sophisticated and consequential dimension in the ever-evolving cybersecurity landscape. These frameworks are commonly employed by threat actors, particularly those involved in Advanced Persistent Threats (APTs), to orchestrate and manage cyber-attacks on targeted organizations or individuals. This […]
Abusing ACL Misconfigurations
Abusing ACL Misconfigurations July 25, 2023 Active Directory Karan Patel Access Control Lists (ACLs) are a crucial component of securing data and resources in an IT infrastructure. By assigning permissions to users and groups, ACLs regulate access to files, directories, and other objects. However, when ACLs are misconfigured or abused, they can become a significant […]
Discovering Internet Accessible Devices with Shodan
Discovering Internet Accessible Devices with Shodan July 24, 2023 Web Application Tarak Sakhardande In the vast landscape of the internet, a hidden world of devices is waiting to be discovered. These devices, ranging from servers and routers to webcams and printers, are often accessible to anyone with the right tools and knowledge. This is where […]
The Importance of Vulnerability Scans and Pen Testing
The Importance of Vulnerability Scans and Pen Testing July 22, 2023 Informational Srishti Chopra As cyber-attacks have evolved, businesses must protect their applications against vulnerabilities that open them to attack. Vulnerability scans and penetration testing come into play here. In this blog, we will discuss combining vulnerability scans and pen testing to maximize your application […]
Power of Covenant C2 Framework
Power of Covenant C2 Framework July 22, 2023 Active Directory Kunal Kumar In the ever-evolving world of cybersecurity, staying one step ahead of malicious actors is crucial. Command and control (C2) frameworks play a vital role in post-exploitation activities, allowing security professionals to execute payloads on compromised hosts and gain control over the target network. […]
DOM-Based Cross-Site Scripting
DOM-Based Cross-Site Scripting July 21, 2023 Web Application Tarak Sakhardande As the digital landscape continues to evolve, so do the threats that target web applications. Cross-site scripting (XSS) remains a persistent and dangerous vulnerability among these threats. In particular, DOM-based XSS poses a significant risk to the security of web applications. In this blog, we […]
Defending Against Phishing Attacks
Defending Against Phishing Attacks July 21, 2023 Informational Srishti Chopra As technology continues to advance, so do the tactics of cybercriminals. Phishing attacks trick individuals into divulging sensitive information or downloading harmful software. In this blog, we will discuss the psychology of phishing attacks and common types of phishing emails to be aware of, in […]
Understanding CRLF Injection Attacks
Understanding CRLF Injection Attacks July 19, 2023 Web Application Tarak Sakhardande In web security, CRLF Injection Attacks remain a potent threat. This blog aims to provide comprehensive insight into this malicious technique, its implications, and the preventive measures available to tackle it. Deciphering CRLF Injection Attacks Acronymized as CRLF, Carriage Return Line Feed signifies the […]
Exploiting MS SQL Servers
Exploiting MS SQL Servers July 18, 2023 Active Directory Shaunak Khosla As companies continue to rely on databases to store sensitive information, securing the data has become a top priority. MS SQL Server is a popular database management system that integrates with Windows and Active Directory domains, creating trust relationships that can be leveraged for […]