Docker Hardening Best Practices

Docker Hardening Best Practices April 07, 2023 Container Karan Patel Docker has gained immense popularity in recent times due to its containerization capabilities. However, as with any widely used platform, there is an increased risk of security threats. Therefore, taking the necessary measures to secure your Docker environment is imperative. In this regard, here are […]

Attacking Kubernetes (Part 1)

Kubernetes attack

Attacking Kubernetes (Part 1) April 7, 2023 Active Directory Karan Patel Kubernetes 101 Kubernetes, or K8s, is an open-source container orchestration and management platform. Kubernetes provides a way to manage, deploy, and scale containerized applications in a distributed system environment. Google initially developed it, and is now maintained by the Cloud Native Computing Foundation (CNCF). […]

6 ways Data Breaches Can Strike Your Brand Value

6 ways Data Breaches Can Strike Your Brand Value March 29, 2023 Informational Jyoshita Data breaches have become a significant concern for organizations across industries worldwide. With more sensitive data stored and transmitted online, these security breaches have far-reaching consequences. Cyber attackers are constantly devising alternative ways to breach security protocols. As a result, it […]

Kerberos Attacks (Part 2)

Kerberos Attacks (Part 2) March 28, 2023 Active Directory Karan Patel In our previous blog post, we discussed the Kerberos authentication and authorization mechanism and a few of their exploits. We also discussed PAC’s significance and how it affects user authorization. In this blog, we will dive deeper into PAC exploits and how attackers can […]

Attacking Kerberos Delegation

Attacking Kerberos Delegation March 02, 2023 Active Directory Joe Zacharia Kerberos Delegation is a powerful authentication mechanism that allows users and services to securely access resources in an Active Directory environment.  Topics covered:  Basic principles of Kerberos Delegation Types of delegations, their configuration and how they work Exploiting constrained delegation By exploring these topics one […]

Buffer Overflow Basics

Buffer Overflow Basics February 03, 2023 Software Vulnerabilities Karan Patel Buffer overflow is a vulnerability where a program tries to store more data in a buffer than it can hold, potentially overwriting important data or enabling an attacker to execute malicious code. While these attacks are becoming less common due to better security practices, understanding […]

Exploiting MySQL Service

Exploiting MySQL Service

Exploiting MySQL Service December 31, 2022 Web Application Tarak Sakhardande What is MySQL? MySQL is a powerful, free, open-source database management system widely used in web applications. It uses the popular Structured Query Language (SQL) to organize data in tables with rows and columns, providing efficient data storage and retrieval. MySQL is known for its […]

Android Webview Vulnerabilities

Android Webview Vulnerabilities

Android Webview Vulnerabilities December 22, 2022 Android Redfox Security Team In this blog, we are going to discuss Android WebView vulnerabilities. What is a WebView? The WebView class, which is an extension of the View class in Android, can be used to show a web page as part of your activity layout. It doesn’t have […]

Kerberos Attacks- Part 1

Kerberos Attacks- Part 1

Kerberos Attacks- Part 1 December 21, 2022 Active Directory Shashikant Prasad As discussed in the Active Directory Basics blog, Kerberos is an authentication mechanism used to authenticate users and services. The two main components of Kerberos are: Authentication Server (AS), which authenticates user and grants Ticket Granting Ticket (TGT) Ticket Granting Server (TGS), which issues […]

Dependency Confusion Attack and its Mitigation

Dependency Confusion Attack and its Mitigation

Dependency Confusion Attack and its Mitigation December 19, 2022 Supply Chain Attacks Kunal Kumar In this blog, we will discuss Dependency Confusion attacks and ways to exploit them. What is a Dependency Confusion Attack? Dependency confusion is an attack on the build process of an application. This is due to the improper configuration of private […]