Hacking GraphQL (Part 3)
Hacking GraphQL (Part 3) April 09, 2022 Web Application Gaurav Choudhari In Part 2 of the Hacking GraphQL series, we discussed the GraphQL DoS attack. In Part 3, we’re going to try to exploit the SQLi vulnerability, included in the OWASP Top Ten Web Application Security Risks. In this blog post, we will use the […]
Server-Side Request Forgery
Server-Side Request Forgery April 07, 2022 Web Application Tarak Sakhardande SSRF vulnerabilities allow an attacker to send crafted malicious requests from the back-end server of a vulnerable application. Criminals usually operate SSRF attacks to target internal systems that are behind firewalls and are not unrestricted from the external network. An attacker may also leverage SSRF […]
Antivirus Evasion (Part 2)
Antivirus Evasion (Part 2) April 06, 2022 Windows Red Teaming Redfox Security Team In Part 1 of our Antivirus Evasion series, we managed to get a meterpreter reverse shell while evading Windows Defender by writing an .exe file to disk and then executing it. Malware can also be run entirely in memory to avoid leaving […]
Hacking GraphQL Part 2
Hacking GraphQL Part 2 April 05, 2022 Web Application Gaurav Choudhari In part 1 of the Hacking GraphQL series, we discussed about the basics of GraphQL. In part 2 of this series, we’re going to try the DoS attack vector and see how adversaries can leverage them. In this post, we are going to use […]
No SQL Injection
No SQL Injection April 03, 2022 Web Application Redfox Security Team NoSQL Injection refers to cyber-attacks that inject malicious payloads into non-SQL databases like MongoDB. Due to the new demand for modern-day applications, there has been wide adoption of NoSQL databases which could conveniently facilitate the distribution of data across numerous servers. NoSQL databases give […]
Antivirus Evasion (Part 1)
Antivirus Evasion (Part 1) April 02, 2022 Windows Red Teaming Redfox Security Team Antivirus Evasion in general use signature-based and heuristics-based malware detection mechanisms. In this blog, we will learn and test some techniques to try and bypass such defences, and to get a fully functional meterpreter reverse shell from an updated Windows Server 2016 […]
Hacking GraphQL Part 1
Hacking GraphQL Part 1 March 25, 2022 Web Application Tarak Sakhardande GraphQL is quickly becoming the alternative to REST API, being able to request a specified set of data across multiple resources within a single request. But with great power come great security risks. A single point of failure could allow attackers to create complex […]