Key Principles of a Zero-Trust Cybersecurity Framework
Key Principles of a Zero-Trust Cybersecurity Framework August 24, 2023 Informational Srishti Chopra Cyber security has become critical to organizations worldwide as cyber threats grow increasingly sophisticated and widespread. Therefore, organizations must implement advanced measures of protection to guard their sensitive data and systems against potential breaches. One such approach is the zero-trust security model. […]
Exploiting Misconfigured Active Directory Certificate Template – ESC1
Exploiting Misconfigured Active Directory Certificate Template – ESC1 August 19, 2023 Active Directory Gaurav Choudhari Certificates are crucial in establishing trust and securing communication within the Active Directory environment. They are used for authentication, encryption, and digital signatures. Certificate Templates are predefined configurations that define the properties and settings for the certificates issued by the […]
Understanding Intent Injection Vulnerabilities in Android Apps
Understanding Intent Injection Vulnerabilities in Android Apps August 16, 2023 Web Application Tarak Sakhardande In the complex world of Android app security, intent injection vulnerabilities pose a significant threat. These vulnerabilities allow attackers to manipulate the communication between different components within an app, potentially gaining unauthorized access to sensitive information or executing malicious actions. In […]
GPO Abuse
GPO Abuse July 31, 2023 Active Directory Shaunak Khosla Group Policy Objects (GPOs) are a powerful tool administrators use to manage and enforce security policies across a domain. However, in the wrong hands, GPOs can become a potent weapon for attackers. In this blog, we will explore the concept of GPO abuse and how it […]
Introduction to C2 Frameworks
Introduction to C2 Frameworks July 27, 2023 Android Shashikant Prasad Command and Control (C2) frameworks have emerged as a sophisticated and consequential dimension in the ever-evolving cybersecurity landscape. These frameworks are commonly employed by threat actors, particularly those involved in Advanced Persistent Threats (APTs), to orchestrate and manage cyber-attacks on targeted organizations or individuals. This […]
Abusing ACL Misconfigurations
Abusing ACL Misconfigurations July 25, 2023 Active Directory Karan Patel Access Control Lists (ACLs) are a crucial component of securing data and resources in an IT infrastructure. By assigning permissions to users and groups, ACLs regulate access to files, directories, and other objects. However, when ACLs are misconfigured or abused, they can become a significant […]
Discovering Internet Accessible Devices with Shodan
Discovering Internet Accessible Devices with Shodan July 24, 2023 Web Application Tarak Sakhardande In the vast landscape of the internet, a hidden world of devices is waiting to be discovered. These devices, ranging from servers and routers to webcams and printers, are often accessible to anyone with the right tools and knowledge. This is where […]
The Importance of Vulnerability Scans and Pen Testing
The Importance of Vulnerability Scans and Pen Testing July 22, 2023 Informational Srishti Chopra As cyber-attacks have evolved, businesses must protect their applications against vulnerabilities that open them to attack. Vulnerability scans and penetration testing come into play here. In this blog, we will discuss combining vulnerability scans and pen testing to maximize your application […]
Power of Covenant C2 Framework
Power of Covenant C2 Framework July 22, 2023 Active Directory Kunal Kumar In the ever-evolving world of cybersecurity, staying one step ahead of malicious actors is crucial. Command and control (C2) frameworks play a vital role in post-exploitation activities, allowing security professionals to execute payloads on compromised hosts and gain control over the target network. […]
DOM-Based Cross-Site Scripting
DOM-Based Cross-Site Scripting July 21, 2023 Web Application Tarak Sakhardande As the digital landscape continues to evolve, so do the threats that target web applications. Cross-site scripting (XSS) remains a persistent and dangerous vulnerability among these threats. In particular, DOM-based XSS poses a significant risk to the security of web applications. In this blog, we […]