Threat intelligence is a critical component of effective Security Operations Centre (SOC) operations. In today's threat landscape, where attackers are constantly evolving their tactics, techniques, and procedures (TTPs), organizations need to stay informed about the latest threats and vulnerabilities in order to keep their systems and data secure.

PetitPotam is an NTLM relay attack that could be used against a Windows server, forcing it to share credentials and then relaying these to generate an authentication certificate. This method could be used by an attacker to take complete control of a domain from a domain controller.

Twitter, a social media site, acknowledged that they had a now-patched zero-day vulnerability that allowed attackers to access the personal data of 5.4 million users by linking their email addresses and phone numbers to their accounts.

Remote code execution is used to expose vulnerabilities in the form of user input that can be exploited when user input is injected into a file or string and the entire package is run through a programming language parser. It is not the type of behaviour exhibited by web application developers.

Insider threats refer to cybersecurity risks that originate from within an organization. This typically occurs when a current or former employee, contractor, vendor, or partner with legitimate user credentials abuses access to damage an organization's networks, systems, and data.

A Rainbow Table Attack is a password-cracking technique that uses a rainbow table to crack password hashes in a database. Cybercriminals used rainbow table compilation as an easy way to crack passwords to allow unauthorized access to systems.

A security breach is an incident that leads to unauthorized access to system data, applications, networks, or devices. Where the information can be accessed without the authorization of the person. It occurs when the intruders bypass the security mechanism.

A zero-day attack is an attack in which a vulnerability is exploited before a fix is available or widely deployed. These attacks can be particularly damaging because traditional cyber defense strategies are ineffective in protecting against them. Many of these strategies rely on signature-based detection, which only works if the malware's signature is publicly available.

Access control (Authorization) is a method that allows us to differentiate between which system, data, functions, and resources are permitted to which people and groups. This is done by publishing policies that determine access privileges. Authentication and session management are dependent on web applications in Access control. Access Control issues are frequent, and they can result in serious security concerns and vulnerabilities.

Insecure data storage vulnerabilities occur when application store sensitive information such as username, password, and credit cards numbers in plain text. For storing this kind of data, we need a strong security mechanism. Sometimes developers use databases or saved settings to store these kinds of data in web and server-based application however in mobile application it will not work always.

The use of HTTP Host header is to identify which component the client wants to communicate with. Nowadays web servers are configured with more than one web application using same IP address. Several misconfigurations and flaws can expose the web application to a different types of host header attacks. Before going more about host header attack, lets understand some basic term.

Malicious scripts are injected into otherwise trustworthy and innocent websites in Cross-Site Scripting (XSS) attacks. XSS attacks take place when an attacker sends malicious code, typically in the form of a browser side script, to a separate end user using an online application. These attacks can be successfully conducted everywhere a web application incorporates user input without verifying or encoding it into the output it produces.

Numerous different types of assaults are being used by attackers to compromise business-critical data. Zero-day attacks, supply chain attacks, and other types of attacks are the best examples. Still, one of the easiest ways for attackers to gain access to your organisation is through password compromise. In this blog we will speak about what are known as "password spraying attacks" and how we can defend against them.

HTTP parameter pollution is a web application vulnerability in which it pollutes the HTTP parameters to achieve the specific task which are different from the intended behaviour of the web application. In HTTP Parameter pollution, attacker will append an extra parameter to an HTTP request to perform an unintended behaviour.

JWT, or JSON Web Token, is an open standard (RFC 7519) that allows two parties to securely exchange data. JSON web tokens are a type of access control that is widely used for authorization purposes. It is based on JSON format and includes a signature which ensures the integrity of the token.

SETTING UP AN ANDROID PENTESTING ENVIRONMENT (WINDOWS OS)

Android pentesting requires a dedicated environment which provides access to a rooted android device and let us see how to setup easily by using free tools in Windows Operating System.

COMPONENTS OF AN ANDROID APPLICATION

There are some necessary building blocks that an Android application consists of. These loosely coupled components are bound by the application manifest file which contains the description of each component and how they interact. The manifest file also contains the app’s metadata, its hardware configuration, and platform requirements, external libraries, and required permissions. There are the following main components of an android app.

Mobile application penetration testing is a form of security testing that is used by companies to evaluate security from inside of a mobile environment. Mobile penetration testing is built on OWASP mobile application security verification standard. Mobile pentesting performed by qualified reputable specialists is focused on client-side safety, file system, hardware, and network security.

As a Pen tester, we need to know as much as possible about the Internal Network Architecture. The (sub) Network cartography allows the attacker to discover the largest number of potential machines to compromise.

Android is an open source, Linux-based software stack created for a wide array of devices and form factors. The following diagram shows the major components of the Android platform.

PHP provides a mechanism for storing and loading data with PHP types across multiple HTTP requests. This mechanism boils down to two functions: serialize() and unserialize(). This may sound complicated but let’s look at the following easy example.

PHP provides a mechanism for storing and loading data with PHP types across multiple HTTP requests. This mechanism boils down to two functions: serialize() and unserialize(). This may sound complicated but let’s look at the following easy example.

Template Injection, also known as Server-Side Template Injection (SSTI) is a vulnerability class that has established the foundations for the exploitation techniques in multiple template engines. The exploitation of this type of issue will require specific knowledge of the template library or the language being used under the hood.

Template Injection, also known as Server-Side Template Injection (SSTI) is a vulnerability class that has established the foundations for the exploitation techniques in multiple template engines. The exploitation of this type of issue will require specific knowledge of the template library or the language being used under the hood.

A bot is a computer that has been compromised through a malware infection and can be controlled remotely by a cybercriminal. The cybercriminal can then use the bot (also known as a zombie computer) to launch more attacks, or to bring it into a collection of controlled computers, known as a botnet.

Before containers became popular, developers had to focus their energy on application log-ic and application details such as specific software versions and configurations specific to the app. But now, developers need to just focus on application logic.

This phase involves identifying the languages and frameworks used by the application and drawing a complete architecture of an application. This is necessary in order to understand the full functionality of the thick client application.

DevOps is a set of practices that works to automate and integrate the processes between software development and IT teams, so they can build, test, and release software faster and more reliably.

The content security policy (CSP) is a special HTTP header used to mitigate certain types of attacks such as cross site scripting (XSS). Some engineers think the CSP is a magic bullet against vulnerabilities like XSS but if setup improperly, you could introduce misconfigurations which could allow attackers to completely bypass the CSP.

Emerging technologies put cybersecurity at risk. Even the new advancements in defensive strategies of security professionals fail at some point. Besides, as offensive-defensive strategies and innovations are running in a never-ending cycle, the complexity and volume of cyberattacks have increased

An attacker could get a local or root shell on the system using publicly accessible put method also known as one of Webdav method. WebDAV is a term given to a collection of HTTP methods. HTTP requests can use a range of methods other than the standard GET and POST methods.

XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML data. It often allows an attacker to view files on the application server filesystem, and to interact with any backend or external systems that the application itself can access.

Our goal is to write shellcode for the Linux x64 architecture that will open a TCP over IPv4 socket, wait for an incoming connection and execute a shell only after the client provides a valid password.

A shellcode is a small piece of code used as the payload while exploiting. It is used to start a command shell from which the attacker can control the compromised machine. Shell coding is basically a list of carefully crafted instructions that can be executed once the code is injected into a running application. The kernel understands what the shellcode is what to do with it.

A sniffer is a program or a device that eavesdrops on the network traffic by grabbing information traveling over a network. Sniffers basically are “Data Interception” technology.

Data that was once securely encrypted can now be broken by parallel processing power. SSL and Virtual Private Networks can’t always protect messages as they travel across intermediary pathways. So, that where virtual Dispersive networking comes in