Misconfigured S3 Bucket Access Controls to Critical Vulnerability

Amazon S3 (Simple Storage Service) is one of the popular and widely used storage services. Many companies are using S3 buckets to store their assets such as user profile pictures, static resources, and anything as per their business logic and needs.

Tale of my First XSS

Hi guys, So I would like to start this blog with a question, What was the first vulnerability you learnt when you began into Cyber Security?? Mine was XSS, though it took pretty long for me to find it but yeah! I finally found it

Weak Cryptography in Password Reset to Full Account Takeover

Most of the applications provide the user’s with functionality to “Reset Password” via email. This functionality has always been a part of interest for most of the Bug Bounty Hunters or Security Researchers.

Found Stored Cross-Site Scripting — Privilege Escalation like a Boss

Cross-site scripting is one of the prominent attacks of all time. It is still being exploited in the wild. Cross-site scripting is always not about popping an alert box with some random crazy string or domain or cookies.

Kubernetes Takeover— Exit the Box!

Kubernetes Takeover— Exit the Box! Talking about “learn by taking apart”, I got tired of hearing about Kubernetes (K8s) and decided to take a look at it in my own way: through CTF and ethical learning / hacking.

From Microsoft “Build the Shield” to Microsoft “Hall of Fame”

This post is going to be about how I got started in hacking (thanks to Microsoft) and with time, how I was able to help them back by reporting some security vulnerabilities in their web applications.

How photovoltaic system data ends up online

Another IoT Story. I was home for Christmas my parents told me monitoring with an App is stupid and they want to store and view the data on their personal computer.

An intro to Mender — Part 2

Setting up a Mender server all your own. This tutorial is the first part in a multi-part series on setting up OTA updates for your IoT device using Mender

An intro to Mender — Part 1

The modern way to update IoT devices. We will be using a Raspberry Pi Zero WiFi running Raspberry Pi OS (32-bit) Lite (Raspbian? When did they rename it?!). There is some overlap between this article and the setup in another article on getting a headless setup of Raspberry Pi — here we focus on the necessary steps to get Mender up and running.

Breaking in to a EC2 instance

Have you ever misplaced your private keys? A quick and easy way to recover your data even though you have lost your private keys.

Fuzzing FastCGI With AFL-Fuzz

This is the very long tale of my adventures in fuzzing FastCGI with AFL-Fuzz. If you’re interested in fuzzing a FastCGI binary, look no further.

How to Speed up Python code with CARMA

Python is lovely, but what if you want something both lovely and fast? It’s not Python’s fault — more that of all interpereted languages. We start out by writing an algorithm that we understand, but is terrible in performance. We can try to optimize the code by reworking the algorithm, adding GPU support, etc., etc., but let’s face it: optimizing code by hand is exhausting. Don’t you just wish there were a magic… thing… existed that you could run over your code to make it faster? A magic thing called a… compiler?

Smartwatch Hack Could Trick Dementia Patients into Overdosing

Attackers could hack the smartwatch and send dementia patients alerts for taking their medication.

GraphQL introspection leads to sensitive data disclosure.

GraphQL is a query language for APIs and a runtime for fulfilling those queries with your existing data. GraphQL provides a complete and understandable description of the data in your API, gives clients the power to ask for exactly what they need, and nothing more, makes it easier to evolve APIs over time, and enables powerful developer tools.

How to Bypass Rate Limit like a PRO !

There are many more ways to Bypass Rate Limits.This article will show you bypassing rate limit with header,captcha and character. Let's learn how to bypass rate limit like a pro!

A Comprehensive guide to JAVA Serialization vulnerability

‘objects’ are the basic unit of Object-Oriented Programming and represents the real-life entities. A typical Java program creates many objects, which as you know, interact by invoking methods.

Hack Keyboard Shortcuts Into Sites with a Custom Chrome Extension

Increase productivity by adding custom keyboard shortcuts to your favorite sites. Hack Keyboard Shortcuts Into Sites with a Custom Chrome Extension. Ever wish a site had a keyboard shortcut? Me, every time I press the right arrow key in Google Calendar and sigh in frustration when the site doesn’t navigate to the next week. This seems like such an intuitive shortcut: use the arrow keys to browse forward and backward in time. It’s so intuitive that I forget it doesn’t actually exist natively. In this post, we’ll be adding arrow key navigation to GCal. This process can be extended to any site, with (almost) any keyboard shortcut!

Hacking the Website using Javascript - Don't try !!!

The best way to learn a new programming language is to learn by doing. Learn some useful JavaScript functions in less than 30 minutes by trying out these scripts on your favorite website(s). This walkthrough is good for beginners. No fancy setup, just you, the browser, and the terrifying yet beautiful programming language that is JavaScript.