Collaborate Disseminate
I have hit a conceptual roadblock here and, to be honest, do not really have a lot of experience with WAFs or firewalls in general. (I did go through this very nice explanation to get upto speed with the basic understanding of firewalls. )… Continue reading Can a WAF transform HTTP response
My understanding of containers is very basic and so is my understanding of AWS EC2. Recently while trying to debug a security issue, I came across a scenario where I was able to gain an RCE. Whether this RCE was in a container or on the EC… Continue reading Why am I able to access EC2 metadata endpoint from within a Docker container running in the EC2
One of the really nice articles I came across while trying to understand the various grant types in Oauth2.0 was this. The author really has done a good job at explaining quite clearly what various grant types in an Oauth2.0 flow look like… Continue reading Is access token confidentiality also ensured in the Authorization Code grant type in Oauth2.0
Everything earlier used to work fine. However, recently I downloaded a newer virtual device on Genymotion, which is an Android 8.0 API 26. I have been struggling to get HTTPS traffic intercepted on this device. Some digging suggested that … Continue reading BURP SSL connection failing on Genymotion Virtual Device – Android 8.0 API 26
The way we create buckets in our org and ensure sane ACLs around it is by providing an automated tool (that internally uses Terraform) to provision an S3 bucket. So say when a user requests for a new bucket, named testBucket we create a bu… Continue reading AWS S3 resource access control through IAM permissions or bucket policies?
This may sound like an open ended question, but I would like to take my chances and understand if there is any way the rest of the community is handling this issue.
Let’s say there is an app that allows users to sign up usin… Continue reading Prevent against OTP abuse in app sign up flow
While doing an internal pentest (a red team exercise basically) I figured out the following components of a private key (to be exact OpenSSLRSAPrivateCrtKey):
Modulus
Public exponent
Private exponent
First prime
Second prim… Continue reading getting the private key from modulus
I am writing an open source python tool aimed at inventoring/auditing and hardening of a system. When I started off with the project, I did some research around it and figured out that there were not many tools (at least open… Continue reading Difference between Lynis and Nessus and yet another hardening tool
I am trying to install inetsim on Ubuntu 14.04 where I have been following instructions from several blogs and the inetsim.org documentation itself at:
inetsim download and installation
Now one of the blogs mentions the way … Continue reading inetsim installation perlipq/libipq error
I am trying to install inetsim on Ubuntu 14.04 where I have been following instructions from several blogs and the inetsim.org documentation itself at:
inetsim download and installation
Now one of the blogs mentions the way … Continue reading inetsim installation perlipq/libipq error