Hello readers, so today I’m gonna talk about Dependency Confusion Attack and how to perform this attack in the real world. This attack comes into the picture when the user wants to install any sort of package, library, repos, etc. from the internet. Usually, the user only needs to specify the name or source of the library, and the package manager handles download and installation on its own. These package managers have become simpler by abstracting the complex logic of managing packages from the user and leading to supply chain attacks.
Before we dwell more on the attack part let’s…
Hello readers, today we are gonna talk about IDOR, I know most of you must be knowing what IDOR is and different ways to execute the attack. So, today we are gonna talk about another way to execute this attack which is based on the client-side restrictions and ways to bypass them. Let the hunt begin!
We will be focusing on the following pointers;
1. Debugging and exploiting client-side encryption/hashing
2. Identifying the client-side surface attack
You can read more about Debugging JS in the browser at the following link👇
Insecure Direct Object Reference (called IDOR from here) occurs…
Hello readers, today we are gonna talk about PHPObjectInjection and leveraging the power of Reflection to modify the serialized objects and access any arbitrary files from the server, later we will learn how to convert it into an RCE (Remote Code Execution). let the hunt begin;
What is PHPObjectInjection?
Before we talk about the attack, let’s understand what is Serialization? I hope you must be having an idea about it, lets have a revision,
Serialization is basically converting a set of data structures or objects into a stream of bytes to transmit it to a memory, a database, or a…
Before we talk about the necessity of an Information Security Policy, let me introduce myself, my name is Antara Mane and I’m working as an InfoSec Analyst/Auditor for the past 2+ years.
You might be having a question concerning “Why an obligation to understand Information Security, and what is exactly InfoSec Policy?”
Well, even if you might had this questioned arisen in your mind or not I will discuss everything you need to know about InfoSec Policy, and when I say InfoSec I actually mean “Information Security”. Let’s begin.
Information Security → is to shield the information and systems on…
Antara is an Information, Network Security professional, and a Security Researcher/Auditor.