The Story of a Novel Supply Chain Attack

Hello readers, so today I’m gonna talk about Dependency Confusion Attack and how to perform this attack in the real world. This attack comes into the picture when the user wants to install any sort of package, library, repos, etc. from the internet. Usually, the user only needs to specify the name or source of the library, and the package manager handles download and installation on its own. These package managers have become simpler by abstracting the complex logic of managing packages from the user and leading to supply chain attacks.

Before we dwell more on the attack part let’s…


Accessing Arbitrary Customer data

Hello readers, today we are gonna talk about IDOR, I know most of you must be knowing what IDOR is and different ways to execute the attack. So, today we are gonna talk about another way to execute this attack which is based on the client-side restrictions and ways to bypass them. Let the hunt begin!

We will be focusing on the following pointers;

1. Debugging and exploiting client-side encryption/hashing

2. Identifying the client-side surface attack

You can read more about Debugging JS in the browser at the following link👇

https://developer.chrome.com/docs/devtools/javascript/

Insecure Direct Object Reference (called IDOR from here) occurs…


LFI to RCE

Hello readers, today we are gonna talk about PHPObjectInjection and leveraging the power of Reflection to modify the serialized objects and access any arbitrary files from the server, later we will learn how to convert it into an RCE (Remote Code Execution). let the hunt begin;

What is PHPObjectInjection?

Before we talk about the attack, let’s understand what is Serialization? I hope you must be having an idea about it, lets have a revision,

Serialization is basically converting a set of data structures or objects into a stream of bytes to transmit it to a memory, a database, or a…


Before we talk about the necessity of an Information Security Policy, let me introduce myself, my name is Antara Mane and I’m working as an InfoSec Analyst/Auditor for the past 2+ years.

You might be having a question concerning “Why an obligation to understand Information Security, and what is exactly InfoSec Policy?”

Reference: https://www.google.com/url?sa=i&url=https%3A%2F%2Flinfordco.com%2Fblog%2Finformation-security-policies%2F&psig=AOv
Reference: https://www.google.com/url?sa=i&url=https%3A%2F%2Flinfordco.com%2Fblog%2Finformation-security-policies%2F&psig=AOv

Well, even if you might had this questioned arisen in your mind or not I will discuss everything you need to know about InfoSec Policy, and when I say InfoSec I actually mean “Information Security”. Let’s begin.

Information Security → is to shield the information and systems on…

Antara Mane

Antara is an Information, Network Security professional, and a Security Researcher/Auditor.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store