Securing and Auditing Remote Process Automation Securing and Auditing Remote Process Automation 1. Securing RPA: RPA introduces a new attack surface that can be leveraged to disclose, steal, destroy or modify sensitive data and/or high-value information, access unauthorized applications and systems, and exploit vulnerabilities to gain further access to an organization. This section focusses on […]
Implementing Cybersecurity in Robotics Introduction: As technology and human intelligence are evolving, new products are being developed by humans. But the evolution comes with benefits and drawbacks. One of the new and evolving technology is related to Robots and robotic process automation. An increase in cyber-attacks, combined with the shift toward automating business processes using […]
Introduction Recently while solving a challenge on Vulnhub.com, I came across a machine called “Jigsaw: 1” At the stage of privilege escalation, a buffer overflow challenge was presented. While researching on how this can be exploited, I came across an interesting method of buffer overflow exploitation called “Return to Libc”. While many of the online […]
SSL Pinning: Introduction & Bypass for Android What is SSL Pinning ? SSL pinning allows the application to only trust the valid or pre-defined certificate or Public Key. The application developer uses SSL pinning technique as an additional security layer for application traffic. As normally, application trusts custom certificate and allows application to intercept the […]
LLMNR/NBT-NS Poisoning In this blogpost, we’ll talk about poisoning name services (such as LLMNR, NBT-NS) within local networks. In a local area network, you can do name server poisoning to steal authentication credentials. Introduction:- LLMNR stands for -> Link-Local Multicast Name Resolution NBT-NS stands for -> NetBIOS Name Service LLMNR and NBT-NS are Microsoft Windows […]
Tokenization RBI Guidelines Tokenization RBI Guidelines RBI Releases Guidelines on Tokenization for Card Transactions Reserve Bank of India has issued a directive under Section 10 (2) read with Section 18 of Payment and Settlement Systems Act, 2007 to permit authorized payment networks to offer tokenization services to any token requestor in payment card transactions, subject […]
Attack is the secret of defense; defense is the planning of an attack. – Sun Tzu, The Art of War Ransomware have gained much notoriety in recent times. Locky, Wannacary, Petya and others have largely contributed to making ransomware attacks mainstream knowledge. However, in-spite of such heightened awareness about the prevalence of ransomware, many employees […]
Prologue In the previous blogpost, we reverse engineered a binary and extracted the password from within it. This binary however contained a plaintext password. This was good to start for beginners, but you won’t really find such types of binaries in today’s world. In real life, passwords are mostly obfuscated or encrypted. Most of the […]
As you might already be aware that ARM powers a variety of low-powered devices around us, including but not limited to, phones, routers, IoT devices, etc. Therefore, it is only logical to dig into this architecture and understand how it differs from x86 and x64 architectures. For this blog post, we will focus on 64bit […]
Prologue In the previous blog here, we reverse engineered a simple binary containing plaintext password in Linux with the help of GNU Debugger (GDB). In this blog however, we will be using the same source code of the binary but compile and debug it in Windows. Reverse engineering tools in Windows are highly different from […]
