Category: Uncategorized
-
An Overview of OAuth Grant Types and Flows
Introduction OAuth is an industry-standard framework for delegated authorization. “Delegated” is the keyword here because access is delegated and scoped to provide finer access control. In this post, I will explore different OAuth grant types, also known as OAuth flows, used to obtain access tokens. The goal of these grant types is to facilitate secure […]
-
Cyber Security Incident Response
Introduction Cyber Security Incident response is set of capability with set of purpose responding to computer security related problems. Cyber Security Incident response team (CIRT) / Computer security incident response (CSIRT) is a group of skilled professionals assess the cyber security events and provide guidance or response to the events. Incident response is one of […]
-
Canary tokens on AWS
What are Canary tokens? Canary tokens is simple way to detect attacker in your environment. Canary tokens provides visibility and able to identify how far the attacker penetrated the network. And also, sometimes it can be used to test your defence system. In the blog post, I am going to show how easy to deploy […]
-
AWS IAM Roles Anywhere – Part 2
In the previous post, I showed you how to create AWS IAM Roles Anywhere with external CA and in this post am going to discuss about some advance topics such as How to revoke a certificate There are multiple scenarios where you want to revoke an entity certificates like compromised entity or during off-boarding of […]
-
Countdown to zero day by Kim Zetter
Introduction This is my first cyber security book I read and I got hooked into the story from page1 and its real page turner. I am fascinated and amazed at the same time how the digital weapon meets the kinetic warfare. Two decades ago it’s impossible to think someone said they uses computer to sabotage […]
-
Offensive Security
What is Offensive Security? Recently I have developed interest in learning how bad actors exploiting the Information System and so I started spending most of my time understanding, practicing and identifying the vulnerable components in the application (Ethical way) to enhance my knowledge so that it will be useful to securely implement and protect the […]
-
Log4J Experiment
Introduction Log4J is popular topic recently – Most of the apps are vulnerable for Log4J vulnerability. Below is my experiment locally exploiting the Log4J vulnerability. Vulnerable Code Reference – https://www.lunasec.io/docs/blog/log4j-zero-day/ Compile the vulnerable code and get it ready to execute Run the exploitable code using below docker command Change the IP address to your local IP […]
-
Hello world!
Welcome to WordPress. This is your first post. Edit or delete it, then start writing!