This is a continued post of Insecure Deserialization Exploit – Part 1. In the previous post, we saw a demo of a RCE, we discussed how serialization and deserialization work along with a warning by Python documentation to not unpickle untrustetd data.Continue reading
A lot of people I ask, fail to clearly explain how the Insecure Deserialization exploits work. It is often hard to confirm and exploit. I wanted to learn deeper about this vulnerability. So I decided to give a talk at Null Hyderabad‘s June meet. This blog is write-up of the same content delivered in the meetup. This is the second episode of “The Egg Series”.
I’m not sure about you, but I used to see news about some components suddenly known to be vulnerable to Buffer Overflow and the vendor released an emergency patch. I never had a chance to understand the Weakness in detail. I knew it’s another type of Remote Code Execute (RCE) but never explored. If you’re like me, let’s attempt to explore it, understand how eggxactly it happens, how to reproduce a Simple Buffer Overflow to get a reverse shell.
Do you think you’re a hacker? Have you ever wondered, like me, what exactly makes you different from others? I have been thinking about listing down the differences and finally got a chance to put down my thoughts into this post today.Continue reading
Most of the phishing attacks are failed because of lack of being careful while constructing. The world is learning day by day. People are already aware of and careful about phishing attacks. You have to get one step ahead in order to trap them successfully.Continue reading
#BugBounty.. I started with it a few months back. The real challenge that a newbie bounty hunter face is the “Competition”. Whenever a new program is announced on hackerone or bugcrowd, within a very few hours, 100s of reports are being submitted. All the low hanging fruits are gone! But I wanted to grab some from my fellow hunters. Here’s the story how I got lucky with Uber recently.
Just wanted to share my experience attending Nullcon, a well-know International Security Conference, happened on Mar 11 to 12th in India’s Las Vega, Goa. Witnessed & impressed by the crowd’s true passion towards InfoSec & their continued community effort to secure the digital life of the world.