This is a continued post of Insecure Deserialization Exploit – Part 1. In the previous post, we saw a demo of a RCE, we discussed how serialization and deserialization work along with a warning by Python documentation to not unpickle untrustetd data.
Continue readingThe Egg Series: How Eggxactly Insecure Deserialization Exploit works – Part 1
0A lot of people I ask, fail to clearly explain how the Insecure Deserialization exploits work. It is often hard to confirm and exploit. I wanted to learn deeper about this vulnerability. So I decided to give a talk at Null Hyderabad‘s June meet. This blog is write-up of the same content delivered in the meetup. This is the second episode of “The Egg Series”.
How Eggxactly Buffer Overflow Flaws Work? Part 1: Preparing for Overflow
0I’m not sure about you, but I used to see news about some components suddenly known to be vulnerable to Buffer Overflow and the vendor released an emergency patch. I never had a chance to understand the Weakness in detail. I knew it’s another type of Remote Code Execute (RCE) but never explored. If you’re like me, let’s attempt to explore it, understand how eggxactly it happens, how to reproduce a Simple Buffer Overflow to get a reverse shell.
Fetch any Olacabs Users’ Ride Details
2While I was at work, a friend of mine Prasad, pinged me on facebook giving me Olacabs bug bounty URL. I knew they have a program but didn’t try my hand before. I thought this is the call, wouldn’t it be nice if I let him know that I made it?
10 Signs you’re hacker
0Do you think you’re a hacker? Have you ever wondered, like me, what exactly makes you different from others? I have been thinking about listing down the differences and finally got a chance to put down my thoughts into this post today.
Continue reading10 Tips on creating a perfect phishing email
0Most of the phishing attacks are failed because of lack of being careful while constructing. The world is learning day by day. People are already aware of and careful about phishing attacks. You have to get one step ahead in order to trap them successfully.
Continue readingAsked Hall of Fame but Uber gave me Rs.2 lacs
2#BugBounty.. I started with it a few months back. The real challenge that a newbie bounty hunter face is the “Competition”. Whenever a new program is announced on hackerone or bugcrowd, within a very few hours, 100s of reports are being submitted. All the low hanging fruits are gone! But I wanted to grab some from my fellow hunters. Here’s the story how I got lucky with Uber recently.
An amazing long weekend at the Hackers’ Festival
0Just wanted to share my experience attending Nullcon, a well-know International Security Conference, happened on Mar 11 to 12th in India’s Las Vega, Goa. Witnessed & impressed by the crowd’s true passion towards InfoSec & their continued community effort to secure the digital life of the world.