InfoSec Write-ups - Medium-- Source Code Analysis and Exploiting API KeysI was getting lots of requests and msg on Whatsapp, LinkedIn, Twitter about the source code analysis, and exploitation of API Keys. So I will share my approach and also some blogs and writeups which you can refer to get a clear understanding.Google ImagesSo whenever we … Continue reading Source Code Analysis and API Keys Exploitations

InfoSec Write-ups - Medium-- Hey fam, i hope everyone is doing okay and able to use this time efficiently for self development and to self reflect. This corona virus pandemic has grown a bit tiring to be honest and gets the best of us.Here is my attempt at helping you understand a bug often overlooked when … Continue reading How to spot and exploit postMessage vulnerablities?

InfoSec Write-ups - Medium-- LimeSDR setup with GNURadio, gr-limesdr and GQRX on Ubuntu-20.04-Part-1LimeSDR with Acrylic CaseBored of this pandemic and I Finally dusted my LimeSDR and setup lab in Ubuntu-20.04. Ubuntu-20.04 has added all the previous PPAs of SDR domain into its default APT cache. This caught my attention. So we will look into how to … Continue reading LimeSDR setup with GNURadio, gr-limesdr and GQRX on Ubuntu-20.04

InfoSec Write-ups - Medium-- — Part-2LimeSDR with Acrylic CaseHope you had a smooth installation setup for LimeSDR. Now, we will see how to setup gnuradio, gr-limesdr and gqrx. For those, who haven’t checked how to setup LimeSDR, here is PART-1 .Let’s proceed further.STEP-4 : Installing GNURadiosudo apt install gnuradio gnuradio-devThis will install the latest gnuadio which is gnuradio-3.8.1. You … Continue reading LimeSDR setup with GNURadio, gr-limesdr and GQRX on Ubuntu-20.04

InfoSec Write-ups - Medium-- On part 1 we briefly explained how we got administrator privileges to almost all BMC devices hosting a native Openstack cloud. In this part we’ll show how we used these to achieve complete compromise.If you’ve read up on BMC devices, by now you’ll know that they allow you toMonitorRebootReinstallKVMthe attached devices. This … Continue reading How a badly configured DB allowed us to own an entire cloud of over 25K hosts (part 2/2)

InfoSec Write-ups - Medium-- I usually read news about security everyday, One of these websites is ZDNet. There is an space in the bottom of page for recommending ads by the Taboola.As a security enthusiastic, I always take a look at somewhere I can 😁Just right-click on ads’s picture and find a juicy endpoint by Inspect Element. … Continue reading A juicy endpoint on the Taboola leads to reveal internal IPs and XSS

InfoSec Write-ups - Medium-- A somewhat detailed write-up of a thing I did 4000 YEARS AGOto know how I got the price down from ₹80 to ₹1, we need to go back a few monthsThe 3rd of May 2020 “Lockdown Day 40”, inside the campus where I stayed at the time, in Gachibowli, Hyderabad. That night, after … Continue reading HOW I HACKED YOUR VENDING MACHINE

InfoSec Write-ups - Medium-- My Journey On Achieving The OSCP CertificationContinue reading on InfoSec Write-ups » View original article on InfoSec Write-ups - Medium

InfoSec Write-ups - Medium-- Note: The primary aim of this article is not to pinpoint any individual SCAM, but to shed light on the methods adopted by Scammers/Attackers which peddles the Scam Business. Here, a Real-Life Use Case of SCAM is selected to provide detailed insight!SS7 (Signalling System #7) is an interesting field where newbies often … Continue reading SS7 Attack Panel: Yet Another Rising SCAM on Social Media

InfoSec Write-ups - Medium-- IntroductionIn this write up we’ll see how we were able to combine direct sqlmap connection to a database with BMC/IPMI exploitation to compromise a big cloud-hosted client.Getting a footholdA couple of years ago, our team was tasked with performing an infrastructure pentest in an Openstack network. It was formed by about 2000 … Continue reading How a badly configured DB allowed us to own an entire cloud of over 25K hosts (part 1/2)