Jul 182017
 

Amazon Web Services (AWS) is a secure cloud platform service which is hybrid of Infrastructure as a Service (IaaS), Platform as a Service(PaaS), and Software as a Service (SaaS). It offers various services starting from data warehousing to content delivery. It allows easy deployment of “local cloud” on premises, which is a highly sought out feature. AWS is built upon global infrastructure which is laid based on regions and availability zones (AZ).  A region is Read More…

Jun 302017
 

The past 12-18 months we have seen a lot of activity in the area of breach response. We not only launched our Big Data Security Analytics platform using ELK, began doing active threat hunting as a service, but we also significantly strengthened our breach response capabilities. I spent most of my consulting hours responding to incidents – mostly security-related but at least one (BA-level) system crash that was not a cybersecurity incident. Beyond the foundation Read More…

Jun 092017
 

If you are a newbie in Penetration Testing and afraid of OSCP preparation, do not worry. Even I was once an amateur before starting on my OSCP journey. In this blog, I will provide you with a strategy for OSCP preparation. I will also share some resources that I found useful during my preparation. Here I will not be explaining the technical concepts. Those should be figured out by you on your own. Overview OSCP Read More…

May 242017
 

[[Post was originally posted on 23rd May, 2017 at invadersam.com]] Microsoft Office Word / Wordpad remote code execution vulnerability allows a remote attacker to execute arbitrary code on the system. An attacker can send specially crafted files which can cause the MS Word / Wordpad to download a remote shell and the attacker can gain access of the system. Once, the attacker has control of the machine, he / she can install a software, create Read More…

May 162017
 

Before we start to configure our decoys and put it in our production environment, let’s take a look at what exactly it is and how it differs from the usual honeypot. Honeypots are vulnerable systems configured to lure the attacker who is present in an organization. This attacker need not be from outside the environment. Many a times even employees tend to rome around in the network in order to see if they can find Read More…

May 042017
 

Most organizations face a barrage of attacks every day from threat actors around the globe. Among the various vectors, attackers have found relatively high degree of success by (spear) phishing employees of the organization. This allows attackers to bypass perimeter defences and gain a foothold in the internal network. SOC teams have multiple approaches to detect such phishing attempts. Most common ones are listed below: An alert user notifies them of receiving suspicious email Email Read More…

Mar 092017
 

Part IV: Customizations – Custom Kernels and building Chroots This is the blog part 4 of building your custom Pentesting device. If you haven’t read the previous blogs, here are the links to them: – Part I Part II Part III So, now let’s get started with adding our own set of firmware support and customizations in the kernels. By default, the kernels supplied by the manufacturers are pretty restrictive because they want users to Read More…