SEIKO Data Breach The watch manufacturing company Seiko, targeted by the threat group BlackCat/ALPHV who operates as ransomware as a service. On August 10, the company notified its customers about a data breach after they detected unauthorized access to its server. Cloud Host Lost All Data There has been a cyber attack on two cloudContinue reading “Weekly roundup for August 20 to 26”
Tag Archives: ethicalhacking
HackTheBox – Keeper
User Flag Ater adding the target machine in /etc/hosts we conducted a NMAP scan. While accessing the IP over browser we got the following URL. After adding this URL in the /etc/hosts file we tried to access the URL. We tried to brute force the credentials manually and the following credential set worked. root:password UponContinue reading “HackTheBox – Keeper”
HackTheBox – Precious
NMAP Scanning Add website to hosts file: Open the web service This website takes a web page URL and converts it into PDF. On examining the pdf, it shows that it is using pdfkit v0.8.6 version On searching we found vulnerability for mentioned version On studying the POC it looks like the URL parameter isContinue reading “HackTheBox – Precious”
Common Linux Privilege Escalation
Used room: https://tryhackme.com/room/commonlinuxprivesc Privilege Escalation is a practice. It mainly depends upon configuration done in the system that acts as a weakness to escalate the privileges. These configurations can be of many types. For e.g.: So, today or tonight we will see various methods to do privilege escalation in Linux. Step 1: Enumerate the machineContinue reading “Common Linux Privilege Escalation”
AWS Analytics Services
Data Warehouse A data warehouse is a data storage solution that aggregates massive amounts of historic data from disparate sources. Benefits: Data warehouses support querying, reporting, analytics. And business intelligence. They are not used for transaction processing. Amazon Redshift Redshift is a scalable data warehouse solution. Features: Data warehousing solution. Handles exabyte-scale data. Improves speedContinue reading “AWS Analytics Services”
Terminology Cheat Sheet
S. No. Term Meaning/Use 1 Access control list(ACL) Firewall on network level 2 Auto Scaling Automates the process of adding or removing instances based on traffic 3 Buckets Root – level folders 4 CloudFront Content delivery network (CDN) that allows you to store your content at “edge locations” located all around the world, allowing customersContinue reading “Terminology Cheat Sheet”
AWS Compute Services
Elastic Compute Cloud – EC2 EC2 allows you to rent and manage virtual servers in the cloud. Servers are physical computer hardware running at the data center. EC2 instances are virtual servers running on these physical servers. In the real world, it is used to deploy databases and applications. How to access the EC2 instance?Continue reading “AWS Compute Services”
Cross-site Scripting
It is an injection attack where malicious JavaScript gets injected into a web application with the intention of being executed by other users. Types of XSS Reflected XSS Stored XSS DOM based XSS Blind XSS Reflected XSS Reflected XSS happens when user-supplied data in an HTTP request is included in the webpage source without anyContinue reading “Cross-site Scripting”
Understanding Log4j
What is Log4j? Log4j is a java package mostly a part of the Apache Logging utility used to capture logs. Everything you do on the internet becomes an event that gets captured in a form of a log. Even your inputs also get captured in logs. Your application is vulnerable if it logs a user’sContinue reading “Understanding Log4j”
John The Ripper
John the Ripper is one of the most well known and efficient hash cracking tool. It is a fast in cracking, with an extraordinary range of compatible hash types. What is Hash? A hash is basically a fingerprint of any piece of data. The process of hashing is irreversible i.e. information once converted into aContinue reading “John The Ripper”
