The regulatory guidelines issued by Reserve Bank of India (RBI) w.r.t. RBI/2017–18/153 — DPSS.CO.OD №785/06.08.005/2017–2018, expects all the Companies, who provide payment related services to ensure that the entire data related to payment systems operated by them are stored in a system only in India. This data includes the full…

Description Server Side Request Forgery (SSRF) is considered slightly unknown attack, and most people confuse how the attack actually works. This post will clear the basic working of the attack along with a practical demonstration. SSRF refers to an attack scenario against a vulnerable web application exploited by sending a…

Source: Wikimedia Commons The combined word governance, risk, and compliance are made up of three constituent parts. Here the first part governance implies corporate governance signifying administration of corporate affairs through the board of directors that direct and control the entire company and convey the management information among organisational hierarchy…

General Information The Domain Name System (DNS) is the phonebook of the Internet. Humans access information online through domain names, like nytimes.com or espn.com, and through Web browsers, people interact through Internet Protocol (IP) addresses. DNS translates domain names to IP addresses so browsers can load Internet resources. Each device…

Nowadays, Organisations have started the building of a Security Operations Centre with limited resources (time, staff, and budget), setting up an operations centre supported by multiple monitoring technologies and real-time threat updates. You may doubt that you’ll have enough full-time and skilled team members to implement and manage these different…

Seems like a boring topic? But mind you, its NOT! An attacker could get a local or root shell on the system using publicly accessible put method also known as one of Webdav method. WebDAV is a term given to a collection of HTTP methods.HTTP requests can use a range…

Huh, well this sounds like fun. Let’s see if it’s really that fun… This story began not so long ago. As always some hackers found a way to exploit the deserialization process. This so called insecure deserialization vulnerability was so severe that it nailed its name in the OWASP Top…

Hi Techmates! Brainpan is a vulnerable virtual machine which is designed for people who are preparing for OSCP or wants to exploit buffer overflow vulnerability. This blog will take you through exploiting Brainpan step by step. Setting up the Virtual Machine: Download the ZIP file “brainpan.zip”. Extract the file in…

Let’s understand how Open redirect vulnerability can be found, attacked and re-mediated. ‘Open redirect’ is an OWASP Top 10 2013 vulnerability which can occur when a website sends a visitor to another page either immediately or after a specified amount of time. Ya… The bookish definition,with which we always start…