Let me brief you about the recent happening from the cloud world and beyond!
Introduction
Gone are the days when we used to own servers or even rent them for our needs and then do scaling and other stuff manually. Now it’s all about cloud: AWS, GCP, Azure (and maybe even Oracle). It provides all the features that you might want, in a single place. Pay as you go and you get a lot of benefits: no headache of managing the infra and if things go wrong, cloud providers provide you the patches. If your workloads increase, you can get the…
Let’s briefly discuss about ChaosDB, which has been a recent highlight in the cloud world.
Introduction
Gone are the days when we used to own servers or even rent them for our needs and then do scaling and other stuff manually. Now it’s all about cloud: AWS, GCP, Azure (and maybe even Oracle). It provides all the features that you might want, in a single place. Pay as you go and you get a lot of benefits: no headache of managing the infra and if things go wrong, cloud providers provide you the patches. If your workloads increase, you can get the instances auto-scaled to serve the increased load. All seems perfect.
But what happens if…
How to develop an intuition for Mass Assignment and exploit it like a pro!
Introduction
API Security is quite different from Web App Security! And this difference is profound and led to the creation of OWASP Top 10 for API Security exclusively.
Why? Because we are seeing a shift towards API world due to the uniformity and the structure that it provides.
This approach of developing applications using APIs makes them interconnect with each other in ways we weren’t able to imagine in the pre-API world.
But as you can already imagine, what used to be internal is now exposed and this comes at a cost! …
In our lab walkthrough series, we go through selected lab exercises on our AttackDefense Platform. Premium labs require a subscription, but you can sign in for free to try our community labs and view the list of topics — no subscription or VPN required!
Performance monitoring and tracking tools can provide a wealth of information about a running system and its applications. The information can help in determining performance bottlenecks in an application and fine-tune its performance for a given architecture.
Okay, but as a security researcher, what value can I get out of these tools?
This information can also be useful for a security researcher as these tools reveal a lot of details about…
In our lab walkthrough series, we go through selected lab exercises on our AttackDefense Platform. Premium labs require a subscription, but you can sign in for free to try our community labs and view the list of topics — no subscription or VPN required!
Sysdig is a simple yet extensive tool for deep system visibility, with native support for containers.
Sysdig instruments your physical and virtual machines at the OS level by installing into the Linux kernel and capturing system calls and other OS events. Sysdig also makes it possible to create trace files for system activity, similarly to what…
In our lab walkthrough series, we go through selected lab exercises on our AttackDefense Platform. Premium labs require a subscription, but you can sign in for free to try our community labs and view the list of topics — no subscription or VPN required!
Host Intrusion Detection Systems can provide a wealth of information about a running system. They can help identify anomalies which could have been caused by a security incident and also monitor specified resources.
In this blog post, we would take a look at OSSEC HIDS logs and unearth suspicious activities.
Lab Scenario
In our lab walkthrough series, we go through selected lab exercises on our AttackDefense Platform. Premium labs require a subscription, but you can sign in for free to try our community labs and view the list of topics — no subscription or VPN required!
Host Intrusion Detection Systems can provide a wealth of information about a running system. They can help identify anomalies which could have been caused by a security incident and also monitor specified resources.
In this blog post, we would take a look at OSSEC HIDS logs and unearth suspicious activities.
Lab Scenario
In our lab walkthrough series, we go through selected lab exercises on our AttackDefense Platform. Premium labs require a subscription, but you can sign in for free to try our community labs and view the list of topics — no subscription or VPN required!
Host Intrusion Detection Systems can provide a wealth of information about a running system. They can help identify anomalies which could have been caused by a security incident and also monitor specified resources.
Introduction
The Samhain host-based intrusion detection system (HIDS) provides file integrity checking and log file monitoring/analysis, as well as rootkit detection, port monitoring, detection…
In our lab walkthrough series, we go through selected lab exercises on our AttackDefense Platform. Premium labs require a subscription, but you can sign in for free to try our community labs and view the list of topics — no subscription or VPN required!
Introduction
Linux Malware Detect (LMD) is a malware scanner for Linux released under the GNU GPLv2 license, that is designed around the threats faced in shared hosted environments.
It uses threat data from network edge intrusion detection systems to extract malware that is actively being used in attacks and generates signatures for detection. …
In our lab walkthrough series, we go through selected lab exercises on our AttackDefense Platform. Premium labs require a subscription, but you can sign in for free to try our community labs and view the list of topics — no subscription or VPN required!
Introduction
Linux Malware Detect (LMD) is a malware scanner for Linux released under the GNU GPLv2 license, that is designed around the threats faced in shared hosted environments.
It uses threat data from network edge intrusion detection systems to extract malware that is actively being used in attacks and generates signatures for detection. …
