TryHackMe - Basic Malware RE Walkthrough

Getting started with malware analysis could be very confusing and equally dangerous. In the previousblog , we did some fundamental research on a malicious pdf file. This time we will proceed a bit and learn some more stuff about malware analysis. Now examining malicious software requires two most crucial steps: Static Analysis Dynamic Analysis Note: We do have memory analysis, too, but we will go about it later on.

October 28, 2021 Read
Malware Analysis- Getting Started

Attacking a big enterprise takes a huge time and planning, and hackers do it so efficiently that it sometimes becomes difficult for the enterprises to cope up with it. Most of the famous attacks that a group of hackers target are malware-based, whose intent is a specific enterprise or group of users to destroy or leak their data. I have mentioned and discussed various security jargon in my previous blogposts ,from where you can understand what kind of security aspects an organization should be taking care of and why they are important.

September 27, 2021 Read
SupplyChain Attacks

Organizations are constantly under target of cyber attacks and data breaches. New attacks keep coming. Sometimes the older attacks end up working and other times, these older attacks get some modification to perform a zero-day to compromise an organization. In today’s post, we will learn about a very interesting attack - the SupplyChain attack. You can check my previous blog posts here where I discussed some good security jargons and attacks that a security professional should be aware of.

June 13, 2021 Read
Magecart Attack

The news about a cyber attack in a big enterprise is not new. We keep on hearing about such attacks as to how millions of data are being stolen or leaked and can be found on the Dark Web. We are already aware of this scenario. As I always mention in my articles, nothing is 100% secure, so, as security professionals, it is important for us to take all the necessary precautions and be aware of the recent technologies and their respective attacks.

June 1, 2021 Read
Lets Learn About SOAR

After learning about the kinds of threats and what could be done by an organization in the previous blog posts, we are getting into more details about the same. In this post, we will learn about SOAR which is yet another corporate jargon, that should never be missed by a security professional. Let’s break it down and understand the meaning one by one. SOAR is one solution to improve the effectiveness of cyber-security operations.

February 25, 2021 Read
Network Access Control

In my previous blog posts , we learned about how nothing is 100% secure and how threats are finding new ways to compromise an organization. We also learned about the steps that the organization should take, to keep themselves all prepared for any kind of cyber-attack. Thus, in continuation to my previous articles, here, we will talk about who should be having access to a corporate network. And hence, the term “Network Access Control (NAC)” comes into the picture.

January 26, 2021 Read
Threat Intelligence

In our day to day lives, we keep hearing news about the data breach, accounts getting compromised, keeping our passwords stronger, and so on, what do all these remind us of??? Again, the same old thing, nothing is 100% secure. In the previous blog, I wrote about APT and inferred how such threats are compromising the organizations to a whole new level, and this is the reason why we are talking about threat intelligence.

December 27, 2020 Read
Advanced Persistent Threats

Working in a security domain for over 2 years, one thing that I keep realizing each day is nothing is 100% secure and we can never deny this fact. The more we strive for the security of an organization’s perimeter or boundary, the less we think about the internal network scenario of the same. Sometimes, some attacks, especially the zero-days, have already penetrated through the organization’s network and are sitting in the internal network, extracting the sensitive information of the organization one by one, and we are still unaware of it.

December 13, 2020 Read
A Short Comparison Between Solidity and Vyper

Smart contracts are made with the concept of bringing more applications of blockchain and not just sticking to being used for cryptocurrencies. They are just simple pieces of code adding logic to a problem to find the solution. Solidity is the very first programming language that is created for writing smart contracts for the Ethereum blockchain platform. And so is Vyper but vyper is not the first programming language but has been built recently.

November 15, 2020 Read
Zero Trust Security Model

Every day we come across a new kind of vulnerability or a zero-day attack on an application. It is quite known that nothing is 100% secure. We do observe different kinds of data breaches or accounts getting compromised. And this is something unacceptable. Every organization implements a new policy based on the recent hacks or threats, that they may or may not have suffered from. And of course, there has to be a long term solution to it.

November 2, 2020 Read
Introduction to Finite Groups

Hello Folks, This is my first post on a topic which is of my area of interest, “CRYPTOGRAPHY”. Being from a mathematics background, it always helped me in understanding the basic concepts used behind the widely used algorithms. So, here I will be sharing some knowledge about cryptography basics and the actual mathematics behind it. Don’t worry, I will not go harsh on you 😉 The goal of my post is to give a basic insight of Finite Group upon which the entire cryptography is based.

July 23, 2020 Read
SpidersecNinja XSS Challenges Walkthrough

Introduction: XSS challenges have always been tricky kinds of challenges, especially the ones where your normal payload would never work and you have to go through different kinds of tags, attributes, and event handlers to craft your XSS payload. DOM-based XSS challenges are no different, the only difference is, you need to analyze a bit more to understand the kind of payload to be crafted to execute it.

July 23, 2020 Read