# Security Research - [AI Security Research](/security-research/ai-security-research.md) - [Attacking using (and defending against) Input manipulation attacks against AI](/security-research/ai-security-research/attacking-using-and-defending-against-input-manipulation-attacks-against-ai.md): This blog post is a first, in a series of articles that share my learning in the areas of Attacking and Defending AI. - [(Ab)using AI to attack M365 and other services to conduct plethora of attacks](/security-research/ai-security-research/ab-using-ai-to-attack-m365-and-other-services-to-conduct-plethora-of-attacks.md): It's no secret that AI is being leveraged for attacks but multiple nation state actors. In this post, I'll take you through few tactics of abusing AI for attacking services and how to detect them. - [Cloud Security Research](/security-research/cloud-security-research.md) - [Azure Storage Account Security - Attack & Defend: Part 1](/security-research/cloud-security-research/azure-storage-account-security-attack-and-defend-part-1.md): Azure Storage Account is a premium storage offering from Microsoft that's used by several large firms. This blog outlines various ways to attack and defend the same. - [Attack and Defend Azure Serial Console - Part 1](/security-research/cloud-security-research/attack-and-defend-azure-serial-console-part-1.md) - [Azure Serial Console Attack and Defense - Part 2](/security-research/cloud-security-research/azure-serial-console-attack-and-defense-part-2.md) - [Adversarial Tradecraft Research & Detection](/security-research/adversarial-tradecraft-research-and-detection.md): This section contains few research articles related to novel and/or seen in the wild adversarial tactics and techniques along with some techniques to detect the activity. - [RDP Exfil - The technique that works almost every time](/security-research/adversarial-tradecraft-research-and-detection/rdp-exfil-the-technique-that-works-almost-every-time.md): Exfiltration of data is often, arguably the most important stage in any Red Team engagement. But did you ever realize that one of the most known and exploited infil technique can be abused? - [Smishing Traid targets India with large scale "India Post" themed iMessage phish texts](/security-research/adversarial-tradecraft-research-and-detection/smishing-traid-targets-india-with-large-scale-india-post-themed-imessage-phish-texts.md) - [Quick Assist: Friend or Foe? How adversaries can exploit this tool and how can you defend?](/security-research/adversarial-tradecraft-research-and-detection/quick-assist-friend-or-foe-how-adversaries-can-exploit-this-tool-and-how-can-you-defend.md): The blog post will cover few security risks with it and how you can detect malicious activity in your environment. - [EDR Silencer - Embracing the Silence](/security-research/adversarial-tradecraft-research-and-detection/edr-silencer-embracing-the-silence.md): The blog post presents a take on EDR Silencer, a hack tool that was open sourced. It also throws light on how it works and how to detect. - [Dissecting & Detecting Lsass Shtinkering](/security-research/adversarial-tradecraft-research-and-detection/dissecting-and-detecting-lsass-shtinkering.md) - [Detecting malicious OOB: Part -1: Hunting for OOB server - Interact.sh](/security-research/adversarial-tradecraft-research-and-detection/detecting-malicious-oob-part-1-hunting-for-oob-server-interact.sh.md) - [Abusing Windows VPN for EXFIL](/security-research/adversarial-tradecraft-research-and-detection/abusing-windows-vpn-for-exfil.md) - [Analyzing Nobelium's HTML Dropper - EnvyScout](/security-research/adversarial-tradecraft-research-and-detection/analyzing-nobeliums-html-dropper-envyscout.md): TL;DR; In a recent incident, Nobelium (APT-29) used a HTML dropper to download a file and store it on the disk; - [Web & Mobile App Sec](/security-research/web-and-mobile-app-sec.md) - [\[CVE-2015-2300\] ENL-Newsletter CSRF Full Disclosure](/security-research/web-and-mobile-app-sec/cve-2015-2300-enl-newsletter-csrf-full-disclosure.md) - [Yandex Mobile App vulnerable to Insecure Data storage](/security-research/web-and-mobile-app-sec/yandex-mobile-app-vulnerable-to-insecure-data-storage.md) - [Bug on paypal worth 1000$](/security-research/web-and-mobile-app-sec/bug-on-paypal-worth-1000usd.md) - [Session fixation bug on coinbase.](/security-research/web-and-mobile-app-sec/session-fixation-bug-on-coinbase..md) - [CyanogenMod (In)Secure Folder Lock !](/security-research/web-and-mobile-app-sec/cyanogenmod-in-secure-folder-lock.md)