{"version":1,"pages":[{"id":"-M5Au2adzE7PpgIMdxb0","title":"About Me","pathname":"/","siteSpaceId":"sitesp_hZML0","description":""},{"id":"9lTLHy8LZ14ohdcedLNe","title":"Defensive Tools","pathname":"/tools/defensive-tools","siteSpaceId":"sitesp_hZML0","breadcrumbs":[{"label":"Tools"}]},{"id":"qi1sGNuY9MA6OlDycphK","title":"H0neyTr4p","pathname":"/tools/defensive-tools/h0neytr4p","siteSpaceId":"sitesp_hZML0","breadcrumbs":[{"label":"Tools"},{"label":"Defensive Tools"}]},{"id":"KUUbojOFDeHTpRN4vi9i","title":"Offensive Tools","pathname":"/tools/offensive-tools","siteSpaceId":"sitesp_hZML0","breadcrumbs":[{"label":"Tools"}]},{"id":"-M5bU1keIdMUqpvDMTle","title":"Ransomware Simulator - PyRan","pathname":"/tools/offensive-tools/pyran","siteSpaceId":"sitesp_hZML0","description":"A simple ransomware simulator.","breadcrumbs":[{"label":"Tools"},{"label":"Offensive Tools"}]},{"id":"G1Hv55d8L5mjXRVeNYvE","title":"AI Security Research","pathname":"/security-research/ai-security-research","siteSpaceId":"sitesp_hZML0","breadcrumbs":[{"label":"Security Research"}]},{"id":"TzfJ7Tqelwh51uyjJ4JP","title":"Attacking using (and defending against) Input manipulation attacks against AI","pathname":"/security-research/ai-security-research/attacking-using-and-defending-against-input-manipulation-attacks-against-ai","siteSpaceId":"sitesp_hZML0","description":"This blog post is a first, in a series of articles that share my learning in the areas of Attacking and Defending AI.","breadcrumbs":[{"label":"Security Research"},{"label":"AI Security Research"}]},{"id":"s2piammJyfj6u8sxkhR4","title":"(Ab)using AI to attack M365 and other services to conduct plethora of attacks","pathname":"/security-research/ai-security-research/ab-using-ai-to-attack-m365-and-other-services-to-conduct-plethora-of-attacks","siteSpaceId":"sitesp_hZML0","description":"It's no secret that AI is being leveraged for attacks but multiple nation state actors. In this post, I'll take you through few tactics of abusing AI for attacking services and how to detect them.","breadcrumbs":[{"label":"Security Research"},{"label":"AI Security Research"}]},{"id":"phTx9wsJx521Ef62eakb","title":"Cloud Security Research","pathname":"/security-research/cloud-security-research","siteSpaceId":"sitesp_hZML0","breadcrumbs":[{"label":"Security Research"}]},{"id":"WHnJ4Xc3q7E0OJCmqepR","title":"Azure Storage Account Security - Attack & Defend: Part 1","pathname":"/security-research/cloud-security-research/azure-storage-account-security-attack-and-defend-part-1","siteSpaceId":"sitesp_hZML0","description":"Azure Storage Account is a premium storage offering from Microsoft that's used by several large firms. This blog outlines various ways to attack and defend the same.","breadcrumbs":[{"label":"Security Research"},{"label":"Cloud Security Research"}]},{"id":"tyMvU0xZ2DNgCccHketS","title":"Attack and Defend Azure Serial Console - Part 1","pathname":"/security-research/cloud-security-research/attack-and-defend-azure-serial-console-part-1","siteSpaceId":"sitesp_hZML0","description":"","breadcrumbs":[{"label":"Security Research"},{"label":"Cloud Security Research"}]},{"id":"ZqNpW2vNy4e9AxmpZnV4","title":"Azure Serial Console Attack and Defense - Part 2","pathname":"/security-research/cloud-security-research/azure-serial-console-attack-and-defense-part-2","siteSpaceId":"sitesp_hZML0","description":"","breadcrumbs":[{"label":"Security Research"},{"label":"Cloud Security Research"}]},{"id":"1OQA7hlfxE5mPX2QjN0I","title":"Adversarial Tradecraft Research & Detection","pathname":"/security-research/adversarial-tradecraft-research-and-detection","siteSpaceId":"sitesp_hZML0","description":"This section contains few research articles related to novel and/or seen in the wild adversarial tactics and techniques along with some techniques to detect the activity.","breadcrumbs":[{"label":"Security Research"}]},{"id":"IAJOu8X1D5Fc3YLYOi1X","title":"RDP Exfil - The technique that works almost every time","pathname":"/security-research/adversarial-tradecraft-research-and-detection/rdp-exfil-the-technique-that-works-almost-every-time","siteSpaceId":"sitesp_hZML0","description":"Exfiltration of data is often, arguably the most important stage in any Red Team engagement. But did you ever realize that one of the most known and exploited infil technique can be abused?","breadcrumbs":[{"label":"Security Research"},{"label":"Adversarial Tradecraft Research & Detection"}]},{"id":"OAb2YUNzdzb51sYoRGUg","title":"Smishing Traid targets India with large scale \"India Post\" themed iMessage phish texts","pathname":"/security-research/adversarial-tradecraft-research-and-detection/smishing-traid-targets-india-with-large-scale-india-post-themed-imessage-phish-texts","siteSpaceId":"sitesp_hZML0","breadcrumbs":[{"label":"Security Research"},{"label":"Adversarial Tradecraft Research & Detection"}]},{"id":"CgyPrZ0PFA5FVGz5A9uh","title":"Quick Assist: Friend or Foe? How adversaries can exploit this tool and how can you defend?","pathname":"/security-research/adversarial-tradecraft-research-and-detection/quick-assist-friend-or-foe-how-adversaries-can-exploit-this-tool-and-how-can-you-defend","siteSpaceId":"sitesp_hZML0","description":"The blog post will cover few security risks with it and how you can detect malicious activity in your environment.","breadcrumbs":[{"label":"Security Research"},{"label":"Adversarial Tradecraft Research & Detection"}]},{"id":"AywbP8cKKwfsqXE7yDdv","title":"EDR Silencer - Embracing the Silence","pathname":"/security-research/adversarial-tradecraft-research-and-detection/edr-silencer-embracing-the-silence","siteSpaceId":"sitesp_hZML0","description":"The blog post presents a take on EDR Silencer, a hack tool that was open sourced. It also throws light on how it works and how to detect.","breadcrumbs":[{"label":"Security Research"},{"label":"Adversarial Tradecraft Research & Detection"}]},{"id":"qcpWHvFAfM72spPgEPzm","title":"Dissecting & Detecting Lsass Shtinkering","pathname":"/security-research/adversarial-tradecraft-research-and-detection/dissecting-and-detecting-lsass-shtinkering","siteSpaceId":"sitesp_hZML0","description":"","breadcrumbs":[{"label":"Security Research"},{"label":"Adversarial Tradecraft Research & Detection"}]},{"id":"ssihO4RyYOdzfs27IfaM","title":"Detecting malicious OOB: Part -1:  Hunting for OOB server - Interact.sh","pathname":"/security-research/adversarial-tradecraft-research-and-detection/detecting-malicious-oob-part-1-hunting-for-oob-server-interact.sh","siteSpaceId":"sitesp_hZML0","description":"","breadcrumbs":[{"label":"Security Research"},{"label":"Adversarial Tradecraft Research & Detection"}]},{"id":"u790tYvgnzhkWzTRcj5d","title":"Abusing Windows VPN for EXFIL","pathname":"/security-research/adversarial-tradecraft-research-and-detection/abusing-windows-vpn-for-exfil","siteSpaceId":"sitesp_hZML0","description":"","breadcrumbs":[{"label":"Security Research"},{"label":"Adversarial Tradecraft Research & Detection"}]},{"id":"XtvtL7o4JdTV1Ylh0XwI","title":"Analyzing Nobelium's HTML Dropper - EnvyScout","pathname":"/security-research/adversarial-tradecraft-research-and-detection/analyzing-nobeliums-html-dropper-envyscout","siteSpaceId":"sitesp_hZML0","description":"TL;DR; In a recent incident, Nobelium (APT-29) used a HTML dropper to download a file and store it on the disk;","breadcrumbs":[{"label":"Security Research"},{"label":"Adversarial Tradecraft Research & Detection"}]},{"id":"GdOn4sZtOFncZcjYvkOf","title":"Web & Mobile App Sec","pathname":"/security-research/web-and-mobile-app-sec","siteSpaceId":"sitesp_hZML0","breadcrumbs":[{"label":"Security Research"}]},{"id":"1Bv6GgDNSnF5cnnEGgVZ","title":"[CVE-2015-2300] ENL-Newsletter CSRF Full Disclosure","pathname":"/security-research/web-and-mobile-app-sec/cve-2015-2300-enl-newsletter-csrf-full-disclosure","siteSpaceId":"sitesp_hZML0","breadcrumbs":[{"label":"Security Research"},{"label":"Web & Mobile App Sec"}]},{"id":"3FL7XfFs37ImSHk4vRG8","title":"Yandex Mobile App vulnerable to Insecure Data storage","pathname":"/security-research/web-and-mobile-app-sec/yandex-mobile-app-vulnerable-to-insecure-data-storage","siteSpaceId":"sitesp_hZML0","breadcrumbs":[{"label":"Security Research"},{"label":"Web & Mobile App Sec"}]},{"id":"ypSCCSmKxcCJuq49qNUo","title":"Bug on paypal worth 1000$","pathname":"/security-research/web-and-mobile-app-sec/bug-on-paypal-worth-1000usd","siteSpaceId":"sitesp_hZML0","breadcrumbs":[{"label":"Security Research"},{"label":"Web & Mobile App Sec"}]},{"id":"mtC9G98tLJjns75aT2Fp","title":"Session fixation bug on coinbase.","pathname":"/security-research/web-and-mobile-app-sec/session-fixation-bug-on-coinbase.","siteSpaceId":"sitesp_hZML0","breadcrumbs":[{"label":"Security Research"},{"label":"Web & Mobile App Sec"}]},{"id":"w9bBF9ppVciCvudcBwtW","title":"CyanogenMod (In)Secure Folder Lock !","pathname":"/security-research/web-and-mobile-app-sec/cyanogenmod-in-secure-folder-lock","siteSpaceId":"sitesp_hZML0","breadcrumbs":[{"label":"Security Research"},{"label":"Web & Mobile App Sec"}]},{"id":"-M5bUEuPMbVQSodRYm4L","title":"Review of CRTP - Pentester Academy","pathname":"/security-talk/crtp-review","siteSpaceId":"sitesp_hZML0","description":"CRTP stands for Certified Red Team Professional. It's a certification-course offered by Pentester academy.","breadcrumbs":[{"label":"Security Talk"}]},{"id":"-MBJK-wKE2ZGA4gWjjys","title":"Review of Hacking and Securing Kubernetes","pathname":"/security-talk/review-of-hacking-and-securing-kubernetes","siteSpaceId":"sitesp_hZML0","description":"A tale of learning to hack and secure the world of containers. Course Link: https://theoffensivelabs.com/p/hacking-and-securing-kubernetes-clusters","breadcrumbs":[{"label":"Security Talk"}]}]}