Have you ever participated on a CTF challenge? Myself as a beginner to CTF challenges had no idea how to play one or create one. I had to lead a team to design and create a CTF box for our third year second semester project. Before starting on any implementation, I played a few war […]Read More Armada CTF
The behavior of an individual at an unexpected situation is one of easiest ways to manipulate them to gain information. This blog focuses on what kind of calls you get and how the victim gets tricked by fake identities claimed by the other end of the receiver. This is called as Pretexting; a method of […]Read More Do you trust the other end of the receiver?
Google hacking is a passive information gathering technique used to gather information from the available sites on the internet. There are tools and other short methods in order to collect information. Using Google advanced search we can get more specific search results. Using Google foot printing techniques we can also get less results that are […]Read More Performing a Google Hacking scenario.
The Metasploit framework is a sub-project of the project Metasploit. It is based on and developed using the language Ruby on the year 2009. What is Metasploit framework? This framework is used largely for both legitimate and unauthorized purposes. It can be used to find vulnerabilities in operating systems and exploiting them for uses like; […]Read More The metasploit framework
What is Social Login? Social login allows a third party application to access user information for it’s sign-up by it’s client from an existing social media application. The benefit of using this is that it simplifies the login and signup process. Social login ins trending among many social application software because it facilitates both Authentication […]Read More Using OAuth 2.0 for Social Login
As described in my previous blog Cross-Site Forgery can be prevented by using Synchronizer token pattern and Double Submit Cookies. This blog focuses on the protection of CSRF using Double Submit Cookies. This methodology is quite similar to the Synchronizer Token Pattern, except for that the generated CSRF token that was stored in the server side is […]Read More Cross-Site Forgery protection using Double Submit Cookies Pattern.
Cross-Site Forgery is an attack over the internet that forces or tricks the user to execute unwanted actions on a currently running web application where they have already authenticated in. Abbreviated as CSRF, these does not involve on data or theft because there must be a way on viewing the output of the attack. CSRF […]Read More Cross-Site Forgery Protection by Synchronizer Token Pattern.