Blog Setup using Gitlab Pages and Pelican

Posted on Mon 03 September 2018 in Development • Tagged with Gitlab pages, development, gitlab pages custom domain

Walkthrough of my current blog architecture.

Continue reading

JS Security Notes

Posted on Sat 12 May 2018 in JS Security, Notes

Refersher of JS Security - I learned overwhile. Contains basic information on how browser works along with javascript and implementation of security within the browser with respect to JS.

Continue reading

Vulnerable Application wrapper for AWS Lambda

Posted on Thu 21 December 2017 in Pentesting • Tagged with AWS, AWS Lambda Vulnerable Application, Pentesting AWS Lambda, AWS Lambda

AWS lambda is a serverless platform for deploying your applications.It makes use of the use and throw functionality, where it creates a sandbox and then destroys it once it is done.

Continue reading

Exploiting JMX deployments through DumpHeap for Remote Code Execution

Posted on Mon 31 July 2017 in Pentesting • Tagged with JMX, JMX Security, Pentesting JMX, JMX Dumpheap

I came across a common component the JAVA JMX console being enabled across different instances, some them would be Hadoop components, Apache Zookeeper, Cassandra.This made me look deeper into some of the functionality.

Continue reading

NoSQL Exploitaiton Framework - Automating Squeezing Information out of Redis Servers

Posted on Mon 10 August 2015 in NoSQL Security • Tagged with NoSQL, Redis, NoSQL Exploitation Framework

N.B : This is a series of blog posts i have planned to keep demoing out the features of the framework as well as some research i have done on NoSQL databases.

Introduction to Redis

Redis is NoSQL database, which stores everything in RAM as key/value pairs. By default …

Continue reading