Home

Introducing ChatGPT Code Analyzer: Elevating Code Security with AI As a developer deeply passionate about software security and quality, I’ve always sought ways to enhance code analysis techniques. This pursuit led me to create the “ChatGPT Code Analyzer,” a tool designed to seamlessly integrate with Visual Studio Code and leverage OpenAI’s Cha...

Title: Unraveling the Web of Dependency Confusion: Strategies for Mitigation In the intricate tapestry of modern software development, dependency management is a critical component. However, this interconnectedness also introduces a potent vector for cyberattacks, notably through a method known as dependency confusion. This attack exploits the ...

In the dynamic and often tumultuous realm of cybersecurity, the conventional wisdom and methodologies that once served as the backbone of our defense strategies are now being outpaced by the rapid advancements of technology and the ingenuity of cyber adversaries. Attack Surface Management (ASM) has emerged as a cornerstone of modern cybersecurit...

Here is a small tool to make your life a little more easier. https://github.com/MilindPurswani/takemeon Ofter while subdomain enumeration, there is a whole class of subdomains that gets totally ignored when an nxdomain is encountered. But what is nxdomain? NXDOMAIN stands for Non-existing Internet domains. This means that the domain simply doe...

Background TLDR; Race conditions are not that old. They are very widely available much more than you might think they are. While we do see that they have not made it in the OWASP Top 10, if there were an 11th Position, I think that place would be perfect to rate their severity. While most of the frameworks now a days have inbuilt capability t...

Background Bruteforcing is perhaps the most underated attack vector. But comeon, if you notice a website verifying your phone number over 4 digit numeric code, you will atleast try to bruteforce it to see if there is any rate-limiting enabled or not. Some of us may even try to bypass the rate-limiting but that’s not what I am going to talk abou...

Background This particular bug was a application specific bug that allowed an attacker to make user share a post on social media with some user interaction. This isin’t much fancy but this was the bug that helped me get over a burnout. Attack Vector The website allowed users to write articles and share them publically. Since, this was a priva...

This is blog post will lay the foundations to buffer-overflow. I recommend you read this blog first before going to the practical session which is followed in another post. Let’s get started with our 1st overflow. I will try to keep things as simple as possible. The first thing we need to do is disable Address Space Layout Randomisation (ASLR ...