security

How I Hacked a Company Recruitment Test The Unexpected Tech Adventure of My College Life
29 Aug

How I Hacked a Company Recruitment Test The Unexpected Tech Adventure of My College Life

stp2y0 CommentsNews, , , , , , , , ,
Ah, college life! The thrill of final year comes with the excitement of job placements. We all know the drill: companies come to campus, conduct aptitude tests, coding challenges, and sometimes, we get to showcase our skills in a high-stakes interview. But what if I told you that one of those tests turned into an unexpected adventure involving a bit of hacking? Buckle up as I share how I turned a routine exam into an impromptu tech experiment—and how it all unfolded. The Recruitment Challenge In our final year, our college arranged several companies to visit for recruitment. Most of…
Read More
You Don’t Have to Be a Victim
27 Aug

You Don’t Have to Be a Victim

stp2y0 CommentsNews, , , , , , , , ,
I’d pray for you not to experience a major security incident because it can be a nightmare of lost data, compromised integrity, and shattered trust. In today’s digital landscape, where threats lurk in every corner of the cloud, securing your AWS resources is no longer just an option—it's a necessity. You don’t have to be a victim; instead, you can proactively secure your assets and sleep peacefully knowing your infrastructure is protected. Here's how you can own the safari and feel the sun without getting burned. Security Groups and Network Access Control Lists: The First Line of Defense In the…
Read More
Securing Microservices with Spring Security: Implementing JWT
23 Aug

Securing Microservices with Spring Security: Implementing JWT

stp2y0 CommentsNews, , , , , , , , ,
JSON WEB TOKEN (JWT) JWT (JSON Web Token) is a method for securely transmitting information between two parties (such as a client and a server) as a JSON object. It's designed to be compact and URL-safe, making it easy to pass around in URLs, headers. Header Payload Signature HeaderThe header typically consist two parts: the type of the token (JWT) and the signing algorithm being used, such as HMAC SHA256 or RSA. {"alg":"HS256","typ":"JWT"} PayloadThis is where the actual data is stored. It can include information like the user ID, roles, expiration time, and other claims (data about the user or…
Read More
Microsoft will host a security conference after the CrowdStrike shutdown
23 Aug

Microsoft will host a security conference after the CrowdStrike shutdown

stp2y0 CommentsNews, , , , , , , , , ,
it will host a special conference in September to discuss the lessons and security measures the industry can take away from the CrowdStrike . The Windows Endpoint Security Ecosystem Summit is scheduled for September 10 at Microsoft’s Redmond, WA headquarters.The event will feature representatives from Microsoft, CrowdStrike and other cyber and computer security companies. The participants will explore changes in industry practices and the use of applications that can prevent future computer shutdowns. anonymously says one of the talking points of the conference will address the use of applications that rely more on Windows’ user mode instead of kernel mode.…
Read More
A new AI support chatbot is available for hacked YouTube channels
21 Aug

A new AI support chatbot is available for hacked YouTube channels

stp2y0 CommentsNews, , , , , , ,
YouTube added a new AI assistant feature that allows users who have been hacked to recover their accounts and safeguard them from future invasions. An announcement for the new help feature appeared earlier today on Google’s support page for YouTube.The new “hacked channel assistant,” available on YouTube, will allow “eligible creators” a way to troubleshoot their accounts when they’ve been hacked. The feature can be accessed in the YouTube Help Center.The assistant will ask a series of questions to help affected users secure their Google login, undo anything the hacker may have done to their channel and secure their channel…
Read More
JWT at a Glance
19 Aug

JWT at a Glance

stp2y0 CommentsNews, , , , , , , , ,
Many of us heard about JWT and while JWT has become a buzzword in tech circles, it's frequently misunderstood or confused with OAuth 2.0 and OIDC, particularly among those who use it without fully grasping its intricacies. Mixing up JWT with OAuth 2.0 and OIDC is like tossing different fruits into a blender and calling it all "smoothie." It's especially messy when folks treat these tech tools like magic wands, waving them around without peeking under the hood. What is JWT? By itself is a small piece of data that contains information about someone or something. It's like a small…
Read More
Breaking a TOTP?
13 Aug

Breaking a TOTP?

stp2y0 CommentsNews, , , , , , ,
This post is written to raise awareness of the possible vulnerabilities of RFC 2638. Any code provided here is not intended to be used for malicious purposes and is merely a proof-of-concept and/or example to aid the understanding of the article. RFC 2638: What is it? In their words, This document describes an extension of the One-Time Password (OTP) algorithm, namely the HMAC-based One-Time Password (HOTP) algorithm, as defined in RFC 4226, to support the time-based moving factor. The HOTP algorithm specifies an event-based OTP algorithm, where the moving factor is an event counter. The present work bases the moving…
Read More
Implementing a Dynamic RBAC System for Enterprise Applications – Simplified
13 Aug

Implementing a Dynamic RBAC System for Enterprise Applications – Simplified

stp2y0 CommentsNews, , , , , , , ,
Introduction In today’s digital landscape, effective access management is critical for securing resources and data. A Role-Based Access Control (RBAC) system provides a structured approach to managing user permissions and roles. This blog outlines two variations of RBAC systems tailored to different application needs: Common Business Applications and Enterprise Business Applications. To illustrate the concepts, we’ll provide a demo code snippet for a service managing access control, as well as a detailed description of each table used in the RBAC system. RBAC System Components Common Business Applications For most common business applications, the RBAC system can be streamlined to manage…
Read More
Securing Your Azure Resources: A Guide to Using Read-Only and Delete Locks
10 Aug

Securing Your Azure Resources: A Guide to Using Read-Only and Delete Locks

stp2y0 CommentsNews, , , , , , , , ,
Imagine you've built a magnificent sandcastle at the beach. It's intricate, detailed, and the product of hours of work. Now, you want to protect it from any accidental kicks or eager hands that might destroy it. In the world of Azure, your resources are your sandcastles, and to protect them, Azure provides two powerful tools: Read-only locks and Delete locks. Meet the Guards: Read-only and Delete LocksIn Azure, locks act as vigilant guards, ensuring your resources stay safe from unwanted changes or deletions. Here’s how each lock type works: Read-only Lock: The Guardian of Integrity A read-only lock is like…
Read More
Microsoft’s AI Can Be Turned Into an Automated Phishing Machine
08 Aug

Microsoft’s AI Can Be Turned Into an Automated Phishing Machine

stp2y0 CommentsGenAI, , , , , ,
Among the other attacks created by Bargury is a demonstration of how a hacker—who, again, must already have hijacked an email account—can gain access to sensitive information, such as people’s salaries, without triggering Microsoft’s protections for sensitive files. When asking for the data, Bargury’s prompt demands the system does not provide references to the files data is taken from. “A bit of bullying does help,” Bargury says.In other instances, he shows how an attacker—who doesn’t have access to email accounts but poisons the AI’s database by sending it a malicious email—can manipulate answers about banking information to provide their own…
Read More
No widgets found. Go to Widget page and add the widget in Offcanvas Sidebar Widget Area.