What a month it has been. Concluding this awesomeness, we have the three winners of the contest we organised in collaboration with PentesterLab.
Aaaaaaand the winners are (drumroll):
The winners will receive 1-month PentesterLab Pro Lab Coupons, using which they can access all the pro labs and learn everything from basic bugs to advanced vulnerabilities. …
Some months ago, I read an interesting article on Techcrunch titled “A billion medical images are exposed online” about medical imaging storage servers that are not configured securely and are exposed online. This caught my attention, and I wanted to dig deeper, especially in the Indian context.
For you to understand the content better, I wrote this blog in a question-answer format.
Before going into the details, I am discussing some important concepts that are critical to this article.
DICOM stands for Digital Imaging and Communications in Medicine and is a very old file format which is used for storing and sharing medical images. A series of images are stored in a single DICOM file which makes sharing data with other medical professionals easier. …
Since the past 4–5 years there has been a dramatic rise in the data breaches that are occurring worldwide.
One would have been familiar with this if they subscribed to a service like https://haveibeenpwned.com/. If you are an active soul on the internet every once in a while, you would get a mail from this service alerting you that your email ID and other personal details were leaked in some data breach.
You might not have noticed, but that recent Infosec-related article you read on Medium was published on this publication. Yeah, that’s how big we as a community grew, and here we are today to give you some updates about the milestones we have achieved.
InfoSec Write-ups was started as an endeavor to encourage hackers to share their stories to help others who are starting out in the field. Over time, we have evolved into a 7000+ strong community of security researchers from all over the world, with over 200 writers sharing their experiences and helping us learn so many new things. …
CTFs- Capture the Flags are a great way to challenge yourself. It had been more than a year since I actively participated in them. This time around, I convinced my friend Midhul Varma to join me for the Nullcon CTF. He and I make a great team and we used to participate in CTFs together earlier.
Right after the CTF started, we took a look at the web and pwn challenges and understood that there are no easy(nomral) stuff. If you are a newbie, then you might not know that CTFs are something in which regular experience matters a lot. …
First of all if you are reading this, it means you are one of the curious few who wanted to try Arch Linux. Kudos for that. I am assuming you already know about Arch Linux so I am not going into the nittie-gritties of it.
I am here to make sure that you do not face any glitches in your Arch Linux installation process. In case you face any issues, I’ll let you know the smoothest way to resolve them.
It is very important that you follow the below steps strictly.
This post is going to be about how I got started in hacking (thanks to Microsoft) and with time, how I was able to help them back by reporting some security vulnerabilities in their web applications.
The story started in my second year. I was a complete newbie — looking up tutorials on YouTube and calling myself a hacker. Hell, I couldn’t even dual boot a PC properly. Back in school, I wasn’t very good with computers. Maybe it was because of the curriculum or the intensive JEE coaching, but I never really had any motivation to explore programming. Things changed when I joined IIT and got my own laptop. …
This post is going to be about the BSNL hack which was just recently widely covered in the news. It tries to portray the entire story instead of the bits and pieces reported by the Media.
On 20th February 2016, when I was in my 3rd year of engineering at IIT Guwahati, I was preparing for a hacking competition when a friend and I came across a vulnerability in the BSNL intranet website. …
Welcome to Infosec Writeups. This publication has been created with the intention of being your go-to place to find a collection of awesome write-ups from best hackers in topics ranging from bug bounties and CTFs to vulnhub machines, hardware challenges and real life encounters which are published on Medium. It aims to help people in the InfoSec community to share and discuss new ideas and methodologies and learn from each other.
Many readers are unaware of this but you can clap 50 times on any post. So, if you like something don’t think twice, leave some more claps.
Before you proceed with the article, here is our submission guidelines (with a few quick formatting tips) in video format (featuring our editor Anangsha…
This story is going to be about how just about anyone can access the API that Aadhaar provides to third party services.
In order for you to understand the content better, I will write this blog in a question-answer format. You can skip the questions you are already aware of.
Aadhaar is the world’s largest biometric ID system, with over 1.19 billion enrolled members as of 30 Nov 2017. As of this date, over 99% of Indians aged 18 and above had been enrolled in Aadhaar.
UIDAI (Unique Identification Authority of India) provides different APIs (application programming interface) which can be used to perform various actions like authentication (demographic and biometric), e-KYC (know your customer), e-sign etc. …