Skip to content

TechKranti

CyberSecurity Revolution

[Video] HTTP Request Smuggling Explained: Part 1

October 15, 2020 Amey Anekar Cyber Security Gyaan

In this video, I have tried my best to explain the Request Smuggling attack by first explaining how a server handles HTTP requests based on Content-Length and Transfer-Encoding Headers. I will soon follow up with

Continue reading

Delete IDOR on a Fashion eCommerce Website

August 26, 2020 Amey Anekar Bounty Hunting

This is a story of an IDOR I reported on an Asian fashion eCommerce website’s private program. Like most eCommerce websites, this website provided a feature to store addresses in the customer’s account …

Continue reading
Structure Of a Mongo Object ID

IDOR through MongoDB Object IDs Prediction

August 25, 2020 Amey Anekar Bounty Hunting

Historically, system developers have been assigning auto-incrementing integer identifiers to database rows. This made it trivial to exploit IDORs. Just one vulnerability could allow exfiltration of all objects belonging to any user in the application. Same goes for delete or edit IDORs.

Continue reading

Bash: Numeric For Loop

June 23, 2020 Amey Anekar Tips & Tricks

To loop through a numeric sequence on bash, use the following syntax

Continue reading

What is “Content-Type: application/x-protobuf”: Protobuf Explained For Hackers

April 1, 2020 Amey Anekar Cyber Security Gyaan

Have you ever come across this header:

Content-Type: application/x-protobuf

Read on to know what it means and what are possible attack scenarios.

Continue reading

How I Reported a DoS Vulnerability to AWS

March 11, 2020 Amey Anekar Bounty Hunting

BadBotHoneypotEndpoint is used by AWS customers who do not want bots, unauthorised spiders and scrapers to scan their site. It works by blacklisting IP addresses of such bots. I discovered a vulnerability with this endpoint that could allow an attacker to blacklist random IPs.

Continue reading

How I discovered an SSRF leading to AWS Metadata Leakage

February 10, 2020 Amey Anekar Bounty Hunting

This is the story of a juvenile SSRF bug who did know it had the potential to look at AWS secrets. 😮

Continue reading

WhatsApp Bug Causes App Crash & Permanent Loss of Group Chat Messages

January 5, 2020 Rutwik Gaikwad Cyber Security News & Updates

Check Point Software Technologies Ltd. (Check Point), a leading provider of cybersecurity solutions has found a bug that could let an attacker deliver a specially crafted group chat message that causes a crash of the WhatsApp application for all members of the group chat.

Continue reading
GPS Spoofing Featured Image

GPS Spoofing, now a reality

December 24, 2019 Amey Anekar Cyber Security News & Updates

Global Positioning System (GPS) is one technology which has never been looked at through a security lens by the wider audience. We have become dependent on the GPS for our day-to-day lives. However, it is no longer reliable.

Continue reading
CVSS Logo

What The Heck is CVSS – Part I

November 24, 2019 Amey Anekar Cyber Security Gyaan

Every security researcher, information security personnel or IT personnel should understand CVSS well because this scoring system not only helps you understand the intrinsic severity of the vulnerability but it also provides a way to modify the severity level specific to your environment.

Continue reading

Posts navigation

1 2 Next Posts»

About Me

Hey There, I am Amey Anekar - Web and Mobile Application Security Specialist, Bug Bounty Hunter and Author of TechKranti. I love to write and discuss all things Security. Feel free to DM me on Twitter if you would like to have a chat.  

Follow Us

  • Facebook
  • Twitter

Top Posts & Pages

  • What is "Content-Type: application/x-protobuf": Protobuf Explained For Hackers
  • How I discovered an SSRF leading to AWS Metadata Leakage
  • IDOR through MongoDB Object IDs Prediction

Categories

  • Bounty Hunting
  • Cyber Security Gyaan
  • Cyber Security News & Updates
  • Malware Reports & Analysis
  • Tips & Tricks

Search TechKranti

WordPress Theme: Mercia by ThemeZee.