Open in app
Home
Notifications
Lists
Stories

Write
Divyanshu Shukla
Divyanshu Shukla

Home

Published in InfoSec Write-ups

·4 days ago

Module-2 | Introduction -Pentesting & Bypassing AWS/Azure/GCP Cloud WAF Fun & Profit

Q. What is Core Rule Set & why it is utilized by all the cloud WAFs? A. We will try to understand more about the core rule set along with its working and will try to implement the mod security on the apache server and learn why it is utilized by…

AWS

7 min read

Module-2 | Introduction -Pentesting & Bypassing AWS/Azure/GCP Cloud WAF Fun & Profit
Module-2 | Introduction -Pentesting & Bypassing AWS/Azure/GCP Cloud WAF Fun & Profit

Published in InfoSec Write-ups

·4 days ago

Module-1 | Introduction -Pentesting & Bypassing AWS/Azure/GCP Cloud WAF Fun & Profit

Why you should not trust the cloud WAF? Introduction & Objective A web application firewall (WAF) or WAF appliance provides security by operating through an application or service thus blocking malicious calls, inputs, and outputs that do not meet the policy of a firewall. Today due to increasing cloud architecture, multiple cloud providers…

Waf

4 min read

Module-1 | Introduction -Pentesting & Bypassing AWS/Azure/GCP Cloud WAF Fun & Profit
Module-1 | Introduction -Pentesting & Bypassing AWS/Azure/GCP Cloud WAF Fun & Profit

Published in InfoSec Write-ups

·Apr 11

Hands on Tutorial of Amazon Simple Notification Service (SNS)

Amazon Simple Notification Service (Amazon SNS) is a fully managed messaging service for both application-to-application (A2A) and application-to-person (A2P) communication. How does Amazon SNS work? It is very easy to get started with Amazon SNS. Developers must first create a “topic” which is an “access point” — identifying a specific…

AWS

6 min read

Hands on Tutorial of Amazon Simple Notification Service (SNS)
Hands on Tutorial of Amazon Simple Notification Service (SNS)

Published in InfoSec Write-ups

·Sep 26, 2021

Quick Guide For Running Clair Scanner via Katacoda

This guide talks about setting up the Clair scanner and performs scans on vulnerable DVWA container. Also now it is possible to perform a hands-on demo on katacoda. You can run the demo on Katacoda. For running the demo visit https://www.katacoda.com/justmorpheus Setting up Clair server or using locally. CoreOs Clair https://github.com/coreos/clair Clair-scanner https://github.com/arminc/clair-scanner

Katacoda

3 min read

Quick Guide For Running Clair Scanner via Katacoda
Quick Guide For Running Clair Scanner via Katacoda

Published in InfoSec Write-ups

·Aug 14, 2021

Burp Automation | Automating Burp Scanning Via Rest API & Robot Framework Using Python3

Manual security scanning is very time consuming and we can leverage headless Burp Suite to perform the scanning and get the results uploaded in the Google Drive directly via Pydrive Module in Python. This automation uses Burp Suite Pro along with Robot Framework and REST API using Python3. …

Pentesting

7 min read

Burp Automation | Automating Burp Scanning Via Rest API & Robot Framework Using Python3
Burp Automation | Automating Burp Scanning Via Rest API & Robot Framework Using Python3

Published in InfoSec Write-ups

·Aug 3, 2021

GCP Inspector | Auditing Publicly Exposed GCP Bucket

Installation of GCP Inspector and basics about enumerating publicly exposed GCP buckets. While playing Thunder CTF I created a simple python tool that can audit publicly accessible GCP storage buckets. Thunder CTF allows players to practice attacking vulnerable cloud projects on the Google Cloud Platform (GCP) environment. …

Gcp

3 min read

GCP Inspector | Auditing Publicly Exposed GCP Bucket
GCP Inspector | Auditing Publicly Exposed GCP Bucket

Published in InfoSec Write-ups

·Jul 19, 2021

Pentesting iOS| Starting With iOS Emulator Corellium & Re-signing IPA

Corellium provided virtual iOS-based devices for individual accounts on our groundbreaking security research platform, CORSEC. Corellium’s iOS devices may be jailbroken or non-jailbroken and can be used for security research. Corellium is a premium iOS emulator on which one can run and test iOS applications. Although there is no support…

Pentesting

4 min read

Pentesting iOS| Starting With iOS Emulator Corellium & Re-signing IPA
Pentesting iOS| Starting With iOS Emulator Corellium & Re-signing IPA

Published in InfoSec Write-ups

·Jun 16, 2021

How To Setup Advance Nessus Network Scan?

This is an unofficial Nessus blog which deals with advance scans for better results and compliance. There will be section for authentication in the Nessus as well. Here, we will create a more in-depth scan, where we will try to perform an advance Nessus Scan. This will provide us with…

Bug Bounty

6 min read

How To Setup Advance Nessus Network Scan?
How To Setup Advance Nessus Network Scan?

Published in InfoSec Write-ups

·Jun 3, 2021

Automating Burp Suite -3 | Creating Macro To Replace CSRF Token From Response Body To Request With Session Validation

This is 3rd part of Automating Burp Suite, where we will try to replace the CSRF token generated from the response body to request the body user_token parameter in DVWA. Check out the next part where we have automated custom header replacement via burp suite extension. This part is pretty…

Bug Bounty

6 min read

Automating Burp Suite -3 | Creating Macro To Replace CSRF Token From Response Body To Request With…
Automating Burp Suite -3 | Creating Macro To Replace CSRF Token From Response Body To Request With…

Published in InfoSec Write-ups

·May 31, 2021

Automating Burp Suite -4 | Understanding And Customising Custom Header From Response Via Burp Macro — Writing Own Burp Extension

This is the 4th tutorial where I have developed a Burp Extension using jython and implemented addition on custom header in the request headers derived from response body/response header using Burp Suite Macro. This custom header extension can be directly invoked and it can be used for automating CSRF tokens…

Bug Bounty

9 min read

Automating Burp Suite -4 | Understanding And Customising Custom Header From Response Via Burp Macro…
Automating Burp Suite -4 | Understanding And Customising Custom Header From Response Via Burp Macro…
Divyanshu Shukla

Divyanshu Shukla

Meh

Following
  • Anangsha Alammyan

    Anangsha Alammyan

  • Gupta Bless

    Gupta Bless

  • Uber Privacy & Security

    Uber Privacy & Security

  • Bank Security

    Bank Security

  • Anunay Bhatt

    Anunay Bhatt

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Knowable