This is a quick blog about an amazon scam going on WhatsApp. In search of data, I found the S3 bucket which is publicly available. Since these scammers use victims’ data for personal use, I will be using their data for personal research. Let’s begin the story of how it…

ECS (Elastic Container Service), an AWS managed service that provides container orchestration and makes it easy for us to deploy, manage, and scale containerized applications. In this blog, let’s discuss the ECS service of AWS in detail and run a sample java application on it. …

Log4j shell or Log4Shell or LogJam[CVE-2021–44228] is a zero day that allows hackers to execute remote code execution(RCE). It exploits JNDI Api that uses LDAP protocol. Some organization might be thinking that they have cloud WAF’s like AWS WAF & Azure WAF, etc which will by default protect against this. Let’s…

This blog will help you in installing an Anchore and scanning docker images. Here, I have used openjdk and debian docker images to perform the scan. For a demo, follow the link https://www.katacoda.com/infosecblo55om Installation of Anchore Anchore Engine is a Docker container static analysis tool that automates the inspection, analysis, and evaluation of…

So, this is my writeup on how I was able to achieve my first Remote Code Execution. Also after reviewing the code I was able to understand more about malicious code execution via OS functions. …

As we’re going through a pandemic majority of business have taken things online with options like work from home and as things get more and moreover the internet our concerns regarding cybersecurity become more and more prominent. We start to dig a little to have standards in place and terms…