Command-Injection-KrishnaG-CEO

2024 CWE Top 25 Most Dangerous Software Weaknesses: Improper Neutralisation of Special Elements used in a Command (‘Command Injection’) CWE-77

CWE-77 refers to the improper neutralisation of special elements used in a command. These special elements, when inadequately sanitised, allow attackers to inject malicious commands that the system interprets and executes. This vulnerability commonly appears in applications that dynamically construct system commands based on user inputs.

OoBR-KrishnaG-CEO

2024 CWE Top 25 Most Dangerous Software Weaknesses: Out-of-Bounds Read (CWE-125)

Out-of-Bounds Read occurs when a program reads data past the allocated boundary of a buffer. This behaviour typically arises from improper validation of input data or incorrect indexing in memory operations. By exploiting this weakness, attackers can gain unauthorised access to sensitive information, potentially leading to security violations.

ACR-Stealer-G-Docs-KrishnaG-CEO

ACRStealer Exposed: How Cybercriminals Are Exploiting Google Docs for Malware Attacks

What is ACRStealer?

ACRStealer is an **info stealer malware** designed to **extract sensitive information** from infected systems, including:

– **Antivirus identification** – determining which security solutions are present to evade detection.
– **Crypto wallet theft** – targeting stored cryptocurrency assets.
– **Login credentials theft** – stealing usernames and passwords for financial services, corporate accounts, and personal data.
– **Browser information extraction** – harvesting stored passwords, cookies, and browsing history.
– **File Transfer Protocol (FTP) credential theft** – compromising access to cloud and remote servers.
– **Text file harvesting** – reading and extracting information from text documents.

While information stealers are not new, **ACRStealer stands out** due to its **stealth tactics, sophisticated distribution, and abuse of legitimate cloud platforms**.

PHP-Web-Shells-KrishnaG-CEO

PHP Web Shells: A Comprehensive Analysis for Penetration Testers

A PHP web shell is a script, written in PHP, that allows attackers to execute commands on a compromised web server remotely. These scripts act as a backdoor, providing attackers with access to sensitive data, server resources, and the capability to escalate their attack.