privilege escalation Archives

Broken-Function-Level-Authorisation-KrishnaG-CEO

In-depth Exploration of OWASP API Security Top 10 (2023) – API5:2023 – Broken Function Level Authorisation for Software Developers

16 February 202516 February 2025 by Krishna

Broken Function Level Authorisation occurs when an attacker is able to access functions or data that they are not authorised to use. This happens due to inadequate enforcement of role-based access controls (RBAC) or a failure to properly segregate administrative and regular user functions. APIs often expose a variety of functions depending on the user’s role (e.g., regular user, administrator, manager, etc.). When these functions are not sufficiently protected or are poorly designed, attackers can bypass these restrictions to gain unauthorised access to sensitive information or perform malicious activities.

In-Depth Analysis of SANS Top 25 CWE-94: JSON Injection and Its Implications for Penetration Testers

29 January 202529 January 2025 by Krishna

**JSON Injection** is a form of **injection vulnerability** that occurs when an application improperly handles user input within a JSON object. JSON (JavaScript Object Notation) is widely used for data exchange between web clients and servers. When applications fail to validate or sanitize user input before incorporating it into a JSON object, attackers can inject malicious data, manipulating the application’s behaviour.

JSON Injection primarily targets the integrity of the data being exchanged, potentially altering application logic, bypassing authentication, or even leading to more severe attacks like remote code execution. It is particularly dangerous in systems that use JSON for configuration files, user inputs, or data transfer, which is the case in many modern web applications.

Multi-Stage Cyber Attacks: Understanding Their Sophistication and Building Robust Defences

20 January 2025 by Krishna

Cyber attacks have evolved into intricate operations, often executed in multiple stages to achieve maximum impact while evading detection. Multi-stage cyber attacks leverage complex execution chains to mislead victims, bypass traditional defences, and deliver devastating outcomes. For organisations and individuals alike, understanding the mechanics of these attacks is essential for crafting effective defence strategies.

Multi-stage cyber attacks are a formidable challenge, but with offensive security techniques, organisations can move from reactive to proactive defence. By adopting vulnerability assessments, penetration testing, cyber forensics, malware analysis, and reverse engineering, businesses can detect and neutralise threats before they escalate.

Insecure Design: A Critical Overview for Software Developers

13 January 2025 by Krishna

Insecure design refers to flaws or omissions at the design stage of application development that lead to vulnerabilities in the system. Unlike implementation bugs, which result from coding errors, insecure design represents a fundamental failure to consider and incorporate security principles during planning and architecture.

Securing-Virtualised-Environments-KrishnaG-CEO

Securing Virtualised Environments: Understanding and Mitigating Live Migration Attacks

7 December 20247 December 2024 by Krishna

Live migration attacks target the transmission of VM data, exploiting vulnerabilities in the migration protocols or hypervisor configurations. Attackers can gain unauthorised access to VMs, inject malicious code, or disrupt the VM’s operation by interfering with the live migration traffic. These attacks can result in severe operational disruption, data breaches, and the compromise of VM images that contain confidential data.