Linux Command Line References

Linux - Command Line Struggles

Configure Network Using ip Command in Ubuntu Server Temporary Method - $ ip a # to get the interface name after connecting LAN $ sudo ip a add 192.168.1.8/24 dev <network-interface-name> $ ip link set dev <network-interface-name> up $ sudo ip route add default via 192.168.1.1 Permanent Solution - Ref: https://netplan.io/examples/ $ vim /etc/netplan/00-installer-config.yaml # This is the network config written by 'subiquity' network: version: 2 ethernets: enx1027f579a565: dhcp4: false addresses: [192....

July 4, 2022 · 1 min · Kumar Ashwin
gRPC Concepts Blog Cover Image

gRPC: We are not RESTing Anymore

gRPC is a framework which is being used to build scalable and fast APIs. The framework from which it derives most of its positives is from the protocol it uses - HTTP/2. Apart from HTTP/2, it uses protocol buffer (protobuf) for the communication. gRPC can be useful in circumstances like - large-scale microservices connections real-time communication Low power & low bandwidth systems Multi-language environments Why Should We Care? Let’s talk Benefits The use of HTTP/2 over the TLS end-to-end encryption connection in gRPC ensures API security....

July 2, 2022 · 5 min · Kumar Ashwin
XSS vs CSRF Blog Cover Image

How is XSS different from CSRF?

An interesting discussion, led me to realize this is one of the commonly discussed topic and I thought a blog post for it might be helpful for someone. Cross-site request forgery and Cross-site scripting are both client side attacks which performs action on behalf of users. Just some context here - Cross-site scripting (or XSS) allows an attacker to execute arbitrary JavaScript within the browser of a victim user....

June 28, 2022 · 4 min · Kumar Ashwin

Anonymous Challenge Write-Up: WinjaCTF c0c0n 2021

WinjaCTF at c0c0n [2021]: I developed an easy challenge - called “Anonymous” - the challenge was based upon browser forensics. TL;DR Intended Way - Download the zip > Extract it > Navigate the Linux directory structure > To find a directory called .config > google-chrome > Default > Open the History File in SQL Browser > Search for URLs and upon up the URL to get a file with the name - formatted like flag....

November 15, 2021 · 1 min · Kumar Ashwin
personal collaborator image

This is why you need a personal Collaborator Client!

If you have used Burp’s collaborator client for your Out-of-band testing, you know it’s awesome. Then why there is a need for a personal collaborator client? There are a few things that need to be addressed. Companies have started to blacklist burp collaborator’s domain, making it difficult for OOB vulnerabilities detection. ( Read here ) Collaborator client is not available for the community/free edition of BurpSuite. This brings the need for having a personal collaborator client, with no to minimal investments, that will help us in the detection of any out-of-band/blind vulnerabilities, and I have linked an amazing cheatsheet below that will guide in OOB Exploitation....

June 22, 2021 · 3 min · Kumar Ashwin
Hello

How does burp proxy work?

What’s a proxy? A proxy acts as a gateway between you and the internet. The internet traffic flow back and forth if a proxy is setup in the middle. So, what is the need of proxy? There are several reasons organizations and individuals use proxies: Control and monitor internet usage Proxy servers can give better speed and bandwidth by caching websites Proxy servers can also be setup along with VPNs to provide anonymity and better security There are different types of proxies, but a specific type of proxy that we are going to talk about in this blog is interception proxy....

June 7, 2021 · 5 min · Kumar Ashwin
nullcon cover image

NULLCON 2021 Training: DEVSECOPS

You don’t need money to buy expensive things, sometimes hard work pays off. And yes nullcon trainings are still expensive for me xD and I am grateful that I got this chance to attend one. One year ago, I was going through the nullcon training schedule, and trying to understand the structure, and how much I can learn from it, because it was too expensive for me to get the actual training....

March 27, 2021 · 7 min · Kumar Ashwin
CEH Banner

Exam Experience: CEH v10

July 6th, 2020: It all started with this mail. I received a scholarship for CEH Practical (applied two times xD) and I had to pay $99 to take the exam. I guess it was worth it. Battling with college and other stuff, I used to think I am not ready yet and kept on postponing it until 6th of November, 2020. I finally took the exam and passed it easily, and now that I look back, I could have done it then as well, but yeah....

November 27, 2020 · 2 min · Kumar Ashwin