Selcouth Cyber Security Services Private Limited


19 Results / Page 1 of 2


Active Directory + Red Teaming acc3ssp0int / May 28, 2021

Kerberos Part 1: How it Works

Today we start with a new series of blog posts, namely, active directory components. In this three part series on Kerberos, we’ll be talking about it’s three heads: Part 1: What Kerberos is and how it works? Part 2: The notorious techniques of kerberoasting and ticketing attacks (golden and silver ...

AppSec + InfoSec + Web Attacks acc3ssp0int / February 15, 2021

OAuth 2.0 – Part Three

Hello everyone, in this final installation of the OAuth blog series, we’ll be covering two vulnerabilities in the OAuth implementation. If you haven’t checked out the previous parts you can check out part one here and part two here. Before we get started, a big thanks to PortSwigger and their ...

InfoSec + Security Architecture acc3ssp0int / February 9, 2021

Zero-Trust 101

Zero-Trust is an up and coming security concept which says a simple thing: “Continuously validate all users, against set security configurations, before they are being granted permissions or are allowed to keep their existing access to resources & information”. This architecture assumes there is no implicit trust granted to assets ...

AppSec + InfoSec + Web Attacks acc3ssp0int / February 2, 2021

OAuth 2.0 – Part two

Continuing our previous post, where we discussed the basics of how OAuth 2.0 authentication worked, some known issues which arise due to either lack of understanding of the framework itself, or poor configuration of the same. In this blog, we’ll talk a little bit in detail of the vulnerabilities we ...

Audit + Compliance + InfoSec Skrutin1 / January 27, 2021

Configuration Audit – Part one

Apart from general penetration tests, timely vulnerability management and hardened network access controls, one other method to protect your devices as well as getting them compliant to industry standards is configuration audit. In this blog post we will cover what exactly is a configuration audit, why it is important, the ...

AppSec + InfoSec + Web Attacks acc3ssp0int / January 22, 2021

OAuth 2.0 – Part one

At least once till date, you must’ve come across  sites that let you log in using your social media account [Facebook, LinkedIn, Google & various such platforms] The chances are that this feature is built using the well known OAuth 2.0 framework. This framework is liked by Pentesters because it ...