Introduction If you’re just getting started in OT or industrial systems, you’ve probably heard people mention the Purdue Model -sometimes with a mix of mystery and reverence. Don’t worry if you haven’t seen it before; think of it as a map that explains how factories “talk to themselves.” It shows how sensors, controllers, and business systems all […]| Payatu
Azure AD/Entra ID Azure Active Directory (Azure AD) is Microsoft’s cloud-based identity and access management (IAM) service. It powers authentication and authorisation for Microsoft’s own cloud offerings, including Microsoft 365 and Azure Resource Manager. Azure AD is built on the OAuth 2.0 and OpenID Connect (OIDC). While the standard continues to evolve, Microsoft has expanded […] The post Microsoft’s Family of Client IDs (FOCI): Convenience vs. Compromise appeared first on Payatu.| Payatu
🎯Goal of This Blog Understand the foundational components that make up modern Industrial Control Systems (ICS)—from traditional devices like sensors, actuators, PLCs, RTUs HMIs, SCADA to Industry 4.0 elements like PLM and IIOT systems. We’ll explore their functions, how they interact, how they can be abused by attackers, and how to protect them effectively. 🧩 […] The post Industrial Control System Components: PLCs, HMIs, RTUs, SCADA, DCS, Sensors, Actuators & Beyond appeared f...| Payatu
Introduction Earlier this year, I discovered a critical security flaw in the Android Lock Screen that shocked even me when I first reproduced it. The vulnerability allowed lock screen bypass and unauthorised access to Google accounts, Gemini data, and even connected apps, all without requiring a PIN, password, or biometric input. In this post, I will […] The post Android Lock Screen Bypass Through Google Gemini appeared first on Payatu.| Payatu
Introduction: What is Credential Dumping? Credential dumping refers to the systematic extraction of usernames, passwords, and other sensitive information from operating systems by malicious actors. This technique poses a significant threat, particularly within Linux environments, where successful credential extraction can lead to unauthorised access to user accounts, services, and network resources. Understanding the mechanisms of […] The post Credential Dumping In Linux appeared first on P...| Payatu
Introduction AI is revolutionising healthcare. From diagnostics to patient interaction, Large Language Models (LLMs) are helping MedTech companies enhance outcomes and efficiency. But with this innovation comes a host of hidden risks, ones that can jeopardise patient safety, data privacy, and regulatory compliance. In this article, we explore how a security assessment of an AI-powered […] The post The Hidden Risks of AI in MedTech And How to Fix Them appeared first on Payatu.| Payatu
Introduction The rollout of WPA3 was hailed as the long-awaited fix for the well-known weaknesses of WPA2, a modern standard designed to secure wireless communications in an increasingly connected world. With stronger encryption, resistance to offline attacks, and forward secrecy, WPA3 promises a more robust defence against Wi-Fi intrusion. But here’s the catch: no protocol […]| Payatu
https://payatu.com/wp-content/uploads/2023/03/Payatu-BGC.mp4 If Excellence is your Preference, Choose ourResearch-PoweredCybersecurity Services! Our Top 1% Cybersecurity Professionals, assess your Security Posture with Maximum Scrutiny and leave no stone unturned to Deliver Superior Quality Results with Agility. Connect Now https://payatu.com/wp-content/uploads/2023/03/Payatu-BGC.mp4 If Excellence is your Preference, Choose ourResearch-PoweredCybersecurity Services! Our Top 1% Cybersecurity P...| Payatu
In this blog, we will help you writing your own burp extension in an effortless manner. We'll start by writing a hello world program and then move on to writing a burp extension| Payatu
Authorize Burpsuite plugin is an extension from the burp suite used to check the authorization issues while pentesting a domain/target| Payatu
JWT is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties.| Payatu
Our red team assessment service is tailored for your organization's security needs. Trust our techniques to achieve security goals.| Payatu
Prologue This post is particularly aimed at beginners who want to dive deep into red teaming and move a step ahead from traditional penetration testing. It would also be helpful for Blue Teams/Breach Response Team/SOC analysts to understand the motive/methodology and match the preparedness of a Redteam or real-life adversary. It’s a summary of my […]| Payatu
In red teaming assessment, we simulate the real-world attack scenarios in order to achieve their goals. Phishing is one of the attack scenarios for gaining initial access.| Payatu
Kerberoasting is one of the most common attacks against domain controllers. It is used to crack a Kerberos hash using brute force techniques.| Payatu
AMSI works on signature-based detection and AMSI Bypass Techniques are obfuscation and encryption. Find out more with this blog.| Payatu
Discover why IT fixes don’t always work in OT. Compare threats, protocols, and real-world incidents to understand the critical differences in industrial security needs.| Payatu
Learn the fundamentals of OT security, ICS, and CPS with real-world examples, risk insights, and beginner-friendly cybersecurity concepts explained clearly| Payatu
In 2024, 60% of cloud data breaches were caused by incorrect settings, which cost firms an average of $4.9 million per time (IBM Cost of a Data Breach Report, 2024. How can businesses make sure they have strong security and consumer trust as they move to the cloud? The key to keeping data safe in […]| Payatu
Introduction NoSQL databases have transformed how modern applications handle large volumes of data. From social platforms to e-commerce backends, tools like MongoDB and CouchDB offer the flexibility and speed developers crave. But with that freedom comes a quiet, often underestimated threat: NoSQL injection. NoSQL injection is similar to the better-known SQL injection, but instead of […]| Payatu
What IT & OT leaders must know about the NCIIPC Conformity Assessment Framework to safeguard India’s Critical Infrastructure. Prepare for CAF in 2025.| Payatu
The term ‘security posture’ is all about the current state of security and can be categorized productively as CSPM. Cloud security posture management (CSPM) identifies and remediates risk by automating visibility, uninterrupted monitoring, threat detection, and remediation workflows to search for misconfigurations across diverse cloud environments/infrastructure, including: • Infrastructure as a Service (IaaS): A computational […]| Payatu
Introduction As India’s power sector becomes increasingly dependent on digital technologies and faces a sharp rise in cyber threats, the Central Electricity Authority (CEA) has released the Draft CEA Cyber Security Regulations, 2024. It is a critical step in strengthening India’s critical power infrastructure. The draft is subject to consultation with various stakeholders, and the final rules […]| Payatu
Introduction Automation significantly enhances the efficiency and productivity of our work. It spares the human effort involved in doing a repetitive task manually. By writing a script, we can delegate our work to the computer’s processor, which is better suited to handle such repetitive tasks. There are already many extensions available online to automate different […]| Payatu
Defence is important for staying safe from cyber-attacks, but how do you make sure the defence is equipped enough to stop a full-fledged attack from a real threat actor? A Red Team’s action challenges an organisation’s security posture. The way the Red Team and Blue Team work to defend their organisation might be different, […]| Payatu
After understanding the Hermes bytecode and bypassing SSL certificate pinning, it’s now time for the final blog of the React Native Pentesting for Android Masterclass! React Native provides a set of built-in Core Components and APIs ready to use in the app. While we are not limited to these built-in packages, React Native has a community of […]| Payatu
In this post, we'll discuss a technique you can employ to read data from an eMMC chip and proceed with further analysis. The eMMC chip featured in this blog post is sourced from an EV scooter.| Payatu
