In the previous article, I have shared what I have learned about SAML, The history behind it, and its working mechanism. But it did not end there, I wanted to know more about it, then I saw that it is also using while configuring and integrating MFA solutions with IDP as an additional layer of authentication Mechanism. So let’s learn more about it.

Firstly, What is MFA ( Multi-Factor Authentication)?

Multi-Factor Authentication is nothing but an additional level of authentication where we need to provide one more factor which might be an OTP, numeric code from an App( Google Authenticator), or a Hard token for claiming that…

Before I start about Web3 or Web 3.0 , let’s talk about web1.0 , web 2.0. Both of these are traditional way to accessing internet starting from creating HTML pages, websites to apps which we are using till now. Web2 is the current way to consuming, creating, monetizing using internet.

In the month of July, Hack the Box ( HTB) came up with a concept of making 10 retired machines available for all the users to pwn and build their skills. Please find the announcement from HTB.

As part of this series, I have started trying one of the retired boxes i.e., Shocker. These machines are available for free in retired machines

Let’s access the box and gain root access.

Basically, this is a Linux machine. We will run a Nmap scan to identify open ports and services.

Nmap Scan

The output shows that it’s an Ubuntu machine running SSH on 2222…

In our previous article, we have discussed the risks possessed by Cloud Service models. As a continuation to that, let’s understand the risks behind the Cloud Deployment models and other risks as part of designing the cloud architecture.

One of the common risks we have observed in the service models is related to risks due to virtualization. I have covered the basics of virtualization in my previous article.

Virtualization Risks:

  1. Type-1 Hypervisor has a risk of losing the guest OS which may lead to availability issues of the application/platform.
  2. Type-2 Hypervisor possesses the risk of losing the Host operating system…

In our previous article, we have learned about the basics of cloud computing, Architecture, Deployment models, service models. It looks so easy to decide and implement the model and service based on our requirement, but it’s also equally important to understand the risks associated with it.

As per NIST 800–145, Cloud computing has 3 Service Models, 4 Deployment Models. Each one has certain risks associated with it which need to be analyzed, reviewed, assessed, and remediated. Let’s dig more in detail...

Risks for Cloud Service Models:

  • Infrastructure As- A- Service:

Before choosing the IAAS, there are certain risks that we…

How New-Age applications are getting benefitted

Cloud is one of the buzzwords in the industry, thanks to the revolution on the Internet and advanced technology. With the availability of resources, so many ideas went into the phase of Implementation. So many applications like Netflix, Whatsapp, PhonePe have emerged by using the cloud as a resource pool. Now let’s try to understand what is cloud…

What is Cloud?

“Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services)

In simple words, providing a pool…

How it will be useful for effective use of Enterprise resource

As part of the Back to basics series, I would like to share some of the important technology which plays a prominent role in the effective use of computation resources like CPU, Memory, Storage i.e., Virtualization.

With the exponential growth of technology, People using machines for different purposes have also been increased in the form of creative, technical, and another purpose where it requires high computational power. This is where virtualization comes into place.

Let’s assume you wanted to run an android environment but you also want to have…

In my previous article, I have explained Zero Trust Architecture and how it is being used by organizations. Due to the increase of cyberattacks and threats, organizations are constantly looking for more secure models. As many organizations are migrating to the cloud due to diversified services by cloud providers, it became very difficult for organizations to stick to or maintain the ZTA. It did not mean that companies left the ZTA model but they have come with an upgraded model by considering the Cloud deployment i.e., SASE

What is SASE?

SASE stands for Secure Access Service Edge, an architecture model…

How it will be useful for enabling Single Sign-On ( SSO)

Nowadays we all have been adapted to technology extensively and evolved into a phase where we don't require any password for Logging into applications. Every day we use many applications but one common thing we might have observed is logging through Facebook, Google, Linked In, etc…

Did any of us give a thought about how it is happening and what is this process and all? Let me give some clarity on this. This process is called Single Sign-On i.e., Accessing and using a single set of credentials to Access multiple applications like Zoom, Udemy, Call of Duty, etc... But how…

Never Trust, Always Verify

Note: This article is more of my learning than a researched article

As per Special Publication (NIST SP) — 800–207…

“Zero trust (ZT) is the term for an evolving set of cybersecurity paradigms that move defenses from static, network-based perimeters to focus on users, assets, and resources. A zero trust architecture (ZTA) uses zero trust principles to plan industrial and enterprise infrastructure and workflows. Zero trust focus on protecting resources (assets, services, workflows, network accounts, etc.), not network segments, as the network location is no longer seen as the prime component to the security posture of the resource. …

Adithya Sai

Full time Information Security Engineer, Part time Red Team learner

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store