What would be the biggest threat one could consider to their organization? Well, I would say it would depend on what your organization does. I suppose that if you are part of a government organization, then one should be looking out for their adversaries and their state-sponsored threats like APT’s (Advanced Persistent Threats) from China or APT’s Middle East in the case of India. Not only this one would be looking for any exploits being used in the wild, insider threats, and ransomware that is targeting your organizations. This article will be writing about how ransomware gangs have become the…

This is a continuation to the previous article ‘India and its cyberspace part 1’ -Link

In part-1 I have written about the data breaches of big tech organizations in India. In this article, I will try to cover more on scams and cybercrimes that are originating in India along with how organizations are treating their security.

credit: Freepik

It might take a book to write about cyber scams and cyber frauds in India and as much as I wish I could say there are controls to stop cybercriminals, there aren't good enough cyber frauds and crimes to stop if found it takes…

Credits: Thinkstock

It’s been a long time that I have published any articles. During this off time, I have been following some data breaches, security incidents, and scams that originate from India. To keep readers from being bored, I have divided the article into 2 parts.

First I will be addressing data leaks and actions that are being taken from both enterprises and the government. Following are some enterprises that had their user data breached

  • Bigbasket
  • Mobikwik
  • UpStox

From now on every week I will try to publish an article under the name ‘Sup Infosec?’ Where I will write about interesting tools, information, or crazy stories other than data breaches or some undervalued topics in security. I will try my best so that everyone could understand. In this article, the topics/stories are

  1. Google releases PoC for Spectre-proof web
  2. Morpheus “The impenetrable chip”

Google releases PoC for Spectre-proof web

Google’s security research team Project Zero on March 12 released PoC (Proof of Concept) for Spectre-based web exploit. A bit of back story about Spectre, it is a hardware vulnerability in CPU chips like Intel and…

For the past 6 months, it has been one hell of a ride for everyone in cybersecurity, from one of the largest supply chain attacks of SolarWinds to Microsoft Exchange server zero-day vulnerability being exploited by HAFNIUM (APT from China) and the Latest Vulnerabilities found.

I love doing threat intel and threat modeling, and the current scenario couldn't be much better for me to learn a lot of new things. So I will try my best to keep it short and minimalistic so that everyone could understand what I am saying.

Microsoft Exchange Server’s Zero-day vulnerability being exploited by Chinese APT HAFNIUM

On March 2nd Microsoft’s Threat Intelligence Center (MTIC) along…

Technology vector created by stories

This article would be my take on how even the strongest or “Highly secured” orgs have their insecure x-factor in their security architecture and what it would be. I am writing this article because in the present cyberspace no one is safe even the security vendors like FireEye and recently Qualys pwned by state-sponsored threat actors.

Note: At some point, this would feel like a rant as but please do judge me, but please correct me as I am still considered new to the cybersecurity domain.

So let us start with the infamous hack of SolarWinds disclosed by FireEye and…

credit — retrunonnow

This article is kinda different from what I have previously written. You could take this one to be educational or to help your customers from being victimized by online fraud and scams. Please note that this would be my suggestion, please let me know if there is something that didn't make sense.

A bit of backstory on why I got this into my mind. I used to play a lot of CSGO, a game made by Valve. They have 2 main sites under them, one is and the other is The virtual cosmetics a.k.a skins of CSGO made…

Man vector created by Sentavio

So by now, you guys might have heard about the malware, virus, trojan horse, worms, spyware and all the scary and too cool to handle stuff (Spoiler Alert: malware is not cool to handle xD). So let us begin with the basics when I say malware it can be anything from malicious software to suspicious PDF that some random creep sent you. There are types of malware starting from the most accustomed word “Virus”, Worm. Ransomware, Spyware, Trojan Horse, Adware let me also give you a brief meaning of what they actually are…

  1. Virus- Malicious software that needs the help…

In this article, I will try my best to explain Homomorphic Encryption and why would it become the Crown Jewel of Cryptography in the mere future.

In a matter of days or years, there would be a war going for things like gold, coal and oil resources basically black gold and there is one more thing that has already lead to the start of a war, not the guns and bullets kinda war but computers, intelligence and one big thing that we daily user leave behind without our known on the internet its the DATA. Yeah, you guys heard me…

Steganography is the technique that hides a secret message within an ordinary, non-secret message to avoid detection and falling in the hands of unwanted individuals.

The word steganography is derived from the Greek words Setganos (hidden or covered) and graph (to write).

Unlike cryptography, which encrypt your data to an unreadable/no sense format which can be understood when an individual has the key to decrypt the gibberish, steganography hides in the plain sight which for an individual with no prior information it looks like a completely normal message/thing.

Steganography existed from 440 BC from Greece, it was used by greeks…

Krishna Sai Marella

Malware Analysis and Forensics ❤|| In love and hate relation with cryptography || N00b Skiddie || ❤You can bait me with a good cup of coffee ❤

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store