Knowledge
Center

Explore our in-depth research, success stories, and case studies. Discover insights and innovative solutions that highlight our commitment to excellence.
Case Studies
Web App Security
Mobile App Security
Exploiting CVEs

Transforming Security Posture: Our Penetration Testing Impact on a Leading EdTech Company

A leading EdTech company faced major security challenges due to vulnerabilities jeopardizing user data and platform stability. Enciphers conducted a comprehensive penetration test, uncovering critical issues. By implementing Enciphers' recommendations, the company significantly reduced vulnerabilities, strengthened security controls, and enhanced platform protection.

Fortifying Cybersecurity for One of India’s Leading Digital Entertainment Giants

A case study on enhancing cybersecurity for a major digital entertainment company through pentesting, attack surface analysis, security automation, and process improvements, uncovering vulnerabilities and ensuring long-term security through knowledge transfer.

Strengthening Healthcare Cyber Defense through Targeted Penetration Testing

Through our research focused, in-depth penetration test, a major healthcare company, identified critical vulnerabilities, including CVEs with RCE risks, weak access controls, and insecure data handling. The company addressed these issues, greatly improving its security.

Rescuing a Media Giant: How We Uncovered and Halted the Piracy of DRM-Protected Content

An in-depth investigation into the security vulnerabilities surrounding unauthorized access to DRM-protected live streaming content for India's largest digital media company. The organization has encountered substantial difficulties in preventing unauthorized access and illegal redistribution of its digital content, leading to revenue loss and diminishing trust among content providers.

Building Cyber Security Capabilities For A Tech Company

We delivered a 3-month Advanced Training & Certification Program focused on Web, Mobile, Cloud, and Infrastructure penetration testing. The program included hands-on labs, a challenge-based exam, and on-the-job training. Participants worked alongside senior experts on live pentest projects, gaining practical experience to build their internal security testing capabilities and prepare for real-world challenges.
Web App Security
November 25, 2023

A Close Encounter with Insecure Deserialization - Part 2

Exploring the realm of insecure deserialization with some hands on challenges and exploitation...
Read More
Web App Security
October 23, 2023

A Close Encounter with Insecure Deserialization - Part 1

Deep diving in the world of insecure deserialization. A vulnerability in which untrusted data is used to inflict attacks, like execute code.
Read More
Web App Security
March 10, 2023

Analysing A Ransomware Attack

Ransomware attacks have become a common threat in today’s digital age, and they can cause significant damage to individuals and organisations
Read More
Explore More
Mobile App Security
July 2, 2023

Exploring Android Security: Safeguarding The Droid

The Android architecture implements different security layers that, together, enable a defense-in-depth approach. This means that the confidentiality, integrity or availability of sensitive user-data doesn't hinge on one single security measure.
Read More
Mobile App Security
April 17, 2022

An analysis of the modern mobile applications for data security

Mobile phones have become an imperative portion of our daily lives. People nowadays prefer to keep every bit of information regarding personal and professional life on their mobile phones.
Read More
Mobile App Security
January 15, 2020

Xposed Framework Plugins For Android Pentesting

The workflow of Xposed framework Plugins for Android Pentesting Xposed framework Plugins for Android Pentesting helps in...
Read More
Explore More
Exploiting CVEs
June 16, 2026

CVE-2023-1177: Remote File Read via Path Traversal in MLflow

A critical path traversal vulnerability, CVE-2023-1177, was discovered in MLflow, the widely used open-source platform for managing machine learning lifecycles. The flaw allows any unauthenticated user to read arbitrary files from the server's filesystem by exploiting insufficient path validation in MLflow's model artifact handling.
Read More
Exploiting CVEs
June 10, 2026

CVE-2022-0847 : "Dirty Pipe" Linux Local Privilege Escalation

On March 7, 2022, security researcher Max Kellerman disclosed Dirty Pipe, a Linux local privilege escalation vulnerability with a CVSS score of 7.8 (HIGH), along with a proof of concept demonstrating how to exploit it. The vulnerability affects the Linux Kernel and allows users with low privileges to overwrite read-only files on kernels version 5.8 and later.
Read More
Exploiting CVEs
June 13, 2026

CVE-2024-9264: Remote Code Execution via SQL Expressions in Grafana

A critical remote code execution vulnerability, CVE-2024-9264, was discovered in Grafana versions 11.0.x through 11.2.x. The flaw allows any authenticated user with Viewer-level permissions or higher to execute arbitrary commands and read sensitive files on the underlying server by abusing the experimental SQL Expressions feature. The vulnerability arises from insufficient sanitization of user-supplied input before it is passed to the DuckDB CLI, which Grafana invokes to run SQL against the result set returned by a data source query.
Read More
Explore More
Mitigating Risks & Vulnerabilities with AI-Driven Threat Intelligence
Email
Headquarter
Enciphers Labs Private Limited,
Plot No. - 15, Sector 142, Noida,
Uttar Pradesh, India
Company
About usContact UsServicesTrainingBrand Kit
Useful links
Cyber Security PolicyData Protection PolicyResponsible DisclosurePrivacy PolicyHall Of Fame
© 2021, All Rights Reserved

By clicking “Accept”, you agree to the storing of cookies on your device to enhance site usage. View our Privacy Policy for more information.

RejectAccept