mishraJi

Part 2: Cloudflare Zero Trust - TLS Inspection

Mon, 09 Mar 2026 00:00:00 +0000

In Part 1, we enabled TLS inspection to get HTTP policies working against HTTPS traffic — that’s how we blocked social media sites on port 443. We got it working, but I didn’t really explain what TLS inspection is actually doing under the hood. Let’s fix that.

TLS inspection is essentially a sanctioned man-in-the-middle. When your device initiates an HTTPS connection, Cloudflare Gateway intercepts it, terminates the TLS session, decrypts the traffic, inspects it, and re-encrypts before forwarding to the destination. Same thing in reverse on the way back. The Cloudflare root CA certificate we installed on the client device is what makes this work without your browser throwing certificate errors on every page.

Part 1: Cloudflare Zero Trust — Web Filtering

Thu, 05 Mar 2026 00:00:00 +0000

Introduction

This is Part 1 of the 4-part Cloudflare Zero Trust series. In Part 0 we set up the Cloudflare One Client and tested a successful ZTNA connectivity. If you have not read that yet, I would recommend starting there before following along here.

In this post we are looking at web filtering — what it is and how to configure it using Cloudflare Zero Trust.

What is Web Filtering and Why is it Required?

Web filtering controls what a user can or cannot access on the internet. The reasons for doing it depend on who you are.

Part 0: Cloudflare One Client (Warp Client) Initial Setup

Tue, 03 Mar 2026 00:00:00 +0000

Introduction

If you have been working in IT or security for a while, you have probably heard the term Zero Trust thrown around a lot. But what does it actually mean in practice?

Traditional network security worked on a simple assumption — if you are inside the network, you are trusted. VPNs were the go-to solution. You connect to the VPN, and suddenly you are “on the network” with access to everything. The problem? Once an attacker gets in — through a compromised credential, a phishing attack, or a misconfigured endpoint — they can move laterally across the entire network with very little resistance. Trust was implicit, and that was the fundamental flaw.

About Me

Wed, 01 Jan 2025 00:00:00 +0000

Hi 👋

I’m Navneet, a techie and cloud security enthusiast! Following are the interesting areas I have worked on and have experience with -

Cloud & infrastructure Security
Network Security
Identity and Access Management
Web Application Penetration Testing

This blog is a way for me to express my thoughts and learnings!

Common Issues in S3 Cross-Account Access

Tue, 17 Oct 2023 00:00:00 +0000

Originally published on Medium.

Introduction

Let’s explore the potential issues that can arise when setting up cross-account access to S3. Cross-account access involves a situation where a user or role in one AWS account (account1) seeks to access an S3 bucket located in another AWS account (account2). It might sound straightforward, but it’s a common scenario that can present challenges.

Description

Account-1 has IAM user “user” with AmazonS3FullAccess

Account-2 has s3 bucket “my-s3-bucket-971” with 3 objects — file1, file2 and file3 along with the following resource based policy (bucket policy).

Load Balance Traffic to Private EC2 Instances

Tue, 14 Feb 2023 00:00:00 +0000

Originally published on Medium.

Introduction

Let’s take a look at how we can configure our AWS Application Load Balancer (ALB) to distribute the HTTP traffic across a set of EC2 instances present in the private subnet. As a good security measure, we don’t want our EC2 instances to be directly accessible from the internet. Hence we place them in the private subnet and assign only private IP addresses to them.

2 EC2 instances are present in private subnets across 2 availability zones: us-east-1A and us-east-1B

Defeating Encryption

Wed, 03 Aug 2022 00:00:00 +0000

Figure 0: Photo by Markus Spiske on Unsplash

Originally published on Medium.

Introduction

I came across an application where I had to validate the security fix implemented by the development team. The first assessment had findings like Vertical Privilege Escalation and Horizontal Privilege Escalation through Insecure Direct Object Reference. An attacker could simply capture a request in Burp Suite and modify ‘dashboardID’ parameter to get read and write access to another user’s dashboard.

Maintaining NTLM Authentication Session

Fri, 30 Jul 2021 00:00:00 +0000

Photo by Arget on Unsplash

Originally published on Medium.

Introduction

I came across a web application that uses NTLMv2 for authentication. I logged in to the application (provided my credentials for the first time) and opened Chrome developer tool (F12) to check the requests. There was no session cookie or authorization header (Authorization: Negotiate or Authorization: Bearer) in the request. There was no other session-related information to prove that the user was logged in. I was surprised to see that the server still responded with content available only to authenticated users.

Part1: JWT Key Confusion Attack

Thu, 11 Feb 2021 00:00:00 +0000

Photo by Bram Naus on Unsplash

Originally published on Medium.

Introduction

This post deals with the theory of Key Confusion Attack. Part2 deals with solving the JWT Lab by Sjoerd Langkemper to demonstrate the Key Confusion Attack.

JWT stands for JSON Web Token. After successful user authentication, the server sends a JWT in the response which can be used to make API calls or to access protected resources. It is typically used in the request header like

Part2: JWT Key Confusion Attack

Thu, 11 Feb 2021 00:00:00 +0000

Photo by Bram Naus on Unsplash

Originally published on Medium.

Introduction

In Part1 we discussed the Key Confusion Attack. In this post we will use a vulnerable JWT application by Sjoerd Langkemper to demonstrate the attack.

Description

Install the JSON Web Token Attacker (JOSEPH) extension from the Burp Suite store (Extender Tab in Burp Suite) and head over to the blog. Click on this RS256 demo page to go to the lab.