Collaborate Disseminate
I sometimes want to run untrusted JavaScript, mainly for CTFs. It can be obfuscated JavaScript code or something like JSFuck. The point is, I know nothing about the code and just want to quickly see its output.
Of course, I don’t want the … Continue reading What’s a way to safely test run untrusted JavaScript code?
As Windows is case-insensitive, the string mimikatz can be evaluated the same as MIMIKATZ or MimIkaTZ. A naive method of AV evasion by switching cases of some characters in suspicious string has been demonstrated here where the string wdig… Continue reading Why do Windows AV software detect strings with case-sensitivitely?
I’m testing CVE-2019-14748 on an example.com with osTicket. I’ve uploaded a test.html with the basic <script> and <img> XSS payloads which run when a user opens test.html. However, in Firefox, when I click on the test.html file… Continue reading CVE-2019-14748 but the file is downloaded and open locally – can it be used for XSS?
Let’s say I’m doing a pentest on BlueCorp and find a bug in the software UnrealSec made and distributed by SecCorp which is used by BlueCorp and found during said pentest. Should I report this bug to both BlueCorp and SecCorp or only one?
… Continue reading Found a bug in a software product used by the pentesting customer; Who to report it to?
I’m doing UDP scans on some internal servers and want to add a custom token (randomly generated string) to packets as much as possible in order to later filter out my scans from real non-testing traffic.
To attach my token to my nmap scans… Continue reading Would adding `–data-string` to a UDP scan change the results?
Given a group of machines, knowing only that they run Windows with Active Directory, being at the initial recon phase, what are some signs that would strongly suggest a machine is a Domain Controller?
(I’m thinking of checking the basic th… Continue reading What signs suggest that a machine is a Domain Controller?
I’m looking for things to do my bachelor thesis on, and one thing I’d like to do research on is security in IoT devices and/or popular software & frameworks.
The targets of my research would be products with undisclosed source code, wh… Continue reading Possible legal issues with doing research on commercial products [closed]
In the unlikely event that a root CA is breached (eg. Comodo, DigiNotar), how should people and companies respond?
(Assume the people responding practice infosec & are aware of the problems of such a compromise)
Possible responses:
A… Continue reading How should we respond to a root CA breach?
I mainly use Linux so I’m not well-versed on how Windows and its privileges work. I’ve recently learned to use Metasploit and meterpreter on Windows boxes.
Previous research
This answer has given an overview of how meterpreter migrates on … Continue reading What allows meterpreter to migrate processes and how to defend against it?
During the COVID-19 pandemic, many of us are working from home using meeting apps like Zoom. It’s all over the news that Zoom is lacking in its E2E encryption. Let’s assume we’re using Zoom and can’t switch apps.
Considering only the tra… Continue reading How can we secure communication of an unchangeable app (Zoom)?