Collaborate Disseminate
I am trying to teach my students about race conditions on the web, and for that purpose, I am using a simple bank example, in which we transfer an amount from person A to Person B’s account. If we use Burp and send simultaneous requests li… Continue reading Race condition in Python [closed]
I have a small intranet, in which I have complete control over its deployment. I can even do MiTM, packet inspection/injection etc.
There is a router and then there are 5 users behind the routers.
The issue I am facing is that I cannot ide… Continue reading Identifying user behind a router [closed]
I am creating an exericse for my users, where I am trying to tell them that using mt_rand() is not a good option from security point of view. What I did is that I showed them a normal user who gets a password reset email, the token is gene… Continue reading Usage of Mt_Rand in PHP
I was going through this article, https://www.ambionics.io/blog/php-mt-rand-prediction, which claims that if we use mt_rand(), we can get the seed value using two values instead of brute forcing.
In the article it says:
The first step in … Continue reading Is PHP’s mt_rand function insecure on every platform?
I am using the following code in my code to send a password reset token to a user.
$token = md5($user_id . time());
Why this is considered as a bad approach being cited as it has a weak entropy. The above code would generated a scary look… Continue reading Determining Entropy in PHP
I was going through this link https://medium.com/@renwa/bypass-samesite-cookies-default-to-lax-and-get-csrf-343ba09b9f2b to understand CSRF using samesite. Does that mean that the LAX+POST issue has been resolved by Chrome, which means tha… Continue reading Lax SameSite and POST (2 minute)
I am trying to work on an example for my class on how double submit cookie works and how attackers can bypass it
The idea i have is I have two domain att.com and victim.com. The login functionality on victim.com creates the session and als… Continue reading Double Submit Cookie Bypass
I have a website that is running Wordpress 5.0. I can update the WordPress but that will also break some of my plugins. Recently I have seen the following exploit on the internet
https://www.exploit-db.com/exploits/50663
that allows SQL In… Continue reading SQL Injection in WordPress
I was wondering if Google can see my computer screen while I’m using Chrome Remote Desktop.
Let’s assume there’s my main PC named A and my other PC named B.
PC B will have the Chrome extension installed and is the PC that will be accessed … Continue reading Can Google see the screen when using Chrome Remote Desktop?
Every now and then, you here a story about misuses of mobile OS’ spyware softwares, developed by technology firms which usually sell their products to governments or groups with similar power.
You here stories about Whatsapp calls, sms, im… Continue reading Why are mobile phones OS easily hackable (Pegaus & Co)