mandatory – Page 2 – WindowsTechs.com

Breaching a CA – Blind Cross-site Scripting (BXSS) in the GeoTrust SSL Operations Panel Using XSS Hunter

Posted on August 31, 2016 by mandatory

This is a continuation of a series of blog posts which will cover blind cross-site scripting (XSS) and its impact on the internal systems which suffer from it. Previously, we’ve shown that data entered into one part of a website, such as the account information panel, can lead to XSS on internal account-management panels. This… Read More Continue reading Breaching a CA – Blind Cross-site Scripting (BXSS) in the GeoTrust SSL Operations Panel Using XSS Hunter→

Floating Domains – Taking Over 20K DigitalOcean Domains via a Lax Domain Import System

Posted on August 26, 2016 by mandatory

The above image is taken from here and was taken by Steve Jurvetson. DigitalOcean is a cloud service provider similar to Amazon Web Services or Google Cloud. They offer cloud DNS hosting as one of their product lines – a nice guide on how to set up your domain to use their DNS can be… Read More Continue reading Floating Domains – Taking Over 20K DigitalOcean Domains via a Lax Domain Import System→

Keeping Positive – Obtaining Arbitrary Wildcard SSL Certificates from Comodo via Dangling Markup Injection

Posted on July 25, 2016 by mandatory

I recently decided to investigate the security of various certificate authority’s online certificate issuing systems. These online issuers allow certificate authorities to verify that someone owns a specific domain, such as thehackerblog.com and get a signed certificate so they can enable SSL/TLS on their domain. Each online certificate issuing system has their own process for… Read More Continue reading Keeping Positive – Obtaining Arbitrary Wildcard SSL Certificates from Comodo via Dangling Markup Injection→

The International Incident – Gaining Control of a .int Domain Name With DNS Trickery

Posted on July 10, 2016 by mandatory

The .int or international TLD is perhaps one of the most exclusive extensions available on the Internet. The number of domains on the extension is so small it has it’s own Wikipedia page. Introduced around 27 years ago its primary purpose has been for international treaty organizations. The requirements for a .int domain are listed… Read More Continue reading The International Incident – Gaining Control of a .int Domain Name With DNS Trickery→

XSS Hunter is Now Open Source – Here’s How to Set It Up!

Posted on May 30, 2016 by mandatory

Recently I opened up XSS Hunter for public registration, this was after publishing a post on how I used XSS Hunter to hack GoDaddy via blind XSS and pointed out that many penetration testers use a very limited alert box-based pentesting methodology which will not detect these types of issues. After cleaning up the source… Read More Continue reading XSS Hunter is Now Open Source – Here’s How to Set It Up!→

Poisoning the Well – Compromising GoDaddy Customer Support With Blind XSS

Posted on May 8, 2016 by mandatory

This is the first part of a series of stories of compromising companies via blind cross-site scripting. As companies fix the issues and allow me to disclose them, I will post them here. Blind cross-site scripting (XSS) is an often-missed class of XSS which occurs when an XSS payload fires in a browser other than… Read More Continue reading Poisoning the Well – Compromising GoDaddy Customer Support With Blind XSS→

XSS Hunter – A Modern Approach to Testing for Cross-site Scripting (XSS)

Posted on March 22, 2016 by mandatory

Cross-site Scripting (XSS) origins go (arguably) back to a lab in Microsoft in 1999. With the first disclosure of the issue titled “Malicious HTML Tags Embedded in Client Web Requests“, this research sparked an entire generation of an attack that somehow still seems to persist in modern web applications today. Despite this vulnerability being well-known… Read More Continue reading XSS Hunter – A Modern Approach to Testing for Cross-site Scripting (XSS)→

The “Unhackable” WordPress Blog – Finding Security In the Static

Posted on October 14, 2015 by mandatory

Using the word “unhackable” is generally considered a bad ideaTM due to this being a largely unobtainable feat with software. In this post I attempt to get as close to “unhackable” as possible with my own personal blog (the one you’re reading right now). I have designed the process in such a way that it… Read More Continue reading The “Unhackable” WordPress Blog – Finding Security In the Static→

[Cross-Post] Fishing the AWS IP Pool for Dangling Domains

Posted on October 8, 2015 by mandatory

Hey guys, If you’ve ever pointed your DNS to an EC2 instance or other Amazon service, you might wanna read this piece of research I did while work at Bishop Fox that shows how attackers can take over your domains by drawing from Amazon’s IP pool: http://www.bishopfox.com/blog/2015/10/fishing-the-aws-ip-pool-for-dangling-domains/… Read More Continue reading [Cross-Post] Fishing the AWS IP Pool for Dangling Domains→

Building An Rdio Flash Cross-domain Exploit with FlashHTTPRequest (crossdomain.xml Security)

Posted on September 23, 2015 by mandatory

Adobe Flash is no stranger to security issues, but this post isn’t about stack overflows, bypassing ASLR, or sandbox escaping – it’s about building practical exploits against poor use of crossdomain.xml. For those unfamiliar with cross-domain policies in Flash, check out my previous post here. I’ve also built a nice tool for testing cross-domain requests in… Read More Continue reading Building An Rdio Flash Cross-domain Exploit with FlashHTTPRequest (crossdomain.xml Security)→