Collaborate Disseminate
CoinHive is a service that was created in September 2017. It allows users to mine Monero cryptocurrency using JavaScript. CoinHive has remarkably changed the income models of content developers over the course of its 18 month-long adventure. However, d… Continue reading The End of CoinHive and the Rise of Cryptojacking
A Clickjacking attack works by loading a malicious website inside a low-opacity iframe and overlaying it with an innocuous looking button, checkbox or link. This tricks the user into interacting with the vulnerable website beneath. The user is then for… Continue reading Sound Hijacking – Abusing Missing XFO
Brave is a new, free an open-source web browser with a built-in adblocker. It was developed by a team led by Brendan Eich, inventor of JavaScript and a former Mozilla Foundation employee.
The Brave browser uses the motto, ‘You are not a product&#… Continue reading Brave Browser Sacrifices Security
The Open Graph Protocol (OGP) was introduced by Facebook approximately eight years ago to give users a way to have control over the appearance of links on social media platforms. Whenever you click the Share button on Facebook, or other social media pl… Continue reading Phishing by Open Graph Protocol
Increased digitization means that web browsers are integral to our daily lives. For example, I’m writing this article on a cloud-based word processing application, whereas a few years ago, I may only have had the option of using an executable des… Continue reading Remote Hardware Takeover via Vulnerable Admin Software
For years, we’ve been told to keep the values of sensitive session cookies unpredictable and complex in order to prevent attacks such as session enumeration. And, it made sense. If the session ID is complex, long and cryptographically secure, it’… Continue reading Cross Site Cookie Manipulation
jQuery is a JavaScript library that was released in August 2006 with the motto: ‘write less, do more’. jQuery simplifies the process of writing code in JavaScript by making the element selectors, event chaining and handling easier. It’s safe to s… Continue reading Acquiring Data with CSS Selectors and Javascript on Time Based Attacks
Sessions are an essential part of most modern web applications. This is why session-related vulnerabilities often have a sizable impact on the overall security of a web application. They frequently allow the impersonation of other users and can have ot… Continue reading Two Interesting Session-Related Vulnerabilities
The clickjacking attack introduced in 2002 is a UI Redressing attack in which a web page loads another webpage in a low opacity iframe, and cause changes of state when the user unknowingly clicks on the buttons of the webpage. In this article, we expla… Continue reading Clickjacking Attack on Facebook: How a Tiny Attribute Can Save the Corporation
Dawid Czagan, Founder and CEO at Silesia Security Labs and author of Bug Hunting Millionaire, is listed in HackerOne’s Top 10 Hackers. In a recent article on his website, Czagan disclosed the details of a vulnerability combining both Cross-site R… Continue reading The Importance of the Content-Type Header in HTTP Requests