Collaborate Disseminate
Is there any way to load html data uri:
data:text/html,<html><svg/onload=confirm(1)></html>
with this scheme:
data://
i have seen this payload going around:
data://text/javascript,alert(1)
But only … Continue reading data:// uri XSS – using wrappers
I’ve recently been delving more into Wifi security and am starting with Pixie Dust, I’ve learned about it, mostly how it works (with the pins, being able to crack two halves of the pins and whatnot, not much in-depth, but eno… Continue reading Detecting a Pixie Dust attack? How much of a trace does it leave behind?
The issue, present on Android versions, is similar to the known man-in-the-disk attack vector. Continue reading WhatsApp, Telegram Coding Blunders Can Expose Personal Media Files
We live in an age where a lot of services are hosted in various cloud-based infrastructures. And a lot of these infrastructures are based around a “pay as you go model”. I.e. The more servers you spin up, the more database IO… Continue reading Are there any documented cases of attackers using ‘Free Trials’ as an attack vector?
Today while reviewing vulnerability scan results with a colleague, we had a debate about what vulnerabilities can be considered “true or legitimate” and hence worthwhile to spend resources in monitoring. We had a differing op… Continue reading If a vulnerability has no relevant attack vectors, is monitoring still legitimate for a company?
I was looking for conditions/circumstances under which Dllhost.exe can spawn a child process. I examined a huge quantity of event logs from various Windows system and didn’t come across any event in which Dllhost.exe spawns a child process… Continue reading Under which conditions can dllhost.exe spawn child process? | MITRE ATT&CK T1191
Automatic invite notifications are spreading malicious links. Continue reading Google Calendar Attacks Target Unwitting Mobile Users
So I have a student that is…ahem…unwilling to do their own work and I had an interesting situation that I was hoping I could get other’s perspectives on.
I assign the homework as a Google Doc that they make their own cop… Continue reading I believe I had a student pay someone in Africa to do their homework on a Google Doc due to a possible VBA script in Somalian?
Assume a Mam in the Middle that wants to redirect a client’s HTTPS (Secure HTTPS) request from a.com to b.com. The MitM can not impersonate neither a.com nor b.com. The MitM does not have to use a TLS certificate to let the c… Continue reading Client HTTPS request redirection attack
For educational purposes, I want to conduct a demo for a Man In The Middle attack. The attack scenario is:
1) The client request aaa.com
2) The MITM changes the client request to bbb.com
3) The client get response for bbb.com
Notes:
1) … Continue reading How to conduct this MITM attack [duplicate]