Collaborate Disseminate
Recently my PC has succumbed to an attack of this form caused by trojan and most propably all my cookies from Firefox were stolen. I concluded that after finding out that someone logged on to my Facebook account despite enabled 2FA. In my … Continue reading Can browser extention be compromised via cookie hijack?
If a VPS running Debian 10 Xfce as a cloud desktop has been rootkit infected and there is an ongoing SSH connection with X2Go from a client to manage this server, is it possible for an attacker on the VPS to hijack the existing SSH connect… Continue reading Can a running SSH connection to a rootkit infected VPS be used to attack the remote client?
"Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser. BeEF will hook one or more web browsers and use… Continue reading How to reliably detect Browser Exploitation Attacks with BeEF and other JavaScript hooking packages?
I noticed suddenly something weird on my PC. I am currently in Italy, Google all of a sudden is displayed in Arabic, and my IP is from an ISP in Czech Republic, and it is obviously different from the Italian ISP I am connected to.
In my ph… Continue reading my ip address comes out from a different ISP/Country
I received a Discord message where someone wrote something about a new crypto broker that has a giveaway going on. So out of interest I registered with my unimportant email and some random password that I don’t use anywhere. (Because I alr… Continue reading What could a Website steal?
I received a Discord message where someone wrote something about a new crypto broker that has a giveaway going on. So out of interest I registered with my unimportant email and some random password that I don’t use anywhere. (Because I alr… Continue reading What could a Website steal?
I know this is a duplicate question, but there aren’t any recent updates on the answers given to this question(here and here) and after a few years, I’m sure browser security has improved drastically. I was wondering if it’s still possible… Continue reading Is it still possible to get a virus simply by visiting a website? [closed]
Historically, we have learned that many security vulnerabilities and exploits have resulted from allowing document files to contain executable code, whether it be JavaScript, VBScript, another scripting language, or even macros.
As such, s… Continue reading Is Firefox’s new JavaScript support within PDF files a security concern?
if a user’s browser gets hooked how can the user unhook his/her browser? (does clearing cookies/cache or deleting the browser data/cache help?)
How can a user know whether his/her browser is infected/hooked?
After hooking an android brows… Continue reading Few questions related to browser exploitation framework [closed]
Threat model:
Malicious user gaining physical access to browser cookies (e.g., 3rd party repair guy copying cookies to his own device or something like that). Let’s say legit user did not clear cookies beforehand.
Possible mitigation:
Pre-… Continue reading Mitigating physical cookie theft