Collaborate Disseminate
"Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser. BeEF will hook one or more web browsers and use… Continue reading How to reliably detect Browser Exploitation Attacks with BeEF and other JavaScript hooking packages?
I noticed suddenly something weird on my PC. I am currently in Italy, Google all of a sudden is displayed in Arabic, and my IP is from an ISP in Czech Republic, and it is obviously different from the Italian ISP I am connected to.
In my ph… Continue reading my ip address comes out from a different ISP/Country
I received a Discord message where someone wrote something about a new crypto broker that has a giveaway going on. So out of interest I registered with my unimportant email and some random password that I don’t use anywhere. (Because I alr… Continue reading What could a Website steal?
I received a Discord message where someone wrote something about a new crypto broker that has a giveaway going on. So out of interest I registered with my unimportant email and some random password that I don’t use anywhere. (Because I alr… Continue reading What could a Website steal?
I know this is a duplicate question, but there aren’t any recent updates on the answers given to this question(here and here) and after a few years, I’m sure browser security has improved drastically. I was wondering if it’s still possible… Continue reading Is it still possible to get a virus simply by visiting a website? [closed]
Historically, we have learned that many security vulnerabilities and exploits have resulted from allowing document files to contain executable code, whether it be JavaScript, VBScript, another scripting language, or even macros.
As such, s… Continue reading Is Firefox’s new JavaScript support within PDF files a security concern?
if a user’s browser gets hooked how can the user unhook his/her browser? (does clearing cookies/cache or deleting the browser data/cache help?)
How can a user know whether his/her browser is infected/hooked?
After hooking an android brows… Continue reading Few questions related to browser exploitation framework [closed]
Threat model:
Malicious user gaining physical access to browser cookies (e.g., 3rd party repair guy copying cookies to his own device or something like that). Let’s say legit user did not clear cookies beforehand.
Possible mitigation:
Pre-… Continue reading Mitigating physical cookie theft
Today, clicking on links (via Chrome from my Google home page), I started seeing "https://beinternetawesome.withgoogle.com/en_us/" come up instead of the site I had attempted to load.
I’m trying to determine if this is due to typ… Continue reading Malware? Or a Browser Hijack by Google?
Ok i am facing a very weird behaviour that sets and doesnt set cookie both. So, first i have found CRLF injection in 2 domains, redacted.de and redacted_another.com. When i go to redacted_another.com vulnerable url, the cookie gets set int… Continue reading Cookie is not being set after CRLF Injection in one domain but set in another domain. How can i bypass/set it?