Collaborate Disseminate
Is it considered a SSRF vulnerability (or is it dangerous at all) if the backend of an application fetches a URL that is somewhat based off of user input, in a way similar to this
get(“https://thehostname.com/a-directory/” +… Continue reading SSRF when user input is appended to hostname
I was looking for a way to integrate multiple TAXII-Feeds in my current network when I came across Hail A TAXII – which does just what I want.
But when I tried writing them a mail, the address was invalid. Does anyone know … Continue reading Is Hail A TAXII still operating? [on hold]
Yesterday someone emailed me a malicious .bat script.
I have his email (he used Gmail) and of course I can’t track him using mail header. So I checked the .bat file details but I only see my computer name.
So how can I tr… Continue reading How to trace who sent mail with attachment
I have a RFIDEAS PCswipe card reader, this device is shown as a keyboard and whenever a card is swiped it outputs text. It has one letter, a bunch of numbers, my name, and a bunch more numbers.
How do I interpret these numbe… Continue reading How to read data from USB magstripe reader? [on hold]
I’m trying to get a site report from Netcraft via my Python script, but it doesn’t seem to work. A simple request call
requests.get(‘https://toolbar.netcraft.com/site_report?url=http://www.example.com’)
returned me an erro… Continue reading Calling Netcraft via Python script
I have some issues trying to resolve a wargame with a format string vulnerability.
So here is the code of the program:
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
int main(int argc, char ** a… Continue reading Stack behavior on function call during a format string exploit
What is The ISO standard that help entities to implement security processes, concepts in the application security field ?
I am working on Advanced Persistent Threats for my Master thesis, I am using Game theoritic models to counter Advanced Persistent Threats, my question is, how can an APT be modeled as a security game? What would be the strate… Continue reading Advanced Persistent threat as a security game
I am wondering what historical information is logged by mobile companies and what is possible for them to log. Is there such a thing as historical triangulated location data?….Meaning if I am connected to more than one cel… Continue reading Historical Location Data logs…..Triangulation and GPS
GetAltName it’s a little script to discover sub-domains that can extract Subject Alt Names for SSL Certificates directly from HTTPS websites which can provide you with DNS names or virtual servers.
It’s useful in a discovery phase of a pen-testing ass… Continue reading GetAltName – Discover Sub-Domains From SSL Certificates