Collaborate Disseminate
I used Chrome in Sandboxie, and even after deleted contents of the sandbox, youtube.com still recommended videos for me, which based on vids I saw.
Only after I deleted all history in Chrome then youtube did not recommend th… Continue reading How can youtube track user in sandbox?
Is using Web Gmail over Gmail App is more safe, for example, see following options:
Android Google Chrome or Android App
Windows Google Chrome or Windows Universal App
MacOS Safari or MacOS App Store Application
iOS Safari … Continue reading Is using Gmail App over Web Gmail more safe?
Microsoft has announced a new capability that will make its Edge browser the most secure web browsing option for enterprises: Windows Defender Application Guard. Windows Defender Application Guard is a lightweight virtual machine that prevents malicious activity coming from the web from reaching the operating system, apps, data, and the enterprise network. “Unlike other browsers that use software-based sandboxes, which still provide a pathway for malware and vulnerability exploits, Microsoft Edge’s use of Application Guard … More → Continue reading Microsoft equips Edge with hardware-based container
On Mac OS X, is it possible to limit an application’s accessible hosts by using sandbox-exec?
I can easily do it via a firewall app, but I would prefer to do it via the native sandbox mechanism in certain cases.
So far I’ve tried by usin… Continue reading Native OS X sandbox profile to control network access (IP/host-based)
I want to try out dubious software on my windows 10 computer.
(Bold parts are keywords for the TL/DR fraction)
What is the state of the art precaution to do this most likely safely today?
The software I want to install req… Continue reading What is the state of the art precaution to try out dubious software most likely safely today?
Is having any JavaScript in a PDF file by definition dangerous or is it only dangerous when specific functions (for example eval) are used inside a PDF, in which case, what JavaScript functions are dangerous in a PDF?
In other words: When… Continue reading How to detect malicious JavaScript in a PDF file?
Researchers at SentinelOne said they have discovered a malware dropper for the Furtim malware that was designed to attack an unnamed energy company in Europe. Continue reading Malware Dropper Built to Target European Energy Company
The Gatak malware tries to keep track of where the world’s threat researchers are, and avoids playing ball if it thinks it’s in a sandbox. Continue reading Notes from SophosLabs: The anti-anti-virus arms race
Every experienced pentester knows there is a lot more to XSS than <script>alert(1)</script> – filtering, encoding, browser-quirks and WAFs all team up to keep things interesting. AngularJS Template Injection is no different. In this post, we will examine how we adapted template injection payloads to bypass filtering and encoding and exploit Piwik and Uber.
Lower case conversion
Piwik, an Continue reading Adapting AngularJS Payloads to Exploit Real World Applications
Every experienced pentester knows there is a lot more to XSS than alert(1) – filtering, encoding, browser-quirks and WAFs all team up to keep things interesting. AngularJS Template Injection is no different. In this post, we will examine how we adapted… Continue reading Adapting AngularJS Payloads to Exploit Real World Applications