Collaborate Disseminate
Assumption a customer is sitting in a public area connected to a public wifi. A threat actor can access the customer’s browser and read all Javascript variables.
Step 1. example.com server sends the following information to trustworthy.ext… Continue reading Is encrypting a query parameter within a URI a security best practice?
How to block specific Uris or Urls in a browser? For example I don’t want the file:// protocol can be visited or other specific locations by the user. Can I also add other policies and if so, how?
Researchers at f-secure have developed an impressive new attack, leveraging HP printers as an unexpected attack surface. Printing Shellz (PDF) is a one-click attack, where simply visiting a malicious webpage …read more Continue reading This Week in Security: Printing Shellz, ms-officecmd, And AI Security
I am working on the auto-routing functionality of Codeigniter 4 and I’d like to test it by sending some nasty exploit-type HTTPS requests to make sure it properly resists mischief. E.g., request a uri with .. in the path to see if we might… Continue reading How to create custom exploit https requests to test a PHP framework
A website hosts private/personal information at a very long and unpredictable URI, yet access to this URI is completely unauthenticated. Are there any major security issues with this?
I can think of some straight away:
Search engines migh… Continue reading Security implications of protecting private data with a long URI exclusively [duplicate]
Researchers say that the campaign sidesteps end user detection and security solutions. Continue reading Spammers Smuggle LokiBot Via URL Obfuscation Tactic
In the backend I am currently working on I have a servlet (call it S) and a WebSocket endpoint (call it E). S needs to communicate with E, yet, as of now, any WebSocket client may connect to E.
My question is: how should I … Continue reading What are the best practices for naming backend-internal WebSocket endpoints?
The following link was received in a suspected phishing attack email. Unfortunately, the recipient clicked on the link in their outlook client:
<tr>
<td class=”m_-[string-of-19-numbers]m_-[string-of-19-numbers]g… Continue reading Mystery link containing fragment identifier in malicious email
I’m dealing with a URL validation function that was made by the developer (instead of using trusted methods).
Here is a slightly modified version of the function:
public static bool IsValidURL(string url) {
stri… Continue reading Bypassing URL verification
So i’ve managed to call a webview activity from frida objection, and was wondering how i could call it and set it from outside the app, also it’s worth noting it’s a appboy thing.
Continue reading How to call activity from outside app and set url?