There is a lot of hype around DNS rebinding vulnerability and vulnerable IoT devices, including home cameras, air conditioners or climate control devices; this flaw will cover the lack of origin checking on HTTP requests. DNS Rebinding Attack DNS Rebinding allows an attacker who has control on a DNS server to communicate with a device […]
I don’t usually play CTFs, but this time i wanted to improve my radare2 and reversing skills.All crackme challanges can be found here.Levels from 1 to 3 are really entry-level, from 4 ahead start to be interesting. As the README says: “It’s reverse engineering, not cracking.”. That means we don’t have to patch the binary in […]
On March 13th, by using dnsrecon (https://github.com/darkoperator/dnsrecon) and a huge wordlist, I came across with an Amazon domain (hireon.amazon.com) with a Reflected XSS. Usually I don’t use to write an article for an XSS vulnerability, but I would share a trick I discovered during this analysis. Looking for a not existent resource, the following error […]
I often wondered how link generation functionality is implemented by major social network applications and, more specifically, the preview generation. Some time ago a friend of mine was spear-phished with a message through the Facebook chat, this happened before Facebook patched the chat application, allowing to exchange of messages only between people connected as friends. […]