appsec (2)
- Simple websockets based webshell - February 18, 2015
- Auto submit (onload) a HTML Form with an input field called 'submit' - CSRF PoC - November 5, 2013
- Simple websockets based webshell - February 18, 2015
websockets (1)
bugbounty (7)
- Cross Site Port Attacks - XSPA - Part 1 - November 7, 2012
- XSPA / SSRF Vulnerability with the Adobe Omniture Web Application - April 23, 2013
- XSPA / SSRF bug with Facebook’s Developer Web Application - May 10, 2013
- Cross Site Port Attacks - XSPA - Part 3 - November 14, 2012
- Cross Site Port Attacks - XSPA - Part 2 - November 13, 2012
- Twitter Wipe Addressbook CSRF Vulnerability - May 16, 2012
- XSPA / SSRF Vulnerability with the Yahoo! Developer Network - June 27, 2013
- Twitter Wipe Addressbook CSRF Vulnerability - May 16, 2012
- Cross Site Port Attacks - XSPA - Part 1 - November 7, 2012
- XSPA / SSRF Vulnerability with the Adobe Omniture Web Application - April 23, 2013
- XSPA / SSRF bug with Facebook’s Developer Web Application - May 10, 2013
- Cross Site Port Attacks - XSPA - Part 3 - November 14, 2012
- Cross Site Port Attacks - XSPA - Part 2 - November 13, 2012
- XSPA / SSRF Vulnerability with the Yahoo! Developer Network - June 27, 2013
appsec (1)
research (6)
cloud (2)
- What are these 'reserved' set of security-credentials in AWS? - April 26, 2020
- Raining shells in AWS by chaining vulnerabilities - OWASP Bay Area Meetup - August 12, 2019
- What are these 'reserved' set of security-credentials in AWS? - April 26, 2020
- Raining shells in AWS by chaining vulnerabilities - OWASP Bay Area Meetup - August 12, 2019
aws (2)
conference (1)
- c0c0n Security Conference 2011 - CTF Walkthrough - October 16, 2011
- c0c0n Security Conference 2011 - CTF Walkthrough - October 16, 2011
appsec (1)
javascript (1)
- Captain Marvellous JavaScript - JSFoo Coimbatore 2019 - June 10, 2019
- Captain Marvellous JavaScript - JSFoo Coimbatore 2019 - June 10, 2019
conference (1)
malware (2)
- The Case of the Persistent Executable - July 7, 2009
- The Case of the Intelligent Spambot - July 22, 2009
- The Case of the Persistent Executable - July 7, 2009
- The Case of the Intelligent Spambot - July 22, 2009
sysinternals (2)
nodejs (1)
- Nodejs RCE and a simple reverse shell - August 23, 2016
- Nodejs RCE and a simple reverse shell - August 23, 2016
rce (1)
password cracking (1)
- PDF password cracking using Python - June 28, 2016
- PDF password cracking using Python - June 28, 2016
python scripts (1)
psexec (1)
- psexec using a local admin account to a UAC enabled system - February 20, 2016
security research (3)
- Multiple Joomla! XSS Vulnerabilities - CVE-2010-1649 - June 11, 2010
- WordPress UserId & Username Enumeration Exploit/PoC Script - May 11, 2011
- Apache Archiva Multiple XSS & CSRF Vulnerabilities - May 30, 2011
- Multiple Joomla! XSS Vulnerabilities - CVE-2010-1649 - June 11, 2010
- WordPress UserId & Username Enumeration Exploit/PoC Script - May 11, 2011
- Apache Archiva Multiple XSS & CSRF Vulnerabilities - May 30, 2011
appsec (3)
sql injection (1)
- Using SQL Injection to perform SSRF/XSPA attacks - June 27, 2020
- Using SQL Injection to perform SSRF/XSPA attacks - June 27, 2020
ssrf (1)
windows (3)
- Executing Windows malware in Windows Subsystem for Linux (Bashware) - October 24, 2017
- A Windows UAC Bypass using Device Manager - May 18, 2017
- Exploiting a Boolean Based SQL Injection using Burp Suite Intruder - December 27, 2017
- Executing Windows malware in Windows Subsystem for Linux (Bashware) - October 24, 2017
- Exploiting a Boolean Based SQL Injection using Burp Suite Intruder - December 27, 2017
- A Windows UAC Bypass using Device Manager - May 18, 2017
malware (2)
post exploitation (1)
windows api (2)
- Volume Mute and SendMessage() Fun - November 9, 2015
- Get username from PID in VB.NET - December 3, 2015
xss (1)
- XSS to RCE – using WordPress as an example - July 17, 2016
- XSS to RCE – using WordPress as an example - July 17, 2016