Category Archives: Security Research

DC9180 – OWASP Xenotix XSS Exploit FRAMEWORK

This presentation covers XSS vulnerability to gain reverse shell access to the system. The PDF copy of the presentation can be downloaded here –  pwningwithxss-defconbanglore-130820063858-phpapp01 About the speaker: Name: Ajin Abraham •Info Sec Enthusiast •OWASP Xenotix XSS Exploit Framework •Free and Open Info Sec Education Supporter (Kerala Cyber Force) •Runs a DEFCON chapter Defcon Kerala

DC9180 – Bitcoins

What is bitcoin ? Bitcoin is a cryptocurrency where the creation and transfer of bitcoins is based on an open-source cryptographic protocol that is independent of any central authority. What this presentation covers? Illegal use Bitcoin Mining botnets An another way to find botnets Block methods used by pools Max connection check Bot herders can… Read More »

Mozilla automates web security through Minion!

The Minion platform from Mozilla allows various teams like Development, QA, and Security members to perform automated web security scans. The targeted users by this platform are the developers because they can use once the written code is ready for testing. Principles: Minion should be as easy to use as possible It is aimed at… Read More »

Facebook URL redirection bug

Facebook suffers from a URL redirection bug which never got patched even after responsible disclosure.  But when they patch it they fail to give credit to the reporter. This bug has been reported by many hunters, and had gone to deaf ears. I am attaching few screenshots here of the bug which will give an… Read More »

Advanced Persistent Threats – Attack and Defence

Advanced Persistent Threats (APT) was originally coined while nations were involved in cyber-espionage. These techniques are used by cyber-criminals to steal data for monetary gains. Unlike other threats, these threats are advanced, often targeted, persistent in nature, and evasive too. APTs target particular organizations unlike other usually found malwares, which sweep down random millions of… Read More »

Pimp my Chrome

  You might be wondering about the title. Let me tell that you shall have your answer by the end of this story. Hacking has been considered as a mysterious act of 0s and 1s that can either make you or destroy you. Along these lines, things have been simplified to a large extent after… Read More »

A prototype model for web application fingerprinting: w3 scrape

Web application fingerprinting is one of the most important aspects of the information gathering phase of ethical hacking. This allows us to narrow down the criteria instead of playing around with a large pool of possibilities. Fingerprinting simply means identification of objects using a certain methodology. Web application fingerprinting, specifically, is meant for identifying applications… Read More »

Reconnaissance with Images

Hi Readers!! Lets see how the Images speak this time. Gathering data on a target is extremely important if we plan to execute an attack in a more efficient manner. A typical attack scenario starts with a long reconnaissance process. In this case “reconnaissance” refers to the gathering of information in any and all possible… Read More »