This presentation covers XSS vulnerability to gain reverse shell access to the system. The PDF copy of the presentation can be downloaded here – pwningwithxss-defconbanglore-130820063858-phpapp01 About the speaker: Name: Ajin Abraham •Info Sec Enthusiast •OWASP Xenotix XSS Exploit Framework •Free and Open Info Sec Education Supporter (Kerala Cyber Force) •Runs a DEFCON chapter Defcon Kerala
What is bitcoin ? Bitcoin is a cryptocurrency where the creation and transfer of bitcoins is based on an open-source cryptographic protocol that is independent of any central authority. What this presentation covers? Illegal use Bitcoin Mining botnets An another way to find botnets Block methods used by pools Max connection check Bot herders can… Read More »
The Minion platform from Mozilla allows various teams like Development, QA, and Security members to perform automated web security scans. The targeted users by this platform are the developers because they can use once the written code is ready for testing. Principles: Minion should be as easy to use as possible It is aimed at… Read More »
Facebook suffers from a URL redirection bug which never got patched even after responsible disclosure. But when they patch it they fail to give credit to the reporter. This bug has been reported by many hunters, and had gone to deaf ears. I am attaching few screenshots here of the bug which will give an… Read More »
Advanced Persistent Threats, as the name suggests, are advanced, persistent and deadly in their nature. The ghost of APTs can affect any organization at any moment of time. Security specialists have to face the ordeal of cracking the never-ending maze of APTs. Security professionals need to employ a wide range of techniques and tools in… Read More »
Advanced Persistent Threats (APT) was originally coined while nations were involved in cyber-espionage. These techniques are used by cyber-criminals to steal data for monetary gains. Unlike other threats, these threats are advanced, often targeted, persistent in nature, and evasive too. APTs target particular organizations unlike other usually found malwares, which sweep down random millions of… Read More »
You might be wondering about the title. Let me tell that you shall have your answer by the end of this story. Hacking has been considered as a mysterious act of 0s and 1s that can either make you or destroy you. Along these lines, things have been simplified to a large extent after… Read More »
Finding a proven pattern to find defects early in your cycle saves not just money but also the time required to patch those defects. Threat modeling is a tested and proven method to meet this objective. This procedure evaluates the vulnerabilities that can potentially exist in a target under observation. The vulnerabilities may or may… Read More »
Web application fingerprinting is one of the most important aspects of the information gathering phase of ethical hacking. This allows us to narrow down the criteria instead of playing around with a large pool of possibilities. Fingerprinting simply means identification of objects using a certain methodology. Web application fingerprinting, specifically, is meant for identifying applications… Read More »
Hi Readers!! Lets see how the Images speak this time. Gathering data on a target is extremely important if we plan to execute an attack in a more efficient manner. A typical attack scenario starts with a long reconnaissance process. In this case “reconnaissance” refers to the gathering of information in any and all possible… Read More »
Join the mailing list
Check your email and confirm the subscription
