Apple Lightning | Ramtin Amin Web Blog
Verified Domain Ownership. Every domain on sale on DropCatch.ai has their ownership verified by Premium Domain Names S.L. Secure Payments by Stripe. Payments are handled via Stripe.com. We never store your private payment information and the seller does not get paid until after the domain has been transferred to you. Protected by EU Consumer Rights. We are an EU-based company and we take pride in
The New Vulnerability that Creates a Dangerous Watering Hole in Your Network by Vectra AI Security Research team
The integrated signal for extended detection and response (XDR). Detect – Prioritize – Investigate – Respond
Firefox - Same-Origin Policy bypass (CVE-2015-7188)
In this post I will explain the Same-Origin policy bypass (CVE-2015-7188) in Firefox I reported to Mozilla last year. The root cause of that issue was a minor nuance in IP address parsing in some of the most popular OS-es. The final working exploit, however, additionally needed Flash installed and activated on the victim's machine. Another limitation was that it only worked to http protocol. Howev
XSS-es in Google Caja
In this article, I will describe three XSS-es I reported to Google VRP this year. All of them were possible thanks to Google Caja's sandbox escape. Introduction At the beginning of this year, I chose Google Docs as my bug bounty target. In Google Docs you can create scripts using Google Apps Script which are roughly equivalent to Microsoft Office's macros. The scripts are programmed in Javascript.
Exploring and exploiting Lenovo firmware secrets
Hi, everyone! In this article I will continue to publish my research of Lenovo ThinkPad’s firmware. Previously I shown how to discover and exploit SMM callout vulnerabilities on example of SystemSmmAhciAspiLegacyRt UEFI driver 1day vulnerability. Also, I introduced a small toolkit called fwexpl that provides API for comfortable development of firmware exploits for Windows platform. My previous Len
Masato Kinugawa Security Blog: ブラウザのXSS保護機能をバイパスする(8)
English version: http://mksben.l0.cm/2016/05/xssauditor-bypass-flash-basetag.html ------------------------------------- このブログではおなじみ、ブラウザのXSS保護機能をバイパスするコーナーです。 今回はIEではなく、ChromeのXSS Auditorをバイパスします。 数日前、Marioさんが自身の発見したAuditorのバイパスが修正されたことに気付いて、新たなバイパスを探していたので、一緒になって探していたらみつけました。 Marioさんが新たにみつけたのはこちらです。 XSS Auditor Bypasses 05.2016https://t.co/c9UcjpDZZM (someone asked for PoC and test-case, here you
リリース、障害情報などのサービスのお知らせ
最新の人気エントリーの配信
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
Microsoft Edge (Chromium) - Elevation of Privilege to Potential Remote Code Execution
GitHub - bugcrowd/bugcrowd_university: Open source education content for the researcher community
The RISC-V Files: Supervisor -> Machine Privilege Escalation Exploit
How I Could Have Hacked Multiple Facebook Accounts
Flash it baby! Finding vulnerabilities in SWF files (v2.0)
HitCon-2016-Windows-10-x64-edge-0day-and-exploit/Windows 10 x64 edge 0day and exploit.pdf at master · exp-sky/HitCon-2016-Windows-10-x64-edge-0day-and-exploit
Reflections on trusting CSP
Abusing Performance Optimization Weaknesses to Bypass ASLR Byoungyoung Lee Yeongjin Jang Tielei Wang Chengyu Song Long Lu Taesoo Kim Wenke Lee Georgia Tech Information Security Center (Rough) System Attack Trends Executing injected code Executing existin
A2: Analog Malicious Hardware
A Little on V8 and WebAssembly
Bughunter University - Account Recovery XSS
Resource: Best Offensive and Exploitation Books in Security by Peerlyst on Peerlyst
Obtaining Login Tokens for an Outlook, Office or Azure Account
R7-2015-08: Accellion File Transfer Appliance Vulnerabilities (CVE-2015-2856, CVE-2015-2857) | Rapid7 Blog