Primary Content: Home

Cross-domain Flash and Silverlight (crossdomain.xml)

Now I’ve posted previously about cross-domain communication with things like HTML5 CORS and HTML5 postMessages, I’ve also written about the browsers built in protections through Same-Origin Policy. However, recently I saw a discussion about Cross-domain Flash and Silverlight and how those are different, how specifically the exploitation works and what it offers an attacker.

Continue reading: Cross-domain Flash and Silverlight (crossdomain.xml)

Book Review: The Hacker Playbook 2

The cover image of The Hacker Playbook 2
Title: The Hacker Playbook 2
Author: Peter Kim
TL;DR:
In short, a book I recommend for the developing intermediate hacker. A no-nonsense guide to using Penetration Testing tools but with frustratingly little in the way of explanation of the technical details behind a vulnerability. Often appears as simply a catalogue of tools to investigate as opposed to an explanation of a problem or vulnerability the tool is intended to solve, followed by an example of a suitable tool to solve the problem. A definite “playbook” and not a complete guide, but worth a read if you already know the technical details and simply want to expand your knowledge of available tools.

Continue reading: Book Review: The Hacker Playbook 2

HTTP Header Injection

HTTP Header Injection vulnerabilities occur when user input is insecurely included within server responses headers. Specifically they are based around the idea that an attacker can cause the server to generate a response which includes carriage-return and line-feed characters (or %0D and %0A respectively in their URI encoded forms) within the server response header the attacker may be able to add crafted headers themselves. Header Injection can allow for attacks such as response splitting, session fixation, cross-site scripting, and malicious redirection.

Continue reading: HTTP Header Injection

Introduction to SQLmap

I posted a while ago on the very basics of SQL Injection. Then after than I did a complete breakdown of the manual exploitation of SQL Injection. Armed with that post and a cheatsheet or two, you should be able to get knee deep in almost any injection point. However, the truth is that often these injection points can be exploited using free, publicly available tools such as SQLmap! SQL injection can be a time consuming thing to exploit, especially when it comes to blind or out-of-band injection! So why not take the path of least resistance and automate wherever you can.

Continue reading: Introduction to SQLmap