Stored XSS And SET ToolKit

Stored XSS is the most dangerous type of cross site scripting due to the fact that the user can be exploited just by visiting the web page where the vulnerability occurs.Also if that user happens to be the administrator of the website then this can lead to compromise the web application which is one of the…Read more Stored XSS And SET ToolKit

Deep Look Into a Chinese Advanced Attack

     “Many say the Chinese are behind many attacks on US companies. In this case, it is true. The Chinese have been successfully attacking this industry for years. We managed to detect and eradicate their attacks year after year and they up their game each time. The latest attack is more sophisticated and avoided many…Read more Deep Look Into a Chinese Advanced Attack

Moving Past Metasploit: Writing your first exploit

VIDEO BY Calvin Hedler So you want to be more than a script kiddy? Metasploit is useful, but it’s important to understand the _why_ and _how_ of exploiting software. A simple buffer overflow exploit provides a great opportunity to explore the process of writing exploits. With just a touch of coding, you can break things…Read more Moving Past Metasploit: Writing your first exploit

NoGoToFail: A Network Security Testing Tool For HTTPS And TLS/SSL Bugs

NoGoToFail: A Network Security Testing Tool For HTTPS and TLS/SSL Bugs. An on-path blackbox network traffic security testing tool. Nogotofail is a network security testing tool designed to help developers and security researchers spot and fix weak TLS/SSL connections and sensitive cleartext traffic on devices and applications in a flexible, scalable, powerful way. It includes…Read more NoGoToFail: A Network Security Testing Tool For HTTPS And TLS/SSL Bugs

Router Exploitation Toolkit – REXT

Router Exploitation Toolkit - REXT Small toolkit for easy creation and usage of various python scripts that work with embedded devices. core - contains most of toolkits basic functions databases - contains databases, like default credentials etc. interface - contains code that is being used for the creation and manipulation with interface modules - contains…Read more Router Exploitation Toolkit – REXT

KdExploitMe: A Kernel Driver To Practice Writing Exploits

KdExploitMe A kernel driver to practice writing exploits against, as well as some example exploits using public techniques. The intent of this driver is to educate security testers on how memory corruption issues in Windows kernel drivers can be exploited. Knowing how to exploit security issues allows security testers to prove that bugs are exploitable…Read more KdExploitMe: A Kernel Driver To Practice Writing Exploits

Smashing The Browser: From Vulnerability Discovery To Exploit Development

Smashing The Browser: From Vulnerability Discovery To Exploit Development. Part 1: Browser Fuzzing Technology This part will first introduce a fuzzer framework (StateFuzzer) developed by myself as well as the fuzzing strategies behind it. Then conclude some effective fuzzing ideas and related vulnerabilities based on results of the fuzzer. Part 2: Advance Browser Exploitation Techniques This…Read more Smashing The Browser: From Vulnerability Discovery To Exploit Development

Attacking LAN Hosts with ARP spoofing

  1. Introduction This article introduces the OSI model of internet communication, and describes ARP spoofing. It’s used to attack hosts in a Local Area Network (LAN). Passive and active sniffing are described. Finally, the mitigation of ARP spoofing is briefly discussed. 2. The OSI model This model describes the structure of internet communication. The…Read more Attacking LAN Hosts with ARP spoofing

The Hacks of Mr. Robot: How to Send a Spoofed SMS Text Message

As most of you know, Mr. Robot is probably the best hacker TV show ever! This is a great show about a cyber security engineer who is being enticed to hack the very corporation he’s being paid to protect. This show is so good, I began a series to demonstrate how to do the hacks…Read more The Hacks of Mr. Robot: How to Send a Spoofed SMS Text Message