HackDig : Dig high-quality web security articles for hackers

Malware is Becoming Alarming. Can You Hear Me Now?

A supposed “white hat” hacker gained access to the network of the Dallas Office of Emergency Management and managed to set off 156 sirens used to alert of an emergency Alarms blared for 90 minutes before the city was able to manually shut down the entire system. How does this continue to happen? Because the current method of stopping malware just isn’t work
Publish At:2017-04-16 13:05 | Read:4400 | Comments:0 | Tags:Breaking News Government Threats Alarms application isolatio

Finding and Exploiting Same Origin Method Execution vulnerabilities

Recently it came to my attention that it was possible to abuse JSONP callbacks using a vulnerability known as SOME – Same Origin Method Execution which can be used by an attacker to widely abuse a user’s trust between the web application and the intended flow of execution. For example, using the SOME attack it is possible for an attacker to trick
Publish At:2015-12-31 16:50 | Read:6851 | Comments:0 | Tags:exploitation Open Source pentesting pentura privacy security

Fuzzing for Fun and Profit

So as you do, I was just looking around, manually fuzzing some Web Sockets requests, seeing if I could get any sort of XSS, Remote IRC Command Injection or SQLi mainly – ended up that I didn’t find much there that worse worth noting. So I started seeing if their logic was all alright, so one of their requests looked similar to: {“_reqid”:1234, “cid”:5678, “t
Publish At:2015-10-13 17:40 | Read:3930 | Comments:0 | Tags:exploitation fuzzing infosec pentesting pentura security Sof

6 Vulnerability Exploit Trends You Need to Know

Cybercrime continues to grow in 2015, and on account of headlines during the past few weeks, it looks like everybody is getting hacked, from Slack and Lufthansa all the way to the Whitehouse. In order to make some sense of this, let’s take a step back and walk through 6 trends that are driving vulnerabilities and their exploitation to understand the bigger p
Publish At:2015-04-14 07:20 | Read:5000 | Comments:0 | Tags:cybercrime vulnerability scanning Cyber Crime Cyber Security

RSA Conference 2015: Enhancing Cloud Trust

RSA Conference USA 2015 is just a few weeks away (April 20-24) in San Francisco. Given the numerous noteworthy cybersecurity events that have occurred over the last 12 months, I expect this conference to be well attended, yet again! Once more, Microsoft is a Diamond sponsor, and Scott Charney, Corporate Vice President, Trustworthy Computing, will deliver a k
Publish At:2015-03-31 15:25 | Read:5178 | Comments:0 | Tags:Cloud Computing Cybersecurity Security Intelligence Common V

Part 1: New data on youth “nudes” show disturbing trend

Young people around the globe are taking and sharing nude photos and videos of themselves, and the phenomenon appears to be occurring among younger and younger age groups, according to results from a new study sponsored by Microsoft. Data released today by the UK-based Internet Watch Foundation (IWF) show 17.5 percent of the more than 3,800 sexually explicit
Publish At:2015-03-10 22:45 | Read:4017 | Comments:0 | Tags:Tips & Talk exploitation images IWF nudes Online Safety self

Learning Exploitation with FSExploitMe

By Brad Antoniewicz.I've been an adjunct professor at NYU Poly for almost two years now. It's been a great experience for a number of reasons, one of which is because I'm teaching a hot topic: Vulnerability Analysis and Exploitation. The course is the next iteration of the pentest.cryptocity.net content that evolved into the CTF Field Guide by Dan Guido, Tr
Publish At:2014-08-19 16:40 | Read:5439 | Comments:0 | Tags:browsers exploitation hacme exploit

Execute Shellcode, Bypassing Anti-Virus…

Hello, I am going to demonstrate a little trick to allow you to bypass anti-virus and execute shellcode, this is a publicly known trick that I did not discover. The shellcode I am going to use for this example is the common Metasploit Windows Bind TCP shell, however any shellcode can be used, I have simply chosen this one for simplicity. As I’m sure
Publish At:2014-08-12 11:05 | Read:3728 | Comments:0 | Tags:CTF Encoding exploitation infosec metasploit pentesting pent

Practical and cheap cyberwar (cyber-warfare): Part I

By Cesar Cerrudo @cesarcerEvery day we hear about a new vulnerability or a new attack technique, but most of the time it’s difficult to imagine the real impact. The current emphasis on cyberwar (cyber-warfare if you prefer) leads to myths and nonsense being discussed. I wanted to show real life examples of large scale attacks with big impacts on criti
Publish At:2014-08-12 01:40 | Read:4423 | Comments:0 | Tags:0day cesar cerrudo critical infrastructure cyber attack cybe

Practical and cheap cyberwar (cyber-warfare): Part II

By Cesar Cerrudo @cesarcerDisclaimer: I did not perform any illegal attacks on the mentioned websites in order to get the information I present here. No vulnerability was exploited on the websites, and they are not known to be vulnerable.Given that we live in an age of information leakage where government surveillance and espionage abound, I decided in this
Publish At:2014-08-12 01:40 | Read:5303 | Comments:0 | Tags:0day army cesar cerrudo cyberwar cyberwarfare exploitation h


Share high-quality web security related articles with you:)


Tag Cloud