c0nradsc0rner.wordpress.com
CSP and SVG – c0nradsc0rner
https://c0nradsc0rner.wordpress.com/2016/08/30/csp-and-svg
Mostly security and programming tutorials. This is really just a security misconfiguration. But if you’re using CSP (Content-Security-Policy), it’s something to keep in mind. The tl;dr is make sure. If you’re not using it. Using this “attack” you can reflect SVGs to get execution even in a CSP controlled environment. This is just another recipe to add to your books for bypassing CSP (insecure directives, JSONP, base offset, encoding). Website with File/Image Upload (accepting SVG). An XSS injection,.
c0nradsc0rner.wordpress.com
c0nradsc0rner – Page 2 – Mostly security and programming tutorials
https://c0nradsc0rner.wordpress.com/page/2
Mostly security and programming tutorials. XSS persistence using JSONP and serviceWorkers. One of my favorite exploits in the world is this web attack that allows you to maintain access to a website within a users browser indefinitely. Even if they close the browser and come back without a session you’ll still be hooked. It works by combining an unfiltered JSONP route, serviceWorkers, and an XSS to create a persistent backdoor on a website. A great introduction to serviceWorkers can be found here. Html b...
c0nradsc0rner.wordpress.com
BSON and Golang Interfaces – c0nradsc0rner
https://c0nradsc0rner.wordpress.com/2016/06/19/bson-and-golang-interfaces
Mostly security and programming tutorials. BSON and Golang Interfaces. This weekend I decided to implement BSON. BSON is just a binary representation of JSON with some extra types and traversal speed improvements. Traversal speed is important for rapidly scanning a group of BSON objects (called Documents) for specific pieces of information. Lets imagine you had a list of JSON like the following, and you were searching for the information under the key value “secret”. The Type Identifier (byte). Normally ...
c0nradsc0rner.wordpress.com
Playing With Ethereum – c0nradsc0rner
https://c0nradsc0rner.wordpress.com/2016/06/22/playing-with-ethereum
Mostly security and programming tutorials. I’ve been skirting around Ethereum for awhile. Now and then I see a post about it in hacker news, or people circle jerking over the DAO. But it is pretty confusing. I decided to dive in yesterday and see what you can do with Ethereum. Smart contracts are only starting to make sense now that I’ve been playing with them. This was my favorite intro article:. This is the online IDE I used:. And I used the Wallet from the main website:. To perform any actions, you ne...
newyorktechjournal.com
New York Tech Journal
http://newyorktechjournal.com/category/security
New York Tech Journal. Tech news from the Big Apple. Links about Technology in Society. Posted on May 4th, 2016. 05/04/2016 @ AWS popup loft, 350 West Broadway, NY. Blockstack offers secure identification based on blockchain encryption and confirmation. Six speakers described the underlying machinery and applications. Muneeb Ali – An Overview of Blockstack. Jude Nelson – The Blockstack Server and CLI. Josh Jeffryes – OpenBazaar and Blockstack Identity. Arkadiy Kukarkin – MediaChain. OpenBazaar (a place t...
c0nradsc0rner.wordpress.com
Intro to SameSite Cookies (CSRF Protection) – c0nradsc0rner
https://c0nradsc0rner.wordpress.com/2016/06/17/intro-to-samesite-cookies-csrf-protection
Mostly security and programming tutorials. Intro to SameSite Cookies (CSRF Protection). A pretty common web attack involves hijacking a user’s session to get them to perform actions on your behalf. Lets say Bob signs into his bank account at bank.com. From now on, whenever Bob interacts with bank.com the browser will send his cookies so that bank.com knows that the request was made by Bob. Lets say Eve knows that he is logged into bank.com and sends him a message like:. Check out this sweet cat picture:.
c0nradsc0rner.wordpress.com
ECB Byte at a Time – c0nradsc0rner
https://c0nradsc0rner.wordpress.com/2016/07/03/ecb-byte-at-a-time
Mostly security and programming tutorials. ECB Byte at a Time. ECB Byte at a Time is a fun crypto attack that doesn’t require any math knowledge. Just an understanding of the systems work and how they interact. Lets imagine you had some session cookie or token that was constructed like:. AES ECB(INPUT SECRET, KEY). It’s possible to determine SECRET with only control of INPUT! The actual encryption algorithm doesn’t matter either (in this case AES), as long it’s block based and uses ECB. So how can we use...
c0nradsc0rner.wordpress.com
Cookie Shadow Path Injection – c0nradsc0rner
https://c0nradsc0rner.wordpress.com/2016/07/06/cookie-shadow-path-injection
Mostly security and programming tutorials. Cookie Shadow Path Injection. Did you know multiple cookies can have the same name on a domain? Yep, cookies aren’t unique on the name, they are “unique” on the tuple of (Name,Domain,Path). So you could have a session cookie for example.com/secret, and a different one for example.com/ with the same name. Why would you want to do that? But what sorts of attacks can we do with that? And proxy the request to the right application. To see who is accessing their site.
c0nradsc0rner.wordpress.com
c0nradsc0rner – c0nradsc0rner
https://c0nradsc0rner.wordpress.com/author/c0nradsc0rner
Mostly security and programming tutorials. This is really just a security misconfiguration. But if you’re using CSP (Content-Security-Policy), it’s something to keep in mind. The tl;dr is make sure. If you’re not using it. Using this “attack” you can reflect SVGs to get execution even in a CSP controlled environment. This is just another recipe to add to your books for bypassing CSP (insecure directives, JSONP, base offset, encoding). Website with File/Image Upload (accepting SVG). An XSS injection,.
SOCIAL ENGAGEMENT