thespanner.co.uk
RPO
http://www.thespanner.co.uk/2014/03/21/rpo
Javascript blog with messed up syntax inside. Friday, 21 March 2014. Https:/ hackvertor.co.uk/public. Link href=styles.css rel=stylesheet type=text/css /. The link element above references style.css using a relative URL, depending where in the sites directory structure you are it will load the style sheet based on that. For example if you were in a directory called xyz then the style sheet would be loaded from xyz/style.css . I noticed something interesting with relative styles, manipulating the path of ...
soroush.secproject.com
Soroush Dalili Links - Domains
https://soroush.secproject.com/links
Http:/ www.secproject.com/. Http:/ www.twitter.com/irsdl. Http:/ soroush.secproject.com/. Http:/ dalili.secproject.com/. Http:/ irsdl.secproject.com/. Http:/ dalili.soroush.me/. Http:/ irsdl1.wordpress.com/. Source: http:/ www.owasp.org/index.php/Feed. ACE Team – Microsoft. Adam Boulton’s Blog. Adam Shostack – Emergent Chaos. Andrew Jacquith – securitymetrics. Andrew van der Stock – cat slave diary. Andy Steingruebl – Security Retentive. Anton Chuvakin Blog – "Security Warrior". Dark Reading: Snake Bytes.
redpillsecurity.net
Resources - Red Pill Security
http://www.redpillsecurity.net/resources
The gentleman’s guide to forum spies (spooks, feds, etc.). The gentleman’s guide to forum spies (spooks, feds, etc.). Open Source is a great idea and it has changed the world! 8211; Carnal0wnage &; Attack Research Blog. 8211; McGrew Security Blog. 8211; Information Security Think Tank. 8211; Don`t Learn to HACK – Hack to LEARN. 8211; A personal blog of Tom Eston. 8211; Richard Bejtlich’s blog on digital security. 8211; Blatherings of a Security Addict. 8211; By EnableSecurity. 8211; Rapid7 Community.
thespanner.co.uk
HTML scriptless attacks
http://www.thespanner.co.uk/2011/12/21/html-scriptless-attacks
Javascript blog with messed up syntax inside. Wednesday, 21 December 2011. Following up on @lcamtuf’s. Post about a “post xss” world. I thought I’d chip in with some vectors he missed. The textarea consumption technique he mentioned isn’t new and wasn’t invented by “Eric Y. Chen, Sergey Gorbaty, Astha Singhal, and Colin Jackson.” it was openly discussed on sla.ckers for many years (as usual) but anyway lets discuss vectors. Button as a scriptless vector. Option as a scriptless vector. Another interesting...
ssolutionx.blogspot.com
Solution X: Whizzy CMS 10.02 0-day
http://ssolutionx.blogspot.com/2010/07/whizzy-cms-1002-0-day.html
Helping to secure life and other things. Thursday, July 29, 2010. Whizzy CMS 10.02 0-day. X] Type: Local File Inclusion. X] Vendor: Unverse.net. X] Script Name: Whizzy CMS. X] Script version: 10.02. X] Author: Anarchy Angel. X] Mail : anarchy[dot]ang31@gmail[dot]com. PoC on live demo:. Http:/ www.unverse.net/? This is a special DefCon 18 kick off from me! See ya there ;). Special Tnx : lun0s, proge, sToRm, progenic, gny. Subscribe to: Post Comments (Atom). BackupPC 3.2.0 XSS. Whizzy CMS 10.02 0-day.
ssolutionx.blogspot.com
Solution X: December 2010
http://ssolutionx.blogspot.com/2010_12_01_archive.html
Helping to secure life and other things. Friday, December 24, 2010. Have a good one! Wednesday, December 15, 2010. Master pw list: Updated! Is a pw list with the most common passwords found in the singles.com, Myspace, phpbb. Hacks There is 267 passwords in all, mostly names, single words, and/or really short phrases "fuckyou! Lol Enjoy ;). Tuesday, December 7, 2010. HTTPS on Chrome Web Store :). HTTPS is now on Chrome Web Store. Subscribe to: Posts (Atom). BackupPC 3.2.0 XSS. Whizzy CMS 10.02 0-day.
ssolutionx.blogspot.com
Solution X: Re-DROID with stock 2.2.1
http://ssolutionx.blogspot.com/2011/01/re-droid-with-stock-221.html
Helping to secure life and other things. Saturday, January 1, 2011. Re-DROID with stock 2.2.1. My new old phone is nice but i found that it came with Android 2.2.1 and not 2.1 like it did before. I gave the old update.zip root i had from my old phone a try but it didn't do shit. So i took to the net to find a new setup. After a few failed attampts i found this thread. About a app called SuperOneClick. I had to use cmoney's XP desktop and install .NET 3.5. Subscribe to: Post Comments (Atom).
ssolutionx.blogspot.com
Solution X: January 2011
http://ssolutionx.blogspot.com/2011_01_01_archive.html
Helping to secure life and other things. Sunday, January 30, 2011. BackupPC 3.2.0 XSS. I dont normally make posts about XSS exploits unless there is some special circumstances. I picked this one because BackupPC is a popular network backup tool that you might find in networks all over the place and because there is no built in security you normally only find it on "secure" trusted networks. PoC 1: http:/ target.server/cgi-bin/BackupPC Admin? PoC 2: http:/ target.server/cgi-bin/BackupPC Admin? My new old ...
ssolutionx.blogspot.com
Solution X: March 2011
http://ssolutionx.blogspot.com/2011_03_01_archive.html
Helping to secure life and other things. Saturday, March 12, 2011. My lame IR copy toy. I got a sweet arduino for my bday and it kind of just sat around till i got a few things together to start work on my first project. Well i finally got off my ass, got all the shit i needed and got to work! I am about half way done and i thought i would share my progress so far. heres a little video of my toy in action and i go over the operation and components. Here is a better view of how its put together:. If (digi...
ssolutionx.blogspot.com
Solution X: My lame IR copy toy.
http://ssolutionx.blogspot.com/2011/03/my-lame-ir-copy-toy.html
Helping to secure life and other things. Saturday, March 12, 2011. My lame IR copy toy. I got a sweet arduino for my bday and it kind of just sat around till i got a few things together to start work on my first project. Well i finally got off my ass, got all the shit i needed and got to work! I am about half way done and i thought i would share my progress so far. heres a little video of my toy in action and i go over the operation and components. Here is a better view of how its put together:. If (digi...
SOCIAL ENGAGEMENT