Cool ColdFusion Post Exploitation
So on a recent test I happened to run into an instance of the new(ish) Adobe ColdFusion authentication bypass (http://www.adobe.com/support/security/advisories/apsa13-01.html)....
admin
Abusing Open Redirects To Bypass XSS Filters
Open redirects can very often be escalated to reflected cross site scripting, in fact they can even be abused to...
Attacking Oracle Applications
Just my notes on attacking Oracle applications that were scrounged together from various talks and documents. I've tried to clean...
Attacking Application Cryptography Notes
This post is pretty much a straight copy/paste from my notes on attacking application encryption. For the original source at...
BURP Sequencer and Randomness
So I stumbled into http://www.tssci-security.com/archives/2007/12/21/testing-for-randomness-and-predictability-using-burp-sequencer/ a while ago and it had me wondering about the sequencer tool. Unfortunately the authors didn't really...
My First 0day – FireFox – Questionably Useful XSSI Through E4X
While reading Michal Zalewski's (lcamtuf) "The Tangled Web", I was inspired to play with an example from the book. It...
How to Proxy SQLMap Through BURP For HTTPS URLs
After beating my head off the wall for an hour or so I finally figured out an interesting way to...
DerbyCon, CTF, Crypto Attacks, 42…
First post! Been putting this off for a while. Basically this is just a place for me to collect all...
Smart Contract Hacking Final Free Chapter – Hacking Games Via Bad Randomness Implementations on the Blockchain
This is our final free chapter in this smart contract hacking series, hopefully you enjoyed it, I am not sure...
Smart Contract Hacking Chapter 7 – Delegate Call Attack Vectors
How delegate calls work: Often while writing smart contracts we will want to call functions within other contracts either to...