PC master race! Console peasants :3! Rabble rabble rabble rabble! Jokes aside, there has been some non-PC gaming as well this year, and I reckon it warrants its own post. I’ll cover this in three sections: Switch, mobile, and other.
Author Archives: Oscar
PC Gaming in 2018
New years eve is just around the corner, so why not summarise the gaming that happened in 2018 :)! In total I acquired about 50 games, of which I’ve played 15. Once again Humble bundle is responsible for the sheer numbers, with F2P-games (~10) coming in second. Most games have been launched at least, though […]
Blog Maintenance
Why have free time when you can keep tinkering with stuff? Blog is updated, theme is changed (not sure what I think of twenty nineteen yet…), and we’re ready for 2019!
Setting up Web Application Pentesting Tools
This post will walk you through how to set up the basics needed to do web app pentesting. More specificly, we’ll be setting up a web browser for pointing and clicking, an attack proxy for hackety hacking – all while covering the configuration needed.
F-Secure Radar Login Page Unvalidated Redirect Vulnerability
CVE-2018-6324 https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-6324 Summary The application will upon successfully logging in redirect the user to a user-controlled destination. A victim user may not recognise that a redirection takes place as they expect to be sent to a new page. Vendor Description F-Secure Radar is a turnkey vulnerability scanning and management platform. It allows you to identify […]
F-Secure Radar Persistent Cross-Site Scripting Vulnerability
CVE-2018-6189 https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-6189 Summary The application can suggest metadata tags for assets, and in doing so it can execute JavaScript entered previously by a malicious user. Vendor Description F-Secure Radar is a turnkey vulnerability scanning and management platform. It allows you to identify and manage both internal and external threats, report risks, and be compliant with […]
OWASP Top 10 2013 – A3 – Cross-Site Scripting
> Is your address really street”/><script>doStuff();</script>? Cross-Site Scripting attacks are tremendously prevalent, which I find surprising because it is an easy problem to detect and to remediate. There are even a lot of decent mitigation alternatives out there as well. What is Cross-Site Scripting (or XSS, if you prefer)? Cross-Site Scripting occurs whenever someone else […]
OWASP Top 10 2013 – A4 – Insecure Direct Object References
> Hello, I’m user number fiftysev…. Fiftyeight. Insecure Direct Object References are types of authorization issues, where a user can access information (objects) which they are not supposed to. For example, imagine a bank application where you can view your personal info via: example.com/users/profile.php?id=57 Now, what does “57” refer to? Probably some kind of reference […]