No need for tinfoil hats when it comes to application security, we’re all too painfully aware of what can happen. From data breaches to destructive attacks, the potential impacts couldn’t be more clear. Web applications in particular are interesting because of their exposed position — it’s not uncommon for sensitive web applications to be secured […]
> How did I end up here? Whenever a user is sent to some unexpected (and perhaps malicious) third-party site, an Unvalidated Redirection is said to have occurred. Though it is also known by quite a few other names: unvalidated redirect, open redirection, unvalidated forward, and so on.
PC master race! Console peasants :3! Rabble rabble rabble rabble! Jokes aside, there has been some non-PC gaming as well this year, and I reckon it warrants its own post. I’ll cover this in three sections: Switch, mobile, and other.
New years eve is just around the corner, so why not summarise the gaming that happened in 2018 :)! In total I acquired about 50 games, of which I’ve played 15. Once again Humble bundle is responsible for the sheer numbers, with F2P-games (~10) coming in second. Most games have been launched at least, though […]
Why have free time when you can keep tinkering with stuff? Blog is updated, theme is changed (not sure what I think of twenty nineteen yet…), and we’re ready for 2019!
This post will walk you through how to set up the basics needed to do web app pentesting. More specificly, we’ll be setting up a web browser for pointing and clicking, an attack proxy for hackety hacking – all while covering the configuration needed.
CVE-2018-6324 https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-6324 Summary The application will upon successfully logging in redirect the user to a user-controlled destination. A victim user may not recognise that a redirection takes place as they expect to be sent to a new page. Vendor Description F-Secure Radar is a turnkey vulnerability scanning and management platform. It allows you to identify […]