A look at a code execution vulnerability in the Pake project, where a user-controlled filename in the file-download handler allows arbitrary file writes outside the Downloads directory, leading to persistence and code execution on macOS and Linux.
Read More »One Less Click, One More Shell
A CSP is the seatbelt for client-side attacks like Cross-Site Scripting and Clickjacking. It is really common to find a CSP which allows loading of resources only from specific domains, in order to limit the attack surface. But why use schemes?
Read More »Schemes are CSP’s Weakest Link
Burp Suite, our favorite proxy is used for every assessment which uses HTTP communication. Sometimes though, a client-side certificate is required and Burp Suite by default, does not support PKI certificate files.
Read More »How to use PKI cer, pem and key files with Burp Suite
This is the third part of the Smart Contracts series where issues about smart contracts are broken into small chunks. All the examples were run in my local blockchain using Ethereum’s remix IDE. How does an overflow really occur?
Read More »Exploit Integer Overflow and Underflows in Smart Contracts
Smart contracts are used by Ethereum to handle processed based on transactions. Many companies, banks and crypto enthusiasts use them for selling their services or products. Those contracts are written by developers and some of those contains vulnerabilities. One of those is the Visibility issue.
Read More »Exploit and Remediate Function Visibility Vulnerabilities in Smart Contracts
Recently I wanted to test an Android application and had to use an Android Emulator. While Android Studio’s emulator works fine, I had difficulties making it run because you can either have it rooted without Google Play Services or with Google Play Services but not rooted.
Read More »Setting Up BurpSuite as a Trusted Root CA in Genymotion Emulator
Burp Suite is the most used web proxy for web application assessments. In an assessment, the configuration of the application required me to use Platform Authentication with NTLM to authenticate. When doing that I got 401 error when JS and CSS files were requested.
Everyone’s favorite Burp Suite, recently released their new API for interacting with Burp. The old API aka the “Wiener” API, was there from the release of Burp, but in 2022 the new “Montoya” API came out.
Smart Contracts, the self-executing code running on blockchain platforms, have revolutionized various industries by automating processes and providing decentralized solutions.
Read More »Exploit and Prevent Reentrancy Attacks in Smart Contracts
During a web assessment is common to find some outdated JavaScript library. I like to showcase the version of the outdated library in a console print with the URL where it loaded. Below is the list of console commands, to get their versions.
Read More »How to console.log the version of JavaScript libraries on your browser