Exploitation

Mon
11
Apr

Google UI-Redressing Bug That Discloses The User's Email Address

Contributed by Mazin Ahmed

In this post, I will be talking about an interesting bug that affects Google Blogger. This security bug has been left undiscovered since almost 2007. The bug allows an attacker to trick the victim into revealing his email address using UI-Redressing techniques.

This document is in PDF format. To view it click here.

Fri
08
Apr

Bypassing NoScript Security Suite Using Cross-Site Scripting and MITM Attacks

Contributed by Mazin Ahmed

NoScript Security Suite is a powerful security add-on for Firefox, Seamonkey and other Mozilla-based browsers. Its main task is to block Javascript, Flash, Java, as well as many other plugins from executing untrusted code on the user’s browser through blocking it and only allowing certain trusted whitelisted sites.

This paper discusses different techniques that an attacker can use to bypass NoScript Security Suite Protection. These techniques can be used by malicious vectors in bypassing the default installation of NoScript. The paper also provides solutions and recommendations for end-users that can enhances the current protection of NoScript Security Suite.

This document is in PDF format. To view it click here.

Tue
23
Feb

Radio Frequency Interference and its Use as a Weapon

Contributed by Helen Gantt

Electromagnetic radio frequency emitters are common and are used legitimately in everyday applications such as wireless communications and Global Positioning Systems. It is also common that the electromagnetic energy that RF emitters produce will affect other electronic devices, called electromagnetic interference (EMI). An example is using a walkie talkie near a television. The signal is picked up by the television's antenna and distorts the picture. If RF emitters are used to purposely disrupt electronics, they then become a weapon. They are more powerful and therefore cause more damage than ordinary RF emitters. In this paper, I will discuss this type of weapon further, how it might be used, and why an attacker would consider this technology as a weapon. This discussion will be limited to the security threats of everyday private sector systems, and will not delve into the realm of its use for the purpose of war.

Tue
23
Feb

NDI5aster – Privilege Escalation through NDIS 5.x Filter Intermediate Drivers

Contributed by KyREcon

Mon
11
Jan

Exploiting JSON Framework : 7 Attack Shots

Contributed by Aditya K Sood

This article define the layout of the exploiting factors of web attacks ie where the JSON framework is compromised.The article is consistent in explaining the pros of the web attack related to JSON.

This document is in PDF format. To view it click here.

Pages

Subscribe to RSS - Exploitation