AEC Hacking Competition is a famous Czech CTF with 15 web application security challenges. It used to work like this: If you solved at least 12 challenges, you were invited for the penetration tester interview. Today, only around 28 people out of several hundred could solve all the challenges. Many ethical hackers were stuck on some levels, maybe because the... }}
I noticed an exciting link shared on Hacker News titled “Wait, what’s a bookmarklet?”. I have been using them for a long time, and while reading that discussion, it was nice to see people sharing useful ones they use to make their everyday tasks easier. The security engineering mind got me thinking about the security implications of saving bookmarks with... }}
tl;dr: Like the novel “Dependency Confusion” supply chain attack, it is possible to take over internally developed WordPress plugins unclaimed on the wordpress.org registry. Updating the plugin might result in the RCE or installing a PHP backdoor. You can use wp_update_confusion.py to scan for potential targets. To protect your website, please read this announcement. Table of contents Main idea The... }}
tl;dr: I analyzed the fake Trezor Android application on Google Play Store, compromised the backend, and said hello to the developer. A story about a person losing 7.1 bitcoin worth ~$600,000 due to a fake “Trezor” app in the App Store made the news very recently. According to the article, five people have reported having cryptocurrency stolen by the fake... }}
tl;dr: I found a remotely exploitable DoS vulnerability in my “smart” TV in less than two hours after unboxing. I have released full details, including a 0-day PoC exploit. I bought myself a smart TV for Christmas. It’s the first TV which I ever owned, so I was quite excited about it, but at the same time, I didn’t want... }}
tl;dr: The GDPR Compliance <= 1.5.5 plugin allowed unauthenticated users to exploit Stored Cross-Site Scripting (XSS) in the administration panel, which might lead to the privilege escalation. That was due to clients’ IP Addresses reflected in the plugin’s dashboard without being correctly validated or escaped. I have just recently joined a Detectify crowdsource team, and I must say the platform... }}
tl;dr: I created “CTF” style challenge for our OWASP Czech Chapter Virtual Meeting. The goal was to write an XSS worm and score points by infecting 1k virtual users. You can find the source code here and read the details in this post. When the whole covid-19 thing started, I was somehow interested in looking at various coronavirus world maps... }}
A long time ago, I made a stupid decision to use WordPress for this blog about offensive website security. Since then, I learned a lot. I will be releasing a plugin to defend against XML-RPC attacks and guide how to generate a static HTML site in upcoming weeks. But today I would like to share an interesting vulnerability that I... }}
UPDATE: 17th January 2020: Another landing page disabled. UPDATE: 15th January 2020: I posted this to reddit.com/r/hacking and it seems like the mods didn't like it, they consider my blog post as a self-promotion and spam. Thank you!You have been permanently banned from participating in r/hackingYou have been permanently banned from participating in r/ActLikeYouBelongYou have been permanently banned from participating... }}
OWASP Czech Chapter Meeting, Dec 11, 2019 ~ Brno
/assets/img/2019/12/an-introduction-to-the-router-exploit-kits.pdf
2019-12-11-Kamil Vavra - An introduction to the router exploit kits2019-12-11- from Czech OWASP chapter on Vimeo.
}}
Swiss army knife for SQL Injection attacks, sqlmap was first developed in 2006 by Daniele Bellucci and later maintained by Bernardo Damele and Miroslav Stampar. Its early development took off thanks to the OWASP Spring of Code 2007 and was first under the serious media coverage during the Black Hat Europe 2009 conference. If you are interested in more dates... }}
Over the last few months, I had a quite luck finding IDOR vulnerabilities in mobile API of Android applications. Nowadays most of the apps are obfuscated and using certificate pinning to prevent MiTMs. If you are late in the game or want to shift your bug bounty hunting on Android apps, there are awesome tools that can help you catch... }}
If you are not familiar with XSS Hunter by @IAmMandatory, it's an awesome tool for penetration testers and bug bounty hunters that allows easily hunt for blind XSS vulnerabilities. It's open-source with a ton of features. You can use the SaaS version, deploy it yourself or even go serverless with Refinery! You should absolutely give it a try :) I... }}