AEC Hacking Competition is a famous Czech CTF with 15 web application security challenges. It used to work like this: If you solved at least 12 challenges, you were invited for the penetration tester interview.
I noticed an exciting link shared on Hacker News titled “Wait, what’s a bookmarklet?”. I have been using them for a long time, and while reading that discussion, it was nice to see people sharing useful ones they use to make their everyday tasks easier.
tl;dr: Like the novel “Dependency Confusion” supply chain attack, it is possible to take over internally developed WordPress plugins unclaimed on the wordpress.org registry. Updating the plugin might result in the RCE or installing a PHP backdoor. You can use wp_update_confusion.py to scan for potential targets. To protect your website, please read this announcement.
tl;dr: I found a remotely exploitable DoS vulnerability in my “smart” TV in less than two hours after unboxing. I have released full details, including a 0-day PoC exploit.
tl;dr: The GDPR Compliance <= 1.5.5 plugin allowed unauthenticated users to exploit Stored Cross-Site Scripting (XSS) in the administration panel, which might lead to the privilege escalation. That was due to clients’ IP Addresses reflected in the plugin’s dashboard without being correctly validated or escaped.
tl;dr: I created “CTF” style challenge for our OWASP Czech Chapter Virtual Meeting. The goal was to write an XSS worm and score points by infecting 1k virtual users. You can find the source code here and read the details in this post.
Our security engineers ensure the highest possible safety of our services. Their weapon of choice? Penetration testing. It is a simulation of a cyber-attack conducted by authorized developers to discover and penetrate any security vulnerabilities in the system/app/service the team is developing. Other proactive steps include secure code review, dependency scanning, SAST, and asset monitoring.
A long time ago, I made a stupid decision to use WordPress for this blog about offensive website security. Since then, I learned a lot. I will be releasing a plugin to defend against XML-RPC attacks and guide how to generate a static HTML site in upcoming weeks.
Today was a good day, I received a phishing email to by Protonmail address. I don't have a copy of the email, as I reported it and later deleted it as spam. Thankfully, other security research took screenshots yesterday:
Swiss army knife for SQL Injection attacks, sqlmap was first developed in 2006 by Daniele Bellucci and later maintained by Bernardo Damele and Miroslav Stampar.
Over the last few months, I had a quite luck finding IDOR vulnerabilities in mobile API of Android applications. Nowadays most of the apps are obfuscated and using certificate pinning to prevent MiTMs.
If you are not familiar with XSS Hunter by @IAmMandatory, it's an awesome tool for penetration testers and bug bounty hunters that allows easily hunt for blind XSS vulnerabilities. It's open-source with a ton of features. You can use the SaaS version, deploy it yourself or even go serverless! You should absolutely give it a try :)
![XSSworm.dev ~ Self-replication contest [write-up]](/assets/img/posts/2020-12-01-xss-worm-dev-self-replication-contest-write-up.png)
