Posts

Stealing Secrets with CSS : Cross Origin CSS Attacks

The Vaudenay Attack : A practical example

Padding Oracle Attacks : The other padding that killed your secret key

Automated DEX Decompilation using Androguard part II: Dex2Java

Automated DEX Decompilation using Androguard

About addJavascriptInterface abuse in Android Browsers

Path Traversal Vulnerability in OI File Manager for Android

Path Traversal Vulnerability in 'com.smartwho.SmartFileManager' 3.1.2 for Android

Critical Information Leakage Vulnerabilities in 'Next Browser' 1.16 for Android

Path Traversal Vulnerability in File Explorer (FX) for Android

About.me Cookie Based XSS

Even Faster Blind SQL injection methods

Grepping for Glory : using grep to uncover Android Application Level Vulns

XSS and Uncontrolled redirect Vulns in Encrypted Blog Plugin for Wordpress

More Details on the Android JCA PRNG Flaw

Details on the Android JCA PRNG Flaws

Homomorphic Encryption : What it is and what it means for the future of security

Wordpress Plugin - ADIF Log Search Widget XSS Vulnerability

Hash Length Extension: The padding that killed your secret key

Blogger.com and the mixed scripting vulnerability

Practical Blind-Error Based SQL Injection

Using Server Errors to Leak Password Hashes: Blind Error Based SQL Injection

Word Press Photo Plus Photo Search XSS/CSRF Vulnerability

The new Wordpress Vuln and How to find its victims

Information Gathering Techniques: Dig and DNS Servers

Google Web Cache and MITM attacks

Beating Trivial Server Side Filters With WebKit

WebKit XSSAuditor : The XSS catalyst

NoNoScript : ByPassing NoScript's XSS filters via Error Basd SQLi

Reverse Engineering : it's not all its cracked up to be

Social Engineering : Exploiting the Human

GooDork v2.2.1 : Custom User-Agents and More Results

GooDork : Super Charging your Google Hacking

Bit shifting blind injection : Simplified!

Creativity : The only real Hacking tool

How to shoot in the dark: Improved Blind SQLi

Injecting Insert statements: MySQL error based injection

Ordering Remote File inclusion via e-mail

The Google cache : Time travel for hackers

The Science of Google Dorking

Injecting javascript via MySQL error based injection

LFI attacks for Predators

I'm back!!