Posts

Abusing WebVTT and CORS for fun and profit

Stealing Secrets with CSS : Cross Origin CSS Attacks

The Vaudenay Attack : A practical example

Padding Oracle Attacks : The other padding that killed your secret key

Automated DEX Decompilation using Androguard part II: Dex2Java

Automated DEX Decompilation using Androguard

About addJavascriptInterface abuse in Android Browsers

Path Traversal Vulnerability in OI File Manager for Android

Path Traversal Vulnerability in 'com.smartwho.SmartFileManager' 3.1.2 for Android

Critical Information Leakage Vulnerabilities in 'Next Browser' 1.16 for Android

Path Traversal Vulnerability in File Explorer (FX) for Android

About.me Cookie Based XSS

Even Faster Blind SQL injection methods

Grepping for Glory : using grep to uncover Android Application Level Vulns

XSS and Uncontrolled redirect Vulns in Encrypted Blog Plugin for Wordpress

More Details on the Android JCA PRNG Flaw

Details on the Android JCA PRNG Flaws

Homomorphic Encryption : What it is and what it means for the future of security

Wordpress Plugin - ADIF Log Search Widget XSS Vulnerability

Hash Length Extension: The padding that killed your secret key