Security_Study 썸네일형 리스트형 XSS via file upload - www.google.com (Postini Header Analyzer) In this post, I'll show you a very fun XSS via fie upload found on www.google.com domain in a service called Postini Header Analyzer. Postini, according to Wikipedia, is an e-mail, web security and archiving service, owned by Google since 2007, that provides cloud computing services for filtering e-mail spam and malware. On http://www.google.com/postini/headeranalyzer/ there is a service that al.. 더보기 XSS via window.stop() - Google Safen Up In the beginning of 2015, Google launched a new program called Vulnerability Research Grants, "with the goal of rewarding security researchers that look into the security of Google products and services even in the case when no vulnerabilities are found". I have submitted quite a few bugs to them and decided to give it a try. The grant was given to me after a few days of waiting and my task was .. 더보기 Overwriting the Stack In the previous articles, we got to know the basics of the Stack Based Buffer Overflow and changing the address in the run time by modifying the register value using the debugger.In this article, we will analyze another simple C program which takes the user input and prints the same input data on the screen. In this article, we will not change any values by modifying the value through debugger l.. 더보기 The Importance of Cyber Hygiene in Cyberspace The drastic increase in the frequency of cyber attacks on financial systems, the healthcare industry and large and small scale industries have raised concerns about security at every level of an organization. A recent Australian Securities and Investments Commission (ASIC) “Cyber-resilience health-check” report says that industry feedback will further tighten the financial services and other reg.. 더보기 Fuzzing nginx - Hunting vulnerabilities with afl-fuzz No 0day hereIf you were looking for it, sorry. As of 48 hours of fuzzing, I’ve got 0 crashes.AFL - successful fuzzingAmerican Fuzzy Lop has a very impressive history of finding vulnerabilities. The trophy case is gigantic. An ELI5 of the design of the product is: Give it a program a valid input file, and it will mess with that input file until using it crashes the example program. My first attem.. 더보기 HTTP/2 HTTP/2 will make our applications faster, simpler, and more robust—a rare combination—by allowing us to undo many of the HTTP/1.1 workarounds previously done within our applications and address these concerns within the transport layer itself. Even better, it also opens up a number of entirely new opportunities to optimize our applications and improve performance!The primary goals for HTTP/2 are.. 더보기 A back-to-front TrueCrypt recovery story: the plaintext is the ciphertext One of our clients recently approached us for assistance with recovering data from a laptop hard drive which had been encrypted using TrueCrypt. A hardware repair gone wrong had led to problems booting the operating system, and a variety of attempted fixes had been unsuccessful. They had already sent the drive to a specialist data recovery firm, who imaged the disk successfully but found the con.. 더보기 FLARE IDA Pro Script Series: Applying Function Prototypes to Indirect Calls IntroThe FireEye Labs Advanced Reverse Engineering (FLARE) Team would like to introduce the next installment of our IDA Pro Script series of blog posts in order to share knowledge and tools with the community. All scripts and plug-ins are available from our GitHub repository athttps://github.com/fireeye/flare-ida.When Things Work RightIDA’s stack analysis and propagation of type information is e.. 더보기 Exploiting weak randomness in web applications Exploiting weak randomness in web applications https://prezi.com/j3jpm48zakwi/exploiting-weak-randomness-in-web-applications/ 더보기 Oracle SQL Injection Guides and Whitepapers IntroductionSQL Injection is a hot topic like always, I have been explaining SQL injections with examples in my series of interesting SQL injection attacks, but this time I have gathered some resources on Oracle SQL Injection which can be handy for both penetration testers and developers alike.Oracle SQL Injection Guides and WhitepapersOracle SQL Injection for Oracle Developers:- This paper is i.. 더보기 이전 1 2 3 4 5 다음