All posts

Teaching XSS to a machine [Hacks]

Even before we start anything, just have a glance at few interesting vectors that were dreamt by a machine learning agent which has structural knowledge of HTML. Few vectors require user interaction also. I tried to add comments about what I think is special about few of those.

<body onblur …

Every time I try a bug bounty program on HackerOne, I first check for flash files on the domains which are in scope. Flash files are always a good target as far as I am concerned. Approximately three months back, I came across bug bounty. So, when I …

RPi 2 as my music server [Linux]

Almost everyone is familiar with what Raspberry Pi is, if you are not aware of it better stop reading! When Pi2 was released with some great upgrades I got one to just tinker with it. Couldn't do much with it until recently. I joined my first full time role at …

Stegosploit is simple fun!! [Python]

If you are not familiar with the word STEGOSPLOIT then you must definitely look at the following links

  • The actual talk
  • Followed by huge popularity. Just google the word!
  • Then criticism
  • Then, I stopped following the topic at this stage.

Slides of the talk are available here

My Thoughts

  • Would …

I recently had the necessity to test multiple flash files for XSS. Flashbang is an awesome tool for this kind of work. Since Flashbang needs a browser to run, the only way to automate it for multiple files is to use a headless browser like PhantomJS. So, it was easy …

« Page 2 / 7 »