Blind callback environment
Hello my dear technically interested friends, It’s been a long time, but today we’re looking at an exciting topic. You may be familiar with Canary Tokens or similar services that allow you […]
Tag: Attack
XSS over IdP Federation
Today I come to you with a new idea. What if we could bring XSS payloads into third-party applications without attacking them directly? Would be a nice approach, right? Let’s call it […]
ARP spoofing bomb
Good day ordinary and extraordinary security people. let’s take a look at “ARP spoofing” today and make it even more interesting by creating a script that redirects the entire subnet to you. […]
Sender forgery in Exchange Online
Imagine you could easily send internal emails in M365 in the name of any person and that without authentication and from the outside, would you do it? Well, I don’t want to […]
Jackpoting Online Slots – part four
Another sunny day in the cyber security world, welcome back security folks. Today, in the fourth and for now last part of this blog series, we will focus on how to build […]
Jackpoting Online Slots – part three
Welcome back security folks to the multi-part series of blogs about “Jackpoting Online Slots” in which we continue to try our luck a little bit more. Now it’s time to get down […]
Jackpoting Online Slots – part two
Hello security folks out there. After a long and intense period of research, it is time to put our knowledge to the test and see how far we can take our findings […]
Jackpoting Online Slots – part one
Imagine you walk into a casino, choose your slot machine, sit down, insert your first coin and press the start button. The wheels spin and you hit the jackpot! Wow, what a […]
MitM Proxy on Kali
Mahatma Gandhi’s quote “Distrust is a sign of weakness” may be true in the real world, but certainly not in the cyber world of networks and Zero Trust. There are simply too […]
C2 by DNS lookups
Hello security folks out there, today we are going to look at a topic that allows, for amazingly simple, external executions. The whole thing is based on DNS and should therefore work […]