Using Honeypots To Your Advantage - Attacking Kippo

Rafay asked me to do a guest blog and I tried to guess what would be the most useful for this crowd? I think I got just the thing. Ever scanned a box, wondered if it was a honeypot or found it was a honeypot and dissapointed? Well worry no more, today I'll guide you on how to identify honeypots globally, kippo specifically, and how to abuse the functionality of honeypots to your advantage to perform external/internal attacks. Without further ado:

0 Comments

Hacking A Facebook Account With Quora - PWNQUEST

Well, We have already discussed many ways that a can use to hack a facebook account, however in this post we will discuss about an unpatched flaw inside the facebook oauth design.
An Independent security researcher and a very good friend of mine "Prakhar Prasad" exploited a flaw inside the oauth of Facebook, but the problem is that there is not much facebook can do in this scenario, Almost all the oauth flaws that have occurred on facebook have some thing to do with   tampering the redirect_uri parameter, with this flaw facebook cannot do much since they do not have much control on the part which we will discuss. Successful exploitation of this attack may lead to a full account compromise, however this solely depends upon the permission that the user assigns to the application, in most cases you won't be able to do much other then updating the user's status.

3 Comments

How Your Bank Accounts Can Be Stolen With Zeus Virus?

The 'Zeus Trojan Horse' Virus once again had a come back. According to a resource, it has an ability to drain your Bank accounts easily.

Zeus Virus can propagate through phishing messages that are generated from the account that was already compromised with phishing. That phished account will then start sending messages to your friends containing links to the ads and would ask them to simply check-out the video or product by clicking on such links. This way the virus will go viral.

Tags: Hacking News 4 Comments

How To Bypass Antivirus Detection - Making An Executable FUD

So in this tutorial we will show you step by step on how to make a virus Fully Undetectable from all the antiviruses. Thought their are lots of approaches, however our team member Malik Rafay has managed to find a way to make an executable FUD using msfencode.

Tags: Hacking News 8 Comments

How To Pick A Lock - Lock Picking Basics

Lock picking is considered by some to be the original "hack".  Long before computers there were locks and someone who wanted to manipulate them. The common misconception when picking a lock is that the process is difficult when, in actuality, it is quite simple. There are my methods to picking a lock but for this post we are going to go over the most basic method, “raking” or “scrubbing”.

Tags: Lock Picking 6 Comments

Introducing Evil In Your Website With Untrusted Third Party Scripts

This is a small case study, where my aim is to explain why you shouldn't use untrusted third party scripts on your website. Htmlcommentbox is a third part script that could be embedded into any webpage would bring a place where users can comment and interact with each, I feel it is poorly coded from both user's perspective and security perspective as it could introduce lots of spam in your website.

Let's talk about what else could it do else than introducing spam from security perspective. We [Me and Pepe Vila] have found two attack vectors with the HtmlCommentBox as Does not sanitise the user input's properly resulting in a stored xss and also a reflected xss, which obviously leaves wide variety of attack vectors from the attacker's perspective.

Tags: Hacking News , xss 3 Comments