Is OneCoin A Scam? - Technical Analysis
TL;dr: People should refrain from any type of Pyramid Scheme especially when it comes to Cryptocurrency: Onecoin is a Cryptocurrency t...
How Pakistan's Critical Infrastructure Was Hacked? - Technical Analysis
There have been multiple reports leaked from various sources about NSA hacking into Pakistan's Internet infrastructure ranging f...
Whatsapp 4G VIP SCAM - Technical Analysis
This is a short blog post describing about a recent hoax pertaining the WhatsApp 4.0 version. I would like to clearly highlight that t...
Breaking The Great Wall of Web - XSS WAF Evasion CheatSheet
I think it's mandatory to give back to Security community from where we learn cutting edge techniques and information. Therefore aft...
Google Chrome, Firefox Address Bar Spoofing Vulnerability
Introduction Google security team themselves state that " We recognize that the address bar is the only reliable security indic...
Wordpress Mobile Detector Incorrect Fix Leads To Stored XSS
Recently, Wordpress Mobile Detector plugin was in news for the " Remote Code Execution " vulnerability that was found inside ...
Acunetix Website Hack And Lessons Learnt
Update: Acunetix has just released an official response about the incident, read it here . Last night, Website of A...
Bypassing Modern WAF's Exemplified At XSS (Webcast)
Past Saturday, I conducted a " Webcast " on " Garage4hackers " on one of my favorite subjects in the field of Infor...
Bypassing Browser Security Policies for Fun and Profit (Full Presentation Video)
Blackhat has just recently released the full video for my talk on the subject of " Browser Security ", If you wish to read th...
How Much Do Hackers Know About You?
Farhan Azam
7:07:00 AM
The threat of black hat hackers has never been greater than now, considering the increasing organization of their efforts to make a doll...
Bypassing Browser Security Policies For Fun And Profit (Blackhat Asia 2016)
Few hours back, i delivered a talk at Blackhat Asia 2016 on "Bypassing Browser Security Policies For Fun And Profit ", t...
7 Qualities of Highly Effective Hackers
Farhan Azam
1:03:00 PM
When asked to write on this topic, I admit that it mad e me fringe just a bit. Because I don't consider myself to be a highly ...
Facebook Account Hacked! What To Do Now?
Farhan Azam
8:51:00 AM
Every single day i get emails in my inbox and on my facebook page from users querying about how to recover hacked facebook account and...
Secure Application Development And Modern Defenses
Abstract When it comes to the internet, security has always been an after-thought. A great evidence to support the theory can be see...
Paypal Mobile Verification And Payment Restrictions Bypass
In this post, i would like to share a very simple logic flaw I found earlier this year I have found a way to circumvent mobile verificat...
Android Browser All Versions - Address Bar Spoofing Vulnerability - CVE-2015-3830
Introduction Google security team themselves state that "We recognize that the address bar is the only reliable security indica...
Sucuri WAF XSS Filter Bypass
Introduction Sucuri Cloud Proxy is a very well known WAF capable of preventing DOS, SQL Injection, XSS and malware detection and preve...
CSP 2015 Capture The Flag Writeup
On 11th April Giuseppe Trotta and myself organized a CTF (Capture The Flag) competition for Cyber Secure Pakistan (A conference that c...
Android Browser Kitkat Content Spoofing Vulnerability
The following is a low risk vulnerability that was found few months ago while testing the latest Android Stock browser on Android Kitk...
Android Browser Cross Scheme Data Exposure + Intent Scheme Attack
tl;dr This exploit is an issue present in Android browser < 4.4 and several other android browsers which allows an attacker to read s...
Subscribe to:
Posts (Atom)
