Welcome to our

Cyber Security News Aggregator

.

Cyber Tzar

provide a

cyber security risk management

platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.
Navigation
Return to Planet "Home"
Ordered/grouped:
Filter applied:
Current page:
Go to "Navigation Help" (page end)
Articles in this collection: 99

Source: Ethical Hacking - Rafayhackingarticles

Articles recieved 17/02/2024
Article: Android Browser Same Origin Policy Bypass < 4.4 - CVE-2014-6041 - published about 10 years ago.
Content: Introduction Same Origin Policy (SOP) is one of the most important security mechanisms that are applied in modern browsers, the basic idea behind the SOP is the javaScript from one origin should not be able to access the properties of a website on another origin. The origin is formed by the combination of Scheme, domain and port with the port being an e...
http://www.rafayhackingarticles.net/2014/08/android-browser-same-origin-policy.html 
🔥🔥
 
Published: 2014 08 31 09:33:00
Received: 2024 02 17 13:21:48
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: Indepth Code Execution in PHP: Part Two - published about 10 years ago.
Content: This is a continued post from Code Execution in PHP; you can read the first post here, so if you haven't read that before please go ahead and read it first or else you would have problem understanding the second part. “…It’s no secret that PHP is an easy language to which anyone with amateur coding skills could work with and as a rule with poor knowled...
http://www.rafayhackingarticles.net/2014/09/indepth-code-execution-in-php-part-two.html 
🔥🔥
 
Published: 2014 09 20 18:39:00
Received: 2024 02 17 13:21:47
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: A Tale Of Another SOP Bypass In Android Browser < 4.4 - published about 10 years ago.
Content: Since, my recent android SOP bypass [CVE-2014-6041] triggered a lot of eruption among the infosec community, I was motivated to research a bit more upon the android browser, it turns out that things are much worse than I thought, I managed to trigger quite a few interesting vulnerabilities inside of Android browser, one of them being another Same Origin...
http://www.rafayhackingarticles.net/2014/10/a-tale-of-another-sop-bypass-in-android.html 
🔥🔥
 
Published: 2014 10 02 11:53:00
Received: 2024 02 17 13:21:47
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: Common Attacks Against Modems - published almost 10 years ago.
Content: 0x01: Introduction to Modems The term DSL modem is technically used to describe "a modem which connects to a single computer, through a USB port or is installed in a computer PCI slot". The more common DSL router which combines the function of a DSL modem and a home router is a standalone device which could be connected to multiple computers through m...
http://www.rafayhackingarticles.net/2014/12/common-attacks-against-modems.html 
🔥🔥
 
Published: 2014 12 14 19:40:00
Received: 2024 02 17 13:21:47
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: Bad Meets evil - PHP meets Regular Expressions - published almost 10 years ago.
Content: twi This article would briefly discuss the reason why Regular Expressions might not be suitable for filtersand how things could turn miserably bad when PHP comes is used with Regular Expressions. The post would then continue with the write-up of a relevant scenario based challenge, and finally will conclude with the author’s opinion on the topic. Common...
http://www.rafayhackingarticles.net/2014/12/bad-meets-evil-php-meets-regular.html 
🔥🔥
 
Published: 2014 12 25 11:33:00
Received: 2024 02 17 13:21:47
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: Android Browser Cross Scheme Data Exposure + Intent Scheme Attack - published almost 10 years ago.
Content: tl;dr This exploit is an issue present in Android browser &lt; 4.4 and several other android browsers which allows an attacker to read sqlite cookie database file and hence exposing all cookies. Along with it we also talk about a Cross Scheme Data exposure attack in Android &lt; 4.4. Introduction During my research on ASOP (Stock Browser) I found out th...
http://www.rafayhackingarticles.net/2014/12/android-browser-cross-scheme-data.html 
🔥🔥
 
Published: 2014 12 29 10:00:00
Received: 2024 02 17 13:21:47
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: Android Browser Kitkat Content Spoofing Vulnerability - published over 9 years ago.
Content: The following is a low risk vulnerability that was found few months ago while testing the latest Android Stock browser on Android Kitkat.  The issue that was found is commonly referred as Content spoofing Vulnerability or dialog box spoofing vulnerability which could be used to fake an alert message on a legitimate website. In other words, i could d...
http://www.rafayhackingarticles.net/2015/03/android-browser-kitkat-content-spoofing.html 
🔥🔥
 
Published: 2015 03 12 05:41:00
Received: 2024 02 17 13:21:47
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: CSP 2015 Capture The Flag Writeup - published over 9 years ago.
Content: On 11th April Giuseppe Trotta and myself organized a CTF (Capture The Flag) competition for Cyber Secure Pakistan (A conference that combines all the stakeholders). The challenge was hosted on hack.me and contained 9 different challenges, some challenges itself contained sub-challenges. Overall, we received great feedback from vast majority of participan...
http://www.rafayhackingarticles.net/2015/04/csp-2015-capture-flag-writeup.html 
🔥🔥
 
Published: 2015 04 18 07:31:00
Received: 2024 02 17 13:21:46
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: Sucuri WAF XSS Filter Bypass - published over 9 years ago.
Content: Introduction Sucuri Cloud Proxy is a very well known WAF capable of preventing DOS, SQL Injection, XSS and malware detection and prevention. It acts as a reverse proxy which means that all the traffic sent to an application behind Sucuri WAF would be first sent to Sucuri's network which (based upon it's signature database) would check if a particular req...
http://www.rafayhackingarticles.net/2015/04/sucuri-waf-xss-filter-bypass.html 
🔥🔥
 
Published: 2015 04 25 14:10:00
Received: 2024 02 17 13:21:46
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: Android Browser All Versions - Address Bar Spoofing Vulnerability - CVE-2015-3830 - published over 9 years ago.
Content: Introduction Google security team themselves state that "We recognize that the address bar is the only reliable security indicator in modern browsers" and if the only reliable security indicator could be controlled by an attacker it could carry adverse affects, For instance potentially tricking users into supplying sensitive information to a malicious ...
http://www.rafayhackingarticles.net/2015/05/android-browser-address-bar-spoofing-vulnerability.html 
🔥🔥
 
Published: 2015 05 18 18:14:00
Received: 2024 02 17 13:21:46
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: Paypal Mobile Verification And Payment Restrictions Bypass - published about 9 years ago.
Content: In this post, i would like to share a very simple logic flaw I found earlier this year I have found a way to circumvent mobile verification by utilizing a different portal for logging into a paypal account. The flaw lies in the fact that paypal does not perform two step verification/authorization checks on all different portals that are used to log into ...
http://www.rafayhackingarticles.net/2015/09/paypal-mobile-verification-bypass.html 
🔥🔥
 
Published: 2015 09 25 19:03:00
Received: 2024 02 17 13:21:46
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: Secure Application Development And Modern Defenses - published almost 9 years ago.
Content: Abstract When it comes to the internet, security has always been an after-thought. A great evidence to support the theory can be seen when we look at the history of the internet. The internet was created by US military back in 1969, branded as "Arpanet" at that time. In 1973, ARPANET created TCP IP protocol suite which later enabled the development of...
http://www.rafayhackingarticles.net/2015/12/secure-application-development-Modern-Defenses.html 
🔥🔥
 
Published: 2015 12 18 19:51:00
Received: 2024 02 17 13:21:46
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: Facebook Account Hacked! What To Do Now? - published almost 9 years ago.
Content: Every single day i get emails in my inbox and on my facebook page from users querying about how to recover hacked facebook account and a common problem i see in all of them is that they are proactive. Everyone searches for Facebook account recovery softwares, Facebook hacking softwares and recovery mechanisms after their facebook or any other email accou...
http://www.rafayhackingarticles.net/2016/01/facebook-account-hacked-what-to-do-know.html 
🔥🔥
 
Published: 2016 01 17 16:51:00
Received: 2024 02 17 13:21:46
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: 7 Qualities of Highly Effective Hackers - published almost 9 years ago.
Content: When asked to write on this topic, I admit that it made me fringe just a bit. Because I don't consider myself to be a highly effective hacker. I find myself as a noob everywhere that I'm trying to learn new things, or I am frustrated with the most ridiculous "hacker" material on the web, written by school-taught programmers that follow step by step...
http://www.rafayhackingarticles.net/2013/12/7-qualities-of-highly-effective-hackers.html 
🔥🔥
 
Published: 2016 02 09 21:03:00
Received: 2024 02 17 13:21:46
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: Bypassing Browser Security Policies For Fun And Profit (Blackhat Asia 2016) - published over 8 years ago.
Content: Few hours back, i delivered a talk at Blackhat Asia 2016  on "Bypassing Browser Security Policies For Fun And Profit", the talk covered wide variety of topics starting from SOP bypasses, CSP bypass so on and so forth. Due to limited time i was only able to cover few topics, however, you can find rest of the topics in the WhitePaper below. The follow...
http://www.rafayhackingarticles.net/2016/03/bypassing-browser-security-policies-for-fun-and-profit.html 
🔥🔥
 
Published: 2016 03 31 11:49:00
Received: 2024 02 17 13:21:46
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: How Much Do Hackers Know About You? - published over 8 years ago.
Content: The threat of black hat hackers has never been greater than now, considering the increasing organization of their efforts to make a dollar off of your digital assets and information. The common portrayal of the hacker is someone who knows enough about programming and the internet that they can seemingly access any information or know anything about anyon...
http://www.rafayhackingarticles.net/2016/04/how-much-do-hackers-know-about-you.html 
🔥🔥
 
Published: 2016 04 13 14:07:00
Received: 2024 02 17 13:21:45
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: Bypassing Browser Security Policies for Fun and Profit (Full Presentation Video) - published over 8 years ago.
Content: Blackhat has just recently released the full video for my talk on the subject of "Browser Security", If you wish to read the Whitepaper/Slides and SOP Test Suite, you can refer to my previous post on "Bypassing Browser Security Policies For Fun And Profit" Abstract Mobile browsers in comparison to desktop browsers are relatively new and have not gone...
http://www.rafayhackingarticles.net/2016/04/bypassing-browser-security-policies-for-Fun-And-Profit-Full-Video.html 
🔥🔥
 
Published: 2016 04 21 18:02:00
Received: 2024 02 17 13:21:45
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: Acunetix Website Hack And Lessons Learnt - published over 8 years ago.
Content: Update: Acunetix has just released an official response about the incident, read it here. Last night, Website of Acunetix(A Wellknown Automated Web Application Scanner) was hacked by Croatian hackers. From that point of this onward the website has been taken offline and acunetix team are reviewing the root cause for the hack. Currentl...
http://www.rafayhackingarticles.net/2016/06/acunetix-website-hack-and-lessons-learnt.html 
🔥🔥
 
Published: 2016 06 05 08:35:00
Received: 2024 02 17 13:21:45
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: Wordpress Mobile Detector Incorrect Fix Leads To Stored XSS - published over 8 years ago.
Content: Recently, Wordpress Mobile Detector plugin was in news for the "Remote Code Execution" vulnerability that was found inside the resize.php file. The vulnerability allowed an external attacker to upload arbitrary files to the server as there was no validation being performed for the file-type that has to be retrieved from an external source. Soon after...
http://www.rafayhackingarticles.net/2016/06/wordpress-mobile-detector-incorrect-fix-leads-to-stored-xss.html 
🔥🔥
 
Published: 2016 06 13 07:58:00
Received: 2024 02 17 13:21:45
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: Google Chrome, Firefox Address Bar Spoofing Vulnerability - published over 8 years ago.
Content: Introduction Google security team themselves state that "We recognize that the address bar is the only reliable security indicator in modern browsers" and if the only reliable security indicator could be controlled by an attacker it could carry adverse affects, For instance potentially tricking users into supplying sensitive information to a malicious...
http://www.rafayhackingarticles.net/2016/08/google-chrome-firefox-address-bar.html 
🔥🔥
 
Published: 2016 08 16 06:16:00
Received: 2024 02 17 13:21:45
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: Breaking The Great Wall of Web - XSS WAF Evasion CheatSheet - published about 8 years ago.
Content: I think it's mandatory to give back to Security community from where we learn cutting edge techniques and information. Therefore after months of effort i am presenting to you a new WhitePaper titled "Breaking Great Wall of Web" without any strings attached. Acknowledgements I would like to thank the Acunetix Team for helping with proof-reading of the...
http://www.rafayhackingarticles.net/2016/09/breaking-great-wall-of-web-xss-waf.html 
🔥🔥
 
Published: 2016 09 01 10:07:00
Received: 2024 02 17 13:21:44
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: Whatsapp 4G VIP SCAM - Technical Analysis - published about 8 years ago.
Content: This is a short blog post describing about a recent hoax pertaining the WhatsApp 4.0 version. I would like to clearly highlight that there is no such application as 'Whatsapp 4G'. The version promises users  unrealistic features video calling, new whatsapp themes, delete sent messages from both sides etc The following is how the message is being propa...
http://www.rafayhackingarticles.net/2016/09/whatsapp-4g-vip-scam-technical-analysis.html 
🔥🔥
 
Published: 2016 09 06 10:21:00
Received: 2024 02 17 13:21:44
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: How Pakistan's Critical Infrastructure Was Hacked? - Technical Analysis - published over 7 years ago.
Content: There have been multiple reports leaked from various sources about NSA hacking into Pakistan's Internet infrastructure ranging from Core Routers to Pakistan Telecommunication Green Line Communication Network in order to intercept Pakistan's civilian and military leadership communication. In October last year, a group called "Shadow Brokers" leaked co...
http://www.rafayhackingarticles.net/2017/04/how-pakistans-critical-internet-Infrastructure-was-hacked.html 
🔥🔥
 
Published: 2017 04 11 17:43:00
Received: 2024 02 17 13:21:44
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: Is OneCoin A Scam? - Technical Analysis - published over 7 years ago.
Content: TL;dr: People should refrain from any type of Pyramid Scheme especially when it comes to Cryptocurrency: Onecoin is a Cryptocurrency that has been dubbed as Ponzi Scam and the evidence surrounding it is considerate. The way it works is that members buy training packages that  come up with "tokens" and these tokens can be utilized for mining. After minin...
http://www.rafayhackingarticles.net/2017/05/is-onecoin-scam-technical-analysis.html 
🔥🔥
 
Published: 2017 05 02 08:34:00
Received: 2024 02 17 13:21:44
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
13:21 Android Browser Same Origin Policy Bypass < 4.4 - CVE-2014-6041
🔥🔥
13:21 Indepth Code Execution in PHP: Part Two
🔥🔥
13:21 A Tale Of Another SOP Bypass In Android Browser < 4.4
🔥🔥
13:21 Common Attacks Against Modems
🔥🔥
13:21 Bad Meets evil - PHP meets Regular Expressions
🔥🔥
13:21 Android Browser Cross Scheme Data Exposure + Intent Scheme Attack
🔥🔥
13:21 Android Browser Kitkat Content Spoofing Vulnerability
🔥🔥
13:21 CSP 2015 Capture The Flag Writeup
🔥🔥
13:21 Sucuri WAF XSS Filter Bypass
🔥🔥
13:21 Android Browser All Versions - Address Bar Spoofing Vulnerability - CVE-2015-3830
🔥🔥
13:21 Paypal Mobile Verification And Payment Restrictions Bypass
🔥🔥
13:21 Secure Application Development And Modern Defenses
🔥🔥
13:21 Facebook Account Hacked! What To Do Now?
🔥🔥
13:21 7 Qualities of Highly Effective Hackers
🔥🔥
13:21 Bypassing Browser Security Policies For Fun And Profit (Blackhat Asia 2016)
🔥🔥
13:21 How Much Do Hackers Know About You?
🔥🔥
13:21 Bypassing Browser Security Policies for Fun and Profit (Full Presentation Video)
🔥🔥
13:21 Acunetix Website Hack And Lessons Learnt
🔥🔥
13:21 Wordpress Mobile Detector Incorrect Fix Leads To Stored XSS
🔥🔥
13:21 Google Chrome, Firefox Address Bar Spoofing Vulnerability
🔥🔥
13:21 Breaking The Great Wall of Web - XSS WAF Evasion CheatSheet
🔥🔥
13:21 Whatsapp 4G VIP SCAM - Technical Analysis
🔥🔥
13:21 How Pakistan's Critical Infrastructure Was Hacked? - Technical Analysis
🔥🔥
13:21 Is OneCoin A Scam? - Technical Analysis
🔥🔥
Articles recieved 01/04/2023
Article: Android Browser Same Origin Policy Bypass < 4.4 - CVE-2014-6041 - published about 10 years ago.
Content: Introduction Same Origin Policy (SOP) is one of the most important security mechanisms that are applied in modern browsers, the basic idea behind the SOP is the javaScript from one origin should not be able to access the properties of a website on another origin. The origin is formed by the combination of Scheme, domain and port with the port being an e...
http://www.rafayhackingarticles.net/2014/08/android-browser-same-origin-policy.html 
🔥🔥
 
Published: 2014 08 31 09:33:00
Received: 2023 04 01 05:22:27
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: Indepth Code Execution in PHP: Part Two - published about 10 years ago.
Content: This is a continued post from Code Execution in PHP; you can read the first post here, so if you haven't read that before please go ahead and read it first or else you would have problem understanding the second part. “…It’s no secret that PHP is an easy language to which anyone with amateur coding skills could work with and as a rule with poor knowled...
http://www.rafayhackingarticles.net/2014/09/indepth-code-execution-in-php-part-two.html 
🔥🔥
 
Published: 2014 09 20 18:39:00
Received: 2023 04 01 05:22:27
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: A Tale Of Another SOP Bypass In Android Browser < 4.4 - published about 10 years ago.
Content: Since, my recent android SOP bypass [CVE-2014-6041] triggered a lot of eruption among the infosec community, I was motivated to research a bit more upon the android browser, it turns out that things are much worse than I thought, I managed to trigger quite a few interesting vulnerabilities inside of Android browser, one of them being another Same Origin...
http://www.rafayhackingarticles.net/2014/10/a-tale-of-another-sop-bypass-in-android.html 
🔥🔥
 
Published: 2014 10 02 11:53:00
Received: 2023 04 01 05:22:27
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: Common Attacks Against Modems - published almost 10 years ago.
Content: 0x01: Introduction to Modems The term DSL modem is technically used to describe "a modem which connects to a single computer, through a USB port or is installed in a computer PCI slot". The more common DSL router which combines the function of a DSL modem and a home router is a standalone device which could be connected to multiple computers through m...
http://www.rafayhackingarticles.net/2014/12/common-attacks-against-modems.html 
🔥🔥
 
Published: 2014 12 14 19:40:00
Received: 2023 04 01 05:22:27
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: Bad Meets evil - PHP meets Regular Expressions - published almost 10 years ago.
Content: twi This article would briefly discuss the reason why Regular Expressions might not be suitable for filtersand how things could turn miserably bad when PHP comes is used with Regular Expressions. The post would then continue with the write-up of a relevant scenario based challenge, and finally will conclude with the author’s opinion on the topic. Common...
http://www.rafayhackingarticles.net/2014/12/bad-meets-evil-php-meets-regular.html 
🔥🔥
 
Published: 2014 12 25 11:33:00
Received: 2023 04 01 05:22:27
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: Android Browser Cross Scheme Data Exposure + Intent Scheme Attack - published almost 10 years ago.
Content: tl;dr This exploit is an issue present in Android browser &lt; 4.4 and several other android browsers which allows an attacker to read sqlite cookie database file and hence exposing all cookies. Along with it we also talk about a Cross Scheme Data exposure attack in Android &lt; 4.4. Introduction During my research on ASOP (Stock Browser) I found out th...
http://www.rafayhackingarticles.net/2014/12/android-browser-cross-scheme-data.html 
🔥🔥
 
Published: 2014 12 29 10:00:00
Received: 2023 04 01 05:22:27
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: Android Browser Kitkat Content Spoofing Vulnerability - published over 9 years ago.
Content: The following is a low risk vulnerability that was found few months ago while testing the latest Android Stock browser on Android Kitkat.  The issue that was found is commonly referred as Content spoofing Vulnerability or dialog box spoofing vulnerability which could be used to fake an alert message on a legitimate website. In other words, i could d...
http://www.rafayhackingarticles.net/2015/03/android-browser-kitkat-content-spoofing.html 
🔥🔥
 
Published: 2015 03 12 05:41:00
Received: 2023 04 01 05:22:27
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: CSP 2015 Capture The Flag Writeup - published over 9 years ago.
Content: On 11th April Giuseppe Trotta and myself organized a CTF (Capture The Flag) competition for Cyber Secure Pakistan (A conference that combines all the stakeholders). The challenge was hosted on hack.me and contained 9 different challenges, some challenges itself contained sub-challenges. Overall, we received great feedback from vast majority of participan...
http://www.rafayhackingarticles.net/2015/04/csp-2015-capture-flag-writeup.html 
🔥🔥
 
Published: 2015 04 18 07:31:00
Received: 2023 04 01 05:22:27
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: Sucuri WAF XSS Filter Bypass - published over 9 years ago.
Content: Introduction Sucuri Cloud Proxy is a very well known WAF capable of preventing DOS, SQL Injection, XSS and malware detection and prevention. It acts as a reverse proxy which means that all the traffic sent to an application behind Sucuri WAF would be first sent to Sucuri's network which (based upon it's signature database) would check if a particular req...
http://www.rafayhackingarticles.net/2015/04/sucuri-waf-xss-filter-bypass.html 
🔥🔥
 
Published: 2015 04 25 14:10:00
Received: 2023 04 01 05:22:26
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: Android Browser All Versions - Address Bar Spoofing Vulnerability - CVE-2015-3830 - published over 9 years ago.
Content: Introduction Google security team themselves state that "We recognize that the address bar is the only reliable security indicator in modern browsers" and if the only reliable security indicator could be controlled by an attacker it could carry adverse affects, For instance potentially tricking users into supplying sensitive information to a malicious ...
http://www.rafayhackingarticles.net/2015/05/android-browser-address-bar-spoofing-vulnerability.html 
🔥🔥
 
Published: 2015 05 18 18:14:00
Received: 2023 04 01 05:22:26
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: Paypal Mobile Verification And Payment Restrictions Bypass - published about 9 years ago.
Content: In this post, i would like to share a very simple logic flaw I found earlier this year I have found a way to circumvent mobile verification by utilizing a different portal for logging into a paypal account. The flaw lies in the fact that paypal does not perform two step verification/authorization checks on all different portals that are used to log into ...
http://www.rafayhackingarticles.net/2015/09/paypal-mobile-verification-bypass.html 
🔥🔥
 
Published: 2015 09 25 19:03:00
Received: 2023 04 01 05:22:26
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: Secure Application Development And Modern Defenses - published almost 9 years ago.
Content: Abstract When it comes to the internet, security has always been an after-thought. A great evidence to support the theory can be seen when we look at the history of the internet. The internet was created by US military back in 1969, branded as "Arpanet" at that time. In 1973, ARPANET created TCP IP protocol suite which later enabled the development of...
http://www.rafayhackingarticles.net/2015/12/secure-application-development-Modern-Defenses.html 
🔥🔥
 
Published: 2015 12 18 19:51:00
Received: 2023 04 01 05:22:26
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: Facebook Account Hacked! What To Do Now? - published almost 9 years ago.
Content: Every single day i get emails in my inbox and on my facebook page from users querying about how to recover hacked facebook account and a common problem i see in all of them is that they are proactive. Everyone searches for Facebook account recovery softwares, Facebook hacking softwares and recovery mechanisms after their facebook or any other email accou...
http://www.rafayhackingarticles.net/2016/01/facebook-account-hacked-what-to-do-know.html 
🔥🔥
 
Published: 2016 01 17 16:51:00
Received: 2023 04 01 05:22:26
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: 7 Qualities of Highly Effective Hackers - published almost 9 years ago.
Content: When asked to write on this topic, I admit that it made me fringe just a bit. Because I don't consider myself to be a highly effective hacker. I find myself as a noob everywhere that I'm trying to learn new things, or I am frustrated with the most ridiculous "hacker" material on the web, written by school-taught programmers that follow step by step...
http://www.rafayhackingarticles.net/2013/12/7-qualities-of-highly-effective-hackers.html 
🔥🔥
 
Published: 2016 02 09 21:03:00
Received: 2023 04 01 05:22:26
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: Bypassing Browser Security Policies For Fun And Profit (Blackhat Asia 2016) - published over 8 years ago.
Content: Few hours back, i delivered a talk at Blackhat Asia 2016  on "Bypassing Browser Security Policies For Fun And Profit", the talk covered wide variety of topics starting from SOP bypasses, CSP bypass so on and so forth. Due to limited time i was only able to cover few topics, however, you can find rest of the topics in the WhitePaper below. The follow...
http://www.rafayhackingarticles.net/2016/03/bypassing-browser-security-policies-for-fun-and-profit.html 
🔥🔥
 
Published: 2016 03 31 11:49:00
Received: 2023 04 01 05:22:26
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: How Much Do Hackers Know About You? - published over 8 years ago.
Content: The threat of black hat hackers has never been greater than now, considering the increasing organization of their efforts to make a dollar off of your digital assets and information. The common portrayal of the hacker is someone who knows enough about programming and the internet that they can seemingly access any information or know anything about anyon...
http://www.rafayhackingarticles.net/2016/04/how-much-do-hackers-know-about-you.html 
🔥🔥
 
Published: 2016 04 13 14:07:00
Received: 2023 04 01 05:22:26
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: Bypassing Browser Security Policies for Fun and Profit (Full Presentation Video) - published over 8 years ago.
Content: Blackhat has just recently released the full video for my talk on the subject of "Browser Security", If you wish to read the Whitepaper/Slides and SOP Test Suite, you can refer to my previous post on "Bypassing Browser Security Policies For Fun And Profit" Abstract Mobile browsers in comparison to desktop browsers are relatively new and have not gone...
http://www.rafayhackingarticles.net/2016/04/bypassing-browser-security-policies-for-Fun-And-Profit-Full-Video.html 
🔥🔥
 
Published: 2016 04 21 18:02:00
Received: 2023 04 01 05:22:26
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: Bypassing Modern WAF's Exemplified At XSS (Webcast) - published over 8 years ago.
Content: Past Saturday, I conducted a "Webcast" on "Garage4hackers" on one of my favorite subjects in the field of Information Security i.e. "WAF Bypass". Initially, i had decided to present something on the topic of "Mobile Browser Security" due to the fact that this has been a topic I have been recently conducting a research on. However i later realized that ...
http://www.rafayhackingarticles.net/2016/05/bypassing-modern-wafs-exemplified-at-xss.html 
🔥🔥
 
Published: 2016 05 03 21:37:00
Received: 2023 04 01 05:22:26
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: Acunetix Website Hack And Lessons Learnt - published over 8 years ago.
Content: Update: Acunetix has just released an official response about the incident, read it here. Last night, Website of Acunetix(A Wellknown Automated Web Application Scanner) was hacked by Croatian hackers. From that point of this onward the website has been taken offline and acunetix team are reviewing the root cause for the hack. Currentl...
http://www.rafayhackingarticles.net/2016/06/acunetix-website-hack-and-lessons-learnt.html 
🔥🔥
 
Published: 2016 06 05 08:35:00
Received: 2023 04 01 05:22:26
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: Wordpress Mobile Detector Incorrect Fix Leads To Stored XSS - published over 8 years ago.
Content: Recently, Wordpress Mobile Detector plugin was in news for the "Remote Code Execution" vulnerability that was found inside the resize.php file. The vulnerability allowed an external attacker to upload arbitrary files to the server as there was no validation being performed for the file-type that has to be retrieved from an external source. Soon after...
http://www.rafayhackingarticles.net/2016/06/wordpress-mobile-detector-incorrect-fix-leads-to-stored-xss.html 
🔥🔥
 
Published: 2016 06 13 07:58:00
Received: 2023 04 01 05:22:25
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: Google Chrome, Firefox Address Bar Spoofing Vulnerability - published over 8 years ago.
Content: Introduction Google security team themselves state that "We recognize that the address bar is the only reliable security indicator in modern browsers" and if the only reliable security indicator could be controlled by an attacker it could carry adverse affects, For instance potentially tricking users into supplying sensitive information to a malicious...
http://www.rafayhackingarticles.net/2016/08/google-chrome-firefox-address-bar.html 
🔥🔥
 
Published: 2016 08 16 06:16:00
Received: 2023 04 01 05:22:25
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: Breaking The Great Wall of Web - XSS WAF Evasion CheatSheet - published about 8 years ago.
Content: I think it's mandatory to give back to Security community from where we learn cutting edge techniques and information. Therefore after months of effort i am presenting to you a new WhitePaper titled "Breaking Great Wall of Web" without any strings attached. Acknowledgements I would like to thank the Acunetix Team for helping with proof-reading of the...
http://www.rafayhackingarticles.net/2016/09/breaking-great-wall-of-web-xss-waf.html 
🔥🔥
 
Published: 2016 09 01 10:07:00
Received: 2023 04 01 05:22:25
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: Whatsapp 4G VIP SCAM - Technical Analysis - published about 8 years ago.
Content: This is a short blog post describing about a recent hoax pertaining the WhatsApp 4.0 version. I would like to clearly highlight that there is no such application as 'Whatsapp 4G'. The version promises users  unrealistic features video calling, new whatsapp themes, delete sent messages from both sides etc The following is how the message is being propa...
http://www.rafayhackingarticles.net/2016/09/whatsapp-4g-vip-scam-technical-analysis.html 
🔥🔥
 
Published: 2016 09 06 10:21:00
Received: 2023 04 01 05:22:25
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: How Pakistan's Critical Infrastructure Was Hacked? - Technical Analysis - published over 7 years ago.
Content: There have been multiple reports leaked from various sources about NSA hacking into Pakistan's Internet infrastructure ranging from Core Routers to Pakistan Telecommunication Green Line Communication Network in order to intercept Pakistan's civilian and military leadership communication. In October last year, a group called "Shadow Brokers" leaked co...
http://www.rafayhackingarticles.net/2017/04/how-pakistans-critical-internet-Infrastructure-was-hacked.html 
🔥🔥
 
Published: 2017 04 11 17:43:00
Received: 2023 04 01 05:22:25
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: Is OneCoin A Scam? - Technical Analysis - published over 7 years ago.
Content: TL;dr: People should refrain from any type of Pyramid Scheme especially when it comes to Cryptocurrency: Onecoin is a Cryptocurrency that has been dubbed as Ponzi Scam and the evidence surrounding it is considerate. The way it works is that members buy training packages that  come up with "tokens" and these tokens can be utilized for mining. After minin...
http://www.rafayhackingarticles.net/2017/05/is-onecoin-scam-technical-analysis.html 
🔥🔥
 
Published: 2017 05 02 08:34:00
Received: 2023 04 01 05:22:25
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
05:22 Android Browser Same Origin Policy Bypass < 4.4 - CVE-2014-6041
🔥🔥
05:22 Indepth Code Execution in PHP: Part Two
🔥🔥
05:22 A Tale Of Another SOP Bypass In Android Browser < 4.4
🔥🔥
05:22 Common Attacks Against Modems
🔥🔥
05:22 Bad Meets evil - PHP meets Regular Expressions
🔥🔥
05:22 Android Browser Cross Scheme Data Exposure + Intent Scheme Attack
🔥🔥
05:22 Android Browser Kitkat Content Spoofing Vulnerability
🔥🔥
05:22 CSP 2015 Capture The Flag Writeup
🔥🔥
05:22 Sucuri WAF XSS Filter Bypass
🔥🔥
05:22 Android Browser All Versions - Address Bar Spoofing Vulnerability - CVE-2015-3830
🔥🔥
05:22 Paypal Mobile Verification And Payment Restrictions Bypass
🔥🔥
05:22 Secure Application Development And Modern Defenses
🔥🔥
05:22 Facebook Account Hacked! What To Do Now?
🔥🔥
05:22 7 Qualities of Highly Effective Hackers
🔥🔥
05:22 Bypassing Browser Security Policies For Fun And Profit (Blackhat Asia 2016)
🔥🔥
05:22 How Much Do Hackers Know About You?
🔥🔥
05:22 Bypassing Browser Security Policies for Fun and Profit (Full Presentation Video)
🔥🔥
05:22 Bypassing Modern WAF's Exemplified At XSS (Webcast)
🔥🔥
05:22 Acunetix Website Hack And Lessons Learnt
🔥🔥
05:22 Wordpress Mobile Detector Incorrect Fix Leads To Stored XSS
🔥🔥
05:22 Google Chrome, Firefox Address Bar Spoofing Vulnerability
🔥🔥
05:22 Breaking The Great Wall of Web - XSS WAF Evasion CheatSheet
🔥🔥
05:22 Whatsapp 4G VIP SCAM - Technical Analysis
🔥🔥
05:22 How Pakistan's Critical Infrastructure Was Hacked? - Technical Analysis
🔥🔥
05:22 Is OneCoin A Scam? - Technical Analysis
🔥🔥
Articles recieved 18/07/2022
Article: Android Browser Same Origin Policy Bypass < 4.4 - CVE-2014-6041 - published about 10 years ago.
Content: IntroductionSame Origin Policy (SOP) is one of the most important security mechanisms that are applied in modern browsers, the basic idea behind the SOP is the javaScript from one origin should not be able to access the properties of a website on another origin. The origin is formed by the combination of Scheme, domain and port with the port being an excepti...
http://www.rafayhackingarticles.net/2014/08/android-browser-same-origin-policy.html 
🔥🔥
 
Published: 2014 08 31 09:33:00
Received: 2022 07 18 17:48:11
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: Indepth Code Execution in PHP: Part Two - published about 10 years ago.
Content: This is a continued post from Code Execution in PHP; you can read the first post here, so if you haven't read that before please go ahead and read it first or else you would have problem understanding the second part.“…It’s no secret that PHP is an easy language to which anyone with amateur coding skills could work with and as a rule with poor knowledge of b...
http://www.rafayhackingarticles.net/2014/09/indepth-code-execution-in-php-part-two.html 
🔥🔥
 
Published: 2014 09 20 18:39:00
Received: 2022 07 18 17:48:11
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: A Tale Of Another SOP Bypass In Android Browser < 4.4 - published about 10 years ago.
Content: Since, my recent android SOP bypass [CVE-2014-6041] triggered a lot of eruption among the infosec community, I was motivated to research a bit more upon the android browser, it turns out that things are much worse than I thought, I managed to trigger quite a few interesting vulnerabilities inside of Android browser, one of them being another Same Origin Poli...
http://www.rafayhackingarticles.net/2014/10/a-tale-of-another-sop-bypass-in-android.html 
🔥🔥
 
Published: 2014 10 02 11:53:00
Received: 2022 07 18 17:48:11
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: Common Attacks Against Modems - published almost 10 years ago.
Content: 0x01: Introduction to ModemsThe term DSL modem is technically used to describe "a modem which connects to a single computer, through a USB port or is installed in a computer PCI slot". The more common DSL router which combines the function of a DSL modem and a home router is a standalone device which could be connected to multiple computers through multiple ...
http://www.rafayhackingarticles.net/2014/12/common-attacks-against-modems.html 
🔥🔥
 
Published: 2014 12 14 19:40:00
Received: 2022 07 18 17:48:11
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: Bad Meets evil - PHP meets Regular Expressions - published almost 10 years ago.
Content: twiThis article would briefly discuss the reason why Regular Expressions might not be suitable for filtersand how things could turn miserably bad when PHP comes is used with Regular Expressions. The post would then continue with the write-up of a relevant scenario based challenge, and finally will conclude with the author’s opinion on the topic.Common pitfal...
http://www.rafayhackingarticles.net/2014/12/bad-meets-evil-php-meets-regular.html 
🔥🔥
 
Published: 2014 12 25 11:33:00
Received: 2022 07 18 17:48:11
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: Android Browser Cross Scheme Data Exposure + Intent Scheme Attack - published almost 10 years ago.
Content: tl;dr This exploit is an issue present in Android browser &lt; 4.4 and several other android browsers which allows an attacker to read sqlite cookie database file and hence exposing all cookies. Along with it we also talk about a Cross Scheme Data exposure attack in Android &lt; 4.4.IntroductionDuring my research on ASOP (Stock Browser) I found out that is i...
http://www.rafayhackingarticles.net/2014/12/android-browser-cross-scheme-data.html 
🔥🔥
 
Published: 2014 12 29 10:00:00
Received: 2022 07 18 17:48:11
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: Android Browser Kitkat Content Spoofing Vulnerability - published over 9 years ago.
Content: The following is a low risk vulnerability that was found few months ago while testing the latest Android Stock browser on Android Kitkat.  The issue that was found is commonly referred as Content spoofing Vulnerability or dialog box spoofing vulnerability which could be used to fake an alert message on a legitimate website.In other words, i could display an ...
http://www.rafayhackingarticles.net/2015/03/android-browser-kitkat-content-spoofing.html 
🔥🔥
 
Published: 2015 03 12 05:41:00
Received: 2022 07 18 17:48:11
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: CSP 2015 Capture The Flag Writeup - published over 9 years ago.
Content: On 11th April Giuseppe Trotta and myself organized a CTF (Capture The Flag) competition for Cyber Secure Pakistan (A conference that combines all the stakeholders). The challenge was hosted on hack.me and contained 9 different challenges, some challenges itself contained sub-challenges. Overall, we received great feedback from vast majority of participants. ...
http://www.rafayhackingarticles.net/2015/04/csp-2015-capture-flag-writeup.html 
🔥🔥
 
Published: 2015 04 18 07:31:00
Received: 2022 07 18 17:48:11
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: Sucuri WAF XSS Filter Bypass - published over 9 years ago.
Content: IntroductionSucuri Cloud Proxy is a very well known WAF capable of preventing DOS, SQL Injection, XSS and malware detection and prevention. It acts as a reverse proxy which means that all the traffic sent to an application behind Sucuri WAF would be first sent to Sucuri's network which (based upon it's signature database) would check if a particular request ...
http://www.rafayhackingarticles.net/2015/04/sucuri-waf-xss-filter-bypass.html 
🔥🔥
 
Published: 2015 04 25 14:10:00
Received: 2022 07 18 17:48:11
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: Android Browser All Versions - Address Bar Spoofing Vulnerability - CVE-2015-3830 - published over 9 years ago.
Content: IntroductionGoogle security team themselves state that "We recognize that the address bar is the only reliable security indicator in modern browsers" and if the only reliable security indicator could be controlled by an attacker it could carry adverse affects, For instance potentially tricking users into supplying sensitive information to a malicious websit...
http://www.rafayhackingarticles.net/2015/05/android-browser-address-bar-spoofing-vulnerability.html 
🔥🔥
 
Published: 2015 05 18 18:14:00
Received: 2022 07 18 17:48:11
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: Paypal Mobile Verification And Payment Restrictions Bypass - published about 9 years ago.
Content: In this post, i would like to share a very simple logic flaw I found earlier this year I have found a way to circumvent mobile verification by utilizing a different portal for logging into a paypal account. The flaw lies in the fact that paypal does not perform two step verification/authorization checks on all different portals that are used to log into a pa...
http://www.rafayhackingarticles.net/2015/09/paypal-mobile-verification-bypass.html 
🔥🔥
 
Published: 2015 09 25 19:03:00
Received: 2022 07 18 17:48:11
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: Secure Application Development And Modern Defenses - published almost 9 years ago.
Content: AbstractWhen it comes to the internet, security has always been an after-thought. A great evidence to support the theory can be seen when we look at the history of the internet. The internet was created by US military back in 1969, branded as "Arpanet" at that time. In 1973, ARPANET created TCP IP protocol suite which later enabled the development of protoco...
http://www.rafayhackingarticles.net/2015/12/secure-application-development-Modern-Defenses.html 
🔥🔥
 
Published: 2015 12 18 19:51:00
Received: 2022 07 18 17:48:11
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: Facebook Account Hacked! What To Do Now? - published almost 9 years ago.
Content: Every single day i get emails in my inbox and on my facebook page from users querying about how to recover hacked facebook account and a common problem i see in all of them is that they are proactive. Everyone searches for Facebook account recovery softwares, Facebook hacking softwares and recovery mechanisms after their facebook or any other email account h...
http://www.rafayhackingarticles.net/2016/01/facebook-account-hacked-what-to-do-know.html 
🔥🔥
 
Published: 2016 01 17 16:51:00
Received: 2022 07 18 17:48:11
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: 7 Qualities of Highly Effective Hackers - published almost 9 years ago.
Content: When asked to write on this topic, I admit that it made me fringe just a bit. Because I don't consider myself to be a highly effective hacker. I find myself as a noob everywhere that I'm trying to learn new things, or I am frustrated with the most ridiculous "hacker" material on the web, written by school-taught programmers that follow step by step instructi...
http://www.rafayhackingarticles.net/2013/12/7-qualities-of-highly-effective-hackers.html 
🔥🔥
 
Published: 2016 02 09 21:03:00
Received: 2022 07 18 17:48:11
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: Bypassing Browser Security Policies For Fun And Profit (Blackhat Asia 2016) - published over 8 years ago.
Content: Few hours back, i delivered a talk at Blackhat Asia 2016  on "Bypassing Browser Security Policies For Fun And Profit", the talk covered wide variety of topics starting from SOP bypasses, CSP bypass so on and so forth. Due to limited time i was only able to cover few topics, however, you can find rest of the topics in the WhitePaper below. The following was t...
http://www.rafayhackingarticles.net/2016/03/bypassing-browser-security-policies-for-fun-and-profit.html 
🔥🔥
 
Published: 2016 03 31 11:49:00
Received: 2022 07 18 17:48:11
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: How Much Do Hackers Know About You? - published over 8 years ago.
Content: The threat of black hat hackers has never been greater than now, considering the increasing organization of their efforts to make a dollar off of your digital assets and information. The common portrayal of the hacker is someone who knows enough about programming and the internet that they can seemingly access any information or know anything about anyone.Th...
http://www.rafayhackingarticles.net/2016/04/how-much-do-hackers-know-about-you.html 
🔥🔥
 
Published: 2016 04 13 14:07:00
Received: 2022 07 18 17:48:11
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: Bypassing Browser Security Policies for Fun and Profit (Full Presentation Video) - published over 8 years ago.
Content: Blackhat has just recently released the full video for my talk on the subject of "Browser Security", If you wish to read the Whitepaper/Slides and SOP Test Suite, you can refer to my previous post on "Bypassing Browser Security Policies For Fun And Profit"AbstractMobile browsers in comparison to desktop browsers are relatively new and have not gone under sam...
http://www.rafayhackingarticles.net/2016/04/bypassing-browser-security-policies-for-Fun-And-Profit-Full-Video.html 
🔥🔥
 
Published: 2016 04 21 18:02:00
Received: 2022 07 18 17:48:11
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: Bypassing Modern WAF's Exemplified At XSS (Webcast) - published over 8 years ago.
Content: Past Saturday, I conducted a "Webcast" on "Garage4hackers" on one of my favorite subjects in the field of Information Security i.e. "WAF Bypass". Initially, i had decided to present something on the topic of "Mobile Browser Security" due to the fact that this has been a topic I have been recently conducting a research on.However i later realized that the "Ta...
http://www.rafayhackingarticles.net/2016/05/bypassing-modern-wafs-exemplified-at-xss.html 
🔥🔥
 
Published: 2016 05 03 21:37:00
Received: 2022 07 18 17:48:11
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: Acunetix Website Hack And Lessons Learnt - published over 8 years ago.
Content: Update: Acunetix has just released an official response about the incident, read it here.Last night, Website of Acunetix(A Wellknown Automated Web Application Scanner) was hacked by Croatian hackers. From that point of this onward the website has been taken offline and acunetix team are reviewing the root cause for the hack. Currently the homepage is display...
http://www.rafayhackingarticles.net/2016/06/acunetix-website-hack-and-lessons-learnt.html 
🔥🔥
 
Published: 2016 06 05 08:35:00
Received: 2022 07 18 17:48:11
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: Wordpress Mobile Detector Incorrect Fix Leads To Stored XSS - published over 8 years ago.
Content: Recently, Wordpress Mobile Detector plugin was in news for the "Remote Code Execution" vulnerability that was found inside the resize.php file. The vulnerability allowed an external attacker to upload arbitrary files to the server as there was no validation being performed for the file-type that has to be retrieved from an external source.Soon after the vuln...
http://www.rafayhackingarticles.net/2016/06/wordpress-mobile-detector-incorrect-fix-leads-to-stored-xss.html 
🔥🔥
 
Published: 2016 06 13 07:58:00
Received: 2022 07 18 17:48:11
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: Google Chrome, Firefox Address Bar Spoofing Vulnerability - published over 8 years ago.
Content: IntroductionGoogle security team themselves state that "We recognize that the address bar is the only reliable security indicator in modern browsers" and if the only reliable security indicator could be controlled by an attacker it could carry adverse affects, For instance potentially tricking users into supplying sensitive information to a malicious website...
http://www.rafayhackingarticles.net/2016/08/google-chrome-firefox-address-bar.html 
🔥🔥
 
Published: 2016 08 16 06:16:00
Received: 2022 07 18 17:48:10
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: Breaking The Great Wall of Web - XSS WAF Evasion CheatSheet - published about 8 years ago.
Content: I think it's mandatory to give back to Security community from where we learn cutting edge techniques and information. Therefore after months of effort i am presenting to you a new WhitePaper titled "Breaking Great Wall of Web" without any strings attached. AcknowledgementsI would like to thank the Acunetix Team for helping with proof-reading of the document...
http://www.rafayhackingarticles.net/2016/09/breaking-great-wall-of-web-xss-waf.html 
🔥🔥
 
Published: 2016 09 01 10:07:00
Received: 2022 07 18 17:48:10
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: Whatsapp 4G VIP SCAM - Technical Analysis - published about 8 years ago.
Content: This is a short blog post describing about a recent hoax pertaining the WhatsApp 4.0 version. I would like to clearly highlight that there is no such application as 'Whatsapp 4G'. The version promises users  unrealistic features video calling, new whatsapp themes, delete sent messages from both sides etcThe following is how the message is being propagated:T...
http://www.rafayhackingarticles.net/2016/09/whatsapp-4g-vip-scam-technical-analysis.html 
🔥🔥
 
Published: 2016 09 06 10:21:00
Received: 2022 07 18 17:48:10
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: How Pakistan's Critical Infrastructure Was Hacked? - Technical Analysis - published over 7 years ago.
Content: There have been multiple reports leaked from various sources about NSA hacking into Pakistan's Internet infrastructure ranging from Core Routers to Pakistan Telecommunication Green Line Communication Network in order to intercept Pakistan's civilian and military leadership communication. In October last year, a group called "Shadow Brokers" leaked comprehens...
http://www.rafayhackingarticles.net/2017/04/how-pakistans-critical-internet-Infrastructure-was-hacked.html 
🔥🔥
 
Published: 2017 04 11 17:43:00
Received: 2022 07 18 17:48:10
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: Is OneCoin A Scam? - Technical Analysis - published over 7 years ago.
Content: TL;dr: People should refrain from any type of Pyramid Scheme especially when it comes to Cryptocurrency:Onecoin is a Cryptocurrency that has been dubbed as Ponzi Scam and the evidence surrounding it is considerate. The way it works is that members buy training packages that  come up with "tokens" and these tokens can be utilized for mining. After mining has...
http://www.rafayhackingarticles.net/2017/05/is-onecoin-scam-technical-analysis.html 
🔥🔥
 
Published: 2017 05 02 08:34:00
Received: 2022 07 18 17:48:10
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
17:48 Android Browser Same Origin Policy Bypass < 4.4 - CVE-2014-6041
🔥🔥
17:48 Indepth Code Execution in PHP: Part Two
🔥🔥
17:48 A Tale Of Another SOP Bypass In Android Browser < 4.4
🔥🔥
17:48 Common Attacks Against Modems
🔥🔥
17:48 Bad Meets evil - PHP meets Regular Expressions
🔥🔥
17:48 Android Browser Cross Scheme Data Exposure + Intent Scheme Attack
🔥🔥
17:48 Android Browser Kitkat Content Spoofing Vulnerability
🔥🔥
17:48 CSP 2015 Capture The Flag Writeup
🔥🔥
17:48 Sucuri WAF XSS Filter Bypass
🔥🔥
17:48 Android Browser All Versions - Address Bar Spoofing Vulnerability - CVE-2015-3830
🔥🔥
17:48 Paypal Mobile Verification And Payment Restrictions Bypass
🔥🔥
17:48 Secure Application Development And Modern Defenses
🔥🔥
17:48 Facebook Account Hacked! What To Do Now?
🔥🔥
17:48 7 Qualities of Highly Effective Hackers
🔥🔥
17:48 Bypassing Browser Security Policies For Fun And Profit (Blackhat Asia 2016)
🔥🔥
17:48 How Much Do Hackers Know About You?
🔥🔥
17:48 Bypassing Browser Security Policies for Fun and Profit (Full Presentation Video)
🔥🔥
17:48 Bypassing Modern WAF's Exemplified At XSS (Webcast)
🔥🔥
17:48 Acunetix Website Hack And Lessons Learnt
🔥🔥
17:48 Wordpress Mobile Detector Incorrect Fix Leads To Stored XSS
🔥🔥
17:48 Google Chrome, Firefox Address Bar Spoofing Vulnerability
🔥🔥
17:48 Breaking The Great Wall of Web - XSS WAF Evasion CheatSheet
🔥🔥
17:48 Whatsapp 4G VIP SCAM - Technical Analysis
🔥🔥
17:48 How Pakistan's Critical Infrastructure Was Hacked? - Technical Analysis
🔥🔥
17:48 Is OneCoin A Scam? - Technical Analysis
🔥🔥
Articles recieved 06/06/2021
Article: Android Browser Same Origin Policy Bypass < 4.4 - CVE-2014-6041 - published about 10 years ago.
Content: IntroductionSame Origin Policy (SOP) is one of the most important security mechanisms that are applied in modern browsers, the basic idea behind the SOP is the javaScript from one origin should not be able to access the properties of a website on another origin. The origin is formed by the combination of Scheme, domain and port with the port being an excepti...
http://www.rafayhackingarticles.net/2014/08/android-browser-same-origin-policy.html 
🔥🔥
 
Published: 2014 08 31 09:33:00
Received: 2021 06 06 09:04:44
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: Indepth Code Execution in PHP: Part Two - published about 10 years ago.
Content: This is a continued post from Code Execution in PHP; you can read the first post here, so if you haven't read that before please go ahead and read it first or else you would have problem understanding the second part.“…It’s no secret that PHP is an easy language to which anyone with amateur coding skills could work with and as a rule with poor knowledge of b...
http://www.rafayhackingarticles.net/2014/09/indepth-code-execution-in-php-part-two.html 
🔥🔥
 
Published: 2014 09 20 18:39:00
Received: 2021 06 06 09:04:44
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: A Tale Of Another SOP Bypass In Android Browser < 4.4 - published about 10 years ago.
Content: Since, my recent android SOP bypass [CVE-2014-6041] triggered a lot of eruption among the infosec community, I was motivated to research a bit more upon the android browser, it turns out that things are much worse than I thought, I managed to trigger quite a few interesting vulnerabilities inside of Android browser, one of them being another Same Origin Poli...
http://www.rafayhackingarticles.net/2014/10/a-tale-of-another-sop-bypass-in-android.html 
🔥🔥
 
Published: 2014 10 02 11:53:00
Received: 2021 06 06 09:04:44
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: Common Attacks Against Modems - published almost 10 years ago.
Content: 0x01: Introduction to ModemsThe term DSL modem is technically used to describe "a modem which connects to a single computer, through a USB port or is installed in a computer PCI slot". The more common DSL router which combines the function of a DSL modem and a home router is a standalone device which could be connected to multiple computers through multiple ...
http://www.rafayhackingarticles.net/2014/12/common-attacks-against-modems.html 
🔥🔥
 
Published: 2014 12 14 19:40:00
Received: 2021 06 06 09:04:44
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: Bad Meets evil - PHP meets Regular Expressions - published almost 10 years ago.
Content: twiThis article would briefly discuss the reason why Regular Expressions might not be suitable for filtersand how things could turn miserably bad when PHP comes is used with Regular Expressions. The post would then continue with the write-up of a relevant scenario based challenge, and finally will conclude with the author’s opinion on the topic.Common pitfal...
http://www.rafayhackingarticles.net/2014/12/bad-meets-evil-php-meets-regular.html 
🔥🔥
 
Published: 2014 12 25 11:33:00
Received: 2021 06 06 09:04:44
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: Android Browser Cross Scheme Data Exposure + Intent Scheme Attack - published almost 10 years ago.
Content: tl;dr This exploit is an issue present in Android browser &lt; 4.4 and several other android browsers which allows an attacker to read sqlite cookie database file and hence exposing all cookies. Along with it we also talk about a Cross Scheme Data exposure attack in Android &lt; 4.4.IntroductionDuring my research on ASOP (Stock Browser) I found out that is i...
http://www.rafayhackingarticles.net/2014/12/android-browser-cross-scheme-data.html 
🔥🔥
 
Published: 2014 12 29 10:00:00
Received: 2021 06 06 09:04:44
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: Android Browser Kitkat Content Spoofing Vulnerability - published over 9 years ago.
Content: The following is a low risk vulnerability that was found few months ago while testing the latest Android Stock browser on Android Kitkat.  The issue that was found is commonly referred as Content spoofing Vulnerability or dialog box spoofing vulnerability which could be used to fake an alert message on a legitimate website.In other words, i could display an ...
http://www.rafayhackingarticles.net/2015/03/android-browser-kitkat-content-spoofing.html 
🔥🔥
 
Published: 2015 03 12 05:41:00
Received: 2021 06 06 09:04:44
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: CSP 2015 Capture The Flag Writeup - published over 9 years ago.
Content: On 11th April Giuseppe Trotta and myself organized a CTF (Capture The Flag) competition for Cyber Secure Pakistan (A conference that combines all the stakeholders). The challenge was hosted on hack.me and contained 9 different challenges, some challenges itself contained sub-challenges. Overall, we received great feedback from vast majority of participants. ...
http://www.rafayhackingarticles.net/2015/04/csp-2015-capture-flag-writeup.html 
🔥🔥
 
Published: 2015 04 18 07:31:00
Received: 2021 06 06 09:04:44
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: Sucuri WAF XSS Filter Bypass - published over 9 years ago.
Content: IntroductionSucuri Cloud Proxy is a very well known WAF capable of preventing DOS, SQL Injection, XSS and malware detection and prevention. It acts as a reverse proxy which means that all the traffic sent to an application behind Sucuri WAF would be first sent to Sucuri's network which (based upon it's signature database) would check if a particular request ...
http://www.rafayhackingarticles.net/2015/04/sucuri-waf-xss-filter-bypass.html 
🔥🔥
 
Published: 2015 04 25 14:10:00
Received: 2021 06 06 09:04:44
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: Android Browser All Versions - Address Bar Spoofing Vulnerability - CVE-2015-3830 - published over 9 years ago.
Content: IntroductionGoogle security team themselves state that "We recognize that the address bar is the only reliable security indicator in modern browsers" and if the only reliable security indicator could be controlled by an attacker it could carry adverse affects, For instance potentially tricking users into supplying sensitive information to a malicious websit...
http://www.rafayhackingarticles.net/2015/05/android-browser-address-bar-spoofing-vulnerability.html 
🔥🔥
 
Published: 2015 05 18 18:14:00
Received: 2021 06 06 09:04:44
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: Paypal Mobile Verification And Payment Restrictions Bypass - published about 9 years ago.
Content: In this post, i would like to share a very simple logic flaw I found earlier this year I have found a way to circumvent mobile verification by utilizing a different portal for logging into a paypal account. The flaw lies in the fact that paypal does not perform two step verification/authorization checks on all different portals that are used to log into a pa...
http://www.rafayhackingarticles.net/2015/09/paypal-mobile-verification-bypass.html 
🔥🔥
 
Published: 2015 09 25 19:03:00
Received: 2021 06 06 09:04:44
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: Secure Application Development And Modern Defenses - published almost 9 years ago.
Content: AbstractWhen it comes to the internet, security has always been an after-thought. A great evidence to support the theory can be seen when we look at the history of the internet. The internet was created by US military back in 1969, branded as "Arpanet" at that time. In 1973, ARPANET created TCP IP protocol suite which later enabled the development of protoco...
http://www.rafayhackingarticles.net/2015/12/secure-application-development-Modern-Defenses.html 
🔥🔥
 
Published: 2015 12 18 19:51:00
Received: 2021 06 06 09:04:44
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: Facebook Account Hacked! What To Do Now? - published almost 9 years ago.
Content: Every single day i get emails in my inbox and on my facebook page from users querying about how to recover hacked facebook account and a common problem i see in all of them is that they are proactive. Everyone searches for Facebook account recovery softwares, Facebook hacking softwares and recovery mechanisms after their facebook or any other email account h...
http://www.rafayhackingarticles.net/2016/01/facebook-account-hacked-what-to-do-know.html 
🔥🔥
 
Published: 2016 01 17 16:51:00
Received: 2021 06 06 09:04:44
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: 7 Qualities of Highly Effective Hackers - published almost 9 years ago.
Content: When asked to write on this topic, I admit that it made me fringe just a bit. Because I don't consider myself to be a highly effective hacker. I find myself as a noob everywhere that I'm trying to learn new things, or I am frustrated with the most ridiculous "hacker" material on the web, written by school-taught programmers that follow step by step instructi...
http://www.rafayhackingarticles.net/2013/12/7-qualities-of-highly-effective-hackers.html 
🔥🔥
 
Published: 2016 02 09 21:03:00
Received: 2021 06 06 09:04:44
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: Bypassing Browser Security Policies For Fun And Profit (Blackhat Asia 2016) - published over 8 years ago.
Content: Few hours back, i delivered a talk at Blackhat Asia 2016  on "Bypassing Browser Security Policies For Fun And Profit", the talk covered wide variety of topics starting from SOP bypasses, CSP bypass so on and so forth. Due to limited time i was only able to cover few topics, however, you can find rest of the topics in the WhitePaper below. The following was t...
http://www.rafayhackingarticles.net/2016/03/bypassing-browser-security-policies-for-fun-and-profit.html 
🔥🔥
 
Published: 2016 03 31 11:49:00
Received: 2021 06 06 09:04:44
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: How Much Do Hackers Know About You? - published over 8 years ago.
Content: The threat of black hat hackers has never been greater than now, considering the increasing organization of their efforts to make a dollar off of your digital assets and information. The common portrayal of the hacker is someone who knows enough about programming and the internet that they can seemingly access any information or know anything about anyone.Th...
http://www.rafayhackingarticles.net/2016/04/how-much-do-hackers-know-about-you.html 
🔥🔥
 
Published: 2016 04 13 14:07:00
Received: 2021 06 06 09:04:44
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: Bypassing Browser Security Policies for Fun and Profit (Full Presentation Video) - published over 8 years ago.
Content: Blackhat has just recently released the full video for my talk on the subject of "Browser Security", If you wish to read the Whitepaper/Slides and SOP Test Suite, you can refer to my previous post on "Bypassing Browser Security Policies For Fun And Profit"AbstractMobile browsers in comparison to desktop browsers are relatively new and have not gone under sam...
http://www.rafayhackingarticles.net/2016/04/bypassing-browser-security-policies-for-Fun-And-Profit-Full-Video.html 
🔥🔥
 
Published: 2016 04 21 18:02:00
Received: 2021 06 06 09:04:44
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: Bypassing Modern WAF's Exemplified At XSS (Webcast) - published over 8 years ago.
Content: Past Saturday, I conducted a "Webcast" on "Garage4hackers" on one of my favorite subjects in the field of Information Security i.e. "WAF Bypass". Initially, i had decided to present something on the topic of "Mobile Browser Security" due to the fact that this has been a topic I have been recently conducting a research on.However i later realized that the "Ta...
http://www.rafayhackingarticles.net/2016/05/bypassing-modern-wafs-exemplified-at-xss.html 
🔥🔥
 
Published: 2016 05 03 21:37:00
Received: 2021 06 06 09:04:44
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: Acunetix Website Hack And Lessons Learnt - published over 8 years ago.
Content: Update: Acunetix has just released an official response about the incident, read it here.Last night, Website of Acunetix(A Wellknown Automated Web Application Scanner) was hacked by Croatian hackers. From that point of this onward the website has been taken offline and acunetix team are reviewing the root cause for the hack. Currently the homepage is display...
http://www.rafayhackingarticles.net/2016/06/acunetix-website-hack-and-lessons-learnt.html 
🔥🔥
 
Published: 2016 06 05 08:35:00
Received: 2021 06 06 09:04:44
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: Wordpress Mobile Detector Incorrect Fix Leads To Stored XSS - published over 8 years ago.
Content: Recently, Wordpress Mobile Detector plugin was in news for the "Remote Code Execution" vulnerability that was found inside the resize.php file. The vulnerability allowed an external attacker to upload arbitrary files to the server as there was no validation being performed for the file-type that has to be retrieved from an external source.Soon after the vuln...
http://www.rafayhackingarticles.net/2016/06/wordpress-mobile-detector-incorrect-fix-leads-to-stored-xss.html 
🔥🔥
 
Published: 2016 06 13 07:58:00
Received: 2021 06 06 09:04:44
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: Google Chrome, Firefox Address Bar Spoofing Vulnerability - published over 8 years ago.
Content: IntroductionGoogle security team themselves state that "We recognize that the address bar is the only reliable security indicator in modern browsers" and if the only reliable security indicator could be controlled by an attacker it could carry adverse affects, For instance potentially tricking users into supplying sensitive information to a malicious website...
http://www.rafayhackingarticles.net/2016/08/google-chrome-firefox-address-bar.html 
🔥🔥
 
Published: 2016 08 16 06:16:00
Received: 2021 06 06 09:04:44
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: Breaking The Great Wall of Web - XSS WAF Evasion CheatSheet - published about 8 years ago.
Content: I think it's mandatory to give back to Security community from where we learn cutting edge techniques and information. Therefore after months of effort i am presenting to you a new WhitePaper titled "Breaking Great Wall of Web" without any strings attached. AcknowledgementsI would like to thank the Acunetix Team for helping with proof-reading of the document...
http://www.rafayhackingarticles.net/2016/09/breaking-great-wall-of-web-xss-waf.html 
🔥🔥
 
Published: 2016 09 01 10:07:00
Received: 2021 06 06 09:04:44
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: Whatsapp 4G VIP SCAM - Technical Analysis - published about 8 years ago.
Content: This is a short blog post describing about a recent hoax pertaining the WhatsApp 4.0 version. I would like to clearly highlight that there is no such application as 'Whatsapp 4G'. The version promises users  unrealistic features video calling, new whatsapp themes, delete sent messages from both sides etcThe following is how the message is being propagated:T...
http://www.rafayhackingarticles.net/2016/09/whatsapp-4g-vip-scam-technical-analysis.html 
🔥🔥
 
Published: 2016 09 06 10:21:00
Received: 2021 06 06 09:04:44
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: How Pakistan's Critical Infrastructure Was Hacked? - Technical Analysis - published over 7 years ago.
Content: There have been multiple reports leaked from various sources about NSA hacking into Pakistan's Internet infrastructure ranging from Core Routers to Pakistan Telecommunication Green Line Communication Network in order to intercept Pakistan's civilian and military leadership communication. In October last year, a group called "Shadow Brokers" leaked comprehens...
http://www.rafayhackingarticles.net/2017/04/how-pakistans-critical-internet-Infrastructure-was-hacked.html 
🔥🔥
 
Published: 2017 04 11 17:43:00
Received: 2021 06 06 09:04:44
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Article: Is OneCoin A Scam? - Technical Analysis - published over 7 years ago.
Content: TL;dr: People should refrain from any type of Pyramid Scheme especially when it comes to Cryptocurrency:Onecoin is a Cryptocurrency that has been dubbed as Ponzi Scam and the evidence surrounding it is considerate. The way it works is that members buy training packages that  come up with "tokens" and these tokens can be utilized for mining. After mining has...
http://www.rafayhackingarticles.net/2017/05/is-onecoin-scam-technical-analysis.html 
🔥🔥
 
Published: 2017 05 02 08:34:00
Received: 2021 06 06 09:04:44
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
09:04 Android Browser Same Origin Policy Bypass < 4.4 - CVE-2014-6041
🔥🔥
09:04 Indepth Code Execution in PHP: Part Two
🔥🔥
09:04 A Tale Of Another SOP Bypass In Android Browser < 4.4
🔥🔥
09:04 Common Attacks Against Modems
🔥🔥
09:04 Bad Meets evil - PHP meets Regular Expressions
🔥🔥
09:04 Android Browser Cross Scheme Data Exposure + Intent Scheme Attack
🔥🔥
09:04 Android Browser Kitkat Content Spoofing Vulnerability
🔥🔥
09:04 CSP 2015 Capture The Flag Writeup
🔥🔥
09:04 Sucuri WAF XSS Filter Bypass
🔥🔥
09:04 Android Browser All Versions - Address Bar Spoofing Vulnerability - CVE-2015-3830
🔥🔥
09:04 Paypal Mobile Verification And Payment Restrictions Bypass
🔥🔥
09:04 Secure Application Development And Modern Defenses
🔥🔥
09:04 Facebook Account Hacked! What To Do Now?
🔥🔥
09:04 7 Qualities of Highly Effective Hackers
🔥🔥
09:04 Bypassing Browser Security Policies For Fun And Profit (Blackhat Asia 2016)
🔥🔥
09:04 How Much Do Hackers Know About You?
🔥🔥
09:04 Bypassing Browser Security Policies for Fun and Profit (Full Presentation Video)
🔥🔥
09:04 Bypassing Modern WAF's Exemplified At XSS (Webcast)
🔥🔥
09:04 Acunetix Website Hack And Lessons Learnt
🔥🔥
09:04 Wordpress Mobile Detector Incorrect Fix Leads To Stored XSS
🔥🔥
09:04 Google Chrome, Firefox Address Bar Spoofing Vulnerability
🔥🔥
09:04 Breaking The Great Wall of Web - XSS WAF Evasion CheatSheet
🔥🔥
09:04 Whatsapp 4G VIP SCAM - Technical Analysis
🔥🔥
09:04 How Pakistan's Critical Infrastructure Was Hacked? - Technical Analysis
🔥🔥
09:04 Is OneCoin A Scam? - Technical Analysis
🔥🔥
Cyber Tzar Free Score Certificate
Cyber Tzar Free Score Certificate
Cyber Tzar Your Score Explained
Cyber Tzar Your Score Explained
Cyber Tzar Gold Score Certificate
Cyber Tzar Gold Score Certificate
Cyber Tzar Score Analysis
Cyber Tzar Score Analysis
Cyber Tzar Risk Impact Assesment
Cyber Tzar Risk Impact Assesment
Navigation
Return to Planet "Home"
Ordered/grouped:
Filter applied:
Current page:
Go to "Navigation Help" (page end)
Articles in this collection: 99
  • "Home" links back to the front page, effectivly the Planet "Home Page"; shows all articles, with no selections, or groupings.
  • Default date ordering is by "Received Date" (due to not all RSS feeds having a "Published Date").
  • Authors is the most poorly serviced field in the articles we see from cyber security news providers.
  • Only Published Date selections use the articles Published Date (for ordering and grouping).
  • The first page always shows fifty items plus from zero to up to a remaining forty-nine items, before they are commited permently to the next page.
  • All subsequent pages show fifty items.
  • Pagination is in reverse ordering (so that pages are permamenent links, aka "permalinks", to their content).
  • Return to the top of this page "Go Now"

Custom HTML Block

Click to Open Code Editor