-
Recent Posts
- Raspberry PI and Tor for slightly easier OPSEC
- Data exfiltration through the VMware hypervisor
- Encoding Web Shells in PNG IDAT chunks
- Taking screenshots using XSS and the HTML5 Canvas
- Exploit: Symfony2 – local file disclosure vulnerability
- Extending Burp Suite to solve reCAPTCHA
- Decrypting suhosin sessions and cookies.
- JavaScript and Daylight Savings for tracking users.
- Google TOTP Two-factor Authentication for PHP
- Exploit: PHPCaptcha / Securimage is not secure.
- Javascript keylogger in JQuery.
- Clickjacking and Phishing with help from the HTML5 JavaScript Sandbox
- PHP Remote File Inclusion command shell using data://
- Hardening and securing PHP on Linux
- Using php://filter for local file inclusion
Recent Comments
Archives
Categories
Tag Archives: Exploit
Data exfiltration through the VMware hypervisor
Its possible for two Virtual Machines with no network access or shared file system to communicate as long as they run under the same Hypervisor. This post will show you how this can be achieved by sending a square wave across the … Continue reading
Posted in Exploits
Tagged Covert channel, Exploit, Security, Side Channel Attack, Timing Channel Attack, Virtualization, VMware
3 Comments
Exploit: PHPCaptcha / Securimage is not secure.
Recently I discovered an easy way to bypass PHPCaptcha also known as SecurImage. The method described below will break the CAPTCHA every time, without fail and affects versions 1.0.4 and above. Previous versions are also probably vulnerable tho only exploit … Continue reading