Designing an offline authentication system

I have recently got to know of the igloohome digital lock. It is completely offline and connects to the app via bluetooth only. No internet connection. One of the most puzzling features is that the owner can remotely generate a PIN code, valid for a certain duration, and have it be effective ...

SANS SEC660 review

SEC660 I recently had the opportunity to attend the SANS SEC660 course held in Singapore in October 2017. The course was conducted by Tim Medin and covered advanced penetration testing and exploit writing. SEC660 started off introducing ARP spoofing, SSL striping and IPv6 router advertisements ...

Piwik - Possible XSS in RDNS lookup function

The possible XSS vulnerability can be found in version 3.1.1 of the Piwik software itself. The getHostname() function in piwik/vendor/piwik/network/src/IP.php does not sanitize the hostname before returning the value. This results in a possible XSS if Piwik itself or any plugins use the output ...

CVE-2017-14766 Simple Student Result < 1.6.4 - Auth Bypass

Exploit Title: Simple Student Result < 1.6.4 - Auth Bypass Google Dork: inurl:wp-content/plugins/simple-student-result Date: 21-Sep-17 Exploit Author: Benjamin Lim Vendor Homepage: https://ssr.saadamin.com/ Software Link: https://wordpress.org/plugins/simple-student-result/ Version: < 1.6.4 ...

CVE-2017-14126 Participants Database < 1.7.5.10 - XSS

Exploit Title: Wordpress Plugin Participants Database < 1.7.5.10 - XSS Google Dork: inurl:wp-content/plugins/participants-database/ Date: 01-Sep-17 Exploit Author: Benjamin Lim Vendor Homepage: https://xnau.com/ Software Link: https://wordpress.org/plugins/participants-database/ Version: ...

OSCP review

Having passed my OSCP exam last week, I thought it would be good for me to share my thoughts with OSCP aspirants out there. A little bit on my background first. I have a bachelors degree in computing specialising in information security and have worked as a network pen tester for slightly over ...

Enumerate sites hosted on same IP

Enumerating sites which are hosted on the same IP address can sometimes tell us a lot about a server. Is it shared hosting? Is it a legitimate server which was compromised for C2 operations? Does the site owner have any other shady business dealings on the side? I am aware that there are sites ...

Remote Command Execution on Google Assistant

Recently, Burger King took out a TV advert and used Google voice assistant's "OK google" command to make devices read out a paragraph on the whopper burger. While most news reports take a rather cavalier attitude, treating it as a prank, this is actually remote command execution. The attacker ...