During a black-box penetration test we encountered a Java web application which presented us with a login screen. Even though we managed to bypass the
Category: Web security
Web security
Robot hacking research
Later this past month, our lab welcomed a very important individual: Robi the robot (it has a camera and speakers!). We also received the honors to
Phishy Basic Authentication prompts
In one of our previous posts, we noted that a popular tool – Responder – uses Basic Authentication prompts to harvest user credentials when they
Exploiting Timed Based RCE
In a recent penetration testing project we encountered a situation where in order to prove exploitability and possible damage we had to exfiltrate data from
Practical JSONP Injection
JSONP injection is a lesser known but quite widespread and dangerous vulnerability and it surfaced in the last years due to the high rate of
Clickjacking in Firefox Hello
Clickjacking, the art of tricking users into clicking on links or buttons that no sane person would ever click on. But how much damage can you
Security Café 