BeEf Clickjacking Module and using the REST API to Automate Attacks
I’ve chatted about clickjacking a few times in the past. It’s an attack I think is often overlooked as non-important, and part of the reason people think that is probably because making these attacks...
View ArticleValidateRequest should probably still be Enabled
I noticed this post on reddit a couple weeks back, and it’s called “new .net xss bypass”. I look at .net apps more than anything else right now as part of my day job, so this new bypass is something I...
View ArticleStripping the Referer in a Cross Domain POST request
I recently came across a POST CSRF where the referer had to be from the same origin or be absent completely. Here are the ways I know about to remove the referer. A lot of people might know this sort...
View Article.NET MVC AntiforgeryToken CSRF Testing
Besides work being busy, I’m heads down ramping up my Blackhat EU talk, which is mostly about CSRF. I promise it’s more interesting than it sounds. I’m saving my favorite pieces for the talk, but...
View ArticleCommon .NET ViewstateUserKey CSRF Issue
I’ve added the 2013BH tag to all posts related to my recent Blackhat EU talk – more posts are coming, and I’ll post the whole talk and finished whitepaper relatively soon. To understand this post,...
View ArticleQualys validaterequest ‘finding’ is an Annoying PCI Problem
Uh oh. A post about compliance. That means it’s a rant, because I think compliance is dumb. I love parts of the security community, like Defcon/Bsides/CTF/the movie hackers and stuff like that, but I...
View ArticleCommon OAuth issue you can use to take over accounts
TLDR; This is a post about a CSRF issue in OAuth I found where if a victim visited a malicious site while logged in, they could take over your account. At least stackexchange, woot.com, imdb,...
View ArticleCookie Tossing in the Middle
In the past I’ve talked about one way to get in the middle as an attacker and use Burp as a MiTM proxy. One very nice thing to do in this position is to write cookies. This is a small part of my...
View ArticleCSRF tips for dealing with x-frame-options
X-Frame-Options is becoming more and more common. With OAuth, protecting against UI redressing is even in the spec, so just creating a frame to do all your sneaky stuff won’t really work. With some of...
View ArticleThe Deputies are Still Confused (Full talk and content from Blackhat EU)
I’m finally posting the whole talk and all it’s content. I’ve been posting bits and stuff since March. Here are the slides. There’s embedded media, so download for best results Here are all the...
View Article
More Pages to Explore .....