Taking down the SSO, Account Takeover in 3 websites of Kolesa due to Insecure JSONP Call

~ Dade Murphy ~ Leave a comment

InfoSec Write-ups - Medium-- Taking down the SSO, Account Takeover in the Websites of Kolesa due to Insecure JSONP CallHello, this post is about how I could take-over any account of Kolesa’s websites using Single Sign-On. There was an insecure JSONP call which could break the security of the entire SSO mechanism.What is JSONP?JSONP is a method … Continue reading Taking down the SSO, Account Takeover in 3 websites of Kolesa due to Insecure JSONP Call

NERVE – Network Exploitation, Reconnaissance & Vulnerability Engine

~ Dade Murphy ~ Leave a comment

KitPloit - PenTest Tools!-- NERVE is a vulnerability scanner tailored to find low-hanging fruit level vulnerabilities, in specific application configurations, network services, and unpatched services. It is not a replacement for Qualys, Nessus, or OpenVAS. It does not do authenticated scans, and operates in black-box mode only. NERVE will do "some" CVE checks, but this … Continue reading NERVE – Network Exploitation, Reconnaissance & Vulnerability Engine

Lock and Code S1Ep15: Investigating digital vulnerabilities in our physical world with Samy Kamkar

~ Dade Murphy ~ Leave a comment

Malwarebytes Labs-- This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to Samy Kamkar, chief security officer and co-founder of Open Path, about the digital vulnerabilities in our physical world. If you look through a recent history of hacking, … Continue reading Lock and Code S1Ep15: Investigating digital vulnerabilities in our physical world with Samy Kamkar