Home

8/8/2017: 

I have been recently busy at my startup: Fokoya, working on bringing our product to technical perfection both from the security aspect and the functionality and UX aspects. I have been writing technical researches and updates about new and\or interesting tech stuff we encounter here: https://www.fokoya.com/2017/07/tech-updates/ , you are welcome to read, it deals mainly with web technologies, libraries and challenges.

Updates (15/05/2017):

1 new post:

https://secinfodb.wordpress.com/2017/05/15/bypass-hardenings-to-display-files/

Updates (28/08/2016):

1 new post:

https://secinfodb.wordpress.com/2016/08/28/compiler-optimizations-can-cause-security-problems/

Updates (12/07/2016):

1 new post:

https://secinfodb.wordpress.com/2016/07/12/interesting-windows-10-group-policy-configs/

Updates (11/06/2016):

1 new post:

https://secinfodb.wordpress.com/2016/06/11/postmessage-sophisticated-csrf/

Added a new open question regarding postMessage shatter attack:

https://secinfodb.wordpress.com/open-questions/

Updates (07/06/2016):

Added two newer code injection techniques here:

https://secinfodb.wordpress.com/dllcode-injection-hooking-executionloading-hijacking/

Updates (30/05/2016):

1 new post:

https://secinfodb.wordpress.com/2016/05/30/kill-process-from-cmd-shell-injection-av-evasion/

Updates (25/05/2016):

1 new post:

https://secinfodb.wordpress.com/2016/05/23/webrtc-nat-traversing-stun-turn/

Updates (12/05/2016):

2 new posts:

https://secinfodb.wordpress.com/2016/05/12/careful-what-you-decode-online/

https://secinfodb.wordpress.com/2016/05/12/bypass-google-search-console-ownership-verification/

Updates (26/04/2016):

2 new posts:

https://secinfodb.wordpress.com/2016/04/26/hidden-embedded-javascript-technique/

https://secinfodb.wordpress.com/2016/04/26/secret-built-in-browser-base64-decoder/

 

Updates (23/04/2016):

When testing some website security and validating that there are server side validations, its usefull to just enable all the inputs and buttons. You can do it using this little javascript I wrote which you can just execute in the browser url bar (in order for the browser not to navigate away from the page, need to wrap url bar javascript commands in void() or use alert in the end. Note that you can also do try{document.all[i].readonly=false;}catch(err){} and other stuff inside the loop but do it in a separate try catch so that if one fails then it will not stop the other attempts (different html elements have different attributes)):

javascript:for(i=0;i<document.all.length;i = i + 1){try{document.all[i].disabled=false;}catch(err){}}alert(“done”);

Updates (20/04/2016):

Added this nice public VPNs comparison to the Resources page:

https://docs.google.com/spreadsheets/u/1/d/1FJTvWT5RHFSYuEoFVpAeQjuQPU4BVzbOigT0xebxTOw/htmlview?usp=sharing&sle=true

Updates (12/12/2015):

Added a lot of content to the following pages:

https://secinfodb.wordpress.com/resources/

https://secinfodb.wordpress.com/tools/

Added a little content to the following pages:

https://secinfodb.wordpress.com/pentesting-frameworks/

https://secinfodb.wordpress.com/advanced-shit/

https://secinfodb.wordpress.com/vulnerabilities/

Updates (15/10/2015):

Added many stuff to the Advanced Shit page:

Man In The Browser Attack, Http Verb Tunneling, Software Distribution\Deployment Techniques to Windows Machines, Windows PATHEXT environment variable vulnerability, Attacking Asp.Net Website Hosted On IIS

https://secinfodb.wordpress.com/advanced-shit/

Note: Comments\Likes\Followings from readers will give me more motivation to add content, just so you know 🙂

Updates (13/10/2015):

Added many stuff to the Advanced Shit page (everything after the first section is new):

https://secinfodb.wordpress.com/advanced-shit/

Added SAP ERP page:

https://secinfodb.wordpress.com/sap-erp/

Added SMBRelay bible links to the resources page:

https://secinfodb.wordpress.com/resources/

Introduction post:

https://secinfodb.wordpress.com/2015/07/09/howdy/

TODO post:

https://secinfodb.wordpress.com/2015/07/26/todo/

Leave a comment