It’s Finally out there the OWASP Mth3l3m3nt Framework . It’s a small tool to aid you in carrying out your pentest tasks with as little resources as possible. Most of us can afford the simple shared hosting services but not a powerful enough VPS to run pentest distros especially due to cost constraints. This one […]
It has become a trend with the 4 phase phish : Identify a target Attack the site Upload phishing page Email and Harvest Well from the previous post we identified some flaws in the phishing attack but that’s 2014. It gets worse when phishers become this uncreative. The uncreativity was an attempt in one of […]
The Phish Lives
So the Phish Still Lives. I’d like to call it a 419 but this seems closer home reason being , choice of name : MakOtieno Stephen <abbastephen13@gmail.com> How it was all meant to go down: Send the E-mail Get me to read and open an attachment that tells me to login to Gmail to read […]
Clouded Flaws
This is a simple discussion based on the demo done at Barcamp 2014.This writeup is based on the problems faced in the implementation of a majority of the cloud based systems especially those offered as SaaS. Some of the issues highlighted here are: Session Management Failures Poor Coding Practices (Non Secure SDLC) Failed Business Continuity […]
Business Continuity Failures
Everyone Loves Good Backup Systems to ensure in event of anything you are back to business ASAP. This however can be your biggest downfall if done wrong. As of Yesterday (2014-10-09), WordPress Ready! Backup Plugin has this done wrong By Breaking two rules of the web: Logging Backup Process to a Web Viewable Interface on […]
There have been a lot of links referring payvilla.com but are they real. This article is one to help identify scam sites. Common and Consistent Flaws No security certificate and it handles jobs and payments, well even facebook is merely a social network but they went through the trouble. Dingy ads at the bottom under […]
XAMPP 1.7.3 Heisting
Due to the increase in Web Application Exfiltration of data it would be prudent to show a simple scenario that would have this kind of attack suffice; This is to show a vulnerability within webdav service on xampp 1.7.3. Let’s assume the setup below as a simple lab: A banking system application in PHP hosted on […]