In this post we’ll have a look at the nodejs deserialization attack/exploit in XVNA (eXtreme Vulnerable Node Application). Insecure deserialization is part of the OWASP Top 10 list that was published in 2017. We’ll use the setup detailed here (XVNA…
As suggested by Intel in their Intel Analysis of Speculative Execution Side Channels whitepaper, the recommended mitigation for Spectre (CVE-2017-5753) is to use the LFENCE instruction (“LFENCE does not execute until all prior instructions have completed locally, and no later instruction…
This is a python script designed to automatically find XSS (cross-site scripting), directory traversal/LFI (local file inclusion) and open redirect vulnerabilities. It uses a predefined dictionary for XSS/LFI attacks that can easily be extended. The open redirect vulnerabilities are checked…
ByteFUZZ is a file format fuzzer that can do blind fuzzing, by replacing bytes from the original/seed file. Once the files are generated, it will call the target program with the fuzzed files as arguments and check to see if…
