DISCLAIMER The information provided in this post is intended solely for educational purposes. The author assumes no responsibility or liability for any misuse, or unlawful activity resulting from the use of the information described herein. What is Cross-Site Scripting Cross-Site Scripting (XSS) is arguably one of the easiest web exploits to understand, which is why it’s often among the first vulnerabilities cybersecurity enthusiasts encounter. In a nutshell, XSS occurs when a web application accepts user-supplied input and renders it on a page without properly escaping or sanitizing it.

Read more...

FEX.NET FEX.NET, hereafter referred to as “FexNet,” is a cloud storage and file transfer service based in Ukraine, offering users the ability to store and share files online. FexNet shares many similarities with typical file-sharing platforms, it provides users with the option to create accounts, purchase storage space, and upload files for a specified duration. Like its competitors, FexNet also offers security features to protect users’ files. However, this blog post will focus on the security aspects of the platform, which, in reality, provide little to no protection at all in majority of cases.

Read more...

Foreword This post is intended for educational purposes only. Denuvo is arguably the most successful digital rights management solution to have ever existed, and is therefore an interest to many. This blog contains a large amount of my personal notes and correspondence with other reverse engineers (see kudos) which contains information about the recent iterations of Denuvo, lots of which I haven’t seen shared publicly before. I mean no harm towards Irdeto and thus certain information will be redacted from this post.

Read more...

The purpose of this post is primarily to explain the technical workings of my tool, BinaryShield, but it can also be treated as an introduction to VM based protections. This is NOT About Hypervisor Technology! To clear up any confusion, I want to first clarify that we are not talking about hypervisors such as VMware. I cannot stress that enough. Although they share similar ideas and terminology, I would argue that the kind of VM, or virtual machine, we will be discussing in the post is completely different to hypervisor technology.

Read more...

This article details the steps I took to discover and exploit an SQL injection vulnerability on the Clemson University website using my own tool, SQLiF (SQL injection Finder). DISCLAIMER This post and the release of my tool, SQLiF, are intended for educational purposes only. I was previously granted permission from Clemson University to document and share my findings with others. I am not responsible for anything you do with the information presented within this post.

Read more...