How Gurkirat Singh managed hacking Facebook

Hacking Facebook – Flaw in the recovery process Gurkirat Singh is a security researcher/coder/hacker. In short this is how he managed to hack Facebook (article here). First he get’s an idea, that reseting multiple accounts on the same time could cause facebook to resend reset tokens.. Then he writes a script to crawl* different websites in order to collect facebook accounts Each

How to achieve a briliant phishing attack

Sean Cassidy shows how to achieve a briliant phishing attack on Lastpass by combining multiple security holes. This attack is powerfull because the author made a clear roadmap which checks if LastPass is installed, then logging out the user using a known vulnerability in the browser. The author tricks the user to login on the

Buffer Overflow Attacks

In an era where everything is digitized, there is always some scope for a loophole or vulnerability. This loophole forms the crux where hackers squeeze in their mischievous codes and hence flourish their business. You may expect a businessman to cut loose his profit, but you can never bargain on an attacker to miss vulnerability

Best practices for cloud services

Introduction Today most people have a smart phone, tablet or PC. Some years back we stored our photos on backup media such as CD or DVDs. Today different companies compete about getting access to our files. Most people today doesn’t react when a new “app” is installed and permissions is asked to our pictures, private messages or

Cloaking WordPress with “hide my WP”?

There’s a bunch of companies that provides services for cloaking the user’s website. In the previous articles Web scraping – part 1 and Web scraping – part 2 we learned how easy it was to scan multiple sites for vulnerabilities using footprints. This very exact method is dependent on that out footprints can be found on the site –

Net phishing

In this post I’m going to discuss about net phishing (also referred to as “web spoofing”). I still hear about people that have lost real money because of net phishing – and that´s just sad. Net phishing isn’t a new technique and neither a qualified hacking technique, but then keep in mind that most hacks today is based on old hacks,

Web scraping – part 2

Web scraping In the previous article we identified the footprints to use and now it’s time to start coding. First we need to fetch content from a website. In PHP we can do this using CURL or file_get_contents. Downloading source code from website You’ll need a text editor. For this project I picked sublime. To

Web scraping – part 1

Web scraping When a hacker has identified a vulnerability in a system or platform he can choose to either report it (white hat hacker) or scan more systems with the same security hole. One way to do this is “Web scraping” which means scanning a website for specific areas and/or extracting that information. Web scraping

Protected: Trick to access to thousands of premium products.

There is no excerpt because this is a protected post.

Review of jSpy a RAT from jSpy.net

Review of jSpy   Current version: 0.33 Developer URL: http://www.jspy.net/jspy/ Remote administrating tools with features such as webcam capture is nothing else then what earlier was named as trojans. We decided to check out jSpy just because the developer states that no buyers must write anything bad about it in public. Features   Features jSpy 100%