Barrow's Latest Posts
This is a pretty fun read on using a polyglot jpeg to bypass CSP leading to a XSS vuln. http://blog.portswigger.net/2016/12/bypassing-csp-using-polyglot-jpegs.html
This looks like it could be really handy if you're doing pentesting on premises. https://samy.pl/poisontap/ it grabs all sorts of useful data. Worth reading through.
Keen Security Lab recently released a brief write-up on multiple security vulnerabilities found in Tesla Model S vehicles. Among them was remote access to a vehicle's CAN (Controller Area Network) bus, allowing them to take control of the vehicle. The Keen Lab team was able to ...more
According to a recent blog post by Andrew Ayer, any user can crash systemd, the system and service manager in most Linux distros, with a single command: NOTIFY_SOCKET=/run/systemd/notify systemd-notify "" On some systems, the command needs to be wrapped in a loop to work: w ...more