Latest Vulnerabilities

JWT Hacking 101

As JavaScript continues its quest for world domination, JSON Web Tokens (JWTs) are becoming more and more prevalent in application security.  Many applications use them, so it has become very important for me to know as much as I can and I want to share what I’ve learned. In this blog post I will discuss [...]

By | December 8th, 2017|Categories: InfoSec, Vulnerabilities|0 Comments

EXE Hijacking in Git Bash for Windows

TLDR; Git Bash for Windows 1.x will execute any file named "git.exe" in the current directory when accessing the Windows context menu Discovery I was researching some old DLL hijacking vectors recently. Specifically, I was looking at the Metasploit module exploit/windows/browser/webdav_dll_hijacker. I wanted to see if this old 2010 exploit would work with Windows 8 [...]

By | October 30th, 2016|Categories: Vulnerabilities|1 Comment

Referer Redirection and Its Inconspicuous Danger

Referer Redirection and Its Inconspicuous Danger Recently I noticed some peculiar behavior on web application. I observed that in certain situations, the webpage would openly redirect to the ‘Referer’ header defined in the request. In this particular instance, the web application required some data from the user to perform that page’s function. When that data was not present, [...]

By | August 23rd, 2016|Categories: InfoSec, Vulnerabilities|0 Comments