<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:dc="http://purl.org/dc/elements/1.1/">
  <channel>
    <title>Vulnerable Security</title>
    <description>All about security</description>
    <link>https://vulnsec.com</link>
    <atom:link href="https://vulnsec.com/feed.xml" rel="self" type="application/rss+xml" />
    
      <item>
        <title>Solving the XSS challenge from Intigriti</title>
        
        
          <description>&lt;p&gt;Last week there was the XSS challenge published by &lt;a href=&quot;https://twitter.com/intigriti/status/1196414274584875010&quot;&gt;@intigriti&lt;/a&gt;. The goal was to trigger your javascript code in the context of their domain “challenge.intigriti.io”.&lt;/p&gt;
</description>
        
        <pubDate>Tue, 26 Nov 2019 00:00:01 +0000</pubDate>
        <link>https://vulnsec.com/2019/intigriti-xss-challenge/</link>
        <guid isPermaLink="true">https://vulnsec.com/2019/intigriti-xss-challenge/</guid>
      </item>
    
      <item>
        <title>My article was published in the Paged Out! #2</title>
        
        
          <description>&lt;p&gt;After I solved the picoCTF 2019 JavaScript Kiddie challenge I wrote about in my &lt;a href=&quot;/2019/picoctf-2019-js-kiddie/&quot;&gt;previous post&lt;/a&gt;, I thought it would be great to share this challenge with other people interested in the topic. It was one of the challenges with the lowest amount of solvers, as well.&lt;/p&gt;
</description>
        
        <pubDate>Sat, 16 Nov 2019 00:00:01 +0000</pubDate>
        <link>https://vulnsec.com/2019/paged-out-2-ezine/</link>
        <guid isPermaLink="true">https://vulnsec.com/2019/paged-out-2-ezine/</guid>
      </item>
    
      <item>
        <title>picoCTF 2019 - JS Kiddie writeup</title>
        
        
          <description>&lt;p&gt;I posted my writeup on how to solve the &lt;strong&gt;picoCTF 2019&lt;/strong&gt; JavaScript Kiddie challenge from the web category. You can find there some basic cryptography and forensic. The goal of this challenge was to provide a valid key to decrypt PNG image. As a result of the successful decryption process, I received a QR Code image with the flag.&lt;/p&gt;
</description>
        
        <pubDate>Thu, 24 Oct 2019 00:00:01 +0000</pubDate>
        <link>https://vulnsec.com/2019/picoctf-2019-js-kiddie/</link>
        <guid isPermaLink="true">https://vulnsec.com/2019/picoctf-2019-js-kiddie/</guid>
      </item>
    
      <item>
        <title>How to use Burp Suite with multiple profiles in Firefox</title>
        
        
          <description>&lt;p&gt;There is a few popular ways to run Burp Suite in the pentesting environment. The simplified approach is to have a dedicated web browser to use (only) with Burp.&lt;/p&gt;
</description>
        
        <pubDate>Tue, 27 Aug 2019 00:00:01 +0000</pubDate>
        <link>https://vulnsec.com/2019/firefox-burp-suite-configuration/</link>
        <guid isPermaLink="true">https://vulnsec.com/2019/firefox-burp-suite-configuration/</guid>
      </item>
    
      <item>
        <title>Reverse Engineering a book cover - writeup</title>
        
        
          <description>&lt;p&gt;This writeup is really related to hacking and to be more precise cracking a &lt;strong&gt;real&lt;/strong&gt; book cover. I bought this book some time ago as a pre-order.&lt;/p&gt;
</description>
        
        <pubDate>Fri, 03 Feb 2017 00:00:01 +0000</pubDate>
        <link>https://vulnsec.com/2017/reverse-engineering-a-book-cover/</link>
        <guid isPermaLink="true">https://vulnsec.com/2017/reverse-engineering-a-book-cover/</guid>
      </item>
    
      <item>
        <title>SANS Holiday Hack Challenge 2016 - writeup</title>
        
        
          <description>&lt;p&gt;This year’s edition of SANS Holiday Hack Challenge 2016 was built around the story of Santa Claus disappearance and our objective is to find out who kidnapped him.
I would categorize this challenge as the &lt;strong&gt;Capture The Flag&lt;/strong&gt; (CTF) contest because there was a lot of different tasks, categories and flags (audio files, coins, quests).&lt;/p&gt;
</description>
        
        <pubDate>Thu, 05 Jan 2017 00:00:01 +0000</pubDate>
        <link>https://vulnsec.com/2017/SANS-Holiday-Hack-Challenge-2016/</link>
        <guid isPermaLink="true">https://vulnsec.com/2017/SANS-Holiday-Hack-Challenge-2016/</guid>
      </item>
    
      <item>
        <title>How attackers exploit routers remotely?</title>
        
        
          <description>&lt;p&gt;There is no CVE assigned for that vulnerability yet. &lt;strong&gt;It was reported by Chad Dougherty&lt;/strong&gt;.
Vulnerability is trivial and allows any attacker to execute arbitrary command directly on your router. Payload for executing a command always works and the only requirement is to know the local IP address of your router (which is trivial to enumerate).&lt;/p&gt;
</description>
        
        <pubDate>Mon, 12 Dec 2016 00:00:01 +0000</pubDate>
        <link>https://vulnsec.com/2016/how-routers-are-exploited-remotely/</link>
        <guid isPermaLink="true">https://vulnsec.com/2016/how-routers-are-exploited-remotely/</guid>
      </item>
    
      <item>
        <title>How to detect the Sparkle Updater vulnerability</title>
        
        
          <description>&lt;p&gt;In the previous article, I described &lt;a href=&quot;/2016/osx-apps-vulnerabilities/&quot;&gt;how to hack OS X by abusing vulnerable application&lt;/a&gt;.
The method was based on the MITM attack to elevate your privileges to that of the currently logged in user on the remote machine.&lt;/p&gt;
</description>
        
        <pubDate>Fri, 29 Jan 2016 00:00:02 +0000</pubDate>
        <link>https://vulnsec.com/2016/detecting-osx-apps-rce/</link>
        <guid isPermaLink="true">https://vulnsec.com/2016/detecting-osx-apps-rce/</guid>
      </item>
    
      <item>
        <title>How I discovered a vulnerability in hundreds of Mac OS X applications</title>
        
        
          <description>&lt;p&gt;Lately, I was doing research connected with different updating strategies, and I
tested a few applications working under Mac OS X. This short weekend research
revealed that we have many insecure applications in the wild. As a result, I
have found a vulnerability which allows an attacker take control of another
computer on the same network (via MITM).&lt;/p&gt;
</description>
        
        <pubDate>Fri, 29 Jan 2016 00:00:01 +0000</pubDate>
        <link>https://vulnsec.com/2016/osx-apps-vulnerabilities/</link>
        <guid isPermaLink="true">https://vulnsec.com/2016/osx-apps-vulnerabilities/</guid>
      </item>
    
  </channel>
</rss>