My team has been working hard and we release more juicy stuff:
– Common Security Mistakes when Developing Swift Applications – Part I
– Meet NFCdrip – a New Security Concern for Air-Gapped Systems
– What’s in Your Website? Lurking Risk from Third-party Resources
– How Secure Are the Browser Extensions You Create?
Pedro Umbelino also gave a talk in hack.lu – Mind The (Air)Gap, so this last weeks have been amazing.
Some of our work was published and I would like to share it here:
More coming soon in a web near you 🙂
On 13th March I did a webinar for Checkmarx showing in around 30 minutes what is and how you can exploit the web vector Reflected File Download.
You can still watch the recorded version at RFD: Still Threatening the Biggest Names on the Web.
Had a lot of fun doing it because it was my first webinar 🙂 ‘Til next time!
The team who loves hacking and learning new things have published more stuff:
CSRT latest work and news:
More to come really soon… 🙂 Having fun hacking!
Also, there are no known safe versions of the Flowplayer SWF. If you're hosting it, I can XSRF you. Kill it now. https://t.co/h0TnyAKTsC
— Kevin Riggle (@kevinriggle) August 6, 2015
[News] Exploits start against flaw that could hamstring huge swaths of Internet – http://t.co/u15KiTgFm0
— bugcrowd (@Bugcrowd) August 3, 2015