Author: Paul

In the previous post, a demonstration was shown of how Chrome’s soon to be default behaviour (if the same site attribute is not explicitly set) will affect CSRF in this instance. Also, to show Chrome’s exception that will happen alongside it. In this post, there will...

In part 1 we looked at the SameSite attribute, here we will run through a quick demo of an CSRF (Cross site request forgery) attack being performed with Chrome’s enforcement enabled. Note: when attempting this on the latest version of Chrome (version 80 at the time...

Google has made a change to its Chrome browser recently. The change affects the way the browser handles cookies. In previous versions of Chrome (Pre-version 80), cookies are sent in a cross-site request by default. This could result in a security issue such as CSRF (Cross-Site...

In the previous post, we discussed how any information that is committed to a version control platform can be searched through to find information. The process was performed manually by using the platforms search function; however, in this final post, we will be using a...

In this second part, we will go through the process of Dorking, but most importantly, how data could be searched for within public repositories. As reminder, Dorking is the ability to find information from searching. Hackers can search through public repositories in order to look for...

There are several potential employees that a malicious actor could target in an organisation, but what if this was a developer? Developers have played an essential part in business, and even more so in the future. They generally have quite a significant amount of access within...

Objective Local Privilege escalation on the victim host via snapd Summary A security researcher Chris Moberly discovered a Linux Privilege Escalation vulnerability in January 2019 but was release mid-February. The vulnerability affects version 2.28 through 2.37 of snapd a universal package management system created by Canonical. Snap packages contain...