Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload <= v9.22.0

Background This vulnerability has been present for some time, however, it had been noticed by a security researcher recently, Larry Cashdollar who has since reported it as a CVE (aka Common vulnerability and Exposure). This is so the wider security community can check for this in the future and warn website owners, but as a … Continue reading Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload <= v9.22.0

Purse of Pwnge

By @5w0rdfish Purse of Pwnge  As featured in my Breaking the Bodyguard talk at BSides London 2018. This is a sly way to read the RFID cards of unsuspecting victims. I created it to use to bring something different to the table. I have tried to work on the components to slim them down enough … Continue reading Purse of Pwnge

Operation Shady Rat

The impact of Operation Shady Rat was felt throughout the world, dating from 2006, reaching over 14 countries; 70 victims featuring government organisations, companies and not for profits were targeted. Organisations such as the UN and the Olympic committee were targeted, the list of which may have noticed the breaches individually, however it was the … Continue reading Operation Shady Rat

Steganography 101

Steganography 101 As opposed to cryptography, which uses encryption to keep the data covert. Steganography can be known as the practice of hiding communications in plain sight. It focuses on keeping the channel of communications and the data sent covert. Firstly what is required is a cover medium. Many tools on the market now offer … Continue reading Steganography 101