Description: A personal blog about software security, bug hunting, pentesting and other miscellaneous interests. Coffee mixes well with security!
My new workstation I have recently finally decided that having a single monitor (with a laptop opened) is just not cutting it for me. Besides that, there were some other nuances I wanted to solve: The laptop was taking so much space on my table Switching between different laptops was a drag Plugging a laptop into a TV for movies night was a drag, too That’s why I started constructing a station that would allow me to easily manage my hardware almost without any unplugging and re-plugging. Prerequ...
Blind XSS setup schematic In this post, I will explain my research and take on how to exploit blind XSS. The XSS vulnerability happens when a user-controlled input (such as form input or URL parameter) is not sanitized properly for HTML tags. In this case, the attacker can inject HTML tags that will be rendered on the page. This can be exploited by injecting a malicious piece of javascript which results in the XSS exploit when another user visits the malicious link or page. The attacker can test this by vi.
For some time now, I’m a proud owner of a Suunto Spartan sports watch. There is a whole ecosystem built around a Suunto watch, which I believe is true for any sports smartwatch. I’ve recently realized there are a whole plethora of hacking challenges surrounding this system, so I’ve decided I want to see how far I can push it without breaking the expensive watch system. The main reason for this endeavor is the sheer volume of interesting things I can learn from it. I’ll expand this post into a list of posts