Nuestra charla se enfocó en 3 temas “Sexting, extorsión sexual y el Ciberacoso“, ya que en los últimos años, los casos de extorsión sexual y el ciberacoso por parte de ex-parejas (principalmente) han aumentado considerablemente.
TL;DR A year ago we have been contacted by one of our clients from Middle east regarding looking for/implementing a payment processing solution for their own eCommerce solution and asked us to assist them in order to give them some candidates working in the same field in the middle east but we refused because our job is to assess not to suggest specific names, they suggested us some names but one among those names were a name-with-a-reputation but they ended up not choosing this name due to insecure implementation.
Today’s discovery is not a big deal, just another Clickjacking in the world, this time in Hak5’s C2 (Cloud Command and Control) Server
First, let us know what is Hak5’s C2 (Cloud Command and Control) Server?
Hak5 C2 is a cloud self-hosted penetration testing platform lets you perform “Pentest from Anywhere” by connecting and using your Hak5 gear/products (WifiPineapple, Packet Squirrel or Lan Turtle) to a one unified dashboard and control those devices remotely through the cloud server.
During a quick trial security assessment (not fully tested) of Crea8Social Social Network Script our team at Seekurity.com SAS de C.V. identified several severe Cross-Site Scripting Vulnerabilities in the platform that been widely used on the internet to create your own social network website (BTW this script used in the alleged new Egyptian Facebook named as EgFace.com). Our team responsibly contacted the vendor of the script but we got no answer and based on our Seekurity responsible disclosure rules which is a 90-day-disclosure-deadline or NON-Responsive vendor the bug details became visible to the public through our official communication channels.
[-] About the Tool:
Trape is a recognition tool that allows you to track people, the information you can get is very detailed. We want to teach the world through this, as large Internet companies could monitor you, obtaining information beyond your IP.
[-] Product Description:
phpSocial is a Social Network Platform similar with Facebook, allowing users to interact with each other by live chatting, sending messages, comments, like, share photos, life events and so much more.
Today we will talk about a session management vulnerability affects OpenProject with all its version before 6.1.6 (old Stable) and 7.0.3 (latest stable) and may lead to accounts compromise and perform unauthorized actions via physical access to the logged in user session. but first lets know some general info.
First what is OpenProject?
OpenProject is a web-based project management system for location-independent team collaboration. This open source application is released under the GNU General Public License Version 3 and is continuously developed by an active open source community.
In addition to numerous smaller OpenProject installations there are also some very large installations in global organizations with more than 2,500 projects.
Today we will discuss about a basic hunt of a reflected cross site vulnerability in SimpleRisk platform but first lets know some general details about the platform itself
What is SimpleRisk?
SimpleRisk is an open-source risk management system released under Mozilla Public License and used for risk management activities. It enables risk managers to account for risks, plan mitigation measures, facilitate management reviews, prioritize for project planning, and track periodic reviews. SimpleRisk allows risk managers to prioritize enterprise responses according to the severity of threats and vulnerabilities that could impact the business.
SimpleRisk sports a dashboard for submitting a new risk for consideration by your team, for creating risk reports and graphs of risk levels and locations. Highly configurable, SimpleRisk report generation is dynamic; risk formulas could be tweaked on the fly.