CyberTalents CTF web security challenges write-up

Hey Folks, My name is Mahmoud, a web application penetration tester, I have recently joined Seekurity and today I will share with you the details of the National Cyber Security CTF we recently had in Egypt. This year, CyberTalents organised a cyber security CTF in Egypt sponsored by Trend Micro which is probably the largest and […]

Facebook Messenger and HSTS

Pic Source: zona3.mx/sites/default/files/Facebook-Messenger-iPhone-6.png This article was originally covered by Tom Spring of ThreatPost. On Tuesday, Seekurity Founder and Cyber Security Advisor, Mohamed A. Baset, published a proof-of-concept video demonstrating what he calls a Facebook flaw that allows an attacker to access audio or video files from Facebook servers and play them back. Facebook is dismissing […]

Protected: Uber Vulnerability

There is no excerpt because this is a protected post.

#OperationTakeDown: Netflix Phishing Attack & Analysis

Hi Folks, Days ago, one of our clients received an email with the next subject in Spanish: “Problemas con tu membresia de Netflix” (Problems with your Netflix membership). The email was in his SPAM folder with the follow caption: “Be careful with this message. It contains a suspicious link that has been used to steal […]

BMW Vulnerabilities – Hijack Cars ConnectedDrive™ Service!

Hi Folks, Let me tell you the story about some typical vulnerabilities that was discovered by @Seekurity Team in BMW ConnectedDrive service which will allow any beginner attacker to hijack the whole service! . First what is BMW ConnectedDrive service? BMW ConnectedDrive – a technology packet full of services and apps that connects you closely to […]

RunKeeper Stored XSS Vulnerability – Where worms are able to run too!

  RunKeeper is a GPS fitness-tracking app for iOS and Android with over 40 million users. First launched in 2008 by CEO Jason Jacobs with the help of “moonlighting engineers”. In late 2011 RunKeeper secured $10 million in a Series B financing, led by Spark Capital. In February, 2016, RunKeeper was acquired by ASICS.

Cookie stuffing: How we are part of a fraud of millions of dollars

What is Cookie stuffing fraud? Is an activity which allows actors online to defraud affiliate marketing programs by causing themselves to receive credit for purchases made by web users (for this case users who made an online purchase in Amazon, Walmart, eBay or any other Online Store), even if the affiliate marketer didn’t actively perform […]

TopCoder.com Vulnerabilities – A tail of site-wide bugs leads to accounts compromise & payments hijacking

Hi Folks, TopCode.com is a website where the most skilled top coders around the world are solving challenges, Competing and writing codes to achieve a specific tasks. Top high profile companies like (Facebook, Google, Twitter, etc..) are getting help from such websites in their recruitment process!

Microsoft Yammer Clickjacking – Exploiting HTML5 Security Features

  Introduction: Modern Web Applications nowadays are relaying on a lot of technologies where typical web applications vulnerabilities are hard to find (eg. Clickjacking is an ABC security bug) but bug hunters are always the best! Yammer is a freemium enterprise social networking service used for private communication within organizations. Access to a Yammer network is determined […]

When your privacy disclosure is a “feature” not a “bug” – Badoo & HotorNot failure!

Your privacy on the internet is the biggest concern ever and when it comes to “Dating websites” and “Social Networks” it means more and more! Let me tell you a story of two websites that don’t respect yours and putting it on danger…