تحقيق وتحليل تقنى: جريدة الاهرام النسخة الانجليزية تقوم بإستخدام اجهزة الزوار لتعدين عملات رقمية بتكنيك مختلف وجديد!

موضة جديدة اتبعتها المواقع حديثا وهيا الكسب من خلال تعدين العملات الرقمية بدلا من استخدام اعلانات Google Ads او اى خدمة اعلانات اخرى على امل تحقيق مكسب اسرع، فى التحقيق دا هنتكلم عن جريدة “الاهرام اونلاين” وتعدين العملات الرقمية، واحد من متابعينا بتاريخ ٩ نوفمبر ٢٠١٨ بعتلنا على الصفحة الرسمية ل Seekurity ان موقع “جريدة الاهرام اونلاين النسخة الانجليزية” فيه مشكله وانه كل ما بيدخله اللابتوب بتاعه بيبدأ يبقى بطئ ويسخن، اول ما شوفت الرسالة وبدون حتى اى تفكير عرفت ان الموقع بيقوم بعمل تعدين لعملة رقمية ما.

Continue reading “تحقيق وتحليل تقنى: جريدة الاهرام النسخة الانجليزية تقوم بإستخدام اجهزة الزوار لتعدين عملات رقمية بتكنيك مختلف وجديد!”

Share

CryptoJacking by Clickjacking: Bypassing Coinhive OPT-IN feature and trick users into Cryptocurrency mining!

Today’s discovery is not a big deal too, just another Clickjacking in the world, but this time in the newly added “OPT-IN” feature by coinhive and authedmine but first let’s know some terms before we begin.

What is Coinhive?

Coinhive is a cryptocurrency mining service that relies on a small chunk of javascript code designed to be installed on Web sites.

Continue reading “CryptoJacking by Clickjacking: Bypassing Coinhive OPT-IN feature and trick users into Cryptocurrency mining!”

Share

The Fuzz…The Bug..The Action – A Race Condition bug in Facebook Chat Groups leads to spy on conversations!

Hi Folks, Long time no see, it’s Seif Elsallamy, Remember me ? if not 🙁 you may go through my previous blogs Stored XSS in the heart of the Russian email provider giant (Mail.ru)  ,  Rolling around and Bypassing Facebook’s Linkshim protection on iOS

Today I’m gonna show you a race condition bug which i recently fall in love with those kind of vulnerabilities especially in when it comes to Facebook also i want to mention that this bug is super simple to understand It’s not complicated, the only complicated part is how to test and finding it.

Continue reading “The Fuzz…The Bug..The Action – A Race Condition bug in Facebook Chat Groups leads to spy on conversations!”

Share

Business Logic Vulnerabilities Series: How I became invisible and immune to blocking on Instagram!

Hey Folks,

Welcome back again, This is Ali Kabeel in case you don’t remember me read my first blog about Abusing invitations systems.

In this blog we will be continuing our talk about Business logic bugs and how dangerous and simple they can become, I will be showing you one of the simplest yet the most dangerous bugs I have found in the gigantic photo sharing app Instagram but first lets get an overview of some concepts and general knowledge.

Continue reading “Business Logic Vulnerabilities Series: How I became invisible and immune to blocking on Instagram!”

Share

Vulnerability in Metasploit Project aka CVE-2017-5244

 

Hi Guys,
I hope you all are fine and doing well. Yes you read it right, We managed to find a vulnerability in a framework used to exploit vulnerabilities! “Today is me tomorrow will be you” 🙂

Today we will talk about a CSRF vulnerability affects the web application of both versions (Express, Community and Professional) of Metasploit Project.

But first what is Metasploit? (Seriously maybe somebody out there don’t know about it yet :D)

Continue reading “Vulnerability in Metasploit Project aka CVE-2017-5244”

Share

RunKeeper Stored XSS Vulnerability – Where worms are able to run too!

 

RunKeeper is a GPS fitness-tracking app for iOS and Android with over 40 million users. First launched in 2008 by CEO Jason Jacobs with the help of “moonlighting engineers”. In late 2011 RunKeeper secured $10 million in a Series B financing, led by Spark Capital. In February, 2016, RunKeeper was acquired by ASICS.

Continue reading “RunKeeper Stored XSS Vulnerability – Where worms are able to run too!”

Share

TopCoder.com Vulnerabilities – A tail of site-wide bugs leads to accounts compromise & payments hijacking

TopCoder_logo

Hi Folks,
TopCode.com is a website where the most skilled top coders around the world are solving challenges, Competing and writing codes to achieve a specific tasks. Top high profile companies like (Facebook, Google, Twitter, etc..) are getting help from such websites in their recruitment process!

Continue reading “TopCoder.com Vulnerabilities – A tail of site-wide bugs leads to accounts compromise & payments hijacking”

Share