• A container-based framework for Android emulation (and hacking)

    A container-based framework for Android emulation (and hacking)

    Currently, there are 3.8 billion smartphone users in the world and this number is going to increase much more in the future; this situation poses a security risk for companies and people. Speaking about security, most of the companies around the world use Cyber Ranges to train their personnel, the problem is that current-generation Cyber…

  • Study PHP Unserialize Object Injection in Yet Another Stars Rating plugin by using Docker Security Playground

    Study PHP Unserialize Object Injection in Yet Another Stars Rating plugin by using Docker Security Playground

    First of all, update DSP laboratory: in <dsp>:8080/repository page, click on Update All Now you should see the lab in /labs section Click on F5 if you are not able to see it. We need to create a live processing way to update between multiple tabs. If it is the first installation, you need to…

  • Using Docker Security Playground to create unserialize() Object Injection in Yet Another Stars Rating laboratory

    Using Docker Security Playground to create unserialize() Object Injection in Yet Another Stars Rating laboratory

    In previous post I’ve describe how it is possible to use Docker in order to setup a Docker environment to study Yet Another Stars Rating wordpress plugin https://wpscan.com/vulnerability/9207. Here I am going to show you how you can configure a vulnerable environment by using Docker Security Playground . Docker Security Playground installation Install DSP is…

  • Leveraging Docker + VSCode to study web vulnerabilities

    Leveraging Docker + VSCode to study web vulnerabilities

    Have you ever studied Docker? If you are a passionate about web hacking, study it! In this Post I am going to persuade you that using Docker to study web vulnerabilities is a good thing! If you want to understand more about this post, please follow Docker Documentation How do you find vulnerabilities? There are…

  • CVE-2020-2229 JENKINS UP TO 2.251/LTS 2.235.3 TOOLTIP STORED CROSS SITE SCRIPTING

    CVE-2020-2229 JENKINS UP TO 2.251/LTS 2.235.3 TOOLTIP STORED CROSS SITE SCRIPTING

    In this Post, I show how I have create the Proof Of Concept for CVE-2020-2229 . I found a vulnerable version Jenkins 2.249 during a Penetration Test, I was trying to investigate available exploits for this vulnerability, but I did not find anything. Well, Jenkins is an amazing wonderful project, the best way that I…

  • Web Application Hacking – An introduction

    Web Application Hacking – An introduction

    When trying to find a methodology for performing a Penetration Test against a Web Application (meaning those that are accessed using a browser to communicate with a web browser), one should keep in mind that Hackers’ activities to find new vulnerabilities always involve a great deal of creativity. It is possible, though, to explore all…

  • Web Application Hardening

    Web Application Hardening

    The problem of attacks on Web applications today is highly critical.To understand it, simply observe the following diagram, which shows the number of Kaspersky web antivirus detections per second: The average number of threats detected is about 200 per second! (You can see the threats in real time directly here.)But what can we do to…