Greboca  

The Hacker Blog  -  The Orphaned Internet – Taking Over 120K Domains via a DNS Vulnerability in AWS, Google Cloud, Rackspace and Digital Ocean

 -  Décembre 2016 - 

Recently, I found that Digital Ocean suffered from a security vulnerability in their domain import system which allowed for the takeover of 20K domain names. If you haven’t given that post a read I recommend doing so before going through this write up. Originally I had assumed that this issue was specific to Digital Ocean… Read More

par mandatory

The Hacker Blog

A Hacker's Blog of Unintended Use and Insomnia.

"Zero-Days" Without Incident - Compromising Angular via Expired npm Publisher Email Domains

 -  Février 2022 - 

NOTE: If you’re just looking for the high level points, see the “The TL;DR Summary & High-Level Points” section of this post.Recently I took (...)


Kicking the Rims – A Guide for Securely Writing and Auditing Chrome Extensions

 -  Juin 2018 - 

Table of Contents A Thin Layer of Chrome Extension Security Prior-Art Isolated But Talkative Worlds A Quick Disclaimer Home is Where the (...)


Steam, Fire, and Paste – A Story of UXSS via DOM-XSS & Clickjacking in Steam Inventory Helper

 -  Juin 2018 - 

Summary The “Steam Inventory Helper” Chrome extension version 1.13.6 suffered from both a DOM-based Cross-site Scripting (XSS) and a clickjacking (...)


Reading Your Emails With A Read&Write Chrome Extension Same Origin Policy Bypass (~8 Million Users Affected)

 -  Juin 2018 - 

Summary Due to a lack of proper origin checks in the message passing from regular web pages, any arbitrary web page is able to call privileged (...)


ZenMate VPN Browser Extension Deanonymization & Hijacking Vulnerability (3.5 Million Affected Users)

 -  Mai 2018 - 

Summary ZenMate, a VPN provider with over 43 million users, offers multiple browser extensions to use their VPN with. As of the time of this (...)