Helped a user this morning with an issue where she disabled cookies at home, but when she came to work, none of the Intranet sites would work. Noticed she had browser sync turned on with a personal account.
Thought of this attack vector Attack Vector:
1. Detect if Browser has sync feature turned on.
2. Set homepage to malicious page
Recently visited a site and noticed in the url ?id=1 Of course, I had to try ?id=1' and sure enough i got a 500. Thinking possible injection, I wanted to talk to the owner before I went any further. whois shows that privacy is turned on, there is no contact information on the site. Other than e-mailing webmaster@domain, and twitter Any tips on finding contacts?
@JohnsNotHere Big thank you for the podcast. As a developer and generalist myself, really enjoyed enjoyed Ep.51 and Ep 52.
Christian, Father, Developer and Infosec Generalist who is always looking for some code to pull apart.
A Mastodon instance for info/cyber security-minded people.