ITS Blog

IT Security blog – about up to date topics on IT security

Browsing Posts in Attack

On Thursday I attended a workshop on Red Team Testing. Red Team testing comes from military jargon. It means to try to break into a facility. Not only on electronic or network way but also, if needed, physically. At the very first beginning there was a video presented, showing a show called Tiger Team […]

Cross Site Scripting – DOM based In my previous articles about Cross Site Scripting (XSS) you got a definition on XSS. Today we are talking about a new kind of attacks, the DOM-based XSS. Lets recall: In regular XSS  Javascript code is send to a webapplication. The webapplication does not propperly check the values it […]

This is the next article in our hacking a website series. To hack a website we need to know the different ways how to perform the attack. These ways are also called attack vectors. Our first vector is Cross Site Scripting. Cross Site Scripting is an attack against the user of a website. An Attacker […]

Kabel from 0xbadcab1e just told me that there is a new XSS worm on twitter. If you would like to see the worm in action search for onmouseover on twitter. After some seconds there is a a area for real time results. Inside is an update of how many new tweets came after you started searching. […]

For a recent talk I took the opportunity to look a little deeper into browser history stealing. The goal at Browser History Stealing is to get information about the browser history of a victim. This information can be very valuable for profiling and other stuff. But this is another blog post. Performing browser history stealing, […]