Hacker News
- Compromising Angular via expired NPM publisher email domains https://thehackerblog.com/zero-days-without-incident-compromising-angular-via-expired-npm-publisher-email-domains-7kZplW4x/ 75 comments
- Taking Over 20K DigitalOcean Domains via a Lax Domain Import System (2016) https://thehackerblog.com/floating-domains-taking-over-20k-digitalocean-domains-via-a-lax-domain-import-system/ 51 comments
- The Journey to Hijacking a Country’s TLD – The Hidden Risks of Domain Extensions https://thehackerblog.com/the-journey-to-hijacking-a-countrys-tld-the-hidden-risks-of-domain-extensions/index.html 7 comments
- The Orphaned Internet – Taking Over 120K Domains via a DNS Vulnerability https://thehackerblog.com/the-orphaned-internet-taking-over-120k-domains-via-a-dns-vulnerability-in-aws-google-cloud-rackspace-and-digital-ocean/index.html 28 comments
- Taking Over DigitalOcean Domains via a Lax Domain Import System https://thehackerblog.com/floating-domains-taking-over-20k-digitalocean-domains-via-a-lax-domain-import-system/index.html 170 comments
- Obtaining Wildcard SSL Certificates from Comodo via Dangling Markup Injection https://thehackerblog.com/keeping-positive-obtaining-arbitrary-wildcard-ssl-certificates-from-comodo-via-dangling-markup-injection/index.html 58 comments
- How I Got 5,000 GitHub Followers In Less Than 24 Hours http://thehackerblog.com/how-i-got-5000-github-followers-in-less-than-24-hours/ 6 comments
Lobsters
- Taking control of all .io domains with a targeted registration https://thehackerblog.com/the-io-error-taking-control-of-all-io-domains-with-a-targeted-registration/ 3 comments security
- Video Downloader and Video Downloader Plus Chrome Extension Hijack Exploit - UXSS via CSP Bypass (~15.5 Million Affected) https://thehackerblog.com/video-download-uxss-exploit-detailed/ 13 comments netsec
- ZenMate VPN Browser Extension Deanonymization & Hijacking Vulnerability (3.5 Million Affected Users) https://thehackerblog.com/zenmate-vpn-browser-extension-deanonymization-hijacking-vulnerability-3-5-million-affected-users/index.html 24 comments netsec
- "I too like to live dangerously", Accidentally Finding RCE in Signal Desktop via HTML Injection in Quoted Replies https://thehackerblog.com/i-too-like-to-live-dangerously-accidentally-finding-rce-in-signal-desktop-via-html-injection-in-quoted-replies/index.html 6 comments signal
- "I too like to live dangerously", Accidentally Finding RCE in Signal Desktop via HTML Injection in Quoted Replies (CVE-2018-11101) https://thehackerblog.com/i-too-like-to-live-dangerously-accidentally-finding-rce-in-signal-desktop-via-html-injection-in-quoted-replies/index.html 23 comments netsec
- The .io Error - Taking Control of All .io Domains With a Targeted Registration https://thehackerblog.com/the-io-error-taking-control-of-all-io-domains-with-a-targeted-registration/ 2 comments technology
- Taking Control of All .io Domains With a Targeted Registration https://thehackerblog.com/the-io-error-taking-control-of-all-io-domains-with-a-targeted-registration/ 65 comments netsec
- The Journey to Hijacking a Country's DNS - The Hidden Risks of Domain Extensions https://thehackerblog.com/the-journey-to-hijacking-a-countrys-tld-the-hidden-risks-of-domain-extensions/index.html 22 comments netsec
- The Orphaned Internet – Taking Over 120K Domains via a DNS Vulnerability in AWS, Google Cloud, Rackspace and Digital Ocean https://thehackerblog.com/the-orphaned-internet-taking-over-120k-domains-via-a-dns-vulnerability-in-aws-google-cloud-rackspace-and-digital-ocean/ 5 comments netsec
- Breaching a CA - Blind Cross-site Scripting (BXSS) in the GeoTrust SSL Operations Panel Using XSS Hunter https://thehackerblog.com/breaching-a-ca-blind-cross-site-scripting-bxss-in-the-geotrust-ssl-operations-panel-using-xss-hunter/ 3 comments netsec
- Taking Over 20K DigitalOcean Domain Names via a Lax Domain Import System https://thehackerblog.com/floating-domains-taking-over-20k-digitalocean-domains-via-a-lax-domain-import-system/index.html 4 comments sysadmin
- Floating Domains - Taking Over 20K DigitalOcean Domain Names via a Lax Domain Import System https://thehackerblog.com/floating-domains-taking-over-20k-digitalocean-domains-via-a-lax-domain-import-system/index.html 5 comments netsec
- Obtaining Wildcard SSL Certificates from Comodo via Dangling Markup Injection https://thehackerblog.com/keeping-positive-obtaining-arbitrary-wildcard-ssl-certificates-from-comodo-via-dangling-markup-injection/index.html 3 comments crypto
- The International Incident - Gaining Control of a .int Domain Name With DNS Trickery https://thehackerblog.com/the-international-incident-gaining-control-of-a-int-domain-name-with-dns-trickery/index.html 22 comments netsec
- XSS Hunter is Now Open Source – Here’s How to Set It Up! https://thehackerblog.com/xss-hunter-is-now-open-source-heres-how-to-set-it-up/ 6 comments netsec
- Poisoning the Well – Compromising GoDaddy Customer Support With Blind XSS https://thehackerblog.com/poisoning-the-well-compromising-godaddy-customer-support-with-blind-xss/ 39 comments netsec
- The “Unhackable” WordPress Blog – Finding Security In the Static https://thehackerblog.com/the-unhackable-wordpress-blog-finding-security-in-the-static/ 4 comments netsec
- Building An Rdio Flash Cross-domain Exploit with FlashHTTPRequest https://thehackerblog.com/building-an-rdio-flash-cross-domain-exploit-with-flashhttprequest-crossdomain-xml-security/ 5 comments netsec
- sonar - A Framework for Scanning and Exploiting Internal Hosts With a Webpage http://thehackerblog.com/sonar-a-framework-for-scanning-and-exploiting-internal-hosts-with-a-webpage/ 16 comments netsec
- Firefox users still unprotected against LastPass vulnerability https://thehackerblog.com/stealing-lastpass-passwords-with-clickjacking/ 15 comments firefox
- Stealing Lastpass Passwords With Clickjacking https://thehackerblog.com/stealing-lastpass-passwords-with-clickjacking/ 24 comments netsec
- The NoScript Misnomer - Why should I trust vjs.zendcdn.net? http://thehackerblog.com/the-noscript-misnomer-why-should-i-trust-vjs-zendcdn-net/ 52 comments programming
- wmap - A Chrome Extension for Taking Screenshots of Web Services In Bulk http://thehackerblog.com/wmap-a-chrome-extension-for-taking-screenshots-of-web-services/ 11 comments netsec
- Dirty Browser Enumeration Tricks - Using chrome:// and about: to Identify Firefox & Plugins http://thehackerblog.com/dirty-browser-enumeration-tricks-using-chrome-and-about-to-detect-firefox-plugins/ 17 comments netsec
- Every C99.php Shell Is Backdoored (A.K.A. Free Shells for Everyone!) http://thehackerblog.com/every-c99-php-shell-is-backdoored-aka-free-shells/ 14 comments netsec
- Auditing WP-DB-Backup Wordpress Plugin & Why Using the Database Password for Entropy is a Bad Idea http://thehackerblog.com/auditing-wp-db-backup-wordpress-plugin-why-using-the-database-password-for-entropy-is-a-bad-idea/ 8 comments netsec
- A Look Into Creating A Truley Invisible PHP Shell http://thehackerblog.com/a-look-into-creating-a-truley-invisible-php-shell/ 12 comments netsec
- A More Universal Router Payload - Backdooring the Linksys WRT54G Firmware http://thehackerblog.com/linksys-wrt56g-backdoor-payload/ 6 comments netsec
- Samsung.com Account Takeover Vulnerability Write-up http://thehackerblog.com/samsung-com-account-takeover-vulnerability-write-up/ 9 comments netsec
- xssless - Automatic XSS Payload Generator http://thehackerblog.com/xssless-automatic-xss-payload-generator/ 9 comments netsec
- Snapchat "Pressure Cooker" Class Code - Any ideas form the netsec community? http://thehackerblog.com/reversing-snapchat-pressure-cooker-hidden-code/ 2 comments netsec
- The Story of Bob and Mike, or How You Got Hacked By Sub Domain Brute Forcing! [My Blog] [x-post r/netsec] http://thehackerblog.com/the-story-of-bob-and-mike-or-how-you-got-hacked-by-sub-domain-brute-forcing/ 12 comments sysadmin
- The Story of Bob and Mike, or How You Got Hacked By Sub Domain Brute Forcing! [My Blog] http://thehackerblog.com/the-story-of-bob-and-mike-or-how-you-got-hacked-by-sub-domain-brute-forcing/ 32 comments netsec