Researches

An Interesting Cross-Site Scripting Vulnerability on "ton.twitter.com"

Hello Everyone, I’m Seif Elsallamy an Application Penetration Tester at @Seekurity Today I will introduce to you beautiful readers a bug that we discovered in Twitter social network, We are going to go a bit deeper. This vulnerability was discovered back in 2018 and we decided to publish it as we were restricted to sharing […]

Edge browser press and hold up-arrow for a second all your emails disclosed

Hello Everyone, I’m Seif Elsallamy an Application Penetration Tester at @Seekurity First of all, this is a very old blog post (the issue was originally discovered back in 2017) but we thought it might be useful to publish it hope it helps someone else in their research. If you’re an Edge user you should be […]

Security Vulnerabilities affects Online Services of Egyptian Telecommunications Company "Etisalat Misr"

IntroductionTelecommunications companies nowadays became huge enough to have millions of subscribers under its hood, those companies are doing their best to digitalize and revolutionize their online services to serve the needs of the mass subscribers, In a result of this digitalization process, many security weakness may appear which could affect the safety of customers data […]

Los sitios olvidados y hackeados del Gobierno Mexicano

Los gobiernos en México, tanto municipales, estatales o federales, tienen poco o nulo interés por la seguridad informática. Tras un trabajo de investigación, encontramos más de dieciséis sitios gubernamentales, vulnerados y que permanecen en el abandono o que sus administradores no se han dado cuenta que alguien los ha hackeado. Anteriormente Seekurity notificó a instancias […]

PAYFORT - Multiple Security Issues and Concerns in a PCI/DSS compliant payment processor SDK!

TL;DR A year ago we have been contacted by one of our clients from Middle east regarding looking for/implementing a payment processing solution for their own eCommerce solution and asked us to assist them in order to give them some candidates working in the same field in the middle east but we refused because our […]

CryptoJacking by Clickjacking: Bypassing Coinhive OPT-IN feature and trick users into Cryptocurrency mining!

Today’s discovery is not a big deal too, just another Clickjacking in the world, but this time in the newly added “OPT-IN” feature by coinhive and authedmine but first let’s know some terms before we begin. What is Coinhive? Coinhive is a cryptocurrency mining service that relies on a small chunk of javascript code designed […]

Rolling around and Bypassing Facebook's Linkshim protection on iOS

Supp!, How are you guys! I hope you’re fine, I’m Seif Elsallamy (again) if you don’t remember me read my previous blog here: Stored XSS in the heart of the Russian email provider giant (Mail.ru) Before we go in depth, lets know What is Linkshim ?

Business Logic Vulnerabilities Series: A brief on Abusing Invitation Systems

Hi Guys, I am Ali Kabeel an Application Security Intern at Seekurity team. This is my first blog i hope you like it. In this blog post I will be mainly focusing on Business Logic vulnerabilities by offering some tips and tricks on how to abuse invitation systems using real-world examples from my Facebook Bug […]

List of IPs you should block in your SSH server

2 months ago we have installed some servers in countries such as Germany and Singapore in which constantly we are receiving automated SSH bruteforce attacks trying to compromise the root user mainly from countries like China, Argentina, Brasil, Ecuador, Taiwan, Korea and India. After analyzing the traffic, we disabled the root user but hours later […]

QRLJacking – Your QR-based session belongs to us!

  Introduction Before we start we need to explain some frequently mentioned terms which are: QR Code, SSO and Clickjacking. What is QR Code? QR code (abbreviated from Quick Response Code) is the trademark for a type of matrix barcode (or two-dimensional barcode) first designed for the automotive industry in Japan. A barcode is a […]

VoIP Security Analysis with Asterisk

Adopting new technologies such as VoIP by small, medium and large companies, isn’t only  about the benefit representing a decrease in costs, is about an risk increase exposure too, which can be reflected in the payment of  large sums of money , because (national or international) calls made by people outside the company.

Previous page Next page

Translate this blog