ssrf, webappsec, xss, ntlm, responder — 18 December 2017 Leveraging web application vulnerabilities to steal NTLM hashes Introduction NTLM authentication is the de-facto standard in corporate networks running Windows. There are a plethora of well-understood local attacks that take advantage of the way Windows perform automatic NTLM authentication, and abusing this feature is undoubtedly on the playbook...
survey, security, webappsec — 30 May 2016 A survey on the usage of HTTP security headers in Brazil and Estonia Introduction In the recent years a number of security-oriented client-side controls for web browsers appeared in the scene in form of security headers. These headers can be used to improve the security of the user experience when interacting with a...