Flashriot - Using Flashbang for bulk analysis

22 May 2015 Category: Hacks

I recently had the necessity to test multiple flash files for XSS. Flashbang is an awesome tool for this kind of work. Since Flashbang needs a browser to run, the only way to automate it......

Crawler for NMDC networks

02 May 2015 Category: Python

Crawler What is the meaning of a crawler in a file sharing network? Very simple for me. Something that collects all the files that are shared by clients on that dc network. But collecting all......

Messing around using NMDC protocol

15 Nov 2014 Category: Hacks

What is NMDC? NeoModus Direct Connect was initially a file-sharing client for Windows and Mac users that provided file-sharing capabilities for any type of file within a hub-centric, peer-to-peer network. NeoModus Direct Connect inspired the......

My first BruCON (2014)

02 Oct 2014 Category: Information

It couldn't have been any better for me. If you haven't been to BruCON, I suggest you to hurry up. As one of the attendees tweeted - 'You never meet a stranger at BruCON'. I......

Phacilitating phew bugs ;)

02 Jul 2014 Category: Hacks

I am not a huge fan of bug bounties since I am more of a tool developer. But as the title suggests, to keep myself fresh & bounties from IBB are special. So enter Phabricator.......

Wordpress [Bugs/Hacks/Tweaks/Tricks]? I am not sure

27 Jun 2014 Category: Hacks

The following is writeup of how I dealt with a specific circumstance. I was up against a wordpress installation in one of my tests and luckily I already had editor level credentials. So I have......

Configuring i3 for my setup

12 May 2014 Category: Linux

Well, in this article, I will follow step by step procedure of setting up i3. My dotfiles First of all, install i3, i3lock & i3status. Generally, installing i3 will pull these as dependencies. Edit your......

Changing Gravatar of Others!!

11 May 2014 Category: Hacks

So, yeah the title is true. I found some vulnerabilities which can be chained to change the gravatar of any logged-in user. The one draw back for this attack is the knowledge of the email......