Ben Hayak - Security Blog

Ben Hayak - Security Blog

Web Security, Network Security, Reverse Engineering - Exposed

Pages

▼

Friday, August 14, 2020

Leveraging JSONP to SOME via HTTP Parameter Pollution

Introduction When you see a callback control in a JSONP endpoint doesn't that make you want to execute XSS? But, there&...

Thursday, June 18, 2015

Same Origin Method Execution (SOME)

This blog post is a brief presentation of "Same Origin Method E...

Monday, May 25, 2015

Stealing Private Photo Albums from Google - Same Origin Method Execution

It has been a long time since I updated this blog since I focused on company blogs and Black Hat presentations for the last couple of year...

Saturday, May 10, 2014

Deep Analysis of CVE-2014-0502 – A Double Free Story The Adobe Flash Player zero-day that was part of a targeted attack that infected...

Wednesday, March 19, 2014

The Kernel is calling a zero(day) pointer – CVE-2013-5065 – Ring Ring Here's my analysis of a PDF file which contained two differ...

Sunday, November 10, 2013

The Technical Aspects of Exploiting IE Zero-Day CVE-2013-3897 Just last month, during our work at spiderlabs research, the team and m...

Monday, February 11, 2013

X-Framing them all! - Cross-Framing is "impossibe" - Apple’s iOS 5

Cross Framing Google, Facebook and whoever you wish. Jailbreak Your Device? or buy android? This post is mostly for people who ...

View web version

Powered by Blogger.