Cryptocurrency Mining Scripts Harnessing your cpu memory via Browsers

Hidden MiningWebsites are increasingly using JavaScript-based cryptocurrency miners to monetize by levying the CPU power of their visitor’s PC to mine Bitcoin or other cryptocurrencies. Scenario then vs now: Websites using crypto-miner services could mine cryptocurrencies with your browser memory when you visit their site. Feasibility: Once you close the browser window, they lost access […]

Drupal 8.0.0-beta14 Vendor Script Vulnerable to XSS

Overview Recently, I was playing around with the Drupal CMS application code. Drupal is an open source CMS application widely used for the purpose of blog posting. For further details, know more about Drupal here. Basically the open source application advantage here was that the source code was at my disposal. While fiddling around with the […]

Malware Detection : Adding glastopf juice to maldet engine

At SecureLayer7, we continuously try to keep our customers updated with the latest threats which could affect their infrastructure and help them secure their perimeter. More than often we devise attack scenarios and then brainstorm to block such attempts. During one such brainstorming session, we took a interesting detour to check a couple of our […]

Malware Cleanup: Analysis of an Undetectable web-shell code uploaded via RevSlider Vulnerability

I started my day with my regular Malware Cleanup activity when I came across an interesting backdoor web shell file on the server.  The server is not specific to any particular environment, it was one of the regular update on WordPress package with the plugin RevSlider Plugin ver. 4.1.4 . So I initiated the process to detect the […]

Google OAuth Target URL and Domain Description Vulnerable to UI redress attack

Over last 3 years, I’ve participated in the Google Reward Program and found some relatively serious vulnerability. Google OAuth Target URL, Upload X.509 Cert and Domain Description Vulnerable to UI Redress Attack is my one of the oldest finding in Google Reward program. UI Redress Attack is basically a well known attack in the Info […]