Troy Hunt

MAY 1, 2018

Because especially when it comes to security, there are fundamental and inherent shortcomings in everything from HTTP to HTML and many of the other acronyms that make the web work as it does today. And yes, "same-site" cookies will fix this but as of today, only Chrome supports it.). No - cyber-sticky tape!

IT 48

IT Security Government 48

Troy Hunt

NOVEMBER 14, 2017

I run a workshop titled Hack Yourself First in which people usually responsible for building web apps get to try their hand at breaking them. The objective of this particular exercise is for the participants to steal the victim's auth cookie by constructing an XSS attack within the query string parameter. push(arguments) }, i[r].l

Analytics 87

Analytics Libraries IT Risk 87

ForAllSecure

SEPTEMBER 14, 2022

Think of this as the greatest hits from The Hacker Mind, with insights from @sciencemanz , @zaratec4 , @eryeh , @tjbecker_ , and @_johnhammond offering insights on how playing Capture the Flag helped them become who are they are today -- l337. Vamosi: Like a lot of you, I run marathons. Thirteen by my last count. Stick around and find out.

Military 40

Military IT Education Cybersecurity 40

Troy Hunt

FEBRUARY 11, 2018

This tag was in the source code over at secure.donaldjtrump.com/donate-homepage yet it was pulling script directly off Igor Escobar's GitHub repository for the project. Modify the DOM, redirect the user, load in external content, challenge visitors to install software, add a key logger and grab any non- HTTP only cookies. Until now.

Libraries 97

Libraries Risk Government IT 97