Developers are leaking access tokens for Slack widely on GitHub, in public repositories, support tickets and public gists. They are extremely easy to find due to their structure. It is clear that the knowledge about what these tokens can be used for with malicious intent is not on top of people’s minds…yet. The Detectify team shows the impact, with examples, and explains how this could be prevented.
UPX (Ultimate Packer for eXecutables) is an open source executable packer that is common in the malware scene (albeit often heavily modified). UPX supports all major operating systems and both x86 and x64 platforms. UPX on its own features no anti-debug checks, no scrambled code/stolen bytes and no encryption. For this post I have coded my own software in the C language to demonstrate how UPX works, what it does to the .code/.data segment in the PE header and how you can rebuild an executable that has been packed with UPX.cram
When deploying an onion there are a few things you need to have in mind because Tor-users may be more meticulous about their integrity. Because the .onion is a complete different domain than your regular one you often need to adjust your settings so the site works with good security. This blog post will teach a few tips and tricks you can use when deploying an onion-domain as an alternative way to use your website.
CSP (Content-Security-Policy) is an HTTP response header containing directives that instruct browsers how to restrict contents on a page. For instance, the “form-action” directive restricts what origins forms may be submitted to. The CSP form-action directive can limit which URLs the page may submit forms to. This protection can be bypassed in the case of an XSS/HTML injection bug.
Want more Detectify content? Head over to Detectify Blog >>
Popular Google Chrome extensions are constantly tracking you per default, making it very difficult or impossible for you to opt-out. These extensions will receive your complete browsing history, all your cookies, your secret access-tokens used for authentication (i.e., Facebook Connect) and shared links from sites such as Dropbox and Google Drive. The Detectify team has identified how they are doing it and what options you have to avoid being affected by it.