Oren Hafif

Application Security, Web Application Security and Penetration Testing

This is a personal blog which represents only my personal views

Pages

▼

Thursday, October 30, 2014

Reflected File Download - A New Web Attack Vector

From my Company's Blog: On October 2014 as part of my talk at the Black Hat Europe 2014 event, I presented a new web attack vector th...

Tuesday, June 10, 2014

One Token to Rule Them All - The Tale of the Leaked Gmail Addresses

Since I don't really know where to start, let's start at the end. At the very end of this attack, I am going to hold what appears t...

Tuesday, February 11, 2014

CVE-2014-0050: Exploit with boundaries, Loops without boundaries

You are more than invited to read the post I wrote on the SpiderLabs blog about CVE-2014-0050. The post include analysis of the vulnerabil...

Thursday, November 21, 2013

Google Account Recovery Vulnerability

Global Main Authentication and Identification Library (GMAIL) If I told you to think of the most sensitive features (security-wise) in ...

Saturday, November 16, 2013

Coming soon...

View web version

Powered by Blogger.