Solving the 2013 Verizon DBIR Cover Challenge IntroEach year the Verizon RISK Team releases its highly anticipated Data Breach Investigations Repo... 2026-5-22 17:41:13 | 阅读: 18 | 收藏 | Security Sift - mikeczumak.com puzzle clue clues verizon haberdasher

Cross Origin Request Forgery Pt 2 — Exploiting Browser Security IntroductionIn my previous post I demonstrated how insecure handling of CSRF tokens by applications... 2026-5-22 17:39:44 | 阅读: 13 | 收藏 | Security Sift - mikeczumak.com etsy security malicious attackform csrfnonce

Cross Origin Request Forgery — Attacking HTTPS via HTTP MiTM Injection IntroductionThere are several scenarios in which a web application may choose to deliver both HTTP a... 2026-5-22 17:38:44 | 阅读: 11 | 收藏 | Security Sift - mikeczumak.com etsy network behalf developers

XSS with a little help from ASP.NET and Internet Explorer 9 Here I’ll demonstrate how it’s possible to evade ASP .NET Request Validation and take advantage of I... 2026-5-22 17:35:39 | 阅读: 10 | 收藏 | Security Sift - mikeczumak.com php microsoft declaration testweb developers

ASK/L(OOK)/Listen! — Basic Signal Decoding and Replay IntroductionIt’s been quite a while since my last post and I figured it was time to start contributi... 2026-5-22 17:32:39 | 阅读: 16 | 收藏 | Security Sift - mikeczumak.com xe8 sdr plot x8e x88

Testing Optionsbleed IntroductionI took a few minutes to test the Optionsbleed vuln ( CVE-2017–9798), specifically to see... 2026-5-22 14:44:34 | 阅读: 7 | 收藏 | Security Sift - mikeczumak.com htaccess site1 0123456789 site2 intruder

Abusing Microsoft Office DDE IntroductionEarlier this month I came across a post by the team at SensePost outlining their macro-l... 2026-5-22 14:36:26 | 阅读: 9 | 收藏 | Security Sift - mikeczumak.com dde ddeauto powershell sensepost microsoft

Chaining bugs for maximum impact IntroductionWhether its’s for a bug bounty or a penetration test, it’s very important to demonstrate... 2026-5-22 14:25:22 | 阅读: 14 | 收藏 | Security Sift - mikeczumak.com attacker phishing pii chained

CVE-2026–1839: How Training AI with Heavy Weights Can Still Lead to Light Security IntroductionHey, it’s been a while! After years of not publishing, I’ve decided to migrate my blog o... 2026-5-22 14:11:57 | 阅读: 15 | 收藏 | Security Sift - mikeczumak.com rng pytorch trainer checkpoint weights

Windows Exploit Development — Part 7: Unicode Buffer Overflows IntroductionIn this seventh installment of the Windows Exploit Development Series, I’ll introduce Un... 2026-5-22 14:9:52 | 阅读: 14 | 收藏 | Security Sift - mikeczumak.com venalign shellcode windows venetian seh

Windows Exploit Development — Part 6: SEH Exploits IntroductionThe buffer overflow exploits covered so far in this tutorial series have generally invol... 2026-5-22 14:9:14 | 阅读: 13 | 收藏 | Security Sift - mikeczumak.com seh windows safeseh audiocoder sehop

Windows Exploit Development — Part 5: Locating Shellcode With Egghunting OverviewIn Part 4 we looked at how to find and execute your shellcode using various jump methods. In... 2026-5-22 14:8:28 | 阅读: 13 | 收藏 | Security Sift - mikeczumak.com egghunter egg shellcode memory x4e

Windows Exploit Development — Part 4: Locating Shellcode With Jumps OverviewIn Parts 2 and 3, we built and improved upon an exploit for ASX To MP3 converter. Even thoug... 2026-5-22 14:7:45 | 阅读: 12 | 收藏 | Security Sift - mikeczumak.com shellcode junk nops coolplayer sploit

Windows Exploit Development — Part 3: Changing Offsets and Rebased Modules OverviewIn Part 2 we constructed a basic stack based overflow exploit for ASX To MP3 Converter. As I... 2026-5-22 14:6:41 | 阅读: 12 | 收藏 | Security Sift - mikeczumak.com offsets m3u junk windows development

Windows Exploit Development — Part 2: Intro to Stack Based Overflows OverviewWelcome to Part 2 of my Windows Exploit Development series. In the first post, I covered som... 2026-5-22 14:5:46 | 阅读: 13 | 收藏 | Security Sift - mikeczumak.com shellcode m3u windows mona portion