Archive - Secaholic

New

Deal with challenge exceptions in Linkedin API

Calls from IP addresses that never logged in with the given account before will be blocked and required a verification.

Feb 13, 2020 •

August 2019

Subdomain takeover — Chapter two: Azure Services

As I described in the chapter one, we can control the content of a sub-domain d by controlling the content of its CNAME record

Aug 12, 2019 •

Subdomain takeover — Chapter one: Methodology

Subdomain takeover is a high severity vulnerability that can be exploited to take control of a domain and pointing it to an address managed

Aug 12, 2019 •

February 2018

A python script get Alexa top sites

If you want to get top visited websites, Alexa is a reliable source. But, sadly, they only free the first 50 websites, and if you want to…

Feb 9, 2018 •

March 2017

Using Remote Asset Bundle in Unity3D framework really safe?

Mar 3, 2017 •

February 2017

Client Side Template Injection — Kipalog.com

Feb 18, 2017 •

October 2016

Dirty Cow — CVE-2016-5195

Oct 29, 2016 •

How does HTTPS actually work?

Oct 13, 2016 •

#nojs-banner { position: fixed; bottom: 0; left: 0; padding: 16px 16px 16px 32px; width: 100%; box-sizing: border-box; background: red; color: white; font-family: -apple-system, "Segoe UI", Roboto, Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 13px; line-height: 13px; } #nojs-banner a { color: inherit; text-decoration: underline; } This site requires JavaScript to run correctly. Please turn on JavaScript or unblock scripts