“menu. then click the " view tag store " in the same menu. you can then install both tags by clicking on their name and then using the install button. when i found the first few bugs i found automation very useful for finding other bugs and often turbo intruder was very useful to …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1566.002Spearphishing Link
34%
“blocked characters, doubled encoded quotes and generated characters that would be removed by their code until finally i constructed a valid email splitting attack : using this " email " i was able to bypass the restrictions set on the support centre. the key to this attack was th…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1528Steal Application Access Token
34%
“with my blind css exfiltration research which involved making it extract the specific joomla token. i ' ll share the customised code in the github repo later in the post. with my css exfiltrator running, i registered the two accounts and visited the users page with the super admi…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1071.003Mail Protocols
31%
“can use dns interactions as a clue but often they are next to useless because you can ' t identify the cause of the failure to get to the mailer. after many attempts i started to think about the smtp conversation and i attempt to place greater than characters. the thinking here i…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1586.002Email Accounts
30%
“started when i was logged into a box i was using for testing, i installed an unnamed app and began testing it for email parsing discrepancies. i was getting nowhere. everything i tried was failing, i had thoughts of abandoning the research completely. then out of an act of desper…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1566.002Spearphishing Link
30%
“##s gets loaded instantly and exfiltrates the token in seconds. as soon as this happens the attacker gets notified of the admin ' s csrf token and then starts an instant message conversation with the admin. the admin clicks the link from the attacker and gets csrf ' d to edit a b…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Some websites parse email addresses to extract the domain and infer which organisation the owner belongs to. This pattern makes email-address parser discrepancies critical. Predicting which domain an