Play the Opera Please

Prior approval are taken from Opera security team before disclosing this issue!Before we get started there are few things which we need to understand such as,Value added service (VAS): Value added services (VAS) is a popular telecommunications term for non-core services, example: (Caller-tunes,...

Read More

The "P" in Telegram stands for Privacy

Summary: While understanding the implementation of various security and privacy measures in telegram, I identified that telegram fails again in terms of handling the users data. My initial study started with understanding how self-destructing messages work in the secret chats option, telegram says...

Read More

Bypassing Trend Micro Web Threat Protection via Punycode

Summary: It was identified that Trend Micro web threat protection can be bypassed using puny-code and was tested under macOS 10.15.4 (19E287).Technical Analysis: Trend Micro antivirus for macOS has an additional feature called web threat protection which has three main components. [1]Enable...

Read More

Stealing videos from vlc

Summary: VLC for iOS was vulnerable to an unauthenticated insecure direct object reference (IDOR) which could allow a local attacker to steal media from the storage by just navigating to the source URL/IP. This was possible by abusing a functionality in the iOS application for VLC, which allows a...

Read More

Fuzzing VIM

AAAAAAAAAA....: It's almost a year now I started with fuzzing and discovered multiple bugs. The most commonly software which I've fuzzed so far includes Xpdf, VIM, PuTTY, WebKit, LibreOffice, Glibc etc. In this post I'll be demonstrating fuzzing VIM (Regex engine) through AFL++ a.k.a american fuzzy lop. Technical Details: VIM a.k.a Vi IMproved has 12 different editing modes which can be...

Read More