Read this article at my company’s blog As I described in the chapter one, we can control the content of a sub-domain d by controlling the content of domain d1 that d point to through its CNAME record. Azure, a popular cloud service offer many services that can create such…

Read this article at my company’s blog Subdomain takeover is a high severity vulnerability that can be exploited to take control of a domain and pointing it to an address managed by attackers. Attacks on this vulnerability are often used for the purpose of creating phishing sites, spreading malwares. …

If you want to get top visited websites, Alexa is a reliable source. But, sadly, they only free the first 50 websites, and if you want to get more, you have to pay a fee. One of the ways to obtain that list is to use AWS service with price $0.0025 per URL. Everything seems easy when you are willing to pay, however, their sample code is only available ruby, php, java that I do not like them. I have rewritten a small script in Python to do this, you can check it bellow.

Introdution If you are a mobile application developer, you may be interested in exposing sensitive information from your application because of decompilation a mobile app such as Android app is not too difficult. A friend of mine recently developed an Android application using Unity framework, it can hide code by downloading…

Về Dirty Cow Gần đây tôi có thấy nhiều thông tin về lỗ hổng này, được đánh giá là Serious, cho phép leo thang đặc quyền, ảnh hưởng đến nhiều distro Linux… Tôi cũng không hiểu sao một lỗ hổng sau khi được công bố thì có logo, website riêng, Twitter, Facebook Page…

What is HTTPS? We’ve heard a lot about HTTPS, and we use it every day. If you access a website from your browser and you see a little green padlock and the letters “https” in your address bar then congratulations, you are accessing this safely via HTTPS. HTTPS is a combination of HTTP…