Many websites [un]willingly allow users to send emails through a simple web request. Knowing this we can automate phishing campaigns with Cartero exploiting the vulnerable web forms to send emails. While performing WebApp penetration tests, more than one of us have come across those “share this” buttons that generate a…

Based on our research reported about url-handlers on FaceTime and Messages, here comes the “Enterprise version”. Hacking MSFT through iOS to steal Contact Cards and forcing people to join meetings, has its beauty ☺ Background As we will be discussing on this and other posts — all part of some social…

Paid does not necessarily means better, faster or more secure. Exploiting URL handlers in alternative web-browsers to trigger FaceTime and Telephone Calls Background Continuing with the Web Browsers & url-handlers research that started with Google Chrome, we decided to expand it into other, not mainstream, web browsers (Atomic and Mercury) to…

Exploiting iOS Chrome and FaceTime url-handlers to automate attacks on FaceTime calls. How to create a Social Engineering attack using known iOS issues and cartero. Work based on @neculaesei work on how to use iOS applications url handlers to make Phone calls on other applications, besides Messages. …

Social Networks and Social Engineering were meant for each other. Nowadays, people willingly share their private information contact networks, updates, feelings, pictures and files through these networks, basically everything a social engineer perpetrator ever wanted … Background Corporations perform penetration tests on their network, web applications, physical infrastructure in order to…

Sympathy for evil, the nature of our game. — Stories, Research and other things to come stay tuned — new things coming soon …