Homepage
Sign in
Get started
TSS - Trusted Security Services
TSS is a leading cyber security company founded by former Australian Government security specialists. This blog is a way for TSS staff to contribute back to the security industry
About This Blog
TSS Website
Follow
Penetration testing & window.opener — XSS vectors part 2
Penetration testing & window.opener — XSS vectors part 2
tldr; opener.location.* and the onhashchange event are XSS vectors. XSS exists in old versions of reveal.js.
Josh Graham
Jun 3
CTF Writeup — You Shall Not Pass
CTF Writeup — You Shall Not Pass
BSides Canberra 2019 — Reverse Engineering
Tom
Mar 18
Under Cover of Darkness
Under Cover of Darkness
Practical considerations for (legally) breaking and entering.
Tom
Feb 12
BloodHound.xpab — Applocker bypass
BloodHound.xpab — Applocker bypass
A few weeks ago I created a proof of concept XAML browser application (XBAP) that demonstrates Presentationhost.exe bypassing default…
Josh Graham
Feb 11
Cyberlympics 2018 — Finals
Cyberlympics 2018 — Finals
Wherein the team travels to Atlanta to open a padlock without touching it.
Tom
Jan 21
Multiple Security Vulnerabilities in Dell EMC Avamar
Multiple Security Vulnerabilities in Dell EMC Avamar
In this post I’ll cover four different CVEs identified by myself and a colleague from TSS.
Jarrod Farncomb
Jan 7
Penetration testing & window.opener — XSS vectors part 1
Penetration testing & window.opener — XSS vectors part 1
This is the first part of a four part series discussing security concepts related to the JavaScript opener variable (almost all the…
Josh Graham
Dec 3, 2018
About TSS - Trusted Security Services
Latest Stories
Archive
About Medium
Terms
Privacy
