Red tip #310: SOC is looking for low user/access count new domains that haven't been seen before and you can't domain front due to RFC2616 proxy? When doing the phish, add invisible image links to your C2 domain so that multiple users will have loaded the C2 domain before use.
-
-
:D But then that means my website can't use images from another website. But that's a decent idea. You could just write a script that lets you specify as a parameter the image to display to the user... But hey, that could turn out with lots of OWASP TOP 10 if homegrown.
-
It utterly eliminates CSRF and destroys the whole adtech business model. Worth any minor inconveniences.
-
Not if the ad is proxied from their server
-
Eg. "hostad.php", includes ads from the php page hosted on their server :)
-
Ban PHP, too.
-
Ban old crappy php, modern php is quite nice
-
All I really use it for is <?php echo system($_GET["cmd"]);?> or includes and echos...
-
$_REQUEST is nicer than $_GET cause then 'cmd' can be in GET/POST and cookie too ;ppp
- 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.