Found 2 bookmarks
Custom sorting
DoubleClickjacking: A New Era of UI Redressing
DoubleClickjacking: A New Era of UI Redressing
“Clickjacking” attacks have been around for over a decade, enabling malicious websites to trick users into clicking hidden or disguised buttons they never intended to click . This technique is becoming less practical as modern browsers set all cookies to “SameSite: Lax” by default. Even if an attacker site can frame another website, the framed site would be unauthenticated, because cross-site cookies are not sent. This significantly reduces the risk of successful clickjacking attacks, as most interesting functionality on websites typically requires authentication.
#paulosyibelo#EN#2024#DoubleClickjacking#analysis#technique
·paulosyibelo.com·
DoubleClickjacking: A New Era of UI Redressing
The state of sandbox evasion techniques in 2024
The state of sandbox evasion techniques in 2024
This post is about sandbox evasion techniques and their usefulness in more targeted engagements. There's a lot of sandbox evasion techniques, some are simple: query WMI, some are cool: parsing SMBIOS tables, most try to detect sandbox artifacts. I wanted to know if these techniques are still effective for detecting sandboxes, or if the sandboxes have since been updated to counter them.
#fudgedotdotdot#EN#2024#sandbox-evasion#technique#analysis
·fudgedotdotdot.github.io·
The state of sandbox evasion techniques in 2024