This basically utilizes the web's core principle of composability in order to determine & extract useful information.
XS-Leaks take advantage of small pieces of information that are exposed during interactions between websites.
#Learn365 Day-6: Cross-Site Leaks
Goldmine to Learn: https://t.co/TsqGRWxPq7
Cross-Site Leaks/XS-Leaks is a less explored security issue that usually comes from Side-Channel Attacks. I found this an interesting vector but unusual.
(1/n)
#BugBountyTips #infosec #AppSec
This basically utilizes the web's core principle of composability in order to determine & extract useful information.
XS-Leaks take advantage of small pieces of information that are exposed during interactions between websites.
Cross-Site Oracle.
This can be considered as a querying mechanism. The information used for this attack is of binary form and called Oracles. It usually has an answer of "Yes" or "No". You can say True or False.
For Example: Does User Harsh Exists in the Application. Yes, means that the user is there in the application.
- An attacker requires to smartly form queries in order to successfully execute this attack and gain hold of sensitive information.
Some of the Attacks using Cross-Site leaks are:
1. XS-Search: An attacker try to abuse the query mechanism such as search functionality to leak and get hold of the user's information.
Remediation
- Same Site Lax Cookies
Usual Exploitation Workflow:
1. Define a timeline when there is a Hit vs Miss
2. Start attacking the Querying Endpoint.
3. For Example: ?search=h (Throws a Hit)
search for the next word appended to `h` i.e. ?search=ha otherwise change the word i.e. ?search=b
2. Error Events
Based on the Error Message returned by the application, it may be possible to enumerate sensitive information. This is similar to user enumeration techniques.
Reference: https://t.co/2iIVT0xei2
3. Frame Counting
The window.length provides the number of frames in the window. This attribute can provide valuable information about a page to an attacker.
References: https://t.co/XjOZL3yiZF
3. Navigation Attacks
Reference: https://t.co/lS3LT80Foa
4. Cache Probing
- Workes based on detecting whether the web page was cached or not.
Ref: https://t.co/ejAdOHaIFG
5. ID Attribute
Ref: https://t.co/11lwLzE2DD
6. Post Message Broadcasts
a. Sharing Sensitive message with untrusted origins
b. Leaking information based on varying content or on the presence of a broadcast
7. Abusing Browser Features
- CORB (Cross-Origin Read Blocking)
- CORP (Cross-Origin Resource Policy)
8. Timing Attacks
- Clock Based
- Network Timing
- Execution Timing
- Hybrid Timing
- Connection Pool
# Referneces
1. https://t.co/byryqh3bql
2. https://t.co/khunvHYDga
3. https://t.co/ssQ39okO55
I'll revisit this attack in near future & will try to find.
More from For later read
@snip96581187 @Daoyu15 @lab_leak @walkaboutrick @ydeigin @Ayjchan @franciscodeasis @TheSeeker268 @angie_rasmussen Clearly, because as I have been saying for 8 months now, DTRA and DARPA have been using Ecohealth and UC Davis to collect novel pathogens for gain of function work back in the USA. I have documented this in many threads which I will post here just to annoy everyone.
@Daoyu15 @lab_leak @walkaboutrick @ydeigin @Ayjchan @franciscodeasis @TheSeeker268 @angie_rasmussen
@Daoyu15 @lab_leak @walkaboutrick @ydeigin @Ayjchan @franciscodeasis @TheSeeker268 @angie_rasmussen
@Daoyu15 @lab_leak @walkaboutrick @ydeigin @Ayjchan @franciscodeasis @TheSeeker268 @angie_rasmussen
@Daoyu15 @lab_leak @walkaboutrick @ydeigin @Ayjchan @franciscodeasis @TheSeeker268 @angie_rasmussen
@Daoyu15 @lab_leak @walkaboutrick @ydeigin @Ayjchan @franciscodeasis @TheSeeker268 @angie_rasmussen
28. Before moving on to DARPA, let's look at DTRA:
— Billy Bostickson \U0001f3f4\U0001f441&\U0001f441 \U0001f193 (@BillyBostickson) July 31, 2020
A must read!
It is astonishing the number of pies they had their dirty little fingers poking into:
Note John Epstein and Kevin Olival from EcoHealth Alliance are key figures in DTRA:https://t.co/O4QwVWrm7m pic.twitter.com/cnNGZ7AApj
@Daoyu15 @lab_leak @walkaboutrick @ydeigin @Ayjchan @franciscodeasis @TheSeeker268 @angie_rasmussen
24. DTRA Network for Collection of Viruses
— Billy Bostickson \U0001f3f4\U0001f441&\U0001f441 \U0001f193 (@BillyBostickson) January 9, 2021
7. DTRA - Metabiota - One Health - Ecohealth
Bat Research Networks and Viral Surveillance: Gaps and Opportunities in Western Asia pic.twitter.com/SOqSSXF3pa
@Daoyu15 @lab_leak @walkaboutrick @ydeigin @Ayjchan @franciscodeasis @TheSeeker268 @angie_rasmussen
That is the key question
— Billy Bostickson \U0001f3f4\U0001f441&\U0001f441 \U0001f193 (@BillyBostickson) January 5, 2021
1. DARPA/DTRA use NGOs like Ecohealth or Metabiota to collect new pathogens
2. They are sent to US labs (Mailman, Rocky Mountain, Atlanta CDC, UNC, USAMRIID) for GOF work by Lipkin, Nichols, Rasmussen, Baric, Dension, Munster, etchttps://t.co/wqhHK7uZO6
@Daoyu15 @lab_leak @walkaboutrick @ydeigin @Ayjchan @franciscodeasis @TheSeeker268 @angie_rasmussen
1. I wonder why Dr. Angela Rasmussen is so so upset & full of almost palpable venom about a Hypothesis and a "What if" question by @nicholsonbaker8 in the @NYMag https://t.co/a6lxtJLpKR
— Billy Bostickson \U0001f3f4\U0001f441&\U0001f441 \U0001f193 (@BillyBostickson) January 5, 2021
Did I hear someone say "DARPA"?
Did I hear someone say "DTRA"?https://t.co/i27mpxJDw2 pic.twitter.com/x4X3QPnTMS
(1/50)
#Cardano “Understanding Kamali”
#Cardano will be the underpinning of the emergence of Africa.
To grasp the full weight of the SOLUTIONS #Cardano can provide it is pertinent to read “Understanding Africa” as I will draw directly from the PROBLEMS laid out.
(2/50)
Here is a link if you have not already read
(3/50)
What I will attempt to do here, is to create an immersive world for you to be placed in to grasp the weight and size of problems from the ground level and then take a grass-roots approach at solving them using #Cardano and its technology.
(4/50)
As an investor and community member of #Cardano, this should be extremely important to you as you have a stake (pun intended) in this.
“You are paid in direct proportion to the difficulty of the problems you solve” - @elonmusk
(5/50)
In Africa, agribusiness, more than any other sector, has the potential to reduce poverty and drive economic growth. Agriculture accounts for nearly half of the continent’s gross domestic product and employs 60 percent of the labor force.
#Cardano “Understanding Kamali”
#Cardano will be the underpinning of the emergence of Africa.
To grasp the full weight of the SOLUTIONS #Cardano can provide it is pertinent to read “Understanding Africa” as I will draw directly from the PROBLEMS laid out.
(2/50)
Here is a link if you have not already read
(1/38) #Cardano \u201cUnderstanding Africa\u201d (Part 1 of 2)
— FatCat (@fatcatofcrypto) February 10, 2021
This thread will be split into two parts with the 2nd coming out on Sunday.
Part 1 will layout the pervasive PROBLEMS Africa faces whereas Part 2 will apply direct technologies @InputOutputHK can implement as SOLUTIONS. pic.twitter.com/n3I91bnddq
(3/50)
What I will attempt to do here, is to create an immersive world for you to be placed in to grasp the weight and size of problems from the ground level and then take a grass-roots approach at solving them using #Cardano and its technology.
(4/50)
As an investor and community member of #Cardano, this should be extremely important to you as you have a stake (pun intended) in this.
“You are paid in direct proportion to the difficulty of the problems you solve” - @elonmusk
(5/50)
In Africa, agribusiness, more than any other sector, has the potential to reduce poverty and drive economic growth. Agriculture accounts for nearly half of the continent’s gross domestic product and employs 60 percent of the labor force.
You May Also Like
BREAKING: @CommonsCMS @DamianCollins just released previously sealed #Six4Three @Facebook documents:
Some random interesting tidbits:
1) Zuck approves shutting down platform API access for Twitter's when Vine is released #competition
2) Facebook engineered ways to access user's call history w/o alerting users:
Team considered access to call history considered 'high PR risk' but 'growth team will charge ahead'. @Facebook created upgrade path to access data w/o subjecting users to Android permissions dialogue.
3) The above also confirms @kashhill and other's suspicion that call history was used to improve PYMK (People You May Know) suggestions and newsfeed rankings.
4) Docs also shed more light into @dseetharaman's story on @Facebook monitoring users' @Onavo VPN activity to determine what competitors to mimic or acquire in 2013.
https://t.co/PwiRIL3v9x
Some random interesting tidbits:
1) Zuck approves shutting down platform API access for Twitter's when Vine is released #competition
2) Facebook engineered ways to access user's call history w/o alerting users:
Team considered access to call history considered 'high PR risk' but 'growth team will charge ahead'. @Facebook created upgrade path to access data w/o subjecting users to Android permissions dialogue.
3) The above also confirms @kashhill and other's suspicion that call history was used to improve PYMK (People You May Know) suggestions and newsfeed rankings.
4) Docs also shed more light into @dseetharaman's story on @Facebook monitoring users' @Onavo VPN activity to determine what competitors to mimic or acquire in 2013.
https://t.co/PwiRIL3v9x
