WebSockets and Meteor: Attacking Meteor Applications with eighthundredfeet
A starting point for a comprehensive pen test on any application written using the Meteor framework. In addition to exploiting some of the framework’s inherent vulnerabilities, it contains a set of classes that can help script a variety of attacks.
WebSockets and Meteor: A Penetration Tester’s Guide to Meteor
This post introduces Meteor, a JavaScript framework that makes heavy use of WebSockets, and describes its attack surface and vulnerabilities.
WebSockets and Meteor: Introduction to WebSockets for Penetration Testers
Most penetration testers know that common web security tools have limited support for WebSocket, but the differences between HTTP and WebSocket run much deeper than that. A successful penetration test on a WebSocket app requires a conceptual understanding of the protocol’s design.
The Balancing Act: Online Security vs. Privacy
Data is both currency and vulnerability, which leads to a conflict between privacy and security. This intersection reveals a harsh reality—enhancing cybersecurity to prevent or fight off threats
AI Augments Hackers, But Won’t Replace Them
2023 Competitive Security Feature Review: Mobile Platform Scam and Phishing Prevention
Google engaged Leviathan Security Group ("Leviathan") to assess security features and functionality for safeguards against scam and phishing attacks on Android and iOS devices. A similar analysis was performed in 2022. Leviathan focused on out-of-the-box protections, filtering and flagging of inbound messages, and the flagging and blocking of malicious sites and mobile applications.