-
CSP currently has a few gaps that prevent it from being a useful anti-exfiltration mechanism. https://www.w3.org/TR/CSP3/#exfiltration hints that preventing data exfiltration may be a goal, but it's n…
-
**Describe the bug**
We have a guy doing penetration testing for us on our TRE, and he’s discovered that the DNS configuration is vulnerable, allowing DNS tunneling. He’s successfully exfiltrated dat…
-
Using https://github.com/m57/dnsteal the following traffic is generated and better flow risks shall be generated
[dnsteal.pcap.zip](https://github.com/ntop/nDPI/files/12771465/dnsteal.pcap.zip)
-
# Description
Build a payload plugin that allows Infection Monkey to simulate a data exfiltration. The user should be able to configure:
- Root directory (where the data exfiltration will start …
-
-
-
An attacker who manages to gain control of the `sd-app` VM (or exclusively of the client application within it) could attempt to create a new source via the news organization's source interface, and t…
-
In the saml2/login endpoint when using 3rd party SSO, the idp parameter is vulnerable to cross-site scripting injection due to insufficient input sanitization.
Proof of Concept:
Visit the URL end…
-
> Azure Machine Learning has several inbound and outbound dependencies. Some of these dependencies can expose a data exfiltration risk by malicious agents within your organization. This document expla…
-
PDF Blind XSS payloads
https://portswigger.net/research/portable-data-exfiltration