vrls.ws

https://vrls.ws/vrls.wsPersonal blog about computer hacking & security 2025-10-30T15:18:14+00:00 https://vrls.ws/ Jekyll © 2025 /assets/img/favicons/favicon.ico /assets/img/favicons/favicon-96x96.png Phishing Bank Logins Over Plain HTTP in 20252025-10-30T00:00:00+00:00 2025-10-30T15:17:55+00:00 https://vrls.ws/posts/phishing-bank-logins-over-plain-http-in-2025/ vrls

Uncover a critical misconfiguration in homebanking enabling MitM phishing attacks on bank logins via plain HTTP fallback. Explore the vulnerability timeline, PoC with Bettercap and Evilginx2, and essential best practices for users and admins to enforce HTTPS and prevent credential theft.

Red Team - Compromising Critical Infrastructure by Reversing SCADA Software2025-04-28T00:00:00+01:00 2025-10-30T15:17:55+00:00 https://vrls.ws/posts/2025/04/red-team-compromising-critical-infrastructure-by-reversing-scada-software/ vrls

Discover how a red team compromises critical infrastructure by reversing SCADA software, escalating privileges in Active Directory, and pivoting across IT/OT networks. Key insights on vulnerabilities, misconfigurations, and defense strategies for secure essential services.

Pwning a Legacy Enterprise Application Server - Sybase EAServer2024-10-13T00:00:00+01:00 2025-10-30T15:17:55+00:00 https://vrls.ws/posts/2024/10/pwning-legacy-application-server-sybase-easerver-jaguar/ vrls

Explore exploiting Sybase EAServer vulnerabilities, default jagadmin credentials grant web console access, enabling custom WAR web shell uploads for command execution. Learn pivoting via reGeorg tunneling, RDP connections, and key lessons on hardening legacy systems.

Exploiting nOAuth Vulnerability in Azure AD Applications2023-10-24T00:00:00+01:00 2025-10-30T15:17:55+00:00 https://vrls.ws/posts/2023/10/exploiting-noauth-vulnerability-in-azure-ad-applications/ vrls

Discover the nOAuth vulnerability in Azure AD OAuth apps, enabling account takeover via email forgery. This guide demos exploitation using FusionAuth PoC, covering setup of multi-tenant apps, attacker impersonation techniques, impacts like auth bypass and privilege escalation, plus mitigations with immutable claims and MFA.

Obfuscating Rust Binaries using LLVM Obfuscator (OLLVM)2023-06-12T00:00:00+01:00 2025-10-30T15:17:55+00:00 https://vrls.ws/posts/2023/06/obfuscating-rust-binaries-using-llvm-obfuscator-ollvm/ vrls

Delve into obfuscation techniques for Rust binaries using LLVM Obfuscator (OLLVM) to enhance code protection against reverse engineering. Key tips on implementation, effectiveness, and trade-offs for developers securing their applications.