Home / Vulnerabilities


Detecting Installed Extensions (Edge)

Attackers love being able to fingerprint their victims. We’ve seen in the past two techniques that allowed the bad guys to detect the presence of particular files (to evade analysts) and even get the application names associated to specific mimeTypes. Microsoft patched …

Read More »

SOP bypass / UXSS htmlFile in IFrame (IE)

Today we are going to explore a feature that has been present on Internet Explorer almost since its inception. A feature that allows web-developers to instantiate external objects, and because of that it was abused ad-nauseum by attackers. Do you …

Read More »

Detecting analysts before installing the malware (IE)

With the help of a beautiful piece of code, malware authors can detect installed applications straight from within the browser and serve the bad bits only to unsavvy users. In other words, attackers target regular users by detecting specific analysts applications (like Fiddler) and serving …

Read More »

Grabbing data from Inputs and Textareas (Edge/IE)

Both Microsoft Edge and Internet Explorer suffer from navigation problems, failing to keep up with the most updated history information. A framed navigation confuses these browsers and what seems to be a naive functionality problem ends up being a security bug: information disclosure across …

Read More »