Lyhins' Lab

LSCP Responsible Disclosure Lab

Menu
  • Home
  • How the lab works

Category: Category:Uncategorized

Lifehacks for hackers: Exploiting of Data Protection API

April 10, 2021
 |  No Comments
 |  Uncategorized

The simplest way of how to find and exploit Data Protection API misconfigurations: Install the demo version of iExplorer tool on […]

Read More →

How White-Box hacking works: XSS in OroCRM

March 13, 2021
 |  No Comments
 |  Uncategorized

Recently, Lyhin’s Lab decided to take a more challenging application. OroCRM v4.1.6: Has 785 stars and 260 forks on Github PHP […]

Read More →

Lifehacks for hackers: how to monitor mobile devices’ filesystem dynamically

February 13, 2021
 |  No Comments
 |  Uncategorized

I suppose you want to discover how the pre-defined mobile application interacts with the filesystem and precisely understand what happens on […]

Read More →

How White-Box hacking works: Scipio ERP, RCE/CSRF and Co

January 16, 2021
 |  No Comments
 |  Uncategorized

Why Scipio ERP (v2.0.0): 240 stars on Github Apache-2.0 License Java The mentioned vulnerabilities were found and exploited by Ihor Voschyk […]

Read More →

LH4H: Mobile Application Threat Analysis @ PCSD

December 20, 2020
 |  No Comments
 |  Uncategorized

Had an online talk at Practical Cyber Security Day. Presentation: https://lyhinslab.org/media/Lyhin_MATA.pptx Self-explaining screenshot: Related reference: https://lyhinslab.org/index.php/2020/10/17/lifehacks-for-hackers-how-to-audit-mobile-apps/

Read More →

How White-Box hacking works: Authorization Bypass in Alerta 8.0.3

November 14, 2020
 |  No Comments
 |  Uncategorized

We have bad news for vendors whose applications use hardcoded secrets, for example, to create and validate JSON Web Tokens within […]

Read More →

Lifehacks for hackers: how to audit mobile apps

October 17, 2020
 |  No Comments
 |  Uncategorized

In web app security, a large number of clients attack the server. In client app security, the situation is opposite – […]

Read More →

How White-Box hacking works: Authorization Bypass and Remote Code Execution in Monitorr 1.7.6

September 12, 2020
 |  No Comments
 |  Uncategorized

Well, we pwned one more piece of software. Who cares? Nah, nobody. Alright, now user “nobody” – see how we did […]

Read More →

Lifehacks for hackers: the family networking weaknesses, 0-days guaranteed

August 8, 2020
 |  No Comments
 |  Uncategorized

The stablest and the most efficient way to find the brand new and very own 0-days with no lingering deployment is […]

Read More →

How White-Box hacking works: “Ok, Google, I wanna pwn this app….”

July 18, 2020
 |  No Comments
 |  Uncategorized

Mobile applications should not trust other applications on the device. The new generation likes it when an organization wants them to […]

Read More →

Posts navigation

Previous 1 2 3 Next

Recent Posts

  • LL
  • How White-Box hacking works: InvoicePlane – A Lot Of XSS And A Couple Of BAC Vulnerabilities
  • Lifehacks for hackers: what certification next?
  • How White-Box hacking works: XSS + CSRF in Arunna
  • Lifehacks for hackers: The value of “No”.

Recent Comments

    Archives

    • October 2022
    • January 2022
    • December 2021
    • November 2021
    • October 2021
    • September 2021
    • August 2021
    • July 2021
    • June 2021
    • May 2021
    • April 2021
    • March 2021
    • February 2021
    • January 2021
    • December 2020
    • November 2020
    • October 2020
    • September 2020
    • August 2020
    • July 2020
    • June 2020
    • May 2020
    • April 2020
    • March 2020

    Categories

    • Uncategorized

    Meta

    • Log in
    • Entries feed
    • Comments feed
    • WordPress.org
    © S. Lyhin 2023. All rights reserved.