Blog

Blog

Intigriti XSS challenge write-up

blog | | Citadelo
Intigriti published a DOM XSS Challenge available at Intigriti’s bug bounty platform. The assignment was to exploit a DOM XSS vulnerability on this page and to trigger a pop up of the document.domain (challenge.intigriti.io).
Show

How to audit Smart Contracts

blog | | Citadelo
Good question, actually. Since blockchain and the use of Smart Contracts is quite a new concept, there is no widely recognized standard for testing Smart Contracts. This article will provide an insight into the approach we use here, at Citadelo, when auditing Smart Contracts.
Show

Cloudflare, how to do it right and don't reveal your real IP

blog | | Citadelo
The goal of this blogpost is to show what needs to be done to have a secure working setup, explain why all of the countermeasures are really necessary by demonstrating the attacks that they are mitigating, to not reveal your origin IP address.
Show

Malware trends in 2018- Ransomware left behind by mining viruses

blog | | Citadelo
This blog is about CoinHive. I will describe how it affects websites, how websites get infected and how to prevent it or how to get rid of it.
Show

Report from 30C3: Forget privacy online!

blog | | Citadelo
Chaos Communication Congress is the oldest hacker conference in the world and the largest of its kind in Europe. It brings current research in the field of security, networking and increasingly also politics and other topics related to “hacking".
Show

MS13-105: Oracle Outside In MDB Parsing Vulnerability – CVE-2013-5791

blog | | Citadelo
People sometimes ask how to know what exact vulnerability was patched in particular piece of closed source software. In this blog, we would like to describe one such example from the Microsoft security bulletin.
Show