Changed Jekyll Theme

Its been a while since I posted. This is a quick update of the new changes. I’m now using a new Jekyll theme called klisé by Mahendrata Harpi. With this change, I’ll also try to post more regularly since my last post was back in 2019. I have also added my public key which is available here.

17 October, 2020 · 1 min · Naz Markuta

A XSS bug on Spotify's Podcasters

In this blog post I’ll share a report I wrote a few months ago for a XSS bug found on podcasters.spotify.com. This was submitted on HackerOne but unfortunately, it was already reported and mine was considered a duplicate, oh well, better luck next time. Summary When a user submits a new podcast RSS feed for verification, the description tag inside it is not properly escaped. This results in JavaScript being executed on the page which could allow attackers to hijack users' session cookies and/or take over accounts....

15 September, 2020 · 2 min · Naz Markuta

TP-Link Archer T2U Nano for TLS Traffic Interception

Overview In this guide we’ll be going through the process of configuring an intercepting set-up using mitmproxy and a wireless network, to inspect, modify and monitor encrypted HTTPS traffic. This will allow for a simple way to analyse traffic on mobile handsets and IoT devices, with the only requirements is Wi-Fi support and the ability to install custom certificates. mitmproxy is your swiss-army knife for debugging, testing, privacy measurements, and penetration testing....

10 November, 2019 · 6 min · Naz Markuta

Live Memory Acquisition on Linux Systems

In this blog post I’ll be demonstrating a process of obtaining or acquiring a memory image from a running Linux system. The tool of choice LiME (Linux Memory Extractor) and is available on Github. After a forensic image has been acquired we will use Volatility with a custom Linux profile for the analysis, to keep things simple I’ve used the latest Debian Stretch kernel version 4.9.0-8-amd64 as the target system so it’s easily repeatable....

26 August, 2018 · 6 min · Naz Markuta

How to build a Debian MIPS image on QEMU

Update (2021) Debian ended support MIPS big endian, as a result some links became broken. I have updated the link and you can still follow this tutorial for MIPS little endian.. How to set up and build your own MIPS big endian or little endian image running under the QEMU emulator. This guide can also be applied to other architectures. For example I’m currently running this in a virtual machine inside another virtual machine on my MacBook Pro....

18 March, 2018 · 4 min · Naz Markuta