[Big News] I started as CS Assistant Professor @ Texas A&M @TAMUEngineering I'm looking for new collaborators and new students to keep researching malware and systems security. Get in touch!

RT @HouSecCon: In this episode Michael and Sam are talking to malware researcher Dr. Marcus Botacin. Dr. Botacin discusses his journey from….

See you in the next offering.

All the vulnerabilities were disclosed to the developers. Many of them (unfortunately not all) answered and even fixed them, which is great!.

I recorded some of the classes, if you are interested:

But don't worry. The students were able to patch many of those vulnerabilities and to verify many other patches, such as those escapes:

In a more sophisticated attack, one team was able to abuse an intent to move the window to the foreground while screenshoting it via accessibility services.

The previous attack was ran against a mobile app. What happen when the app is protected by a password? Well, students could bruteforce it.

In the worst case, one could remotely trigger user deletion by manipulation the client-side requests.

So why not setting it to the maximum value possible?

Another classical attack: MITM. One team identified an application (game) whose credits were set at the user side and not validated.

OK, sometimes the students exaggerate on how much payload they add to the requests.

Or to steal cookies. That moment when your students come to you with a panel of stolen session cookies.

In a more ellaborated attack, one could use XSS to turn an input form into a complete keylogger.

More than one team found XSS cases, in diverse websites.

Another classical problem identified by the teams were XSS, that can be still widely found online.

And then the access is greanted, thus leaking data of a variety of users.

In those applications, one can modify the request parameters to bypass authentication schemes.

Other classical problems include pure client-side configurations, whose change is not validated by the server, allowing easy manipulation.

This allowed them to find classical security issues, such as directory traversals leading to the access of supposedly private data.

The students become pretty good at Google Dorks, such that they found many interesting things.