Ismail Tasdelen - Security Researcher

Schneider Electric Security Notification Security Notification -Embedded Web Servers for Modicon (V3.0) CVE : CVE-2018-7804 CVSS v3.0 Base Score 4.7 | (Medium) | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:L A CWE-601: URL Redirection to Untrusted Site vulnerability exists, where a user clicking on a specially crafted link can be redirected to a URL of the attacker’s choosing. Security Researcher : Ismail Tasdelen

  I use wordpress like every blog user. But sometimes it can be a nuisance to deal with wordpress. You may increase your chances of eating shell because of a vulnerability found on the linux server. There are many people who want to pierce the software used by many people in the world like wordpress. But for this kind of problems, a very nice plug-in of Wordpress is available. Wordfence Security plug-in infected files, spyware, viruses, such as malicious code finds and tells us. In fact, I think it provides Enterprise-class security. Fireworks, virtus browsing, real-time traffic and more. Wordfence Security Plugin page here.

Real-Time Communications. It is an open source project for audio, video and data transfer using javascript api. Nowadays, it is popular because it has full support from browsers and it is easy to develop. Powered by W3C and IETF. Today it comes embedded in browsers. In summary, it has increased in popularity as no installation is needed, it can be developed and open source, and it is supported by communities. Demo: https://www.appr.tc/ For updates: https://webrtcweekly.com/ For detailed information: https://webrtc.org/ WebRTC Leak First, webrtc protocols to understand the weakness. Session Traversal Utilities for NAT (STUN) Since WebRTC exchanges data through peers, stun servers are used to provide this exchange. While providing a connection, the information sent includes our lan and wan information. Weakness in logic in the functioning of the protocol is revealed. Our ip information is not hidden, ie pure data flow between the server and the spouse is provide...

The concept of Recent Files is used to describe the most recently accessed files by the user, and in a forensics review, determining which applications were viewed by the user most recently and which documents were viewed could be of critical importance in the event resolution. In a Windows operating system, a shortcut file for files opened by the user is created under the Recent directory in the profile directory associated with that user’s account. These files can be analyzed to determine which files the user last accessed. In particular, even if files that are deleted or wiped by the user cannot be accessed, the shortcut files associated with them can be accessed and retrieved information about them. Where LNK extension link files are stored varies depending on the operating system. These files : Windows XP : \Documents and Settings\UserName\Recent \Documents and Settings\UserName\Application Data\Microsoft\Office\Recent Windows Vista and Windows 7 : ...

I would like to publish this article because of many questions. I'd appreciate it if you'd like it to reach more people. As you know, I'm doing security research on web security. One of the most frequently asked questions is what tool do you use? I want to tell you the results of my experience. There are already automated web security browsers in the sector, such as Acunetix, AppScan and Netsparker. Based on the tests I have done with two different versions of the products. As you know, this kind of automated software can miss things while scanning. It does not always give the right result and these outputs should be examined and analyzed by experts. They also skip some important points because the possibility of manual testing is limited. Therefore, manual safety tests are important. Other than that, these software has meaningless high prices. The Burp Suite has an automated scanning feature, but even that can give false results. Unlike other automated software sof...

Wireshark, whose old name is Ethereal; It is a program that can run in many operating systems such as Windows, Linux, MacOS or Solaris and can analyze all the traffic going to network cards connected to computer. Analyze over 750 protocols Can capture packets and save them to a file. Logical operators are available for all filtering. Example: http & ip.src == 192.168.0.1 Management Frame: The frame for the connection between the network device and the client. Control Frame: Controls the integrity of data traffic between the network device and the client. Data Frame: The frame on which the original data is transferred. Only to show the outgoing packets from the management frame. wlan.fc.type==0 To show incoming, outgoing packets through control frame. wlan.fc.type==1 To show packets transferred over the data frame. wlan.fc.type==2 Association lists the requests. wlan.fc.type_subtype==0 Association lists the answers. wlan.fc.type_subtype==...