Practical Reflected File Download and JSONP

Posted on by David Vassallo

This week introduced us to a new web attack vector, which the researcher dubbed "Reflected File Download" [RFD] . It's a very interesting attack which has potential to do some severe damage, especially in social engineering contexts. Full details of the reflected file download attack can be found here: http://blog.spiderlabs.com/2014/10/reflected-file-download-the-white-paper.html While reading through the white … Continue reading Practical Reflected File Download and JSONP

Pyinstaller – building exe files from python under Kali

Posted on by David Vassallo

I was trying to build my own malicious file... Since I love python, it was natural for me to go down the python + pyinstaller route. Initially, I coded everything on windows, downloaded and installed PyInstaller [1] on windows, and attempted to use the usual pyinstaller -F my_script.py to build my executable. But then I started running into … Continue reading Pyinstaller – building exe files from python under Kali