Hey, today I’ll talk about security and more specifically pentest once again. I feel lucky these days because I feel I learn new things every weeks at least. Today I’ll talk about server-side JavaScript but not on MongoDB, rather I’ll speak about GatewayScript, which is a proprietary language by IBM. GatewayScript GatewayScript is used mainly …
Hi, today I’ll do a quick preamble article about NoSQL Injection, more specifically on MongoDB. I found an interesting way to call the $where operator when you’re in an NoSQL injection inside a field. Current techniques Normally, you are not supposed to be able to call the $where operator since it is a top-level …
Hi everybody, today I’ll talk about Google Web Toolkit, or GWT. This is something I had in my current assessment and I never had to do it before. Quick description Google Web Toolkit is a set of tools used to create complex tools using JavaScript to interface with Java applications. It has a special …
This is a continuation of my precedent article concerning PhantomJS. As I said, my end goal is to create a JavaScript deobfuscator tool using PhantomJS (for scalability purposes). After checking the PhantomJS binary and help, it doesn’t seem like there is a debugging function used to print the different called arguments or any way I …
Hey. Today I’ll get back to my roots and talk about information technology or more specifically computer security. I wanted to get started to PhantomJS because I wanted a way to deobfuscate easily a JavaScript file since my only way to doing that is either doing it manually (with jsbeautifier + manual/replacing eval to console.log) …