James Slater

A blog, of sorts.

Navigation Menu

Blog

More posts »
May02

Cross-Origin Message Vulnerability on xbox.com

Posted on May 2 by

A couple of months ago I found a vulnerability on Microsoft’s xbox.com website. Background Modern web browsers severely restrict what content loaded from different “origins” can access about each other. Without these restrictions, a web page containing malicious code could simply connect to an[……] Read...

Jan19

I did Microsoft’s BlueHat Challenge…

Posted on Jan 19 by

… and all I got was this (virtual) T-Shirt. Sorry. Poor attempt at a joke, and not even technically true; I received two virtual T-Shirts for my Xbox Live Avatar and the blue hat proudly displayed in the picture. A few months ago I heard of Microsoft’s BlueHat Challenge. Their post explains[……] Read...

Jul03

Removing Spammy Links (through Blind SQL Injection)

Posted on Jul 3 by

I was looking at a particularly bad example of a website littered with tens of thousands of spam comments. There didn’t appear to be a real comment on the entire site, the oldest spam dated back several years and the most recent was barely a few days old. It seemed clear that the site owner eithe[……] Read...

Feb07

Hacking the AMX NXA-WAP250G Access Point (with a Raspberry Pi)

Posted on Feb 7 by

A post on the (aptly named) /dev/ttyS0 device hacking blog entitled "Reverse Engineering Serial Ports" reminded me that I had an AMX NXA-WAP250G Wireless Access Point that I’d been meaning to investigate for some time. I thought I’d document the process I went through while reverse enginee[……] Read...

Aug24

Scraping Google Related (with bonus PageRank)

Posted on Aug 24 by

While using Google Related some JSON formatted data is requested from Google about each page you visit; that data comes from a URL similar to the one below: https://toolbarqueries.google.com/tbr      ?client=navclient-auto      &features=GR      &ch=8e991fe19      &q=info:http%3A%2F%2Fwww.bronco.co.uk%2F      &oe=UTF-8      &grv=0.6.9 (split over several lines for readability) The response is much too wordy for me to paste here, but what jumped o[……] Read...

Jul30

Cyber Security Challenge Cipher Solution

Posted on Jul 30 by

I was pointed to the Cyber Security Challenge earlier this week, and eventually stumbled upon the cipher they offer as an “immediate opportunity to test your skills”. Despite not really understanding the point of the exercise or how it related to the other competitions mentioned, I was pleased to se[……] Read...