Michał Sajdak

JWT (JSON Web Token) (in)security

JWT (JSON Web Token) is a mechanism that is often used in REST APIs it can be found in popular standards, such as OpenID Connect, but we will also encounter it sometimes using OAuth2. It is used both in large companies and smaller organisations. There are many libraries available that support JWT, and the standard …

HTTP 2 protocol – it is faster, but is it also safer?

Do we want the current web applications to run faster without additional expenditures on better network connection or server infrastructure? Yes, of course, and that was the main goal for the developers of the HTTP/2 protocol. To be more precise, it was about increasing the efficiency of communication between the client (in other words, the …

Basics of HTTP Protocol

Introduction HTTP headers, URLs, URIs, requests, responses, percentage encodings, HTML forms, parameters sent by the HTTP protocol, various HTTP server implementations resulting in security problems – these are just a few elements that I will address in this text. The beginner readers will learn the necessary basics to further explore the subject of web applications …

Single Code Line CCTV Camera Takeover – One Can Record Audio/Video/Have Access to Recordings

I have already presented this subject twice, but there was no information on the topic until now. The Ganzsecurity ZN-DNT352XE-MIR camera is worth about 5000 PLN. Securitum provides solutions to organisations such as NY Police, FBI, Spawar Command (NAVY), or prisons. The camera can also be found also as CCTV. All information presented in this …

How to take over the CCTV camera

This time, we take a look at the camera Ganz Security – model ZN-M2F (price is about $650). We were able to get root privileges without authentication. Ganz Security? This is a company known in the West: The Ganz brand is currently used by more than 100,000 businesses and research and development institutions in the …

What is the CSRF (Cross-Site Request Forgery) vulnerability?

After reading the text, you will know: What CSRF vulnerability is. What the sample attack scenarios look like. How CSRF is used simultaneously with other vulnerabilities. How to protect yourself. Introduction CSRF (Cross-Site Request Forgery; alternatively used names: XSRF, session riding or one-click attack) is probably one of the least understood vulnerabilities described in the …