State of ART Phishing Attack Stealing 50K Credit Cards Revealed

“State of ART Phishing Attack Stealing 50K Credit Cards Revealed”

Incident 50K Credit Cards

(This is real incident with real samples and real data)
As usually we detect a clone using the referrer logs. The client is a it’s a very profitable target for the attackers because of the online transactions. The clone was created using the original content from the original web site with live links to the real page, which is target for phishing attack. In this kind of attacks using referrer, it’s easy to detect just analyzing a web server logs.

Continue reading “State of ART Phishing Attack Stealing 50K Credit Cards Revealed”

HeartBleed luck or hack?

Yesterday i decided to test the “HeartBleed”  attack against my personal web page hosted on shared host. I grab the POC script from and started to play. After a 10-15 tries i got the BINGO the COOKIE of a web site hosted on same web server. The web site is famous online news portal and the COOKIE is from the administrator. So i was lucky because you can try for a lot of time and you will not receive a confidential data.

Screen Shot of the retrieved data containing the confidential information.

Screen Shot 2014-04-10 at 23.41.50

Here is the whole COOKIE retrieved them the web server affected with HeartBleed flaw.

Screen Shot 2014-04-10 at 23.46.01


So with a luck and simple script you can retrieve a sensitive data needed to perform illegal hacks.

Source :


Password cracking: proving your login insecure (or not)

Password cracking: proving your login insecure (or not) by N. Gobbo, S. Aruch, D. Vitali {n.gobbo, s.aruch, d.vitali} “
Please, enter your username and password.” In our digital life we read this request many times a day, for example while accessing our e-mail portal, the bank account, facebook and any other web-service that, in order to deliver the tailored experience we are used to, needs to know the answer to a simple question: “who are you?”
The process of proving who you are to another entity that knows you only “partially” or, maybe, cannot meet you in person, is called authentication: this problem came up quite often in history and still poses a challenging task nowadays. If we get back in time, for example, we may have found a sentry asking the secret sentence before letting the stranger in front of him cross the bridge. Moving forth in time, we may have intercepted some treasure chests secured by a couple of padlocks or a letter sealed by a peculiar-shaped red-wax insignia. More recently, instead, you may have been asked to put your face into a wall hole in order to have your face analyzed before entering the bank vault.
Each of the examples presented shows one of the three authentication factors that has been identified in literature. You may prove your identity using:
Figure 1. Examples of the three authentication factors: Google login prompt filled with credentials, an OTP key from RSA and a human fingerprint 

Time to alert “Sparkasse Bank Macedonia” before someone hack them.

Time to alert “Sparkasse Bank Macedonia” before someone hack them..

Again the same vulnerable CMS in one of the EUROPE’S famous bank in Macedonia. I published the FCKEDITOR hack before one and a half years a go. And like I see that there is no any positive wish to fix this RISK that is coming with the FCKEDITOR. Unfortunately a famous bank is also using this EDITOR for their web site  SPARKASSE.COM.MK of Republic of Macedonia which have the exploitable version of FCKEDITOR.

The POC the proof of concept is very simple:


site:MK inurl:WEBARCHITECT   and you will see the address

and the second step is just to paste the code:


This will activate the Directory Traversal Attack

Continue reading “Time to alert “Sparkasse Bank Macedonia” before someone hack them.”

Simple hack into web server of CUSTOMS of Republic of MACEDONIA

Dear my lovely Macedonia,

Now I’am far away from my hometown Gostivar and my country Macedonia, and trying to help to my  country in the IT security is still my priority, also how we can increase the Security Awareness is still my main concern. I published the FCKEDITOR hack before one and a half years a go. And like I see that there is no any positive wish to fix this RISK that is coming with the WEB ARCHITECT CMS platform. Unfortunately a lot-of Government institutions are using this platform for their web servers. One of them is CUSTOMS.GOV.MK of Republic of Macedonia which have the exploitable version of WEBARCHITECT CMS which have the working exploit of FCKEDITOR. So I hope this will raise some positive alarm to the IT TEAM of the CUSTOMS and fix this hole before some “ATTACKERS” make some defacement of the CUSTOMS.GOV.MK web server and even to leak some confidential data.

Continue reading “Simple hack into web server of CUSTOMS of Republic of MACEDONIA”

Simple hack to avoid waiting list in Mailbox App.

If you download the Mailbox App from App Store for a free, you will be in waiting list like 300.K and probably you need to wait a long time. So i decided to dig inside this app from my Jailbroken iPhone5 and i found a way how to bypass this.

So just enable the ” ” with iFile from your iOS device.



Continue reading “Simple hack to avoid waiting list in Mailbox App.”

Proud to announce that i successfully finished the training-education project with Turkish Armed Forces

Information security awareness at Republic of Macedonia

Information security awareness at Republic of Macedonia


Like a citizen of Republic of Macedonia I am asking myself, why we are so unsecured?

Why we are not taking care about personal information security?
Why our government servers are getting hacked nearly every day?

Why we are not respecting the personal security law who is in function in our country since  15.03.1994 public newspaper 12/1994 with some updates until 2011.

Why? Why? Why?

Here are the answers:
The public and private sectors that is storing a personal data of the citizens of RM are acting non-­‐sense about information security. During my professional carrier I was able to communicate with some banks and other institutions that was really unsecured and ready to be hacked. During my communication with these holders of personal data I was getting a non-­‐sense answer like: “we have a backup and we are secure” Come on guys, we are talking about personal information leak and flaws and hacks and information and identity thief! When you don’t know something doesn’t try to improvise things. The companies and institutions here at RM are not playing the game with the rules. Continue reading “Information security awareness at Republic of Macedonia”

Be aware from Easy Job Position !

Dear my friends,colleagues,relatives

Please beware of company 

At , May 19 -2011 I contacted from a employee Ilija Vinokurovs for this position:

 Dear Senad Aruc,

I am writing to you from the company NTU in Denmark. We have been invited to submit our proposal for an EU-funded project entitled “Provision of technical assistance related to Database Development operations under Component IV (Human Resources Development_ of IPA (Instrument for Pre-Accession Assistance) in Croatia”, in which we need a specialist for the position as (Senior Expert Position), and I have read your CV on the internet with great interest. So please take a look at the enclosed Terms of Reference and let me know if you would be interested and available for this assignment. Continue reading “Be aware from Easy Job Position !”

Blog at

Up ↑