Exploitation

Mon
17
Apr

Malware Behavior & Implementation Strategies: Forms of Malware Attacks & Their Effects

Contributed by Andrew L. Ramirez

The fight against the latest malware on both client and server side attacks hasn’t ever been as crucial as it is today. Nowadays, the malware we encounter and are actively seeing in our networks and computers are becoming more and more sophisticated and are adapting to the counter measures that are being taken against them. Malware comes in many forms that all affect systems differently. In recent events, IBM Security recently warned banks and their commercial customers that hackers are using a variant of Dyre, christened “The Dyre Wolf.” To attack online banking systems (Kitten, 2015). This particular form of malware targets banking institutions but more specifically their back-end systems and online-banking platforms.

This document is in PDF format. To view it click here.

Mon
10
Apr

RowHammer

Contributed by Roy schmiedeshoff

This rowhammer bug is a hardware fault found in many DRAM memory modules manufactured from 2010 onward. Basically, continued refreshing rows of memory cells can cause bits to flip in adjacent rows. With an x86 running Linux, if you can induce corruption into DRAM, then potentially you could also discover methods to take over the kernel. Looking at how memory is structured will give us an understanding of the rowhammer bug, how it’s creatively exploited, and what steps memory designers can take to mitigate or remove the potential threat.

This document is in PDF format. To view it click here.

Tue
28
Feb

XSS Attacks FAQ

Contributed by Aelphaeis Mangarae a.k.a. Chris Morganti

XSS attacks are becoming a big problem and are going to become an extremely big problem if people do not educate themselves about XSS attacks and vulnerabilities, XSS vulnerabilities have been found in all sorts of websites including fbi.gov, yahoo.com, ebay.com and many other popular and important websites, a lot of administrators fail to pay attention to XSS attacks because they either don't know much about them or they do not see them as a threat, an XSS vulnerability when exploited by a skilled attacker or even a novice can be a very powerful attack. This paper details XSS attacks and hopes to educate you on what they are, how attackers use them and of course how you can prevent them from happening.

This document is in PDF format. To view it click here.

Tue
28
Feb

Understanding Cross Site Scripting

Contributed by Hardik Shah

There are many techniques which a intruder can use to compromise the web applications. One such techniques is called XSS or CSS or cross site scripting. With the help of such vulnerability intruder can easily use some social engineering trick to PHISH the important data of a user. It can also invoke an automated script to perform some operations.

In this article I will try to show you how such attacks are performed and what precautions you need to maker sure that you don’ t lost you valuable details and other important information.

This document is in PDF format. To view it click here.

Mon
22
Aug

Hacking Techniques: Web Application Security

Contributed by Shynlie Simmons

This paper focuses on hacking techniques of web applications and how the implementation of security through programming can keep intruders from wreaking havoc on your system. The paper will define a web application and discuss the architecture of the web application, as it will explain the multiple tier theory. The paper will discuss security in web applications and will look at basic rules in information security planning. The paper will look at seven steps in web application hacking and the top ten vulnerabilities that criminals can exploit in order to gain access and take control of a computer system. It is hoped that security professionals will take a close look at this seriously dangerous security risk in order to help close the security holes that could and do exist in web applications.

Pages

Subscribe to RSS - Exploitation