Exploitation

Mon
22
Aug

Hacking Techniques: Web Application Security

Contributed by Shynlie Simmons

This paper focuses on hacking techniques of web applications and how the implementation of security through programming can keep intruders from wreaking havoc on your system. The paper will define a web application and discuss the architecture of the web application, as it will explain the multiple tier theory. The paper will discuss security in web applications and will look at basic rules in information security planning. The paper will look at seven steps in web application hacking and the top ten vulnerabilities that criminals can exploit in order to gain access and take control of a computer system. It is hoped that security professionals will take a close look at this seriously dangerous security risk in order to help close the security holes that could and do exist in web applications.

Mon
11
Apr

Google UI-Redressing Bug That Discloses The User's Email Address

Contributed by Mazin Ahmed

In this post, I will be talking about an interesting bug that affects Google Blogger. This security bug has been left undiscovered since almost 2007. The bug allows an attacker to trick the victim into revealing his email address using UI-Redressing techniques.

This document is in PDF format. To view it click here.

Fri
08
Apr

Bypassing NoScript Security Suite Using Cross-Site Scripting and MITM Attacks

Contributed by Mazin Ahmed

NoScript Security Suite is a powerful security add-on for Firefox, Seamonkey and other Mozilla-based browsers. Its main task is to block Javascript, Flash, Java, as well as many other plugins from executing untrusted code on the user’s browser through blocking it and only allowing certain trusted whitelisted sites.

This paper discusses different techniques that an attacker can use to bypass NoScript Security Suite Protection. These techniques can be used by malicious vectors in bypassing the default installation of NoScript. The paper also provides solutions and recommendations for end-users that can enhances the current protection of NoScript Security Suite.

This document is in PDF format. To view it click here.

Tue
23
Feb

Radio Frequency Interference and its Use as a Weapon

Contributed by Helen Gantt

Electromagnetic radio frequency emitters are common and are used legitimately in everyday applications such as wireless communications and Global Positioning Systems. It is also common that the electromagnetic energy that RF emitters produce will affect other electronic devices, called electromagnetic interference (EMI). An example is using a walkie talkie near a television. The signal is picked up by the television's antenna and distorts the picture. If RF emitters are used to purposely disrupt electronics, they then become a weapon. They are more powerful and therefore cause more damage than ordinary RF emitters. In this paper, I will discuss this type of weapon further, how it might be used, and why an attacker would consider this technology as a weapon. This discussion will be limited to the security threats of everyday private sector systems, and will not delve into the realm of its use for the purpose of war.

Tue
23
Feb

NDI5aster – Privilege Escalation through NDIS 5.x Filter Intermediate Drivers

Contributed by KyREcon

Pages

Subscribe to RSS - Exploitation