Exploitation

Thu
14
May

Session Hijacking: Exploiting TCP, UDP and HTTP Sessions

Contributed by Shray Kapoor

Session hijacking can be done at two levels: Network Level and Application Level. Network layer hijacking involves TCP and UDP sessions, whereas Application level session hijack occurs with HTTP sessions. Successful attack on network level sessions will provide the attacker some critical information which will than be used to attack application level sessions, so most of the time they occur together depending on the system that is attacked. Network level attacks are most attractive to an attacker because they do not have to be customized on web application basis; they simply attack the data flow of the protocol, which is common for all web applications.

This document is in PDF format. To view it click here.

Thu
14
May

Exploring Advanced Persistent Threats and Advanced Evasion Techniques

Contributed by Sameer Thadani.

We live in a world with a new arena for committing crimes, the Cyber arena. The Internet that’s composed of multiple connected computer networks has become the grounds of battle. As corporations and governments agencies focus on creating a strong defense in the battle, adversaries focus on becoming quieter and more patient. This new mindset for attackers is allowing them to carry out large, highly disruptive attacks on key information systems around the globe. With a new mindset came new techniques as to the infiltration of unauthorized computer systems. Understanding these highly sophisticated attacks known as Advanced Persistent Threats (APT) and infiltration techniques known, as Advanced Evasion Techniques (AET) will be the basis of this paper.

Pages

Subscribe to RSS - Exploitation