Exploitation

Contributed by Miguel Vega.

Contributed by Debasis Mohanty

Google is world’s most popular and powerful search engine which has the ability to accept pre-defined commands as input and produce unbelievable results. This enables malicious users like hackers, crackers, and script kiddies etc to use Google search engine extensively to gather confidential or sensitive information which is not visible through common searches.

In this paper I shall cover the below given points that an administrators or security professionals must take into account to prevent such information disclosures:

- Google’s Advance Search Query Syntaxes
- Querying for vulnerable sites or servers using Google’s advance syntaxes
- Securing servers or sites from Google’s invasion

This document is in PDF format. To view it click here.

Contributed by Shray Kapoor

Session hijacking can be done at two levels: Network Level and Application Level. Network layer hijacking involves TCP and UDP sessions, whereas Application level session hijack occurs with HTTP sessions. Successful attack on network level sessions will provide the attacker some critical information which will than be used to attack application level sessions, so most of the time they occur together depending on the system that is attacked. Network level attacks are most attractive to an attacker because they do not have to be customized on web application basis; they simply attack the data flow of the protocol, which is common for all web applications.

This document is in PDF format. To view it click here.

Contributed by Sameer Thadani.

We live in a world with a new arena for committing crimes, the Cyber arena. The Internet that’s composed of multiple connected computer networks has become the grounds of battle. As corporations and governments agencies focus on creating a strong defense in the battle, adversaries focus on becoming quieter and more patient. This new mindset for attackers is allowing them to carry out large, highly disruptive attacks on key information systems around the globe. With a new mindset came new techniques as to the infiltration of unauthorized computer systems. Understanding these highly sophisticated attacks known as Advanced Persistent Threats (APT) and infiltration techniques known, as Advanced Evasion Techniques (AET) will be the basis of this paper.