Exploitation

Fri
08
Apr

Bypassing NoScript Security Suite Using Cross-Site Scripting and MITM Attacks

Contributed by Mazin Ahmed

NoScript Security Suite is a powerful security add-on for Firefox, Seamonkey and other Mozilla-based browsers. Its main task is to block Javascript, Flash, Java, as well as many other plugins from executing untrusted code on the user’s browser through blocking it and only allowing certain trusted whitelisted sites.

This paper discusses different techniques that an attacker can use to bypass NoScript Security Suite Protection. These techniques can be used by malicious vectors in bypassing the default installation of NoScript. The paper also provides solutions and recommendations for end-users that can enhances the current protection of NoScript Security Suite.

This document is in PDF format. To view it click here.

Tue
23
Feb

Radio Frequency Interference and its Use as a Weapon

Contributed by Helen Gantt

Electromagnetic radio frequency emitters are common and are used legitimately in everyday applications such as wireless communications and Global Positioning Systems. It is also common that the electromagnetic energy that RF emitters produce will affect other electronic devices, called electromagnetic interference (EMI). An example is using a walkie talkie near a television. The signal is picked up by the television's antenna and distorts the picture. If RF emitters are used to purposely disrupt electronics, they then become a weapon. They are more powerful and therefore cause more damage than ordinary RF emitters. In this paper, I will discuss this type of weapon further, how it might be used, and why an attacker would consider this technology as a weapon. This discussion will be limited to the security threats of everyday private sector systems, and will not delve into the realm of its use for the purpose of war.

Tue
23
Feb

NDI5aster – Privilege Escalation through NDIS 5.x Filter Intermediate Drivers

Contributed by KyREcon

Mon
11
Jan

Exploiting JSON Framework : 7 Attack Shots

Contributed by Aditya K Sood

This article define the layout of the exploiting factors of web attacks ie where the JSON framework is compromised.The article is consistent in explaining the pros of the web attack related to JSON.

This document is in PDF format. To view it click here.

Fri
08
Jan

Purple Paper: Exegesis of Virtual Hosts Hacking

Contributed by Petro Petkov and Pagvac (Adrian Pastor)

There is a lot that we can say about finding virtual hosts from a given IP address. Sometimes this task is straightforward, other times a bit of thinking is required. However, in general it is not a mission impossible.

During the last few years, domain name databases have emerged like mushrooms after a rainy day. This has certainly increased the awareness among security professionals about the possibility of using virtual hosts as backdoors when testing the security of a given organization. In reality, a good attacker will try to break into your organization by knocking on the not-so-obvious doors.

Pages

Subscribe to RSS - Exploitation