Exploitation

Fri
08
Jan

Purple Paper: Exegesis of Virtual Hosts Hacking

Contributed by Petro Petkov and Pagvac (Adrian Pastor)

There is a lot that we can say about finding virtual hosts from a given IP address. Sometimes this task is straightforward, other times a bit of thinking is required. However, in general it is not a mission impossible.

During the last few years, domain name databases have emerged like mushrooms after a rainy day. This has certainly increased the awareness among security professionals about the possibility of using virtual hosts as backdoors when testing the security of a given organization. In reality, a good attacker will try to break into your organization by knocking on the not-so-obvious doors.

Fri
08
Jan

The Evolution of Malicious Agents

Contributed by Lenny Zeltser

This article examines the evolution of malicious agents by analyzing features and limitations of popular viruses, worms, and trojans, detailing the possibility of a new breed of malicious agents currently being developed on the Internet.

This document is in PDF format. To view it click here.

Mon
04
Jan

Content-based Blind Injection Using By Double Substring

Contributed by Zamteng

Blind SQL injection is a type of SQL Injection attack that asks the database true or false questions and determines the answer based on the applications response (Content-based, Time-based)

This document is in PDF format. To view it click here.

Tue
24
Nov

Breaking out of Prison is easier than you think

Contributed by Allen Kabello

This paper explores three published online sources about vulnerabilities in Access Control Points (ACP) with prisons. While there are many different forms of Access Control Point (ACP), the main security system used in our prisons today is a basic Programmable Logic Controller (PLC). This paper refers to many incidents that have happened in prisons across the United States. Which have been only increasing over the years. It will also cover how an attacker on the outside can gain access to any high risk or high violent inmate that can lead to bodily harm to inmates, guards, and civilians which can lead to death. It will also review some of the preventative measures that can be used to limit or remove these incidents from recurring. This paper examines the use of a honeypot system and how to implement an Intrusion Detection System (IDS). It also covers how the physical security should not be solely replaced by machines.

Thu
12
Nov

Social Engineering Threats and Defense

Contributed by

Social Engineering is one of the most effective ways for a company's security to be compromised. Electronic attacks can be prevented by technical means, but social engineering uses the human element of security in order to bypass any electronic safeguards that may be in place. Attackers may use several techniques to manipulate individuals into giving them access to sensitive data. Due to its exploitation of human nature, social engineering is one of the most dangerous threats that companies face in safeguarding information. Social engineering is difficult to prevent due to the unpredictability of humans and their reactions. However, there are ways to mitigate any potential damage by implementing proper information security awareness education and training programs for all employees.

This document is in PDF format. To view it click here.

Pages

Subscribe to RSS - Exploitation