Exploitation

Tue
24
Nov

Breaking out of Prison is easier than you think

Contributed by Allen Kabello

This paper explores three published online sources about vulnerabilities in Access Control Points (ACP) with prisons. While there are many different forms of Access Control Point (ACP), the main security system used in our prisons today is a basic Programmable Logic Controller (PLC). This paper refers to many incidents that have happened in prisons across the United States. Which have been only increasing over the years. It will also cover how an attacker on the outside can gain access to any high risk or high violent inmate that can lead to bodily harm to inmates, guards, and civilians which can lead to death. It will also review some of the preventative measures that can be used to limit or remove these incidents from recurring. This paper examines the use of a honeypot system and how to implement an Intrusion Detection System (IDS). It also covers how the physical security should not be solely replaced by machines.

Thu
12
Nov

Social Engineering Threats and Defense

Contributed by

Social Engineering is one of the most effective ways for a company's security to be compromised. Electronic attacks can be prevented by technical means, but social engineering uses the human element of security in order to bypass any electronic safeguards that may be in place. Attackers may use several techniques to manipulate individuals into giving them access to sensitive data. Due to its exploitation of human nature, social engineering is one of the most dangerous threats that companies face in safeguarding information. Social engineering is difficult to prevent due to the unpredictability of humans and their reactions. However, there are ways to mitigate any potential damage by implementing proper information security awareness education and training programs for all employees.

This document is in PDF format. To view it click here.

Mon
09
Nov

Discovering passwords in the memory

Contributed by Abhishek Kumar

Escalation of privileges is a common method of attack where a low privileged user exploits a vulnerability to become an administrator or a higher privileged user. Privilege escalation may be achieved through cracking of administrative passwords, local buffer overflows and stealing of passwords. This paper discusses a common vulnerability that could be exploited by low privileged users to steal critical passwords and escalate their privileges. While this vulnerability has been known for several years, our research indicates that a large number of applications are still vulnerable to this flaw. As of this writing, we have informed the software vendors about the vulnerability, and are working with them to fix it.

This document is in PDF format. To view it click here.

Fri
06
Nov

Stuxnet

Contributed by Andrew Jenkins

Imagine a future when a virus is smart enough to evade detection, and stealthily spread between computers, even ones that are not networked together. Thanks to a virus called Stuxnet that future has become the present. Stuxnet is a computer virus that targets specific industrial control systems. Industrial control systems are used in manufacturing systems as well as to control electrical, water and power plants. Stuxnet’s main goal was to damage centrifuge rotors inside the Natanz Nuclear Fuel Enrichment Plant located in Iran. It seeks to reach this goal through the use of two methods. Stuxnet is unique because it is one of the first cyber-physical attacks in history. This kind of attack is computer or cyber based but the result causes physical damage. This paper seeks to describe how Stuxnet functioned and how such a threat can be prevented in the future.

Mon
02
Nov

Writing Cisco IOS Rootkits

Contributed by Luca

Pages

Subscribe to RSS - Exploitation