Exploitation

Tue
01
Sep

Paradox of Web Leeching

Contributed by Aditya K Sood

Tue
01
Sep

Security Issues With Address Resolution Protocol

Contributed by Akash Shrivastava

Any computer which is connected to the Network (LAN or WAN) has two addresses. One is the IP Address (An IP Address is a 32-bit number included of a host number and a network prefix, both of which are used to uniquely identify each node within a network), and the second is Physical or Ethernet Address called MAC Address (An Ethernet address or MAC Address is a 48-bit six-part hexadecimal number in which a colon separates each part, for example, 8:0:20:1:2f:0. This number identifies the Ethernet board installed in a PC and is used to identify the PC as a member of the network).
The foremost intention of present study is to understand and deal with the subject of ARP Spoofing.

The issue that how ARP spoofing can be used for different kind of attacks to Network Structure and Operating Systems and how to provide countermeasures to protect them has been reviewed and discussed in this article.

Mon
31
Aug

ARP Poisoning In Practice

Contributed by DiabloHorn & Kimatrix

Well here we are again DiabloHorn and Kimatrix this time with a finished CCNA semester. We have been busy with some school things like finishing the ccna lessons but it has brought us more things to play with like ARP. We digged up some info on arp and layer2 and started to read. After finishing ccna and done reading the papers we decided to put it all into practice in a controlled environment. So that we could test the things that where discussed in the papers. We decided to ask our teacher if we could borrow the lab and well he said yes :D

This document is in PDF format. To view it click here.

Fri
28
Aug

Application Denial of Service (DoS) Attacks

Contributed by Corsaire and Stephen de Vries

In order to achieve business goals, organisations frequently have to develop bespoke application solutions or customise commercial off-the-shelf (COTS) packages. These range from complex back-office database applications, CRMs and asset management systems to customer-facing fat and thin applications. Corporate web-applications offer anything from a simple brochure request to a full e-business implementation.

Availability of these services is important for customers and users of the site, with any disruption directly affecting revenues, negatively impacting confidence in the company or even damaging the brand.

Mon
24
Aug

Malicious Code Injection: It’s Not Just for SQL Anymore

Contributed by Bryan Sullivan

More and more, developers are becoming aware of the threats posed by malicious code, and SQL injection in particular, and by leaving code vulnerable to such attacks. However, while SQL is the most popular type of code injection attack, there are several others that can be just as dangerous to your applications and your data, including LDAP injection and XPath injection. While these may not be as well-known to developers, they are already in the hands of hackers, and they should be of concern.

This document is in PDF format. To view it click here.

Pages

Subscribe to RSS - Exploitation