InfoSecWriters.com - Exploitation http://infosecwriters.com/articles/exploitation en The Evolution to Fileless Malware http://infosecwriters.com/articles/2017/04/27/evolution-fileless-malware <div class="field field-name-field-image field-type-image field-label-hidden"><div class="field-items"><div class="field-item even" rel="og:image rdfs:seeAlso" resource="http://infosecwriters.com/sites/default/files/styles/article_image_full_node/public/field/image/fileless.jpg?itok=pNX9yU7D"><img typeof="foaf:Image" src="http://infosecwriters.com/sites/default/files/styles/article_image_full_node/public/field/image/fileless.jpg?itok=pNX9yU7D" width="700" height="467" alt="" /></div></div></div><div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even" property="content:encoded"><p>Contributed by David Patten</p> <p>Malware and viruses have been around since the early days of computers. The computer security industry has often played a game of cat and mouse with malware authors in which the malware authors create new and complex malware programs and the security industry develops better programs to protect and prevent malware. Recently malware has taken a new approach to attacking computers, fileless malware that does not rely on writing complex malware programs. This new fileless malware depends on commonly installed programs to cause damage and extract information. This paper provides a look at the evolution malware followed by an examination of the use of .NET Framework, PowerShell, offensive PowerShell tools, and PowerShell Forensic Tools. </p> <p>This document is in PDF format. <a href="http://www.infosecwriters.com/Papers/DPatten_Fileless.pdf">To view it click here</a>.</p> </div></div></div><div class="field field-name-field-rate field-type-fivestar field-label-inline clearfix"><div class="field-label">Rate this article:&nbsp;</div><div class="field-items"><div class="field-item even"><form class="fivestar-widget" action="/taxonomy/term/4/feed" method="post" id="fivestar-custom-widget" accept-charset="UTF-8"><div><div class="clearfix fivestar-average-text fivestar-average-stars fivestar-form-item fivestar-default"><div class="form-item form-type-fivestar form-item-vote"> <div class="form-item form-type-select form-item-vote"> <select id="edit-vote--2" name="vote" class="form-select"><option value="-">Select rating</option><option value="20">Give The Evolution to Fileless Malware 1/5</option><option value="40">Give The Evolution to Fileless Malware 2/5</option><option value="60">Give The Evolution to Fileless Malware 3/5</option><option value="80">Give The Evolution to Fileless Malware 4/5</option><option value="100">Give The Evolution to Fileless Malware 5/5</option></select> <div class="description"><div class="fivestar-summary fivestar-summary-average-count"><span class="empty">No votes yet</span></div></div> </div> </div> </div><input class="fivestar-submit form-submit" type="submit" id="edit-fivestar-submit" name="op" value="Rate" /><input type="hidden" name="form_build_id" value="form-zGkmAxo-eBY46QlK-gOIbIahZFC-Nxu3JhMDJbIVQtg" /> <input type="hidden" name="form_id" value="fivestar_custom_widget" /> </div></form></div></div></div> Thu, 27 Apr 2017 13:14:22 +0000 manager 461 at http://infosecwriters.com http://infosecwriters.com/articles/2017/04/27/evolution-fileless-malware#comments Hacking Back – Offense/Defense in Enterprise IT Security http://infosecwriters.com/articles/2017/04/26/hacking-back-%E2%80%93-offensedefense-enterprise-it-security <div class="field field-name-field-image field-type-image field-label-hidden"><div class="field-items"><div class="field-item even" rel="og:image rdfs:seeAlso" resource="http://infosecwriters.com/sites/default/files/styles/article_image_full_node/public/field/image/attack2.jpg?itok=6-aZGwk6"><img typeof="foaf:Image" src="http://infosecwriters.com/sites/default/files/styles/article_image_full_node/public/field/image/attack2.jpg?itok=6-aZGwk6" width="700" height="954" alt="" /></div></div></div><div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even" property="content:encoded"><p>Contributed by Edgar Hurtado Jr</p> <p>One of the many thoughts that travel through the minds of the computer user are these questions, Am I being hacked? Am I safe to open this email? Am I vulnerable to a malware? Unfortunately in today’s day and age we are very open to hackers invading our personal privacy and personal values without any high risks for them to be caught and persecuted. There are millions of individuals all over the world currently connected to the internet if either for personal or professional use. Many of those users are providing some scale of defense from outside attacks to the network connection they are on. But can we gather the attacker’s intrusion information and attack them back. May we be considered a hacker even though it is to locate and stop that hacker from any future attacks? That will be up to you and I will try to present the views of hacking back being a way to fight the increasing flood of hackers.</p> <p>This document is in PDF format. <a href="http://www.infosecwriters.com/Papers/EHurtado_Offense.pdf">To view it click here</a>.</p> </div></div></div><div class="field field-name-field-rate field-type-fivestar field-label-inline clearfix"><div class="field-label">Rate this article:&nbsp;</div><div class="field-items"><div class="field-item even"><form class="fivestar-widget" action="/taxonomy/term/4/feed" method="post" id="fivestar-custom-widget--2" accept-charset="UTF-8"><div><div class="clearfix fivestar-average-text fivestar-average-stars fivestar-form-item fivestar-default"><div class="form-item form-type-fivestar form-item-vote"> <div class="form-item form-type-select form-item-vote"> <select id="edit-vote--4" name="vote" class="form-select"><option value="-">Select rating</option><option value="20">Give Hacking Back – Offense/Defense in Enterprise IT Security 1/5</option><option value="40">Give Hacking Back – Offense/Defense in Enterprise IT Security 2/5</option><option value="60">Give Hacking Back – Offense/Defense in Enterprise IT Security 3/5</option><option value="80">Give Hacking Back – Offense/Defense in Enterprise IT Security 4/5</option><option value="100" selected="selected">Give Hacking Back – Offense/Defense in Enterprise IT Security 5/5</option></select> <div class="description"><div class="fivestar-summary fivestar-summary-average-count"><span class="average-rating">Average: <span >4.5</span></span> <span class="total-votes">(<span >2</span> votes)</span></div></div> </div> </div> </div><input class="fivestar-submit form-submit" type="submit" id="edit-fivestar-submit--2" name="op" value="Rate" /><input type="hidden" name="form_build_id" value="form-x8_Zj_-J-3O9H36eT-HbjLcCc1cwF9sCL_XYS9sOk08" /> <input type="hidden" name="form_id" value="fivestar_custom_widget" /> </div></form></div></div></div> Wed, 26 Apr 2017 13:47:18 +0000 manager 460 at http://infosecwriters.com http://infosecwriters.com/articles/2017/04/26/hacking-back-%E2%80%93-offensedefense-enterprise-it-security#comments Keyloggers: A Threat to Your Data http://infosecwriters.com/articles/2017/04/20/keyloggers-threat-your-data <div class="field field-name-field-image field-type-image field-label-hidden"><div class="field-items"><div class="field-item even" rel="og:image rdfs:seeAlso" resource="http://infosecwriters.com/sites/default/files/styles/article_image_full_node/public/field/image/C64.jpg?itok=56Yy2h9J"><img typeof="foaf:Image" src="http://infosecwriters.com/sites/default/files/styles/article_image_full_node/public/field/image/C64.jpg?itok=56Yy2h9J" width="583" height="326" alt="" /></div></div></div><div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even" property="content:encoded"><p>Contributed by Ezequiel Guerra</p> <p>As more and more people throughout the world utilize the Internet to access their personal data. The greater the chance their data can be stolen. Millions of people access a variety of online accounts and websites daily such as email, banking, shopping, stock market, billing, career and social media. In this paper, I will be discussing a major threat to your data and accounts, keyloggers.</p> <p>This document is in PDF format. <a href="http://www.infosecwriters.com/Papers/EGuerra_Keyloggers.pdf">To view it click here</a>.</p> </div></div></div><div class="field field-name-field-rate field-type-fivestar field-label-inline clearfix"><div class="field-label">Rate this article:&nbsp;</div><div class="field-items"><div class="field-item even"><form class="fivestar-widget" action="/taxonomy/term/4/feed" method="post" id="fivestar-custom-widget--3" accept-charset="UTF-8"><div><div class="clearfix fivestar-average-text fivestar-average-stars fivestar-form-item fivestar-default"><div class="form-item form-type-fivestar form-item-vote"> <div class="form-item form-type-select form-item-vote"> <select id="edit-vote--6" name="vote" class="form-select"><option value="-">Select rating</option><option value="20">Give Keyloggers: A Threat to Your Data 1/5</option><option value="40">Give Keyloggers: A Threat to Your Data 2/5</option><option value="60">Give Keyloggers: A Threat to Your Data 3/5</option><option value="80">Give Keyloggers: A Threat to Your Data 4/5</option><option value="100">Give Keyloggers: A Threat to Your Data 5/5</option></select> <div class="description"><div class="fivestar-summary fivestar-summary-average-count"><span class="empty">No votes yet</span></div></div> </div> </div> </div><input class="fivestar-submit form-submit" type="submit" id="edit-fivestar-submit--3" name="op" value="Rate" /><input type="hidden" name="form_build_id" value="form-r7qEmfT2hDyde4lOKKDhNnXgW8AxOrOtlJZ-QZ97Sy0" /> <input type="hidden" name="form_id" value="fivestar_custom_widget" /> </div></form></div></div></div> Thu, 20 Apr 2017 14:23:05 +0000 manager 456 at http://infosecwriters.com http://infosecwriters.com/articles/2017/04/20/keyloggers-threat-your-data#comments The Connected Vehicle: Vulnerabilities, Future, and Security http://infosecwriters.com/articles/2017/04/19/connected-vehicle-vulnerabilities-future-and-security <div class="field field-name-field-image field-type-image field-label-hidden"><div class="field-items"><div class="field-item even" rel="og:image rdfs:seeAlso" resource="http://infosecwriters.com/sites/default/files/styles/article_image_full_node/public/field/image/tesla.jpg?itok=L6SpHqD8"><img typeof="foaf:Image" src="http://infosecwriters.com/sites/default/files/styles/article_image_full_node/public/field/image/tesla.jpg?itok=L6SpHqD8" width="287" height="175" alt="" /></div></div></div><div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even" property="content:encoded"><p>Contributed by Cory Church</p> <p>This paper will focus on the threats and vulnerabilities in the new field of connected cars. With most car manufacturers trying to push out connected cars as quickly as possible it is becoming apparent that they may not be putting as much time and money into the security of their vehicles. In the paper, several vulnerabilities that have been discovered and tested will be discussed and we will see how these we patched in the cars that were affected. We will also consider how companies can better secure their vehicles before putting them into mass production. Lastly, the paper will try to see if the benefits of having our cars connected to the internet out way the risks and what it means for the future of self-driving cars.</p> <p>This document is in PDF format. <a href="http://www.infosecwriters.com/Papers/CChurch_Vehicle.pdf">To view it click here</a>.</p> </div></div></div><div class="field field-name-field-rate field-type-fivestar field-label-inline clearfix"><div class="field-label">Rate this article:&nbsp;</div><div class="field-items"><div class="field-item even"><form class="fivestar-widget" action="/taxonomy/term/4/feed" method="post" id="fivestar-custom-widget--4" accept-charset="UTF-8"><div><div class="clearfix fivestar-average-text fivestar-average-stars fivestar-form-item fivestar-default"><div class="form-item form-type-fivestar form-item-vote"> <div class="form-item form-type-select form-item-vote"> <select id="edit-vote--8" name="vote" class="form-select"><option value="-">Select rating</option><option value="20">Give The Connected Vehicle: Vulnerabilities, Future, and Security 1/5</option><option value="40">Give The Connected Vehicle: Vulnerabilities, Future, and Security 2/5</option><option value="60">Give The Connected Vehicle: Vulnerabilities, Future, and Security 3/5</option><option value="80">Give The Connected Vehicle: Vulnerabilities, Future, and Security 4/5</option><option value="100" selected="selected">Give The Connected Vehicle: Vulnerabilities, Future, and Security 5/5</option></select> <div class="description"><div class="fivestar-summary fivestar-summary-average-count"><span class="average-rating">Average: <span >5</span></span> <span class="total-votes">(<span >6</span> votes)</span></div></div> </div> </div> </div><input class="fivestar-submit form-submit" type="submit" id="edit-fivestar-submit--4" name="op" value="Rate" /><input type="hidden" name="form_build_id" value="form-Z18tO0wglaTazXI-IwlZPa9_LbAkiZWGaOEowhqQeGo" /> <input type="hidden" name="form_id" value="fivestar_custom_widget" /> </div></form></div></div></div> Wed, 19 Apr 2017 12:39:52 +0000 manager 455 at http://infosecwriters.com http://infosecwriters.com/articles/2017/04/19/connected-vehicle-vulnerabilities-future-and-security#comments Malware Behavior & Implementation Strategies: Forms of Malware Attacks & Their Effects http://infosecwriters.com/articles/2017/04/17/malware-behavior-implementation-strategies-forms-malware-attacks-their-effects <div class="field field-name-field-image field-type-image field-label-hidden"><div class="field-items"><div class="field-item even" rel="og:image rdfs:seeAlso" resource="http://infosecwriters.com/sites/default/files/styles/article_image_full_node/public/field/image/malware_1.jpg?itok=TsLIqoqY"><img typeof="foaf:Image" src="http://infosecwriters.com/sites/default/files/styles/article_image_full_node/public/field/image/malware_1.jpg?itok=TsLIqoqY" width="700" height="396" alt="" /></div></div></div><div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even" property="content:encoded"><p>Contributed by Andrew L. Ramirez</p> <p>The fight against the latest malware on both client and server side attacks hasn’t ever been as crucial as it is today. Nowadays, the malware we encounter and are actively seeing in our networks and computers are becoming more and more sophisticated and are adapting to the counter measures that are being taken against them. Malware comes in many forms that all affect systems differently. In recent events, IBM Security recently warned banks and their commercial customers that hackers are using a variant of Dyre, christened “The Dyre Wolf.” To attack online banking systems (Kitten, 2015). This particular form of malware targets banking institutions but more specifically their back-end systems and online-banking platforms.</p> <p>This document is in PDF format. <a href="http://www.infosecwriters.com/Papers/ARamirez_Malware.pdf">To view it click here</a>.</p> </div></div></div><div class="field field-name-field-rate field-type-fivestar field-label-inline clearfix"><div class="field-label">Rate this article:&nbsp;</div><div class="field-items"><div class="field-item even"><form class="fivestar-widget" action="/taxonomy/term/4/feed" method="post" id="fivestar-custom-widget--5" accept-charset="UTF-8"><div><div class="clearfix fivestar-average-text fivestar-average-stars fivestar-form-item fivestar-default"><div class="form-item form-type-fivestar form-item-vote"> <div class="form-item form-type-select form-item-vote"> <select id="edit-vote--10" name="vote" class="form-select"><option value="-">Select rating</option><option value="20">Give Malware Behavior &amp;amp; Implementation Strategies: Forms of Malware Attacks &amp;amp; Their Effects 1/5</option><option value="40">Give Malware Behavior &amp;amp; Implementation Strategies: Forms of Malware Attacks &amp;amp; Their Effects 2/5</option><option value="60">Give Malware Behavior &amp;amp; Implementation Strategies: Forms of Malware Attacks &amp;amp; Their Effects 3/5</option><option value="80">Give Malware Behavior &amp;amp; Implementation Strategies: Forms of Malware Attacks &amp;amp; Their Effects 4/5</option><option value="100">Give Malware Behavior &amp;amp; Implementation Strategies: Forms of Malware Attacks &amp;amp; Their Effects 5/5</option></select> <div class="description"><div class="fivestar-summary fivestar-summary-average-count"><span class="empty">No votes yet</span></div></div> </div> </div> </div><input class="fivestar-submit form-submit" type="submit" id="edit-fivestar-submit--5" name="op" value="Rate" /><input type="hidden" name="form_build_id" value="form-xqd-9LbLz8FFT-EKf3yAy8_8u_5I-9tnmJupthy63-E" /> <input type="hidden" name="form_id" value="fivestar_custom_widget" /> </div></form></div></div></div> Mon, 17 Apr 2017 15:42:15 +0000 manager 453 at http://infosecwriters.com http://infosecwriters.com/articles/2017/04/17/malware-behavior-implementation-strategies-forms-malware-attacks-their-effects#comments RowHammer http://infosecwriters.com/articles/2017/04/10/rowhammer <div class="field field-name-field-image field-type-image field-label-hidden"><div class="field-items"><div class="field-item even" rel="og:image rdfs:seeAlso" resource="http://infosecwriters.com/sites/default/files/styles/article_image_full_node/public/field/image/mlss_luigi-hammer.jpg?itok=I3eJuwmG"><img typeof="foaf:Image" src="http://infosecwriters.com/sites/default/files/styles/article_image_full_node/public/field/image/mlss_luigi-hammer.jpg?itok=I3eJuwmG" width="700" height="535" alt="" /></div></div></div><div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even" property="content:encoded"><p>Contributed by Roy schmiedeshoff</p> <p>This rowhammer bug is a hardware fault found in many DRAM memory modules manufactured from 2010 onward. Basically, continued refreshing rows of memory cells can cause bits to flip in adjacent rows. With an x86 running Linux, if you can induce corruption into DRAM, then potentially you could also discover methods to take over the kernel. Looking at how memory is structured will give us an understanding of the rowhammer bug, how it’s creatively exploited, and what steps memory designers can take to mitigate or remove the potential threat.</p> <p>This document is in PDF format. <a href="http://www.infosecwriters.com/Papers/RSchmiedeshoff_rowhammer.pdf">To view it click here</a>.</p> </div></div></div><div class="field field-name-field-rate field-type-fivestar field-label-inline clearfix"><div class="field-label">Rate this article:&nbsp;</div><div class="field-items"><div class="field-item even"><form class="fivestar-widget" action="/taxonomy/term/4/feed" method="post" id="fivestar-custom-widget--6" accept-charset="UTF-8"><div><div class="clearfix fivestar-average-text fivestar-average-stars fivestar-form-item fivestar-default"><div class="form-item form-type-fivestar form-item-vote"> <div class="form-item form-type-select form-item-vote"> <select id="edit-vote--12" name="vote" class="form-select"><option value="-">Select rating</option><option value="20">Give RowHammer 1/5</option><option value="40">Give RowHammer 2/5</option><option value="60">Give RowHammer 3/5</option><option value="80">Give RowHammer 4/5</option><option value="100">Give RowHammer 5/5</option></select> <div class="description"><div class="fivestar-summary fivestar-summary-average-count"><span class="empty">No votes yet</span></div></div> </div> </div> </div><input class="fivestar-submit form-submit" type="submit" id="edit-fivestar-submit--6" name="op" value="Rate" /><input type="hidden" name="form_build_id" value="form-cqy3-WGx8rtlRMjM08-8fuo6uKDIfvx9G5Qnw9qfTFk" /> <input type="hidden" name="form_id" value="fivestar_custom_widget" /> </div></form></div></div></div> Mon, 10 Apr 2017 20:40:21 +0000 manager 450 at http://infosecwriters.com http://infosecwriters.com/articles/2017/04/10/rowhammer#comments XSS Attacks FAQ http://infosecwriters.com/articles/2017/02/28/xss-attacks-faq <div class="field field-name-field-image field-type-image field-label-hidden"><div class="field-items"><div class="field-item even" rel="og:image rdfs:seeAlso" resource="http://infosecwriters.com/sites/default/files/styles/article_image_full_node/public/field/image/xss3.png?itok=onu-Nt7S"><img typeof="foaf:Image" src="http://infosecwriters.com/sites/default/files/styles/article_image_full_node/public/field/image/xss3.png?itok=onu-Nt7S" width="523" height="440" alt="" /></div></div></div><div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even" property="content:encoded"><p>Contributed by Aelphaeis Mangarae a.k.a. Chris Morganti</p> <p>XSS attacks are becoming a big problem and are going to become an extremely big problem if people do not educate themselves about XSS attacks and vulnerabilities, XSS vulnerabilities have been found in all sorts of websites including fbi.gov, yahoo.com, ebay.com and many other popular and important websites, a lot of administrators fail to pay attention to XSS attacks because they either don't know much about them or they do not see them as a threat, an XSS vulnerability when exploited by a skilled attacker or even a novice can be a very powerful attack. This paper details XSS attacks and hopes to educate you on what they are, how attackers use them and of course how you can prevent them from happening.</p> <p>This document is in PDF format. <a href="http://www.infosecwriters.com/Papers/XSS_Attack_FAQ.pdf">To view it click here</a>.</p> </div></div></div><div class="field field-name-field-rate field-type-fivestar field-label-inline clearfix"><div class="field-label">Rate this article:&nbsp;</div><div class="field-items"><div class="field-item even"><form class="fivestar-widget" action="/taxonomy/term/4/feed" method="post" id="fivestar-custom-widget--7" accept-charset="UTF-8"><div><div class="clearfix fivestar-average-text fivestar-average-stars fivestar-form-item fivestar-default"><div class="form-item form-type-fivestar form-item-vote"> <div class="form-item form-type-select form-item-vote"> <select id="edit-vote--14" name="vote" class="form-select"><option value="-">Select rating</option><option value="20">Give XSS Attacks FAQ 1/5</option><option value="40">Give XSS Attacks FAQ 2/5</option><option value="60">Give XSS Attacks FAQ 3/5</option><option value="80">Give XSS Attacks FAQ 4/5</option><option value="100">Give XSS Attacks FAQ 5/5</option></select> <div class="description"><div class="fivestar-summary fivestar-summary-average-count"><span class="empty">No votes yet</span></div></div> </div> </div> </div><input class="fivestar-submit form-submit" type="submit" id="edit-fivestar-submit--7" name="op" value="Rate" /><input type="hidden" name="form_build_id" value="form-oPhvLsiLGwrnTECQO8MsaO868ioPeJO27y69p8P-QUo" /> <input type="hidden" name="form_id" value="fivestar_custom_widget" /> </div></form></div></div></div> Tue, 28 Feb 2017 13:21:35 +0000 manager 446 at http://infosecwriters.com http://infosecwriters.com/articles/2017/02/28/xss-attacks-faq#comments Understanding Cross Site Scripting http://infosecwriters.com/articles/2017/02/28/understanding-cross-site-scripting <div class="field field-name-field-image field-type-image field-label-hidden"><div class="field-items"><div class="field-item even" rel="og:image rdfs:seeAlso" resource="http://infosecwriters.com/sites/default/files/styles/article_image_full_node/public/field/image/xss1.jpg?itok=2nmdaosj"><img typeof="foaf:Image" src="http://infosecwriters.com/sites/default/files/styles/article_image_full_node/public/field/image/xss1.jpg?itok=2nmdaosj" width="258" height="197" alt="" /></div></div></div><div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even" property="content:encoded"><p>Contributed by Hardik Shah</p> <p>There are many techniques which a intruder can use to compromise the web applications. One such techniques is called XSS or CSS or cross site scripting. With the help of such vulnerability intruder can easily use some social engineering trick to PHISH the important data of a user. It can also invoke an automated script to perform some operations.</p> <p>In this article I will try to show you how such attacks are performed and what precautions you need to maker sure that you don’ t lost you valuable details and other important information.</p> <p>This document is in PDF format. <a href="http://www.infosecwriters.com/Papers/XSS_HShah.pdf">To view it click here</a>.</p> </div></div></div><div class="field field-name-field-rate field-type-fivestar field-label-inline clearfix"><div class="field-label">Rate this article:&nbsp;</div><div class="field-items"><div class="field-item even"><form class="fivestar-widget" action="/taxonomy/term/4/feed" method="post" id="fivestar-custom-widget--8" accept-charset="UTF-8"><div><div class="clearfix fivestar-average-text fivestar-average-stars fivestar-form-item fivestar-default"><div class="form-item form-type-fivestar form-item-vote"> <div class="form-item form-type-select form-item-vote"> <select id="edit-vote--16" name="vote" class="form-select"><option value="-">Select rating</option><option value="20">Give Understanding Cross Site Scripting 1/5</option><option value="40">Give Understanding Cross Site Scripting 2/5</option><option value="60">Give Understanding Cross Site Scripting 3/5</option><option value="80">Give Understanding Cross Site Scripting 4/5</option><option value="100">Give Understanding Cross Site Scripting 5/5</option></select> <div class="description"><div class="fivestar-summary fivestar-summary-average-count"><span class="empty">No votes yet</span></div></div> </div> </div> </div><input class="fivestar-submit form-submit" type="submit" id="edit-fivestar-submit--8" name="op" value="Rate" /><input type="hidden" name="form_build_id" value="form-E11rbBmIk1sHybIdPBC_5hehQscHkgZrA4XZdr2h_aY" /> <input type="hidden" name="form_id" value="fivestar_custom_widget" /> </div></form></div></div></div> Tue, 28 Feb 2017 13:09:19 +0000 manager 445 at http://infosecwriters.com http://infosecwriters.com/articles/2017/02/28/understanding-cross-site-scripting#comments Hacking Techniques: Web Application Security http://infosecwriters.com/articles/2016/08/22/hacking-techniques-web-application-security <div class="field field-name-field-image field-type-image field-label-hidden"><div class="field-items"><div class="field-item even" rel="og:image rdfs:seeAlso" resource="http://infosecwriters.com/sites/default/files/styles/article_image_full_node/public/field/image/application.jpg?itok=nIoeVpRu"><img typeof="foaf:Image" src="http://infosecwriters.com/sites/default/files/styles/article_image_full_node/public/field/image/application.jpg?itok=nIoeVpRu" width="300" height="225" alt="" /></div></div></div><div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even" property="content:encoded"><p>Contributed by Shynlie Simmons</p> <p>This paper focuses on hacking techniques of web applications and how the implementation of security through programming can keep intruders from wreaking havoc on your system. The paper will define a web application and discuss the architecture of the web application, as it will explain the multiple tier theory. The paper will discuss security in web applications and will look at basic rules in information security planning. The paper will look at seven steps in web application hacking and the top ten vulnerabilities that criminals can exploit in order to gain access and take control of a computer system. It is hoped that security professionals will take a close look at this seriously dangerous security risk in order to help close the security holes that could and do exist in web applications.</p> <p>This document is in PDF format. <a href="http://www.infosecwriters.com/Papers/SSimmons_HackingTechniques_WebApplicationSecurity.pdf">To view it click here</a>.</p> </div></div></div><div class="field field-name-field-rate field-type-fivestar field-label-inline clearfix"><div class="field-label">Rate this article:&nbsp;</div><div class="field-items"><div class="field-item even"><form class="fivestar-widget" action="/taxonomy/term/4/feed" method="post" id="fivestar-custom-widget--9" accept-charset="UTF-8"><div><div class="clearfix fivestar-average-text fivestar-average-stars fivestar-form-item fivestar-default"><div class="form-item form-type-fivestar form-item-vote"> <div class="form-item form-type-select form-item-vote"> <select id="edit-vote--18" name="vote" class="form-select"><option value="-">Select rating</option><option value="20">Give Hacking Techniques: Web Application Security 1/5</option><option value="40">Give Hacking Techniques: Web Application Security 2/5</option><option value="60">Give Hacking Techniques: Web Application Security 3/5</option><option value="80">Give Hacking Techniques: Web Application Security 4/5</option><option value="100">Give Hacking Techniques: Web Application Security 5/5</option></select> <div class="description"><div class="fivestar-summary fivestar-summary-average-count"><span class="empty">No votes yet</span></div></div> </div> </div> </div><input class="fivestar-submit form-submit" type="submit" id="edit-fivestar-submit--9" name="op" value="Rate" /><input type="hidden" name="form_build_id" value="form-mYH5U6UIxs6Fz0WvZdEOOTmFO9emAfwFFyxcFFmX5b8" /> <input type="hidden" name="form_id" value="fivestar_custom_widget" /> </div></form></div></div></div> Mon, 22 Aug 2016 18:40:00 +0000 manager 429 at http://infosecwriters.com http://infosecwriters.com/articles/2016/08/22/hacking-techniques-web-application-security#comments Google UI-Redressing Bug That Discloses The User's Email Address http://infosecwriters.com/articles/2016/04/11/google-ui-redressing-bug-discloses-users-email-address <div class="field field-name-field-image field-type-image field-label-hidden"><div class="field-items"><div class="field-item even" rel="og:image rdfs:seeAlso" resource="http://infosecwriters.com/sites/default/files/styles/article_image_full_node/public/field/image/google.png?itok=uPeM-g4Q"><img typeof="foaf:Image" src="http://infosecwriters.com/sites/default/files/styles/article_image_full_node/public/field/image/google.png?itok=uPeM-g4Q" width="185" height="65" alt="" /></div></div></div><div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even" property="content:encoded"><p>Contributed by Mazin Ahmed</p> <p>In this post, I will be talking about an interesting bug that affects Google Blogger. This security bug has been left undiscovered since almost 2007. The bug allows an attacker to trick the victim into revealing his email address using UI-Redressing techniques.</p> <p>This document is in PDF format. <a href="http://www.infosecwriters.com/Papers/MAhmed_GoogleUI.pdf">To view it click here</a>.</p> </div></div></div><div class="field field-name-field-rate field-type-fivestar field-label-inline clearfix"><div class="field-label">Rate this article:&nbsp;</div><div class="field-items"><div class="field-item even"><form class="fivestar-widget" action="/taxonomy/term/4/feed" method="post" id="fivestar-custom-widget--10" accept-charset="UTF-8"><div><div class="clearfix fivestar-average-text fivestar-average-stars fivestar-form-item fivestar-default"><div class="form-item form-type-fivestar form-item-vote"> <div class="form-item form-type-select form-item-vote"> <select id="edit-vote--20" name="vote" class="form-select"><option value="-">Select rating</option><option value="20">Give Google UI-Redressing Bug That Discloses The User&amp;#039;s Email Address 1/5</option><option value="40">Give Google UI-Redressing Bug That Discloses The User&amp;#039;s Email Address 2/5</option><option value="60">Give Google UI-Redressing Bug That Discloses The User&amp;#039;s Email Address 3/5</option><option value="80">Give Google UI-Redressing Bug That Discloses The User&amp;#039;s Email Address 4/5</option><option value="100" selected="selected">Give Google UI-Redressing Bug That Discloses The User&amp;#039;s Email Address 5/5</option></select> <div class="description"><div class="fivestar-summary fivestar-summary-average-count"><span class="average-rating">Average: <span >5</span></span> <span class="total-votes">(<span >1</span> vote)</span></div></div> </div> </div> </div><input class="fivestar-submit form-submit" type="submit" id="edit-fivestar-submit--10" name="op" value="Rate" /><input type="hidden" name="form_build_id" value="form-oAqLXmoiargtm7sFeRqpXzBZQMimDr7dFFz4bkShNXc" /> <input type="hidden" name="form_id" value="fivestar_custom_widget" /> </div></form></div></div></div> Mon, 11 Apr 2016 14:24:17 +0000 manager 392 at http://infosecwriters.com http://infosecwriters.com/articles/2016/04/11/google-ui-redressing-bug-discloses-users-email-address#comments