Drive-By Download Attacks

Contributed by Coley J. Stevens
Over the past few years, we seen the rise of drive-by downloads. Drive-by download attacks are malicious automated programs, that are employed on systems without the user’s permission or knowledge. Today, this method is one of the most common ways malware is spread. In this report we will learn about how drive-by downloads operate and the different methods used to implement drive-by downloads. Readers will also get to see how detrimental these attacks can be with some real-life examples. To end the report, we will look into a few ways to prevent drive-by downloads from doing serious damage and to better prepare readers to not fall victim to the process of the attacks.
This document is in PDF format. To view it click here.


SQL Injection Attacks: What They Are and How to Secure Against Them

Contributed by Jonathan B. Mcleod
There are many threats these days that IT security Professionals have to protect against when maintaining applications that are accessible over the Internet.  One of the most common attacks against web applications is SQL injection attacks.
This document is in PDF format. To view it click here.


X86 processor architecture vulnerabilities and Intrusion Detection and Prevention

Contributed by Timothy E. Robinson


The Evolution to Fileless Malware

Contributed by David Patten

Malware and viruses have been around since the early days of computers. The computer security industry has often played a game of cat and mouse with malware authors in which the malware authors create new and complex malware programs and the security industry develops better programs to protect and prevent malware. Recently malware has taken a new approach to attacking computers, fileless malware that does not rely on writing complex malware programs. This new fileless malware depends on commonly installed programs to cause damage and extract information. This paper provides a look at the evolution malware followed by an examination of the use of .NET Framework, PowerShell, offensive PowerShell tools, and PowerShell Forensic Tools.

This document is in PDF format. To view it click here.


Hacking Back – Offense/Defense in Enterprise IT Security

Contributed by Edgar Hurtado Jr

One of the many thoughts that travel through the minds of the computer user are these questions, Am I being hacked? Am I safe to open this email? Am I vulnerable to a malware? Unfortunately in today’s day and age we are very open to hackers invading our personal privacy and personal values without any high risks for them to be caught and persecuted. There are millions of individuals all over the world currently connected to the internet if either for personal or professional use. Many of those users are providing some scale of defense from outside attacks to the network connection they are on. But can we gather the attacker’s intrusion information and attack them back. May we be considered a hacker even though it is to locate and stop that hacker from any future attacks? That will be up to you and I will try to present the views of hacking back being a way to fight the increasing flood of hackers.


Subscribe to RSS - Exploitation