Stack-Based Buffer Overflow Explained

Contributed by Marc Koser.

This paper is intended to demystify the complicated subject of stack-based overflows. I have written this paper for people who may not have a background in computer science. I explain what a buffer is, what the different parts of a buffer are used for, how to craft a buffer overflow, and what happens when a buffer overflow is executed on a victim. Additionally, I explain common payloads and exploits that are run in the attack, and investigate post-exploitation activities.


Mobile Device Attacks

Contributed by Vicki Holzknecht.

comScore reported for the month of September, the top two smartphone market share holders in the United States are Android, 52.1% and Apple, 41.7% (Lella, 2014). Many users go about their day checking /sending email, text messaging, sharing photos on social media sites without ever thinking about the security angle of their daily activities performed on mobile device. In May 2014, ConsumerReports discovered thirty-four percent of the smartphone users did not enable any security features on device (Tapellini, 2014). Last year alone, mobile malware attacks rapidly grew to one hundred and sixty-seven percent (Vinton, 2014); approximately 100,000 malicious programs for mobile devices were detected (Hilburn, 2014). This paper is broken down into the following areas: Mobile Attacks and Don’t Be A Victim.


Vulnerabilities and Prevention of Session Hijacking

Contributed by Taylor Charles.


SQL Injections

Contributed by Miguel Vega.


Demystifying Google Hacks

Contributed by Debasis Mohanty

Google is world’s most popular and powerful search engine which has the ability to accept pre-defined commands as input and produce unbelievable results. This enables malicious users like hackers, crackers, and script kiddies etc to use Google search engine extensively to gather confidential or sensitive information which is not visible through common searches.

In this paper I shall cover the below given points that an administrators or security professionals must take into account to prevent such information disclosures:

- Google’s Advance Search Query Syntaxes
- Querying for vulnerable sites or servers using Google’s advance syntaxes
- Securing servers or sites from Google’s invasion

This document is in PDF format. To view it click here.


Subscribe to RSS - Exploitation