The Evolution of Malicious Agents

Contributed by Lenny Zeltser

This article examines the evolution of malicious agents by analyzing features and limitations of popular viruses, worms, and trojans, detailing the possibility of a new breed of malicious agents currently being developed on the Internet.

This document is in PDF format. To view it click here.


Content-based Blind Injection Using By Double Substring

Contributed by Zamteng

Blind SQL injection is a type of SQL Injection attack that asks the database true or false questions and determines the answer based on the applications response (Content-based, Time-based)

This document is in PDF format. To view it click here.


Breaking out of Prison is easier than you think

Contributed by Allen Kabello

This paper explores three published online sources about vulnerabilities in Access Control Points (ACP) with prisons. While there are many different forms of Access Control Point (ACP), the main security system used in our prisons today is a basic Programmable Logic Controller (PLC). This paper refers to many incidents that have happened in prisons across the United States. Which have been only increasing over the years. It will also cover how an attacker on the outside can gain access to any high risk or high violent inmate that can lead to bodily harm to inmates, guards, and civilians which can lead to death. It will also review some of the preventative measures that can be used to limit or remove these incidents from recurring. This paper examines the use of a honeypot system and how to implement an Intrusion Detection System (IDS). It also covers how the physical security should not be solely replaced by machines.


Social Engineering Threats and Defense

Contributed by

Social Engineering is one of the most effective ways for a company's security to be compromised. Electronic attacks can be prevented by technical means, but social engineering uses the human element of security in order to bypass any electronic safeguards that may be in place. Attackers may use several techniques to manipulate individuals into giving them access to sensitive data. Due to its exploitation of human nature, social engineering is one of the most dangerous threats that companies face in safeguarding information. Social engineering is difficult to prevent due to the unpredictability of humans and their reactions. However, there are ways to mitigate any potential damage by implementing proper information security awareness education and training programs for all employees.

This document is in PDF format. To view it click here.


Discovering passwords in the memory

Contributed by Abhishek Kumar

Escalation of privileges is a common method of attack where a low privileged user exploits a vulnerability to become an administrator or a higher privileged user. Privilege escalation may be achieved through cracking of administrative passwords, local buffer overflows and stealing of passwords. This paper discusses a common vulnerability that could be exploited by low privileged users to steal critical passwords and escalate their privileges. While this vulnerability has been known for several years, our research indicates that a large number of applications are still vulnerable to this flaw. As of this writing, we have informed the software vendors about the vulnerability, and are working with them to fix it.

This document is in PDF format. To view it click here.


Subscribe to RSS - Exploitation