With modern script libraries, which were written by the author, the Nmap Scripting Engine (NSE) has the ability to establish a null or authenticated session with all modern versions of Windows. By leveraging these sessions, scripts have the ability to probe and explore Windows systems in great depth, providing an attacker with invaluable information about the server. This paper will look at how SMB and Microsoft RPC services work, how the Nmap scripts take advantage of the services, what chec...
There are many ways to attack DNS. Attacks range from denials of service (DOS) to man in the middle (MiTM) to spoofing. The recent inclusion of Unicode entries into DNS may mean a site that looks like “microsoft.com” could exist but actually point to something else. Perhaps the o's in Microsoft would be Cyrillic instead of Latin. This paper will look at the issues facing DNS as well as conduct an analysis of the existing DNS infrastructure to assess its state and weaknesses. This process will...
Gaining administrative privilege is when the attacker bypasses the normal levels of security and goes on to gain administrative access to the system. The attacker takes advantage of the security flaws or programming problems in the system. The administrative privileges consist of sensitive information and a privileged attack could devise a number of means such as deleting and installing malicious files. There are two types of privilege escalation, such as vertical and horizontal privilege....
SQL injections are carried out by attackers to gather valuable information directly from the database by infiltration or to gain unauthorised access to the system. Attackers are able to manipulate the flaws in the web application to pass SQL commands through the web applications through a backend database.
Web 2.0 technologies are more susceptible to attacks than their web application counterparts, but this does not mean web applications are in the clear, as they also vulnerable to attacks like cross site scripting, SQL injection etc.
Hacking is an intricate process, and as such it encompasses a whole range of methods, ranging from determining the victim, discovering system vulnerabilities for exploitation and finally the hacking process methodology. This article focuses on the pre-process as well as the major process.
Attackers use tools such as Netcraft, httprecon, and ID serve to carry out footprinting exercises. The question then is what is footprinting? Footprinting is a method used by attackers to retrieve valuable information from their target systems. Information ranging from account details, operating systems, server names, database schema details and software versions can be gleaned from this process.
hen attackers take advantage of these systems, a good number of negative influences could occur. From website defacement to data theft, modification, and compromise of user accounts. Attackers could also gain root access to other servers or applications.
Apart from the active and passive hijacking classifications, which true to their name depict the level of involvement of an attacker to the system, there are level based hijackings that are peculiar to the network and applications of the target system.
A session Hijacking occurs when the attacker takes over the TCP communication. This process is made feasible, as a result of the authentication process which happens only at the beginning of the session. Attackers are able to gather personal information which in turn could pose a serious problem to the victim, by stealing a legitimate session ID and validating themselves with the server.
When an attacker attempts to overload a target system with fake service requests or traffic, the outcome of a successful attack is called a Denial of Service Attack.
Social engineering is a method used by attackers to gather valuable information form susceptible individuals. Personnel such as system administrators and desk officers are usually targeted.
Sniffing is usually done in the data link layer in the OSI. This is somewhat beneficial because the upper layers are unable to detect sniffing on the lower layer. Sniffing can be carried out using a hardware protocol analyser. This monitors and discovers signals, without changing information in the transmitted traffic.
Viruses are only inactive, as long as the target host has not performed any action with regards the infected file. When the virus is written and sent to the target system, it regenerates itself and attaches itself to other files.
Malwares are programs written for the intention of being malicious. They cause damage to the systems, by giving the programmer limited or full access to the target system. These malware can be introduced into the system through various means; removable devices, fake programs, downloading or opening unsecured sites, instant messenger etc.
As a penetration tester or a bug bounty hunter, most of the times you are given a single domain or a set of domains when you start a security assessment. You’ll have to perform extensive reconnaissance to find interesting assets like servers, web applications, domains that belong to the target organisation so that you can increase your chances of finding vulnerabilities.
This article provides a simple positive model for preventing XSS using output escaping/encoding properly. While there are a huge number of XSS attack vectors, following a few simple rules can completely defend against this serious attack. This article does not explore the technical or business impact of XSS. Suffice it to say that it can lead to an attacker gaining the ability to do anything a victim can do through their browser. Both reflected and stored XSS can be addressed by performing...
We'll send you a carefully curated list of the best IT security white papers to your mailbox every Friday.