During vulnerability assessment or penetration testing, identifying the input vectors of the target application is a primordial step. Sometimes, when dealing with Web application testing, verification routines related to SQL injection flaws discovery are restricted to the GET and POST variables as the unique inputs vectors ever. What about […]
1) Mexican Drug Gangs Kidnap Computer Hackers and Programmers
Mexican drug trafficking organizations are increasingly demonstrating a desire to make money from cyber-crime, attracted by the high profits and minimal risks, offered by such activities as fraud, theft, and piracy.
These gangs lack the needed technical know-how within their ranks, which […]
Profile Subject: Michael Peters
Michael Peters has been an independent information security consultant, executive, researcher and author, with more than 25 years of information technology and business leadership experience. His executive positions include Chief Information Security Officer CISO at CrossView Inc. (current), as well as previous positions of CSO at […]
DarkComet used in Syrian Conflict?
On February 17th the CNN published an interesting article, where some Syrian’s regime opponents claimed that the government was using a Trojan to monitor and disrupt the protestor’s network. Apparently the regime has been using a well-known social engineering technique: impersonate a trusted person then […]
Jynx2 is the second installment in the LD_Preload Jynx Rootkit series first released October 19, 2011 at blackhatacademy.org. See references for earlier versions and additional information.
Hooks accept() for socket connections
Suid Privesc Drop
Strace log | Pcap log
C’s accept() function is the function used when a socket connection is received and […]
Web based interfaces are convenient for managing networking equipment, but under no circumstances should these be open to the world and the internet. Many networks alarmingly have their firewall, gateway, and other device management pages open to the world. This is a huge security concern as the web management […]
In the previous article w3af walkthrough and tutorial Part 1 we looked at how to use the w3af console. We also learnt about the different plugins in w3af and how they interact with each other to perform various tasks. In this article we will look at how to use […]
Another excellent publisher has offered up a generous sample of a book we’ve been talking about. This is Chapter 12 from Practical Malware Analysis – The Hands-on Guide to Dissecting Malicious Software. As usual, if you like this, go buy the full book and tell them how much you enjoyed […]
Translating layer 2 local addresses to layer 3 globally routable addresses is the sole responsibility of the Address Resolution Protocol. ARP spoofing is a fun way to mess with your room mates, get an A in a security class at your local college, impress your tech savvy boss, take […]
Web Application vulnerabilities in social networking sites are very common these days. In this article, we will discuss a vulnerability found in social networking sites which make it possible to spoof the content shown to the user.
Basically, whenever someone wants to share, post or send a link on Facebook […]
w3af (Web Application audit and attack framework) is a framework for auditing and exploitation of web applications. In this series of articles we will be looking at almost all the features that w3af has to offer and discuss how to use them for Web application Penetration testing. In the […]