The denial of service (DOS) attack is one of the most powerful attacks used by hackers to harm a company or organization. Don’t confuse a DOS attack with DOS, the disc operating system developed by Microsoft. This attack is one of most dangerous cyber attacks. It causes service outages […]
In the last few years, we have witnessed a wide range of attacks on the SSL/TLS mechanism. In this article, we will try to cover various attacks that were prominent in the field of cryptography. Transport layer security (TLS) ensures integrity of data transmitted between two parties (server and […]
What is Layer 7?
The process of sending and receiving data from one host to another, data encapsulation, is possible due to the existence of a seven layer protocol suite presented as the OSI model (see diagram 1).
Although while examining DoS attacks, we’ll occasionally refer to various layers of this […]
In this article, I am going to tell you everything about SSL: What it is, why we need it, its technical and non-technical aspects, etc. This article covers the introduction, SSL certificate, encryption, the process of encryption, and how your browser interacts with and trusts that certificate provided by […]
In today’s environment of highly interconnected system necessities, bringing down a system may cause a catastrophic damage to an individual in many ways. Hackers are frequent in the market, making exploit kits that can bring down the whole system. Even a novice in hacking technology can use these exploit […]
Brainpan is a vulnerable virtual machine created by superkojiman. It’s a vulnerable virtual machine with vulnerable services and it’s not intended for production use. It’s designed to gain root access on the machine.
The virtual machine can be downloaded from these links:
Direct download: http://download.vulnhub.com/brainpan/Brainpan.zip
Torrent download: http://download.vulnhub.com/brainpan/Brainpan.zip.torrent
The downloaded ZIP file “brainpan.zip” […]
Hey, it’s me again! I’m back for another article about my favorite mini-computer; the Raspberry Pi. This time I’ll be demonstrating some cool DIY projects that I found on the net, which are very easy to setup and apply. Some require a lot of patience and hardware though. The […]
TCP connect scan
TCP connect is a three-way handshake between the client and the server. If the three-way handshake takes place, then communication has been established.
A client trying to connect to a server on port 80 initializes the connection by sending a TCP packet with the SYN flag set and […]
Scapy is a Python interpreter that enables you to create, forge, or decode packets on the network, to capture packets and analyze them, to dissect the packets, etc. It also allows you to inject packets into the network. It supports a wide number of network protocols and it can […]
This article introduces CSRF (cross-site request forgery) vulnerability and demonstrates how to prepare a CSRF proof of concept with OWASP ZAP.
2. Cross-site request forgery
The vulnerability allows an attacker to forge a user request. Consequently, the user does what the attacker wants. Here’s an example:
I. Social engineering is […]
The capillary diffusion of technology in our society has an important consequence. Hardware has to be properly analyzed during acquisition and qualification phases of the supply chain. We’re surrounded by electronic devices and appliances that in many cases perform critical functions in areas such as telecommunications, defense and health. […]
Last month, a newly effective banking trojan has been discovered, targeting online banking users. This malware uses very reliable looking link addresses or domains which are related to trusted organizations to attract victims into running them. Even though this trojan has analogous functionality and goals like that of the […]
Back in 2012, when Juliano Rizzo and Thai Duong announced the CRIME attack, a TLS / SSL Compression attack against HTTPS, the ability to recover selected parts of the traffic through side channel attacks was proven. This attack was mitigated by disabling the TLS / SSL level compression for […]
We’ve been publishing hacking articles and howto’s on the resources site for over a year now. If you’ve liked what you’ve seen, it’s time to check out what we do for our day job!
Our top security courses are listed below. Please do check them out and let us know […]
In this article I am going to discuss social engineering attacks, starting with the questions: “What is social engineering?” and “What are the types of these attacks?” Apart from this, the interesting thing I will describe is the techniques of social engineering attacks used by real-time hackers, a very […]
This article is all about different information-gathering techniques on the network. It is the most essential and important task of attackers. Knowing the opponents and their interests can be valuable. Here I am going to show you which are the different ways and techniques one can do the network […]
This article serves as a clarification about the PCI expansion ROM address mapping, which was not sufficiently covered in my “Malicious PCI Expansion ROM” article published by Infosec Institute last year (http://resources.infosecinstitute.com/pci-expansion-rom/). Low-level programmers are sometimes puzzled about the mapping of device memory, such as PCI device memory, to […]
When an attacker wants to learn credentials for an online system, he can use brute force or a dictionary attack. This article introduces these two types of attack and explains how to launch an online dictionary attack using Hydra.
2. Brute Force vs. Dictionary Attack
An attacker can try […]
This article shows hands-on penetration testing using an Apache server with CGI access; it identifies some vulnerabilities and performs exploits attacking these vulnerabilities, then further patches it to mitigate these known threats.
Apache can also be referred to as the Apache HTTP Server. It is a standard that is […]