CNN recently reveled the methodology of the cyber attack that allowed anonymous cybercriminals Guardians of Peace direct access to their network, or the “keys to the entire building,” as one Sony Pictures Entertainment official stated. According to investigators, the attack was carried out through a set of stolen system administrator credentials; […]
The recent revelations about a Russian website offering links to various live streaming web cameras and baby monitors have made people truly petrified of using such gadgets. However treacherous it might sound, the truth is that the best advice to all users who have suddenly decided to stop benefiting […]
Sony Pictures corporate network hacked
At the end of November, the corporate network of Sony Pictures was breached and taken offline by a malware-based attack. The attack caused the disclosure of sensitive data belonging to the company and its employees and the destruction of internal machines that were infected by […]
In this part of the series, we are going to examine the different ways to escape HTML characters in PHP in order to add security to your web project. We will also give a brief introduction to PHP’s Perl-compatible regular expressions and show how they can be used for […]
In a previous post, I presented the main techniques used to hack Tor networks and de-anonymize Tor users. Law enforcement and intelligence agencies consider “de-anonymization” of Tor users a primary goal.
Authorities can try to implement techniques to break the encryption used to anonymize the traffic or to exploit vulnerabilities […]
In this article, we will see how a developer can perform basic checks to programmatically detect if the app is running on an emulator and stop executing the app if an emulator is detected. We will then see how an attacker can easily bypass these checks by using some […]
In this article, we will discuss broken cryptography in Android applications. Broken cryptography attacks come into the picture when an app developer wants to take advantage of encryption in his application. This article covers the possible ways where vulnerabilities associated with broken cryptography may be introduced in Android apps. […]
In this part of the Website Hacking series we are going to take a look at how to minimize damages from XSS attacks considering our web application can at some point become vulnerable to this type of attacks (HttpOnly cookies are going to be discussed). We are going to […]
Sony Pictures corporate network compromised by a major cyber attack
At the end of November, computer systems at the corporate network of Sony Pictures were breached and taken offline by a malware-based attack. TheNextWeb portal was one of first outlets to publish the news. Sony Pictures Entertainment manages distribution of […]
We have seen various vulnerabilities in Android apps in the previous articles. Before moving ahead with other vulnerabilities in Android applications in this series of articles, I would like to introduce an awesome tool named Drozer.
Drozer is a framework for Android security assessments developed by MWR Labs. It is […]
In Part IV of the Website Hacking series, we are going to look at:
Storing your email address and telephone number in <a href=mailto:*> and <a href=”tel:*> and the inherent drawbacks of these methods
Shortcomings of disguising email in markup to avoid spam and other malicious requests (disguise such as mail […]
To view Part I of the article series, please open: http://resources.infosecinstitute.com/website-hacking-101/
To view Part II of the article series, please open: http://resources.infosecinstitute.com/website-hacking-101-part-ii/
In this part of the Website Hacking 101 series, we are going to discuss controlling access to directories (if access is not controlled by key directories like include/includes, the […]
Traffic light systems security issues
We often see movie scenes in which hackers are able to hack systems for the control of traffic lights, with catastrophic consequences, unfortunately we must be conscious that threat actors are really able these complex infrestructures causing serious problems.
Trafﬁc lights were originally designed as standalone […]
To view Part I of this article, please visit http://resources.infosecinstitute.com/website-hacking-101/.
In this Part, we are going to briefly introduce Path Traversal, usage of Delimiters, and Information Disclosure attack.
We are going to present simple solutions to simplified problems involving the attacks.
Exercise 8: Path Traversal
Figure : A simple webpage in which you […]
Websites are used daily by a large part of the world’s population to carry sensitive data from a person to an entity with online-based presence. In websites containing materials that are shown after authentication only, forms transfer data containing user credentials to server-side scripts. Users store their credit card […]
In one of the previous articles, we have seen how developers implement Shared Preferences in Android applications. We have also seen how one can compromise the sensitive data stored in Shared Preferences if proper security controls are not enforced. In this article, we shall discuss how we can secure […]
This article explains how to start performing black box assessments on Android applications using Introspy. Introspy is one of the important tools in an Android pentester’s arsenal.
As per their official Github page, we can use the “Blackbox tool to help understand what an Android application is doing at runtime […]
In this tutorial, we’ll take a look at how we can hack clients in local network by using WPAD (Web Proxy Auto-Discovery). The WPAD protocol allows automatic discovery of web proxy configuration and is primarily used in networks where clients are only allowed to communicate to the outside world […]
Given the massive spread of the Internet and Internet-related activities in recent times, there is an equal spread in silent activities behind the web too. These silent activities might relate to port scanning, vulnerability scanning, finding publicly available technical and non-technical information about target organizations, and so on. At […]