Articles inside the category: Articles
on :
Tuesday, 1 Dec, 2009
In the first part, we saw how to decode some basic malicious Javascript code, in this part we will introduce some techniques to quickly identify what a shellcode embedded in the Javascript code do and present you some advanced Javascript obfuscation tips used by attacker.
Author: DAVID MACIEJAK
Source: Hakin9
http://hakin9.org
WHAT YOU WILL LEARN...
- How ActiveX instantiation could be hidden by malicious guys using some Javascript tricks
- How to use opensource tools to automate the de-obfuscation of malicious javascript code
WHAT YOU SHOULD KNOW...
- Basic knowledge of Javascript language
- Basic heard of ActiveX components
Unobfuscated script delivers a malicious script that uses some vulnerable methods like arbitrary file download
on :
Tuesday, 1 Dec, 2009
It is common that attackers target victims web client or third party tools like Adobe Flash or Acrobat Reader. Web clients are targeted to exploit either a vulnerability in their code or exploit flaws in third party software that can be loaded through them like ActiveX technologies, script engine in Flash or PDF.
Author: DAVID MACIEJAK
Source: Hakin9
http://hakin9.org
WHAT YOU WILL LEARN...
- How activex instantiation could be hidden by malicious guys using some javascript tricks
- How to use opensource tools to automate the unobfuscation of malicious javascript code
WHAT YOU SHOULD KNOW...
- Basic knowledge of javascript language
- Basic heard of ActiveX components
To evade IDS/IPS and AV their intentions,
on :
Tuesday, 1 Dec, 2009
This article is focused on Oracle Database Server Security. It is divided in three main parts. The First is about Oracle history, database products and architecture. The Second part is about basic methods of Oracle Hacking. The last part is
A Brief History of Mobile Time The very first public commercial mobile phone network was ARP network in Finland which was launched as far back as 1971. Then a few years later the first generation mobile cellular network was launched
Today, companies have to worry about espionage and battling internal threat of confidential information being stolen or leaked.
Author: JOSHUA MORIN
Source: Hakin9 6/2009
http://hakin9.org
WHAT YOU WILL LEARN...
- An accessible method of checking any possibility of data loss using a ordinary tool for risk minimization.
WHAT
I first started to look into symbol recovery to better solve various war-games with stripped binaries. However, this can be applied to various areas.
Author: JUSTIN SUNWOO KIM
Source: Hakin9 6/2009
http://hakin9.org
Many malware have been stripped to prevent from analyzing them and the method
What tools do you need to analyze a malicious PDF document? You could use Acrobat, but then you run the risk of infecting your machine when opening the PDF document with Acrobat.
Author: DIDIER STEVENS
Source: Hakin9 6/2009
http://hakin9.org
WHAT YOU WILL LEARN...
The increase in sophistication of the Microsoft (MS) Windows family of operating systems (Windows 2000, XP, 2003, Vista, 2008, and Windows 7) as well as that of cybercrime has long required a corresponding increase or upgrade in response and analysis
Traditionally, the search for security-related flaws in code took place as follows: relevant sections of code were printed out, and developers went over them trying to find as many potential issues as possible. So-called code reviews tend to work quite
Covert channel techniques are used by attackers to transfer hidden data. There are two main categories of covert channels: timing channels and storage channels. This text introduces a new storage channel technique called protocol channels.
Author: STEFFEN WENDZEL
Source: Hakin9 6/2009
http://hakin9.org
A protocol channel
Network Intrusion Detection is an important part of any security toolset. Unfortunately for the uninitiated it could be quite a challenge to get started – how to install, what to monitor and how to read alerts. This article is designed
Cybercriminal activities are becoming stealthier and more creative. Insider threats are increasingly more pervasive with the wealth of knowledge and resources available on the Internet. Corporate defenders are more than ever faced with the grave mission of discovering and mitigating
