Articles tagged with: sql
on :
Thursday, 16 Jun, 2011
The research team at Armorize have discovered a mass SQL injection coupled with a drive-by download, which they describe as a "mass meshing injection" attack. --Mass Meshing Injections are unlike Mass SQL injection attacks such as Lizamoon, which are easily detected due to a low number of malicious redirector domains that can be easily detected and then have signatures assigned to them. --Mass Meshing Injection avoids detection because there are no malicious redirectors in use and every redirector itself is an infected domain, making blacklisting difficult and prone to false alarms.
http://blogs.csoonline.com/1555/researchers_warn_of_mass_meshing_injection_attack
Source:
After breaking into the world’s biggest botnet, which was covered in the previous issue of Hakin9, we performed thorough analysis of the botnet’s undercover logic.
Authors: ANDREY RASSOKHIN, DMITRY OLEKSYUK
Source: Hakin9 11/2010
http://hakin9.org
What you will learn…
- How to pwn a botnet, starting from the malware binary.
What you should know…
- General understanding of centralized botnets
- PHP
- Basics of web exploitation.
In this final article of the series the following details are revealed:
- The C&C server general configuration
- Bots accounting system
- Distribution partners accounting system
- The C&C protocol layout: bot requests and commands
- Available control commands and payload modules
- Detailed botnet statistics by countries, distribution partners, operating systems and bot versions.
TDSS malware is also known as TDL,
What is a botnet? A botnet is not merely an army of infected computers. First of all, a botnet is an externally managed complex structure. While the malware side is studied pretty well in most known botnets, the management side
on :
Thursday, 1 Apr, 2010
An exercise in building secure software.
Author: TIMOTHY KULP
Source: Hakin9 4/2010
http://hakin9.org
Why software is not secure In the world of software, security is thrown into a system somewhere at the end of the project. For many developers adding security to a
Codescan is a source code analysis tool, that will allow you to scan your code and then produce detailed reporting on all the vulnerabilities that are found in your code. By scanning and repairing your code throughout your project, so
on :
Tuesday, 1 Dec, 2009
Quick Start. Installation is quick and straightforward with a webbased wizard checking to ensure the required dependencies (PHP, Perl and MySQL) are installed and then prompting for the MySQL server to use. A few short steps later and you’re greeted
on :
Tuesday, 1 Dec, 2009
Applicure’s freeware tool dotDefender Monitor was highlighted in the latest SANS Top 20 Internet Security Risks as a tool to detect the latest emerging threat of vulnerabilities in web applications. Together with Applicure dotDefender it monitors and protects against internal
on :
Tuesday, 1 Dec, 2009
This paper is based on real penetration testing of Oracle servers on HP-UX systems and the methodology the auditor must follow in order to combat the stringent situations which present themselves. We will dissect the errors and explore the ways
on :
Tuesday, 1 Dec, 2009
You will need to understand how to configure and compile Postgres from source code as many of the solutions require that your Postgres server has the necessary libraries and capabilities installed that the typical Linux Distro may be lacking.
Author: ROBERT BERNIER
Source: Hakin9
on :
Tuesday, 1 Dec, 2009
This article is focused on Oracle Database Server Security. It is divided in three main parts. The First is about Oracle history, database products and architecture. The Second part is about basic methods of Oracle Hacking. The last part is
In Part I of this article we introduced the scenario described in the Third Forensic Challenge organised by the UNAM-CERT (Mexico) back in 2006.
Author: ISMAEL VALENZUELA
Source: Hakin9 5/2009
http://hakin9.org
WHAT YOU SHOULD KNOW...
- Windows and Linux System Administration
- Intrusion and hacker techniques
- NTFS file system essentials
WHAT
on :
Wednesday, 1 Apr, 2009
It doesn’t take much investigation to conclude that Web Applications are one of the fastest growing aspects of the new Web 2.0 internet. As a result most organizations have at least one Web Application running which presents a very convenient
