Social Engineer: Exploitation of the Human OS – The Human Buffer Overflow by Chris Hadnagy
Total domination is the goal for a penetration tester in every pentest – To utterly hack the company and demonstrate their true exposure to malicious attacks. Obtaining code execution is the easiest and most direct way to reach this goal. Social Engineering professionals are no different.
From Fuzz To Sploit by Israel Torres
By now everyone has heard of buffer overflows and a lot have been hearing about it for the last 15+ years. Through this time period there have been many techniques evolved both to combat vulnerabilities as well as persist attack and exploitation. As security is most often most thought of as an afterthought it is of no surprise that systems of all flavors (and their users of all sizes) can still be dropped to its knees by such a fundamental attack.
Exploit Kits – Cybercrime Made Easy by Rebecca Wynn
The playing field for cybercrime has changed. It has become wide open. Many of the top attack exploit toolkits are now free! Symantec released its 2010 Symantec Internet Security Threat Report the first week in April 2011. Their executive summary states that Symantec recorded over 3 billion malware attacks in 2010 and yet one stands out more than the rest – Stuxnet.
Software Exploitation: Development Flaw or Malicious Intent by Rich Hoggan
It’s been said that lazy programmers make good programmers. Yet, it’s hard to understand why laziness would be considered one of the virtues of a good programmer let alone a virtue at all. By this point – however – I’m sure you’re probably already asking why I’m bringing up laziness in relation to programming.
Exploiting Software: The Top 25 Software Vulnerabilities and How to Avoid Them by Gary Miliefsky
Top 25 Most Dangerous Software Errors is a list of the most widespread and critical programming errors that can lead to serious software vulnerabilities. They are often easy to find, and easy to exploit. They are dangerous because they will frequently allow attackers to completely take over the software, steal data, or prevent the software from working at all.
Why Is Password Protection a Fallacy – a Point of View? by Yury Chemerkin
Make your password strong, with a unique jumble of letters, numbers and punctuation marks. But memorize it – never write it down. And, oh yes, change it every few months. These instructions are supposed to protect us. But they don’t. A password is a secret word or string of characters that is used for authentication, to prove identity or gain access to a resource (example: an access code is a type of password). The use of passwords is known to be ancient…