Beyond Automated Tools and Frameworks: the shellcode injection process
By Craig Wright
Automated frameworks (including Metasploit) have simplified the testing and exploitation process. This of course comes with a price. Many penetration testers have become tool jockeys with little understanding of just how software functions. This script kiddie approach to code testing does have its place. It has allowed us to drastically increase the number of people working on testing systems for vulnerabilities and in assessing the risks these pose. At the same time, if these individuals do not progress further, simply relying on the ability to leverage the efforts of others, we will hit bottlenecks in the creation of new tests and processes. This article is going to follow from previous articles as well as going into some of the fundamentals that you will need in order to understand the shellcode creation process, how to use Python as a launch platform for your shellcode and that the various system components are.
Tabnapping Attack: Hijacking Browser Tabs
By Abdy Martinez
Tabnapping is a sophisticated way to do a phishing attack. Before we analyze what it is, how it works and how to avoid it, let’s review the concept of phishing, because the basic steps of tabnapping are same as traditional phishing attack. Abdy will show how the tabnapping works and how to defend from it.
The Power Of Exploitation Tools
By Wong Chon Kit
Since 2011, we have heard about a lot of incidents around the world regarding confidential information being compromised, government websites being defaced and big corporation networks crippled for some reason.The famous example will be the Anonymous group, but have you ever wondered what the success factor is? Is this the new area of the modern ninja? Until now, we don’t hear much in the news mentioning corporate network attacks by ninjas; rather we hear the term blackhat. Blackhat practitioners have similar practices as the ancient ninja. The tools used by the ninja today will be different than the ancient. The most common technique they use will be scanning and exploitation. The author covers the two important areas and types of attacks using NMAP and metasploit.
Hardening of Java Applications against AOP exploits
By Daniel Drożdżewski
As we already know, AOP allows us to inject our fragments of code in the very well defined places across the target code base. This injecting, called in the world of AOP weaving, can occur at different stages of the target’s codebase life. AOP could weave our code quite literally into the target, when the target source code is available. AOP could also weave our aspects during runtime by creating dynamic proxies with our code, which would then call the target code wherever and whenever appropriate. Another way to achieve runtime weaving is weaving our code during target code loading time. This so-called Load Time Weaving (LTW) happens by collaborating loader. In this case compiled code, before being loaded into the memory, is being enriched by the content of our aspects. Finally, AOP can weave the aspects into the compiled code using its own compiler (without access to target’s source code). In other words code of aspects is woven into the target’s compiled code, and from there on, no further involvement of any AOP tools is needed in order to execute enriched target. Only this post-Compile Time Weaving has no further dependency on AOP tooling when the target is being executed. There are good and bad sides to each of the types of weaving and the choice will depend on many factors. All of those, however, depend on AOP tools’ ability to find the right pointcuts in which to weave the extra functionality. Daniel will show how to hide crucial pointcuts from the AOP’s radar. In the previous two parts of this series Daniel introduced AOP as a tool that could assist in reverse engineering or even possibly in cracking of Java desktop applications (Java SE). This time he will show a simple trick that could prevent reverse engineering of our Java applications. He will also discuss the exploitability of Java applications running in managed environments (Java EE).
Enterprise Vulnerability Management
By Dennis Distler
In todays world vulnerabilities are disclosed on a daily basis. Enterprises must have a program in place to manage newly identified vulnerabilities. With a vulnerability management program, identifying the vulnerabilities is only part of the battle. A lot of organizations set up a vulnerability scanner, run a few scans, and perhaps tell overworked and under appreciated systems administrators to fix the identified vulnerabilities. Typically the administrator is dealing with other issues, such as system outages, new requirements, etc., and vulnerability keeps falling to the bottom of the list. This article will show ways to set up a vulnerability management program to be successful.
Using the Social Engineering Toolkit to Test Network Security
By Daniel Dieterle
Hackers using Social Engineering attacks are getting much better at their craft, and people are making it very easy for them. A Social Engineer will use information gathered about a person, place or business in specially crafted attacks that play on people’s thoughts, beliefs or emotions. Social engineers are Hackers that focus in on using personal information mixed with human reactions, emotions or fear to trick you into opening an infected file or visiting a malicious website. Social engineering attacks are one of the top techniques used against networks today. Why spend days, weeks or even months trying to penetrate layers of network security when you can just trick a user into running a file that allows you full access to their machine and bypasses most anti-viruses, firewalls and many intrusion detection systems? Daniel will explain some of the techniques used by attackers and he will show you how they could get full control of your computer and most importantly, how to stop them.