|Exploitation Techniques and Tools Preview.pdf|
We would like to present you our newest issue, Exploitation Techniques and Tools. We hope that you will find many interesting articles inside the magazine and that you will have time to read them all.
First, we will start with the main article about Exploitation Techniques and tools. Later you will read about malware injection techniques in user mode only. Sumanta Kumar Deb and Rohan Dutta have also prepared an article about data mining with Python. If you want to learn about shadow-IT you can’t skip How to deal with Shadow-IT Applications by Klaus Haller. Moreover you will be shown how to how to take full control of a server by exploiting vulnerabilities inside it with Brahimi Zakaria. Rodolpho Concurde will present you a way to write your own exploits. Luis Borralho create a tutorial about FiercPhish, it’s a first part! So make sure to check next issue for more hands-on experience with this tool! This and more you will find in our newest issue.
Again special thanks to the Beta testers and Proofreaders who helped with this issue. Without your assistance there would not be a Hakin9 Magazine!
Enjoy your reading,
>>Download Free Preview<< >>If you are a subscriber, download your magazine here!<<
5 Things IT Professionals Should Take Away from the Equifax Hack
by Kayla Matthews
It's time we stop believing we're all safe from cybercrime, breaches, and attacks; it's become clear no one is. Businesses big and small should look at this and immediately realize the urgency of putting cybersecurity measures in place. Not just to prevent a breach, either, but also deal with them after they occur by locking up compromised systems and protecting affected data as quickly as possible.
As IT professionals, however, we know most of this. We understand the importance of cybersecurity and having a plan of attack - pun intended - in place. So, what can we learn from the high-profile and damaging attack that Equifax just experienced?
FiercePhish - Email SCAM Awareness part 1
by Luis Borralho
Fierce phish is an open source user phishing platform/framework created by @RaiKia, this open source framework gives us the possibility of creating controlled and manage all phishing engagement , so you can get information on how your users behavior on this type of attacks, and at the end be able to create awareness programs. Note that this framework can be used on a malicious way or just for the user awareness purposes. As far as I know @RaiKia will continue to expand and evolve this framework.
Deadly Malware Injection Techniques
by Prasenjit Kanti Paul
Malware use different types of covert techniques that are complex and sophisticated. In this article, I am trying to summarize those techniques. It is essential to know about malware injection techniques if you are curious about them and trying to fight against them. Malware can inject itself in both user mode and kernel mode. This article will help you understand malware injection techniques in user mode only.
Hacking using Data Mining with SQL Injection in Virtual Trading Environment
by Sumanta Kumar Deb and Rohan Dutta
Data mining, the extraction of hidden predictive information from large databases, is a powerful new technology with great potential to help companies focus on the most important information in their data warehouses. Data mining tools predict future trends and behaviors, allowing businesses to make proactive, knowledge-driven decisions. The automated, prospective analyses offered by data mining move beyond the analyses of past events provided by retrospective tools typical of decision support systems. Data mining tools can answer business questions that traditionally were too time consuming to resolve. They scour databases for hidden patterns, finding predictive information that experts may miss because it lies outside their expectations.
How To Deal With Shadow-IT Applications
by Klaus Haller
CIOs believe they control 80% of the IT expenses. In reality, they control 60%. This is the result of a 2013 study of CEB. The remaining 40% represents the Shadow IT. This can be employees buying hardware such as mobile devices. It covers software developed or bought by the business. Finally, it covers software as a service, i.e. software used via the internet. In short, all IT activities outside the IT department. However, the focus of this article is only the business application used to run the daily processes of the business and not provided by the IT department.
Web Applications and Server: Exploitation & Rooting
by Brahimi Zakaria
This document illustrates how, from a starting point with zero knowledge, it is possible to take full control of a server by exploiting vulnerabilities inside it. This work is an educational experience. In particular, it is designed to demonstrate how vulnerabilities can be chained in order to achieve a complete compromise of the target web server.
Exploitation Techniques and Tools
by Washington Almeida
Let us be straightforward: The process by which a person searches for an exploit is called Hacking. Obviously, due to the intense mass of documented exploits, where vulnerabilities can be exploited in a variety of systems, has brought the need for information security analysts to deal with the issue. So, quite simply, today we have two vectors of action involving the exploits. On the one hand, hackers who search intensively for failures in the most varied systems, and on the other, digital security experts who deal with the challenge of anticipating the actions of hackers. In this article, we will present some exploitation techniques and tools that must be at the top of the list of cyber security analysts' concerns, as well as some features that can provide a more secure environment within corporations.
There is a shell in your lunch-box
by Rotimi Akinyele
My team was recently engaged by a client (Hackme) to perform a black-box external penetration test. The objective was simple – see how susceptible the organization is from an external point of view and test the effectiveness of the security controls that are managed enterprise-wide. As such, asides, the company name, we were given “ZERO” information.
Local Stack Overflow
by Rodolpho Concurde
This article is about how to discover new vulnerabilities and how you can write the exploit for the vulnerability discovered. This article won’t cover advanced techniques of vulnerability discovery and exploit development, the focus will be to give people the way to discover their first vulnerabilities and develop their first exploits.