Security_Study 썸네일형 리스트형 SSL MiTM attack in AFNetworking 2.5.1 - Do NOT use it in production! SSL MiTM attack in AFNetworking 2.5.1 - Do NOT use it in production!During a recent mobile application security analysis for one of our clients, we identified a quite unobvious behaviour in apps that use the AFNetworkinglibrary. It turned out that because of a logic flaw in the latest version of the library, SSL MiTM attacks are feasible in apps using AFNetworking 2.5.1.The issue occurs even whe.. 더보기 DDoS on UPNP Devices Denial of service (DOS) attack is an attempt to make a machine or a network resource unavailable to its users. It basically consists of methods to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet, and these attacks are sent by one person or a system.One common method of attack involves saturating the target machine with external requests in a massive .. 더보기 No Wireshark? No TCPDump? No Problem! Have you ever been on a pentest, or troubleshooting a customer issue, and the "next step" was to capture packets on a Windows host? Then you find that installing winpcap or wireshark was simply out of scope or otherwise not allowed on that SQL, Exchange, Oracle or other host? It used to be that this is when we'd recommend installing Microsoft's Netmon packet capture utility, but even then lots o.. 더보기 Experimenting with Honeypots Using The Modern Honey Network Honeypots offer a powerful and exciting way of learning about attackers’ presence and methods. They contribute towards a security program that incorporates deception. However, honeypots can be tricky to set up and oversee. The open-source tool Modern Honey Network (MHN) by ThreatStream drastically simplifies the tasks of installing and managing low-interaction honeypots. Armed with MHN and acces.. 더보기 Exploiting UEFI boot script table vulnerability Around one month ago, at 31-st Chaos Communication Congress, Rafal Wojtczuk and Corey Kallenberg presented an excellent research: "Attacks on UEFI security, inspired by Darth Venamis's misery and Speed Racer" (video, white paper 1, white paper 2). The main goal of UEFI vulnerabilities discovered by researchers — it's relatively easy way to bypass different platform security measures (BIOS write .. 더보기 SQL Injection Cheat Sheet Here’s our large collection of SQL Injection related resources. This list has something for everyone, from those just starting out to the most senior ethical hackers.What is an SQL Injection? An IntroductionSQL Injection DemoCookie Based SQL InjectionSQL Injection through HTTP HeadersSQL Injection with SQLmapBlind SQL Injection: Attack AnatomyDumping a Database using SQL InjectionTesting for SQL.. 더보기 Session Hijacking Cheat Sheet ‘Session Hijacking’ is an old and routine topic in the field of application security. To make it more interesting, in this article, we are going to focus on different ways it can be performed.Introduction for beginnersWeb applications communicate using HTTP protocol. HTTP is stateless, which means there is no support at the protocol level to identify the state of a particular request. In other w.. 더보기 linux symbolic link attack tutorial 0×00 前言Linux作为应用最广泛的开源系统,其中独特的文件系统可以算是支撑Linux强大功能 的核心组件之一,而在文件系统中,符号链接(symbolic link )形如"月光宝盒"般可以穿 梭时空,自由穿越森严的路径限制,此一特性,使其地位在整个Linux系统中占有重要 一席,本文将通过实际分析与研究,深入探讨因对符号链接处理不当,可能造成的各类 安全问题,以引发对此类问题的重视。0×01 客户端客户端递归处理文件时,通过符号链接穿越可造成任意文件写入,代码执行。案例:1. Wget ftp symbolic link attack (CVE-2014-4877)wget 递归下载ftp站点时,如 wget -m ftp://127.0.0.1,在服务端伪造如下数据lrwxrwxrwx 1 root root 33 Oct 11 2013 fakedir -> /tmp drw.. 더보기 Hacking SQL Server Stored Procedures – Part 3: SQL Injection If you read the first two blogs in this series then you already know that SQL Server roles and privileges can be misconfigured in ways that allow users to escalate their privileges to a sysadmin (database administrator). Even when those roles and privileges are configured correctly, sometimes stored procedures can still be a threat. In this blog I’ve covered how SQL injection can be identified a.. 더보기 Hacking SQL Server Stored Procedures – Part 3: SQL Injection If you read the first two blogs in this series then you already know that SQL Server roles and privileges can be misconfigured in ways that allow users to escalate their privileges to a sysadmin (database administrator). Even when those roles and privileges are configured correctly, sometimes stored procedures can still be a threat. In this blog I’ve covered how SQL injection can be identified a.. 더보기 이전 1 2 3 4 5 다음