Articles

Exploiting Redirect Page Vulnerability
"If it ain't broke, don't fix it" is a wide spread phrase. Web developers usually develop applications based on this criteria and often forgets about security. This article discusses about such a security issue often neglected by developers. When creating protected parts of a web application, developers checks whether the user is actually authorized to access the same or not. If the user is authorized, all are fine and the access permission is granted. If in case the user is not authorized a simple redirect is used to redirect user to a different section or page, like a log in page.


"If it ain't broke, don't fix it" is a wide spread phrase. Web developers usually develop applications based on this criteria and often forgets about security. This article discusses about such a security issue often neglected by developers.

Abusing, Exploiting and Pwning with Firefox Add-ons
This paper discuss about a number of ways through which hackers can use Mozilla Firefox as a platform to run there malicious piece of code with all the privileges and features as that supported by any native programming languages. Also there is an advantage that these malicious codes remain stealthy and undetected against anti-virus solutions. Malicious Firefox add-ons can be coded to serve this purpose. Mozilla Firefox Browser Engine acts just like a compiler or interpreter to execute your codes without much security concerns. The coding technologies for add-on development can be abused and exploited to create malicious add-ons. This paper explains how Firefox’s insecure policies and add-on development technologies like JavaScript, CORS, Web Socket, XPCOM and XPConnect can be abused by a hacker for malicious purposes.


Abstract

Content-Type Attack: Dark Hole in a Secure Environment
Content-Type attacksare related to the vulnerabilities in client side software that are used to read the content like adobe reader, Microsoft office, Image viewer. Attackers attempt to exploit programming flaws in that code to induce memory corruption issues, resulting in their own attack code being run on the victim computer that opened the PDF or DOC file. Content-Type attack is Dark Hole in a secure environment due to following reasons


Introduction

Content-Type attacks are related to the vulnerabilities in client side software that are used to read the content like adobe reader, Microsoft office, Image viewer. Attackers attempt to exploit programming flaws in that code to induce memory corruption issues, resulting in their own attack code being run on the victim computer that opened the PDF or DOC file.

Content-Type attack is Dark Hole in a secure environment due to following reasons

Stand Close to Me & You're pwned! Owning Smart Phones using NFC
NFC or Near Field Communication is a set of standards or protocols to communicate between two devices by either touching or bringing into close proximity (less than 4 cm). The communicating protocols of such devices are based on RFID Standards, including ISO 14443. These standards are defined and extended by the NFC Forum, which was founded on 2004 by some major companies such as Sony, Nokia, Philips, Samsung, etc.


INTRODUCTION

Near Field Communication at glance

What is NFC?

NFC or Near Field Communication is a set of standards or protocols to communicate between two devices by either touching or bringing into close proximity (less than 4 cm).

The communicating protocols of such devices are based on RFID Standards, including ISO 14443. These standards are defined and extended by the NFC Forum, which was founded on 2004 by some major companies such as Sony, Nokia, Philips, Samsung, etc.

Rotten to the core…A Roundup on Rootkits
Rootkit is a common word in Computer Security. A word often spoken to describe a bad, vary bad type of malware. A rootkit is a program that can be installed and hidden on a computer without the knowledge of its user. It can be included in a larger software package, or installed by successfully exploit vulnerabilities or by convincing the victim to execute it by a phishing email. Generally, books and magazines talk about rootkits, but do not go deep in the description them. The argument is quite complex and requires a dose of programming skills to be completely understood.


Rootkit is a common word in Computer Security. A word often spoken to describe a bad, vary bad type of malware.

A rootkit is a program that can be installed and hidden on a computer without the knowledge of its user. It can be included in a larger software package, or installed by successfully exploit vulnerabilities or by convincing the victim to execute it by a phishing email.

Generally, books and magazines talk about rootkits, but do not go deep in the description them. The argument is quite complex and requires a dose of programming skills to be completely understood.

Loggingin MySQL
Scope: This article demonstrates logging techniques in MySQL to uncover and analyze any mischief attempts done by (outside or inside) user focusing on specific areas in database. What you will learn: In this article I am going to talk about how logging is done in MySQL, and what all places to look for information regarding queries executed by all clients using MySQL database. Pre-requisites: The reader must have basic working knowledge of MySQL and Operating System to understand technical details in this article.


Scope:
This article demonstrates logging techniques in MySQL to uncover and analyze any mischief attempts done by (outside or inside) user focusing on specific areas in database.

What you will learn:
In this article I am going to talk about how logging is done in MySQL, and what all places to look for information regarding queries executed by all clients using MySQL database.

Pre-requisites:

FUD through Hex Editor Heading
Mostly all Trojans/key loggers are detectable by the antivirus. One of the most common problems being faced is making Trojan/key loggers undetectable from the antivirus. So in this tutorial I am going to tell you how to make your Trojan undetectable from the antivirus. But first you need to understand how antivirus software works.


Introduction

Mostly all Trojans/key loggers are detectable by the antivirus. One of the most common problems being faced is making Trojan/key loggers undetectable from the antivirus. So in this tutorial I am going to tell you how to make your Trojan undetectable from the antivirus. But first you need to understand how antivirus software works.

DETECTION TECHNIQUE

The Compliance Storm on the Horizon: Seeing through the Cloud of GRC
Industry analysts and vendors throughout Asia and the Pacific Rim anticipate an extension of the compliance movement, further confounding the ambivalence and inconsistencies relating to matters of Governance, Risk and Compliance. As anxiety heightens over when the next "Big Problem" will hit the Internet (and most are betting it will occur via the cloud), there are some things that systems administrator and C-level executives can do to fortify their IT business processes against that anticipated storm that's looming just over the horizon, to reduce risk and potentially stay dry and safe when the weather changes.


Industry analysts and vendors throughout Asia and the Pacific Rim anticipate an extension of the compliance movement, further confounding the ambivalence and inconsistencies relating to matters of Governance, Risk and Compliance.

Malware Memory Forensics
Memory Forensics is the analysis of the memory image taken from the running computer. In this article, we will learn how to use Memory Forensic Toolkits such as Volatility to analyze the memory artifacts with practical real life forensics scenario. Why Memory Forensics? Memory forensics can help in extracting forensics artifacts from a computer's memory like running process, network connections, loaded modules etc etc. It can also help in unpacking, rootkit detection and reverse engineering.


Introduction

Memory Forensics is the analysis of the memory image taken from the running computer.
In this article, we will learn how to use Memory Forensic Toolkits such as Volatility to analyze the memory artifacts with practical real life forensics scenario.

Why Memory Forensics?

PHP Shells
PHP shells are used by Blackhats to maintain persistence into a compromised machine, typically a webserver. A “shell” is the common name given to a Command Line Interface (CLI) used to interact with the Operating System, even at low level. The usage requires the knowledge of a discrete set of commands that are often different among different Operating Systems (e.g. Unix/DOS). After a successful breach into a vulnerable system, the attacker could adopt a “Shell” as a payload in order to taking control of the victim system.


Hi boyz’n’girls.

This is my first appearance on ClubHack, hope not the last. :D

Anyway straight to the point.

I will talk about “PHP shells”.

PHP shells are used by Blackhats to maintain persistence into a compromised machine, typically a webserver.

Playing Bad Games: Anatomy of a Game-Server DDoS Attack
The Distributed Denial of Service attacks are now the most common and easy weapon to create trouble and to do a very visible damage to a target, with an after all very little effort. For example is the most common weapon used by hacktivists, since it requires only a very common tool (like LOIC), and relies on the rage of hundreds, if not thousands, of people. They are also very hard to be eluded, since if the attacker has behind him a huge bandwidth, there’s little to do if not close your firewalls to avoid more damage on the internal server. In both cases, the attacker wins, and the site is off for some time.


The Distributed Denial of Service attacks are now the most common and easy weapon to create trouble and to do a very visible damage to a target, with an after all very little effort.

Steganography over converted channels
Security and privacy have been a concern for people for centuries. Whether it is private citizens, governments, military, or business, it seems everyone has information that needs to be kept private and out of the hands of unintended third parties. Information wants to be free but it is necessary to keep information private. That need has come about because governments have sensitive information, corporations send confidential financial records, and individuals send personal information to others and conduct financial transactions online. Information can be hidden so it cannot be seen. The information can also be made undecipherable. This is accomplished using steganography and cryptography.


Steganography and Cryptography

XSS – The Burning issue in Web Application
One of the largest portals was in news recently when their website was exploited by targeting XSS vulnerability. The person who compromised the website has also notified the portal with screenshots proving successful attack. Information Security chief called an urgent meeting to discuss the issue with his entire team. He asked that we have got application security audit done form third party before going live, we have also trained our developers with secure coding practices, then why this incident happened!! They went to other third party vendor and appointed them to audit the application.


Network Security
Computer Networks are the back bone of all organizations which rely on Information Technology (IT) and are the primary entry point for users to access the Information resources of an organization. Networks today are no longer limited within the physical location of an organization, but are required to be accessible from anywhere in the world which makes it vulnerable to several threats.


Exploiting Remote System without Being Online
This paper demonstrates unique kind of communication technique between attacker machine and victim machine during the exploitation of any victim system. Usually, while an attacker exploits the remote system and gets the remote command prompt (remote shell), attacker is only able to execute commands till the session from the remote machine is opened (established). While exploiting the system in a normal way, attacker and the victim system both should be online, if attacker wants to execute some commands in remote machine (Victim Machine).


One Link Facebook
Can Facebook accounts be hacked? Is it be possible to access your account without your permission and without knowing your username and password? Unfortunately “YES” is the answer.


GSM
In this article we will describe the various tools, software, hardware and techniques, that can be employed to attack the GSM. All these are described in brief and corresponding references are given so that you will able to go and read more about the tool from the provided link.


Looking Into the Eye of the Bits
During the past three years I've been developing tools for research and implementation of a new type of software analysis, which I will introduce in this paper. This new type of reverse engineering allows recovering internal implementation details using only passive memory analysis, and without requiring any disassembly.


Low Profile Botnets
The term ‗Botnet‘ was sited frequently in headline news last year. It continues to dominate the ever changing threat landscape of cyberspace. Whether it is Conficker, Aurora, NightDragon or the latest ShadyRAT attacks, Botnets continue to haunt cyberspace.


Rootkits are Back with the Boot Infection
Windows rootikits have been around since year 2005 and have become a buzzword in the security industry over recent years. While rootkits have traditionally been used by sophisticated attackers to hide their presence on compromised machines, recent malwares with rootkit capabilities have started using them to complicate efforts to detect and clean the infections.


Gonna' Break It On Down Gonna' Kick It Root Down
What is ‘Rooting’? ‘Rooting’ is the process in which you get root and unrestricted access to your android phone and software. ‘Rooting’ is essentially “hacking” your Android device.


Using Metasploit with Nessus Bridge on Ubuntu
Ever wondered how to use the autopwn feature in Metasploit on Ubuntu? Want to run nessus from within metasploit? What database should I use; sqlite3 or postgres? I will explain the benefits of both. The concept will allow you to do various tasks with your nessus server and nmap from within the msf command line.


Pentesting your own Wireless Network
IEEE 802.11 is a set of protocols used for implementing wireless LAN. IEEE Protocol standards are created and maintained by IEEE LAN/MAN Standard Committee. WLANs operate in 3 different frequency ranges that is2.4Ghz (802.11b/g/n), 3.6Ghz (802.11y) and 4.9/5.0Ghz (802.11a/h/j/n). Each of these Frequencies are further divided in to multiple channels. Every country has permissible channels and maximum power levels.


Exposing the Password Secrets of “Apple Safari”
Safari is one of the top 5 browsers known for its innovative look and feel reflected in every product of Apple! It offers one of the best ways to browse online, greater support for HTML5, and other new features that make the web even better experience. Like other browsers, Safari also comes with built-in „password manager‟ feature for securely storing and managing the user's web login passwords.


Mozilla Firefox Internals & Attack Strategies
Firefox is a trusted browsing platform used by millions across the globe. It is a platform that is used by experts and novices. One of the biggest advantages and reason for massive success of Mozilla is an extensible plug-in model which allows the developers add additional features to the Mozilla Firefox environment than what was perceived by the original writers.