techGyan

Exploiting Redirect Page Vulnerability

"If it ain't broke, don't fix it" is a wide spread phrase. Web developers usually develop applications based on this criteria and often forgets about security. This article discusses about such a security issue often neglected by developers.

Abusing, Exploiting and Pwning with Firefox Add-ons

Abstract

Content-Type Attack: Dark Hole in a Secure Environment

Introduction

Content-Type attacks are related to the vulnerabilities in client side software that are used to read the content like adobe reader, Microsoft office, Image viewer. Attackers attempt to exploit programming flaws in that code to induce memory corruption issues, resulting in their own attack code being run on the victim computer that opened the PDF or DOC file.

Content-Type attack is Dark Hole in a secure environment due to following reasons

Stand Close to Me & You're pwned! Owning Smart Phones using NFC

INTRODUCTION

Near Field Communication at glance

What is NFC?

NFC or Near Field Communication is a set of standards or protocols to communicate between two devices by either touching or bringing into close proximity (less than 4 cm).

The communicating protocols of such devices are based on RFID Standards, including ISO 14443. These standards are defined and extended by the NFC Forum, which was founded on 2004 by some major companies such as Sony, Nokia, Philips, Samsung, etc.

Rotten to the core…A Roundup on Rootkits

Rootkit is a common word in Computer Security. A word often spoken to describe a bad, vary bad type of malware.

A rootkit is a program that can be installed and hidden on a computer without the knowledge of its user. It can be included in a larger software package, or installed by successfully exploit vulnerabilities or by convincing the victim to execute it by a phishing email.

Generally, books and magazines talk about rootkits, but do not go deep in the description them. The argument is quite complex and requires a dose of programming skills to be completely understood.

Loggingin MySQL

Scope:
This article demonstrates logging techniques in MySQL to uncover and analyze any mischief attempts done by (outside or inside) user focusing on specific areas in database.

What you will learn:
In this article I am going to talk about how logging is done in MySQL, and what all places to look for information regarding queries executed by all clients using MySQL database.

Pre-requisites:

FUD through Hex Editor Heading

Introduction

Mostly all Trojans/key loggers are detectable by the antivirus. One of the most common problems being faced is making Trojan/key loggers undetectable from the antivirus. So in this tutorial I am going to tell you how to make your Trojan undetectable from the antivirus. But first you need to understand how antivirus software works.

DETECTION TECHNIQUE

The Compliance Storm on the Horizon: Seeing through the Cloud of GRC

Industry analysts and vendors throughout Asia and the Pacific Rim anticipate an extension of the compliance movement, further confounding the ambivalence and inconsistencies relating to matters of Governance, Risk and Compliance.

Malware Memory Forensics

Introduction

Memory Forensics is the analysis of the memory image taken from the running computer.
In this article, we will learn how to use Memory Forensic Toolkits such as Volatility to analyze the memory artifacts with practical real life forensics scenario.

Why Memory Forensics?

PHP Shells

Hi boyz’n’girls.

This is my first appearance on ClubHack, hope not the last. :D

Anyway straight to the point.

I will talk about “PHP shells”.

PHP shells are used by Blackhats to maintain persistence into a compromised machine, typically a webserver.

Syndicate content