Hacking Unauthorized Access Part 25 min. 35 sec.
Video on hacking, phreaking, trashing, and hacker lore.
Watch the Video
|
Hackers in Wonderland47. min 40 sec.
An indepth look at hackers.
Watch the Video
|
The Vishing Guide
Vishing is the practice of leveraging IP-based voice messaging technologies (primarily Voice over Internet Protocol, or VoIP) to socially engineer the intended victim into providing personal, financial or other confidential information for the purpose of financial reward. The term "vishing" is derived from a combination of "voice" and "phishing".
Read the Article
|
Address Resolution Protocol Spoofing and Man in the Middle Attacks
This paper is designed to introduce and explain ARP spoofing and its role in Man-in-the-Middle attacks. The term Man-in-the-Middle is historical usage -- it does not imply that only men can use these attacks. Perhaps Teenager-in-the-Middle or Monkey-in-the-Middle would be more accurate terms.
Read the Article
|
Malicious Code Injection: Its Not Just for SQL Anymore
While many developers are aware of the threats posed by malicious code, and by SQL injection attacks in particular, there are other forms of code injection that are equally dangerous. Learn more about XPath injection, LDAP injection, and command execution injection and view examples of each type of attack. In addition, learn why many preventative actions that are commonly suggested to developers are not helpful, and discover how the creation of whitelists and blacklists can help to protect an application from malicious code injection attacks.
Read the Article
|
DNS ID Hacking
Hi people you might be wondering what DNS ID Hacking (or Spoofing) is. DNS ID Hacking isn't a usual way of hacking/spoofing such jizz or any-erect. This method is based on a vulnerability on DNS Protocol. More brutal, the DNS ID hack/spoof is very efficient is very strong because there is no generation of DNS daemons that escapes from it (even WinNT!).
Read the Article
|
IP-spoofing Demystified (Trust-Relationship Exploitation)
The purpose of this paper is to explain IP-spoofing to the masses. IP-spoofing is a complex technical attack that is made up of several components. IP-spoofing is not the attack, but a step in the attack. The attack is actually trust-relationship exploitation. However, in this paper, IP-spoofing will refer to the whole attack. daemon9 details the attack, including examples and relevant operating system and networking information.
Read the Article
|
How to code stack based exploits
Buffer overflows are the result of stuffing more data into a buffer than it can handle. Upon writing past the buffer, the program will often lead to unknown results, even the potential to execute arbitary code, if a certain memory pointer is overwritten. Varying the flow of execution on the stack requires knowledge in the operating system and it's architecture based in assembly. Careful tracing of the programs flow can be accomplished by a number of debugging tools such as gdb.
Read the Article
|
Address relay fingerprinting
This paper discusses how to use values returned from programs to create fingerprints. Most of the information contained in this paper will relate to off-by-one buffer miscalculations. While they are very common, not all are exploitable, and often get dismissed due to that. As these bugs may not always yield exploitable conditions, they do tend to relay information about the machine.
Read the Article
|
Smashing the Kernel Stack for Fun and Profit
This article is about recent exposures of many kernel level vulnerabilities and advances in their exploitation which leads to trusted (oops safe) and robust exploits. We will focus on 2 recent vulnerabilities in the OpenBSD kernel as our case studies. Out of the these we will mainly concentrate on exploitation of the select() system call buffer overflow. The setitimer() arbitrary memory overwrite vulnerability will be explained in the code section of this article (as inline comments, so as not to repeat what we have already covered whilst exploring the select() buffer overflow).
Read the Article
|
