Basic Self-assessment: Go Hack Yourself
One of the greatest fears of the system administrator is the thought of their network being compromised. There are many threats, constantly bombarding the defenses of computer networks. If an intruder has physical access to a machine, they will be able to remove or damage parts of the system.
Read the Article
|
Espionage and the Insider
Often associated with classified information, governments, intelligence and counterintelligence agencies, espionage is often considered a funny word for those involved in business sector information security. Is there a connection? Given the fact information security professionals are responsible for securing information, while those involved in espionage are focused on obtaining information, I would argue there is.
Read the Article
|
Corporate Espionage 101
Information can make the difference between success and failure or profit and loss in the business world. If a trade secret is stolen, then the competitive playing field is leveled or worse, tipped in favor of the competitor. To complicate the problem even more, trade secrets are not only being sought after by a company's competitors, but from foreign nations as well. They are hoping to use stolen corporate information to increase that nation's competitive edge in the global marketplace.
Read the Article
|
The Enemy Within: A System Administrator's Look at Network Security
Network security has always been a key player in the system administrator's day-to-day duties: however, since the onset of the new self-propagating virus infections and the terrorist attacks of late the need and calling for more security has escalated beyond reason. Everyone is sending his or her administrators for training. Some long lost specializations have now found a new lease on life, such as the study and understanding of Steganography.
Read the Article
|
Attackers and Their Motivation
Attackers, as well as their motivations, come in many different shapes and forms. This paper provides an overview of who the attackers are and what their motivation is. Please note that the descriptions are used and abused correctly and incorrectly, and are not defined in any standard.
Read the Article
|
Shellcoding for Linux/i386
No one knows about the nature of victim system and its security level and as my research tells me, IDS is the biggest enemy of shellcode. For example, you download a shell-exploit for XYZ service and that exploit contain string "/bin/" and the victims system takes all string and make it capital, so what you say your shell-exploit will work? No way. So what you do now, a part from waiting for another shell-exploit, which will cover this problem. That's why learning shellcoding is important. Not only you can make changes to the existing shellcode but also you can study it for your personal knowledge.
Read the Article
|
The Basics of Shellcoding
A shellcode is a group of instructions which can be executed while another program is running. Nowadays lots of examples show how a shellcode can be executed while an application is running and its followings is proposed us by vulnerabilities' exploits. In order to get advantage from a vulnerability it is indispensable to inject a shellcode because we have to get the control of a running application. The goal of this article is not to explain all the possibilities of injecting a shellcode developed during last years, but to analyze and understand its essence.
Read the Article
|
Stack Overflow's Analysis & Exploiting Ways
The first passage to follow, in order to completely understand the STACK overflows, it's to study how the main processor works during any program's execution. When a program is executed his elements are allocated into the memory in a well organized way (look at the Figure 1). Local variables, function arguments and still other things, are allocated into the STACK. Automatic allocated variables stay instead in the HEAP. Both .BSS and .DATA sectors are dedicated to the local variables and are allocated during the compile time. To be clear: the sector .BSS includes not initalized data, while .DATA is reserved for static data (e.g. "static" in the C language). The .TEXT sector is the data area including the instructions, such as the program's code which is being executed where it's not possible to realize any writing operation but only reading ones.
Read the Article
|
UDP Remote Controls
I want to illustrate, with this article, the possibility to control servers with the UDP protocol. In order to exemplify the topic in question, I conceptualized the program. Before describing the program functions and services, I thought that it was useful to explain some important topics about the UDP protocol, that is, the basic element of the whole project.
Read the Article
|
Telnet Based Attacks
This paper examines attacks developed over the years using the Telnet service. It covers the history of the telnet service, common attacks, and OS specific information.
Read the Article
|
