This document discusses various ways that back-end components of web applications can be attacked by injecting malicious code or commands. It provides examples of how user input could be used to exploit vulnerabilities in OS commands, scripting languages, file paths, HTTP requests, and SMTP mail services. The key techniques covered are command injection, path traversal, remote file inclusion, XML external entity injection, HTTP parameter injection, and SMTP injection. Defenses are also presented, such as input filtering, canonicalization, and running applications in a chroot jail.
This document discusses various attacks against backend components in web applications, including command injection, path traversal, file inclusion, XML external entity injection (XXE), SOAP injection, HTTP parameter injection, SMTP injection, and more. It provides examples of each attack and recommendations for prevention, such as input validation, output encoding, and restricting file system and network access.
This document provides a summary of key concepts related to web application technologies. It discusses HTTP and HTTP requests/responses, including common headers. It also covers client-side technologies like HTML, CSS, JavaScript, and how they interact with the server via HTTP. On the server-side, it discusses programming languages and frameworks like Java, ASP.NET, PHP, and common databases. It also covers concepts like cookies, sessions, and different encoding schemes used to transmit data.
This document summarizes potential vulnerabilities in how different layers of a web application process data. It discusses how each layer - including hardware, operating system, browser, network, web server, framework, application and database - accepts inputs and produces outputs that could be leveraged maliciously if not properly validated. The key point is that inputs may come from sources beyond just user input, and outputs may contain sensitive information, so all data processed across layers needs to be carefully validated. Specific examples are provided of vulnerabilities the author has discovered in how various popular systems handle specific inputs or transformations at each layer.
This document summarizes potential vulnerabilities in how different layers of a web application process data. It discusses how each layer - including hardware, operating system, browser, network, web server, framework, application and database - accepts inputs and produces outputs that could be leveraged maliciously if not properly validated. Many real-world examples are provided of how inputs passed between layers can bypass validation checks if the layers' data processing rules are not well understood by developers. The key message is that all variables not explicitly set in code should be considered untrusted.
This document provides information about DHCP and DNS logging. It discusses:
- Microsoft DHCP logs location and format, with limitations like one week retention
- ISC DHCP logs to syslog and examples of log entries
- DNS logging using DNSCAP or network packet captures
- Microsoft and ISC BIND DNS logging configurations and limitations
It recommends searching DHCP logs by IP address or MAC address to identify devices, and DNS logs to see domains visited and querying IPs. The document also notes attackers may change IP addresses, and malware may strip version information to evade detection.
An overview of how to structure your Lumen APIs to make them awesome. Topics covered: requests, responses, logging, documentation and testing.
Slides assume some background in Laravel.
This document discusses various attacks against backend components in web applications, including command injection, path traversal, file inclusion, XML external entity injection (XXE), SOAP injection, HTTP parameter injection, SMTP injection, and more. It provides examples of each attack and recommendations for prevention, such as input validation, output encoding, and restricting file system and network access.
This document provides a summary of key concepts related to web application technologies. It discusses HTTP and HTTP requests/responses, including common headers. It also covers client-side technologies like HTML, CSS, JavaScript, and how they interact with the server via HTTP. On the server-side, it discusses programming languages and frameworks like Java, ASP.NET, PHP, and common databases. It also covers concepts like cookies, sessions, and different encoding schemes used to transmit data.
This document summarizes potential vulnerabilities in how different layers of a web application process data. It discusses how each layer - including hardware, operating system, browser, network, web server, framework, application and database - accepts inputs and produces outputs that could be leveraged maliciously if not properly validated. The key point is that inputs may come from sources beyond just user input, and outputs may contain sensitive information, so all data processed across layers needs to be carefully validated. Specific examples are provided of vulnerabilities the author has discovered in how various popular systems handle specific inputs or transformations at each layer.
This document summarizes potential vulnerabilities in how different layers of a web application process data. It discusses how each layer - including hardware, operating system, browser, network, web server, framework, application and database - accepts inputs and produces outputs that could be leveraged maliciously if not properly validated. Many real-world examples are provided of how inputs passed between layers can bypass validation checks if the layers' data processing rules are not well understood by developers. The key message is that all variables not explicitly set in code should be considered untrusted.
This document provides information about DHCP and DNS logging. It discusses:
- Microsoft DHCP logs location and format, with limitations like one week retention
- ISC DHCP logs to syslog and examples of log entries
- DNS logging using DNSCAP or network packet captures
- Microsoft and ISC BIND DNS logging configurations and limitations
It recommends searching DHCP logs by IP address or MAC address to identify devices, and DNS logs to see domains visited and querying IPs. The document also notes attackers may change IP addresses, and malware may strip version information to evade detection.
An overview of how to structure your Lumen APIs to make them awesome. Topics covered: requests, responses, logging, documentation and testing.
Slides assume some background in Laravel.
Slides for a college course based on "The Web Application Hacker's Handbook", 2nd Ed.
Teacher: Sam Bowne
Website: https://samsclass.info/129S/129S_F16.shtml
The document discusses pentesting thick client applications. It begins with introducing thick clients and why testing them is important. It then covers common thick client architectures, vulnerabilities, tools used for testing like decompilers and network sniffers, challenges like intercepting encrypted traffic, and solutions to those challenges like using Burp's non-HTTP proxy. It ends with checklists, example applications to practice on, and references for further reading.
This document provides an overview of API testing and web services protocols. It discusses XML, SOAP, REST, and introduces the tool SoapUI for testing web services. Key points include:
1. XML is used to transport and store data on the web. It has elements, attributes, and syntax rules. XML Namespaces avoid element name conflicts.
2. SOAP is a protocol for accessing web services. It uses XML, includes envelope, header and body elements. WSDL describes SOAP web services operations.
3. REST services use HTTP to manipulate resources via operations like GET, PUT, POST and DELETE. It can output JSON, XML and is language/platform independent.
4.
Some security vulnerabilities are more dangerous than others, or at least more commonly exploited. In this session we'll look at the top 25 most dangerous software weaknesses and learn how to mitigate them in your CFML code.
DEF CON 24 - workshop - Craig Young - brainwashing embedded systemsFelipe Prado
Firmware analysis often involves searching firmware images for known file headers and file systems like SquashFS to extract contained files. Automated binary analysis tools like binwalk can help extract files from images. HTTP interfaces are common targets for security testing since they are often exposed without authentication. Testing may uncover vulnerabilities like XSS, CSRF, SQLi or command injection. Wireless interfaces also require testing to check for issues like weak encryption or exposure of credentials in cleartext.
This document provides information about a PowerShell presentation titled "Powering up on PowerShell". It includes the wireless network credentials to access the demo environment, a link to demo files, an agenda for the presentation topics, and a brief biography of the presenter. Some of the topics to be covered in the presentation include moving around the file system and registry, hashing, data storage techniques, custom event logging, WinRM logging, port scanning, and achieving persistence through PowerShell profiles.
Slides for a college course based on "Incident Response & Computer Forensics, Third Edition" by by Jason Luttgens, Matthew Pepe, and Kevin Mandia, at City College San Francisco.
Website: https://samsclass.info/152/152_F18.shtml
Ch 13: Attacking Users: Other Techniques (Part 2)Sam Bowne
This document discusses various client-side attacks that can be performed against web browsers and applications. It covers techniques like keylogging, stealing browser history, port scanning the local network, exploiting DNS rebinding to bypass same-origin policy, and using browser exploitation frameworks. The goal of these attacks is to steal sensitive user data, hijack user sessions on other sites, or pivot to other systems on the local network. Defenses discussed include preventing caching of sensitive data, using POST instead of GET, and restricting ports accessible to JavaScript.
Slides for a college course based on "Incident Response & Computer Forensics, Third Edition" by by Jason Luttgens, Matthew Pepe, and Kevin Mandia.
Teacher: Sam Bowne
Twitter: @sambowne
Website: https://samsclass.info/121/121_F16.shtml
The Windows Communication Foundation (WCF) framework is being used in almost all .NET development platforms: Windows clients, ASP.NET applications, Windows Phone, Server side applications, and in Windows Azure; but have you ever wondered how WCF works? How you can extend it to your organization’s needs? How to monitor its work? How to tune it for better performance and scalability? WCF is the second largest assembly in the .NET Framework and as complex to understand.
In this 1-day workshop we will deep dive into WCF, learn how to monitor WCF services and how to troubleshoot them, how to tweak our services for better performance, how to secure them with transport and message security and discuss the pros and cons of each technique, and how to extend the WCF service pipeline to accommodate our needs.
- The document discusses securing Windows NT systems by reviewing the NT security architecture, known vulnerabilities, and methods for exploiting them. It provides guidance on hardening NT security through measures like reducing unnecessary services, restricting file and registry permissions, and enforcing stronger passwords. System administrators can assess their security posture using various scanning and auditing tools to detect vulnerabilities, non-compliant configurations, and potential security breaches.
CNIT 129S - Ch 3: Web Application TechnologiesSam Bowne
For a college course at CCSF taught by Sam Bowne.
https://samsclass.info/129S/129S_S18.shtml
Based on "The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws 2nd Edition", by Dafydd Stuttard , Marcus Pinto; ISBN-10: 1118026470
This document discusses techniques for hunting bad guys on networks, including identifying client-side attacks, malware command and control channels, post-exploitation activities, and hunting artifacts. It provides examples of using DNS logs, firewall logs, HTTP logs, registry keys, installed software inventories, and the AMCache registry hive to look for anomalous behaviors that could indicate security compromises. The goal is to actively hunt for threats rather than just detecting known bad behaviors.
The document discusses fuzzing techniques for finding software vulnerabilities. It defines fuzzing as automatically feeding malformed data to a program to trigger flaws. It describes generating fuzzed test cases, delivering them to targets, and monitoring for crashes. The document outlines dumb and smart fuzzing approaches, and steps for basic fuzzing like generating test cases, monitoring targets, and determining exploitability of found issues.
This document discusses software vulnerabilities and buffer overflow attacks. It provides examples of common vulnerabilities like input validation issues, directory traversal attacks, and time-of-check-to-time-of-use (TOCTTOU) race conditions. It also explains buffer overflows in detail, including the different types like stack overflows. The key points are that malicious inputs can exploit software vulnerabilities to execute arbitrary code or escalate privileges, and that buffer overflows overwrite the memory stack to redirect program control flow to attacker code.
Introduction to Laravel Framework (5.2)Viral Solani
This document provides an overview of the Laravel PHP framework, including why it was created, its main features and components. Some key points:
- Laravel was created to guide developers to best practices and utilizes modern PHP features. It has an active community and good documentation.
- Its major components include routing, controllers, blade templating, Eloquent ORM, authentication, queues and more. It also uses Composer for dependency management.
- Other tools in the Laravel ecosystem help with deployment (Homestead, Forge), billing (Cashier), APIs (Lumen) and more. The framework is fully-featured but aims to be easy to learn and use.
The document discusses various web security attacks and solutions. It begins by noting that developers often focus on features and speed of development over security, leaving vulnerabilities. The top 10 web application attacks are then listed: injection, broken authentication, cross-site scripting, insecure direct object references, security misconfiguration, sensitive data exposure, missing access controls, cross-site request forgery, use of known vulnerable components, and unvalidated redirects/forwards. The document then provides more details on injection attacks like SQL injection and command injection, as well as cross-site scripting and cross-site request forgery attacks. Prevention techniques for these common attacks are also discussed.
A Hacker's Perspective on Embedded Device Security, presented by Paul Dant of Independent Security Evaluators at the Security of Things Forum, Sept. 10, 2015
This document provides an overview of SQL injection techniques. It discusses bypassing authentication via SQL injection, uploading shells to gain remote code execution, and prevention methods. Specific techniques covered include determining the number of columns, dumping table names and column names, extracting data like usernames and passwords, and uploading a PHP shell using UNION queries and INTO OUTFILE to execute remote commands on the server. Examples are provided using Burp Suite to exploit vulnerabilities on demo sites.
Debugging Microservices - key challenges and techniques - Microservices Odesa...Lohika_Odessa_TechTalks
Microservice architecture is widespread our days. It comes with a lot of benefits and challenges to solve. Main goal of this talk is to go through troubleshooting and debugging in the distributed micro-service world. Topic would cover:
main aspects of the logging,
monitoring,
distributed tracing,
debugging services on the cluster.
About speaker:
Andrеy Kolodnitskiy is Staff engineer in the Lohika and his primary focus is around distributed systems, microservices and JVM based languages.
Majority of time engineers spend debugging and fixing the issues. This talk will be dedicated to best practicies and tools Andrеys team uses on its project which do help to find issues more efficiently.
The document discusses various topics related to cyberwar including Mastodon, Lockheed-Martin's kill chain model, and Mitre's ATT&CK framework. It notes that China, Russia, Iran, and North Korea pose major cyber threats according to the FBI and CISA. China is described as the broadest cyber espionage threat. Russia conducts destructive malware and ransomware operations. Iran's growing cyber expertise makes it a threat. North Korea's program poses an espionage, cybercrime, and attack threat and continues cryptocurrency heists.
- DNS vulnerabilities can arise from configuration errors, architecture mistakes, vulnerable software implementations, protocol weaknesses, and failure to use security extensions.
- Common mistakes include single points of failure, exposure of internal information, leakage of internal queries, unnecessary recursiveness, failure to restrict access, and unprotected zone transfers.
- Software vulnerabilities have included buffer overflows and flaws in randomization of source ports, transaction IDs, and domain name ordering that enable cache poisoning and man-in-the-middle attacks.
More Related Content
Similar to Ch 13: Attacking Other Users: Other Techniques (Part 1)
Slides for a college course based on "The Web Application Hacker's Handbook", 2nd Ed.
Teacher: Sam Bowne
Website: https://samsclass.info/129S/129S_F16.shtml
The document discusses pentesting thick client applications. It begins with introducing thick clients and why testing them is important. It then covers common thick client architectures, vulnerabilities, tools used for testing like decompilers and network sniffers, challenges like intercepting encrypted traffic, and solutions to those challenges like using Burp's non-HTTP proxy. It ends with checklists, example applications to practice on, and references for further reading.
This document provides an overview of API testing and web services protocols. It discusses XML, SOAP, REST, and introduces the tool SoapUI for testing web services. Key points include:
1. XML is used to transport and store data on the web. It has elements, attributes, and syntax rules. XML Namespaces avoid element name conflicts.
2. SOAP is a protocol for accessing web services. It uses XML, includes envelope, header and body elements. WSDL describes SOAP web services operations.
3. REST services use HTTP to manipulate resources via operations like GET, PUT, POST and DELETE. It can output JSON, XML and is language/platform independent.
4.
Some security vulnerabilities are more dangerous than others, or at least more commonly exploited. In this session we'll look at the top 25 most dangerous software weaknesses and learn how to mitigate them in your CFML code.
DEF CON 24 - workshop - Craig Young - brainwashing embedded systemsFelipe Prado
Firmware analysis often involves searching firmware images for known file headers and file systems like SquashFS to extract contained files. Automated binary analysis tools like binwalk can help extract files from images. HTTP interfaces are common targets for security testing since they are often exposed without authentication. Testing may uncover vulnerabilities like XSS, CSRF, SQLi or command injection. Wireless interfaces also require testing to check for issues like weak encryption or exposure of credentials in cleartext.
This document provides information about a PowerShell presentation titled "Powering up on PowerShell". It includes the wireless network credentials to access the demo environment, a link to demo files, an agenda for the presentation topics, and a brief biography of the presenter. Some of the topics to be covered in the presentation include moving around the file system and registry, hashing, data storage techniques, custom event logging, WinRM logging, port scanning, and achieving persistence through PowerShell profiles.
Slides for a college course based on "Incident Response & Computer Forensics, Third Edition" by by Jason Luttgens, Matthew Pepe, and Kevin Mandia, at City College San Francisco.
Website: https://samsclass.info/152/152_F18.shtml
Ch 13: Attacking Users: Other Techniques (Part 2)Sam Bowne
This document discusses various client-side attacks that can be performed against web browsers and applications. It covers techniques like keylogging, stealing browser history, port scanning the local network, exploiting DNS rebinding to bypass same-origin policy, and using browser exploitation frameworks. The goal of these attacks is to steal sensitive user data, hijack user sessions on other sites, or pivot to other systems on the local network. Defenses discussed include preventing caching of sensitive data, using POST instead of GET, and restricting ports accessible to JavaScript.
Slides for a college course based on "Incident Response & Computer Forensics, Third Edition" by by Jason Luttgens, Matthew Pepe, and Kevin Mandia.
Teacher: Sam Bowne
Twitter: @sambowne
Website: https://samsclass.info/121/121_F16.shtml
The Windows Communication Foundation (WCF) framework is being used in almost all .NET development platforms: Windows clients, ASP.NET applications, Windows Phone, Server side applications, and in Windows Azure; but have you ever wondered how WCF works? How you can extend it to your organization’s needs? How to monitor its work? How to tune it for better performance and scalability? WCF is the second largest assembly in the .NET Framework and as complex to understand.
In this 1-day workshop we will deep dive into WCF, learn how to monitor WCF services and how to troubleshoot them, how to tweak our services for better performance, how to secure them with transport and message security and discuss the pros and cons of each technique, and how to extend the WCF service pipeline to accommodate our needs.
- The document discusses securing Windows NT systems by reviewing the NT security architecture, known vulnerabilities, and methods for exploiting them. It provides guidance on hardening NT security through measures like reducing unnecessary services, restricting file and registry permissions, and enforcing stronger passwords. System administrators can assess their security posture using various scanning and auditing tools to detect vulnerabilities, non-compliant configurations, and potential security breaches.
CNIT 129S - Ch 3: Web Application TechnologiesSam Bowne
For a college course at CCSF taught by Sam Bowne.
https://samsclass.info/129S/129S_S18.shtml
Based on "The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws 2nd Edition", by Dafydd Stuttard , Marcus Pinto; ISBN-10: 1118026470
This document discusses techniques for hunting bad guys on networks, including identifying client-side attacks, malware command and control channels, post-exploitation activities, and hunting artifacts. It provides examples of using DNS logs, firewall logs, HTTP logs, registry keys, installed software inventories, and the AMCache registry hive to look for anomalous behaviors that could indicate security compromises. The goal is to actively hunt for threats rather than just detecting known bad behaviors.
The document discusses fuzzing techniques for finding software vulnerabilities. It defines fuzzing as automatically feeding malformed data to a program to trigger flaws. It describes generating fuzzed test cases, delivering them to targets, and monitoring for crashes. The document outlines dumb and smart fuzzing approaches, and steps for basic fuzzing like generating test cases, monitoring targets, and determining exploitability of found issues.
This document discusses software vulnerabilities and buffer overflow attacks. It provides examples of common vulnerabilities like input validation issues, directory traversal attacks, and time-of-check-to-time-of-use (TOCTTOU) race conditions. It also explains buffer overflows in detail, including the different types like stack overflows. The key points are that malicious inputs can exploit software vulnerabilities to execute arbitrary code or escalate privileges, and that buffer overflows overwrite the memory stack to redirect program control flow to attacker code.
Introduction to Laravel Framework (5.2)Viral Solani
This document provides an overview of the Laravel PHP framework, including why it was created, its main features and components. Some key points:
- Laravel was created to guide developers to best practices and utilizes modern PHP features. It has an active community and good documentation.
- Its major components include routing, controllers, blade templating, Eloquent ORM, authentication, queues and more. It also uses Composer for dependency management.
- Other tools in the Laravel ecosystem help with deployment (Homestead, Forge), billing (Cashier), APIs (Lumen) and more. The framework is fully-featured but aims to be easy to learn and use.
The document discusses various web security attacks and solutions. It begins by noting that developers often focus on features and speed of development over security, leaving vulnerabilities. The top 10 web application attacks are then listed: injection, broken authentication, cross-site scripting, insecure direct object references, security misconfiguration, sensitive data exposure, missing access controls, cross-site request forgery, use of known vulnerable components, and unvalidated redirects/forwards. The document then provides more details on injection attacks like SQL injection and command injection, as well as cross-site scripting and cross-site request forgery attacks. Prevention techniques for these common attacks are also discussed.
A Hacker's Perspective on Embedded Device Security, presented by Paul Dant of Independent Security Evaluators at the Security of Things Forum, Sept. 10, 2015
This document provides an overview of SQL injection techniques. It discusses bypassing authentication via SQL injection, uploading shells to gain remote code execution, and prevention methods. Specific techniques covered include determining the number of columns, dumping table names and column names, extracting data like usernames and passwords, and uploading a PHP shell using UNION queries and INTO OUTFILE to execute remote commands on the server. Examples are provided using Burp Suite to exploit vulnerabilities on demo sites.
Debugging Microservices - key challenges and techniques - Microservices Odesa...Lohika_Odessa_TechTalks
Microservice architecture is widespread our days. It comes with a lot of benefits and challenges to solve. Main goal of this talk is to go through troubleshooting and debugging in the distributed micro-service world. Topic would cover:
main aspects of the logging,
monitoring,
distributed tracing,
debugging services on the cluster.
About speaker:
Andrеy Kolodnitskiy is Staff engineer in the Lohika and his primary focus is around distributed systems, microservices and JVM based languages.
Majority of time engineers spend debugging and fixing the issues. This talk will be dedicated to best practicies and tools Andrеys team uses on its project which do help to find issues more efficiently.
Similar to Ch 13: Attacking Other Users: Other Techniques (Part 1) (20)
The document discusses various topics related to cyberwar including Mastodon, Lockheed-Martin's kill chain model, and Mitre's ATT&CK framework. It notes that China, Russia, Iran, and North Korea pose major cyber threats according to the FBI and CISA. China is described as the broadest cyber espionage threat. Russia conducts destructive malware and ransomware operations. Iran's growing cyber expertise makes it a threat. North Korea's program poses an espionage, cybercrime, and attack threat and continues cryptocurrency heists.
- DNS vulnerabilities can arise from configuration errors, architecture mistakes, vulnerable software implementations, protocol weaknesses, and failure to use security extensions.
- Common mistakes include single points of failure, exposure of internal information, leakage of internal queries, unnecessary recursiveness, failure to restrict access, and unprotected zone transfers.
- Software vulnerabilities have included buffer overflows and flaws in randomization of source ports, transaction IDs, and domain name ordering that enable cache poisoning and man-in-the-middle attacks.
This chapter discusses software development security. It covers topics like programming concepts, compilers and interpreters, procedural vs object-oriented languages, application development methods like waterfall vs agile models, databases, object-oriented design, assessing software vulnerabilities, and artificial intelligence techniques. The key aspects are securing the entire software development lifecycle from initial planning through operation and disposal, using secure coding practices, testing for vulnerabilities, and continually improving processes.
This document discusses attacking iOS applications by exploiting vulnerabilities in the iOS runtime, interprocess communication, and through injection attacks. Specifically, it covers instrumenting the iOS runtime using method swizzling, attacking applications using interprocess communication techniques like application extensions, and exploiting entry points like UIWebViews, client-side data stores, and file handling routines to perform injection attacks on iOS apps.
This document provides an overview of elliptic curve cryptography including what an elliptic curve is, the elliptic curve discrete logarithm problem (ECDLP), Diffie-Hellman key agreement and digital signatures using elliptic curves. It discusses NIST standard curves like P-256 and Curve25519 as well as choosing appropriate curves and potential issues like attacks if randomness is not properly implemented or an invalid curve is used.
The document discusses the Diffie-Hellman key exchange protocol. It describes how Diffie-Hellman works by having two parties agree on a shared secret over an insecure channel without transmitting the secret itself. It also covers potential issues like using proper cryptographic techniques to derive keys from the shared secret and using safe prime numbers to prevent attacks.
This document provides an overview of analyzing iOS apps, including jailbreaking mobile devices. It discusses iOS security features like code signing and sandboxing. It explains how to set up a test environment for analyzing apps by jailbreaking a device and using Unix tools. Key files like property lists and databases that can be explored are also outlined.
This document discusses various techniques for writing secure Android apps, including minimizing unnecessary permissions and exposure, securing data storage and communication, and making apps difficult to reverse engineer. It provides examples of implementing essential security mechanisms like permission protection and securing activities, content providers, and web views. It also covers more advanced techniques such as protection level downgrades, obfuscation, and tamper detection.
12 Investigating Windows Systems (Part 2 of 3)Sam Bowne
The document discusses investigating Windows systems by analyzing the Windows Registry. It describes the purpose and structure of the Registry, including the main hive files and user-specific hives. It provides an overview of important Registry keys that can contain forensic artifacts, such as system configuration keys, network information keys, user and security information keys, and auto-run keys that can indicate malware persistence. Specific Registry keys and values are highlighted that are most useful for analyzing evidence on a compromised system, including ShellBags, UserAssist, MRU lists, and Internet Explorer TypedURLs and TypedPaths. Tools for Registry analysis like RegRipper, AutoRuns, and Nirsoft utilities are also mentioned.
This document provides an overview of the RSA cryptosystem. It begins with the mathematical foundations of RSA, including the group ZN* and Euler's totient function. It then covers the RSA trapdoor permutation using modular exponentiation and key generation. The document discusses encrypting and signing with RSA, as well as implementations using libraries and algorithms like square-and-multiply. It concludes with topics like side-channel attacks, optimizations for speed, and ways implementations can fail like the Bellcore attack on RSA-CRT.
12 Investigating Windows Systems (Part 1 of 3Sam Bowne
This document provides an overview of analyzing the Windows file system, NTFS metadata, and logs to investigate security incidents and recover deleted files. It discusses the Master File Table (MFT) structure, timestamps, alternate data streams, prefetch files, event logs, and scheduled tasks. The MFT stores file metadata including attributes, timestamps, and data runs. File deletion only marks the MFT entry inactive, allowing recovery of deleted file contents and metadata. Event and security logs can reveal lateral movement and suspicious processes. Prefetch files indicate program execution history. Scheduled tasks configure automated programs through .job files logged by Task Scheduler.
This document discusses computational hardness and complexity classes related to cryptography. It covers the computational complexity of problems like factoring large numbers and the discrete logarithm problem. These problems are assumed to be hard, even for quantum computers, and form the basis for cryptographic techniques. The document also discusses how cryptography could be broken if faster algorithms were found for these problems or if the key sizes used were too small.
This document discusses exploiting vulnerabilities in Android devices. It covers identifying pre-installed apps that could provide access, techniques for remotely or locally exploiting devices, and the different privilege levels an attacker may obtain including non-system app access, installed package access, ADB shell access, system user access, and root user access. Specific exploitation techniques mentioned include exploiting update mechanisms, remote code loading, webviews, listening services, and messaging apps. Tools discussed include Drozer, Ettercap, and Burp.
This document provides an overview of the incident response analysis methodology process. It discusses defining objectives, understanding the situation and available resources, identifying leadership, avoiding impossible tasks like proving a negative, asking why to define scope, knowing where data is stored, accessing raw data, selecting analysis methods like searching for malware or using tools like VirusTotal, manual review, filtering data, statistical analysis using tools like Sawmill, string searching, analyzing unallocated space, and file carving. It stresses periodically evaluating results to ensure progress and only making definitive statements if supported by evidence.
This document discusses authenticated encryption, which both encrypts messages and authenticates them with a tag. It covers several authenticated encryption schemes:
1. Authenticated Encryption with Associated Data (AEAD) which encrypts a plaintext and authenticates additional associated data with a tag.
2. AES-GCM, the standard authenticated cipher, which uses AES in Galois/Counter Mode. It has two layers - encryption then authentication.
3. OCB, faster than GCM but limited by licensing. It blends encryption and authentication into one layer.
4. SIV, considered the safest as it is secure even if nonces are reused, but it is not streamable.
This document summarizes part 2 of a course on attacking Android applications. It discusses how application components like activities and services can be exploited if not properly protected. Specific vulnerabilities in the Sieve password manager application are demonstrated, including insecure content providers, SQL injection, and an insecure file-backed content provider. The document also covers how services and broadcast receivers can be abused if not protected correctly.
This document discusses attacking Android applications through their components. It covers exploiting vulnerabilities in an app's security model, intercepting communications, and compromising application containers or internet servers that apps rely on. Specific attacks examined include bypassing the lock screen, tapjacking, accessing private app data through recently used screenshots, and changing a PIN without knowing the old one using fragment injection. The document provides examples of how to interact with an app's activities, services, content providers and permissions through intents and other techniques.
The document discusses stream ciphers and how they can be implemented in either hardware or software. It describes how stream ciphers work by generating a pseudorandom bitstream from a key and nonce that is XOR'd with the plaintext. Hardware-oriented stream ciphers were initially more efficient to implement than block ciphers using dedicated circuits like LFSRs. However, LFSR-based designs are insecure and modern software-oriented stream ciphers like Salsa20 are more efficient on CPUs. The document cautions that stream ciphers can be broken if the key and nonce are reused or if there are flaws in the implementation.
Live data collection on Windows systems can be done using prebuilt kits like Mandiant Redline or Velociraptor, by creating your own scripted toolkit using built-in and free tools to collect processes, network connections, system logs and other volatile data, while following best practices like testing your methods first and being cautious of malware on investigated systems.
Block ciphers like AES encrypt data in fixed-size blocks and use cryptographic keys and rounds of processing to encrypt the data securely. AES is the current standard, using 128-bit blocks and keys of 128, 192, or 256 bits. Modes of operation like ECB, CBC, CTR are used to handle full messages. ECB is insecure as identical plaintext blocks produce identical ciphertext, while CBC and CTR provide security if nonces and IVs are not reused. Implementation details like padding and side channels must be handled carefully to prevent attacks.
বাংলাদেশের অর্থনৈতিক সমীক্ষা ২০২৪ [Bangladesh Economic Review 2024 Bangla.pdf] কম্পিউটার , ট্যাব ও স্মার্ট ফোন ভার্সন সহ সম্পূর্ণ বাংলা ই-বুক বা pdf বই " সুচিপত্র ...বুকমার্ক মেনু 🔖 ও হাইপার লিংক মেনু 📝👆 যুক্ত ..
আমাদের সবার জন্য খুব খুব গুরুত্বপূর্ণ একটি বই ..বিসিএস, ব্যাংক, ইউনিভার্সিটি ভর্তি ও যে কোন প্রতিযোগিতা মূলক পরীক্ষার জন্য এর খুব ইম্পরট্যান্ট একটি বিষয় ...তাছাড়া বাংলাদেশের সাম্প্রতিক যে কোন ডাটা বা তথ্য এই বইতে পাবেন ...
তাই একজন নাগরিক হিসাবে এই তথ্য গুলো আপনার জানা প্রয়োজন ...।
বিসিএস ও ব্যাংক এর লিখিত পরীক্ষা ...+এছাড়া মাধ্যমিক ও উচ্চমাধ্যমিকের স্টুডেন্টদের জন্য অনেক কাজে আসবে ...
Chapter wise All Notes of First year Basic Civil Engineering.pptxDenish Jangid
Chapter wise All Notes of First year Basic Civil Engineering
Syllabus
Chapter-1
Introduction to objective, scope and outcome the subject
Chapter 2
Introduction: Scope and Specialization of Civil Engineering, Role of civil Engineer in Society, Impact of infrastructural development on economy of country.
Chapter 3
Surveying: Object Principles & Types of Surveying; Site Plans, Plans & Maps; Scales & Unit of different Measurements.
Linear Measurements: Instruments used. Linear Measurement by Tape, Ranging out Survey Lines and overcoming Obstructions; Measurements on sloping ground; Tape corrections, conventional symbols. Angular Measurements: Instruments used; Introduction to Compass Surveying, Bearings and Longitude & Latitude of a Line, Introduction to total station.
Levelling: Instrument used Object of levelling, Methods of levelling in brief, and Contour maps.
Chapter 4
Buildings: Selection of site for Buildings, Layout of Building Plan, Types of buildings, Plinth area, carpet area, floor space index, Introduction to building byelaws, concept of sun light & ventilation. Components of Buildings & their functions, Basic concept of R.C.C., Introduction to types of foundation
Chapter 5
Transportation: Introduction to Transportation Engineering; Traffic and Road Safety: Types and Characteristics of Various Modes of Transportation; Various Road Traffic Signs, Causes of Accidents and Road Safety Measures.
Chapter 6
Environmental Engineering: Environmental Pollution, Environmental Acts and Regulations, Functional Concepts of Ecology, Basics of Species, Biodiversity, Ecosystem, Hydrological Cycle; Chemical Cycles: Carbon, Nitrogen & Phosphorus; Energy Flow in Ecosystems.
Water Pollution: Water Quality standards, Introduction to Treatment & Disposal of Waste Water. Reuse and Saving of Water, Rain Water Harvesting. Solid Waste Management: Classification of Solid Waste, Collection, Transportation and Disposal of Solid. Recycling of Solid Waste: Energy Recovery, Sanitary Landfill, On-Site Sanitation. Air & Noise Pollution: Primary and Secondary air pollutants, Harmful effects of Air Pollution, Control of Air Pollution. . Noise Pollution Harmful Effects of noise pollution, control of noise pollution, Global warming & Climate Change, Ozone depletion, Greenhouse effect
Text Books:
1. Palancharmy, Basic Civil Engineering, McGraw Hill publishers.
2. Satheesh Gopi, Basic Civil Engineering, Pearson Publishers.
3. Ketki Rangwala Dalal, Essentials of Civil Engineering, Charotar Publishing House.
4. BCP, Surveying volume 1
How to Setup Warehouse & Location in Odoo 17 InventoryCeline George
In this slide, we'll explore how to set up warehouses and locations in Odoo 17 Inventory. This will help us manage our stock effectively, track inventory levels, and streamline warehouse operations.
LAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UPRAHUL
This Dissertation explores the particular circumstances of Mirzapur, a region located in the
core of India. Mirzapur, with its varied terrains and abundant biodiversity, offers an optimal
environment for investigating the changes in vegetation cover dynamics. Our study utilizes
advanced technologies such as GIS (Geographic Information Systems) and Remote sensing to
analyze the transformations that have taken place over the course of a decade.
The complex relationship between human activities and the environment has been the focus
of extensive research and worry. As the global community grapples with swift urbanization,
population expansion, and economic progress, the effects on natural ecosystems are becoming
more evident. A crucial element of this impact is the alteration of vegetation cover, which plays a
significant role in maintaining the ecological equilibrium of our planet.Land serves as the foundation for all human activities and provides the necessary materials for
these activities. As the most crucial natural resource, its utilization by humans results in different
'Land uses,' which are determined by both human activities and the physical characteristics of the
land.
The utilization of land is impacted by human needs and environmental factors. In countries
like India, rapid population growth and the emphasis on extensive resource exploitation can lead
to significant land degradation, adversely affecting the region's land cover.
Therefore, human intervention has significantly influenced land use patterns over many
centuries, evolving its structure over time and space. In the present era, these changes have
accelerated due to factors such as agriculture and urbanization. Information regarding land use and
cover is essential for various planning and management tasks related to the Earth's surface,
providing crucial environmental data for scientific, resource management, policy purposes, and
diverse human activities.
Accurate understanding of land use and cover is imperative for the development planning
of any area. Consequently, a wide range of professionals, including earth system scientists, land
and water managers, and urban planners, are interested in obtaining data on land use and cover
changes, conversion trends, and other related patterns. The spatial dimensions of land use and
cover support policymakers and scientists in making well-informed decisions, as alterations in
these patterns indicate shifts in economic and social conditions. Monitoring such changes with the
help of Advanced technologies like Remote Sensing and Geographic Information Systems is
crucial for coordinated efforts across different administrative levels. Advanced technologies like
Remote Sensing and Geographic Information Systems
9
Changes in vegetation cover refer to variations in the distribution, composition, and overall
structure of plant communities across different temporal and spatial scales. These changes can
occur natural.
Main Java[All of the Base Concepts}.docxadhitya5119
This is part 1 of my Java Learning Journey. This Contains Custom methods, classes, constructors, packages, multithreading , try- catch block, finally block and more.
How to Make a Field Mandatory in Odoo 17Celine George
In Odoo, making a field required can be done through both Python code and XML views. When you set the required attribute to True in Python code, it makes the field required across all views where it's used. Conversely, when you set the required attribute in XML views, it makes the field required only in the context of that particular view.
Reimagining Your Library Space: How to Increase the Vibes in Your Library No ...Diana Rendina
Librarians are leading the way in creating future-ready citizens – now we need to update our spaces to match. In this session, attendees will get inspiration for transforming their library spaces. You’ll learn how to survey students and patrons, create a focus group, and use design thinking to brainstorm ideas for your space. We’ll discuss budget friendly ways to change your space as well as how to find funding. No matter where you’re at, you’ll find ideas for reimagining your space in this session.
Leveraging Generative AI to Drive Nonprofit InnovationTechSoup
In this webinar, participants learned how to utilize Generative AI to streamline operations and elevate member engagement. Amazon Web Service experts provided a customer specific use cases and dived into low/no-code tools that are quick and easy to deploy through Amazon Web Service (AWS.)
2. Injecting OS Commands
• Web server platforms often have API
s
• To access the
fi
lesystem, interface with
other processes, and for network
communication
s
• Sometimes they issue operating
commands directly to the serve
r
• Leading to command injection
vulnerabilities
3. Example: Injecting via Perl
• Allows administrators to specify a
directory and see its disk usag
e
• Puts un
fi
ltered user input in the command
10. Injecting via PHP
• eval function executes a shell comman
d
• User controls "storedsearch" parameter
11. Finding Command Injection
Flaws
• Any item of user-controlled data may be used to
construct command
s
• Special characters used for injectio
n
• ; |
&
• Batch multiple commands togethe
r
• ` (backtick
)
• Causes immediate command execution
12. Blind Command Injection
• You may not be able to see the results of a
command, like blind SQL injectio
n
• ping will cause a time dela
y
• Create a back-channel with TFTP, telnet, netcat,
mail, etc.
13. NSLOOKUP Vulnerabilty
• App passed user input to nslookup
• & and | were blocked but not >
• Invalid domain name causes an error message that
includes that domain name
14. Exploiting NSLOOKUP
• Put server code in domain nam
e
• Puts this error message in the
fi
l
e
• Then browse to the
fi
le to execute it
15. Preventing OS Command
Injection
• Avoid calling OS command directl
y
• If you must,
fi
lter input with allow-listin
g
• Use APIs instead of passing parameters to a
command shell which then parses them
19. Exploiting Path Traversal
Vulnerabilities
• May allow read or write to
fi
le
s
• This may reveal sensitive information such as
passwords and application log
s
• Or overwrite security-critical items such as
con
fi
guration
fi
les and software binaries
20. Filesystem Monitoring Tools
• FileMon from SysInternals on Window
s
• Now replaced by ProcMon (link Ch 10a
)
• ltrace, strace, or Tripwire on Linu
x
• truss on Solaris
21. Detecting Path Traversal
• Inject an unique string in each submitted
parameter, such as traversaltest
• Filter the
fi
lesystem monitoring tool for that
string
25. Bypassing Obstacles
• The overlong Unicode sequences are
technically illegal, but are accepted anyway by
many Unicode representations, especially on
Window
s
• If the app
fi
lters character sequences, try
placing one sequence within another
26. Using Null Characters
• App requires a
fi
lename to end in .jp
g
• This
fi
lename passes the test but is interpreted
as ending in .ini when used
27. Exploiting Read Access
• Password
fi
les for OS and app
s
• Con
fi
guration
fi
les to discover other
vulnerabilities or
fi
ne-tune another attac
k
• Include
fi
les with database credential
s
• Data sources such as MySQL database
fi
les or XML
fi
le
s
• Source code for server-side scripts to
hunt for bug
s
• Log
fi
les, may contain usernames,
session tokens
28. Exploiting Write Access
• Create scripts in users' startup folder
s
• Modify
fi
les such as in.ftpd to execute
commands when a user next connect
s
• Write scripts to a Web directory with execute
permissions, and call them from your browser
29. Preventing Path Traversal
Vulnerabilities
• Avoid passing user-controlled data into any
fi
lesystem AP
I
• If you must, only allow the user to choose from
a list of known good input
s
• If you must allow users to submit
fi
lenames, add
defenses from the next slide
30. Defenses
• After decoding and decanonicalization
:
• Check for forward slashes, backslashes, and
null byte
s
• If so, stop. Don't attempt to sanitize the
malicious
fi
lenam
e
• Use a hard-coded list of permissible
fi
le type
s
• Reject any request for a different type
31. Defenses
• After decoding and decanonicalization
:
• Use
fi
lesystem APIs to verify that the
fi
lename is
ok and that it exists in the expected director
y
• In Java, use getCanonicalPath; make sure
fi
lename doesn't chang
e
• In ASP.NET, use System.Io.Path.GetFullPath
32. Defenses
• Run app in a chroot jai
l
• So it doesn't have access to the whole OS
fi
le
syste
m
• In Windows, map a drive letter to the allowed
folder and use that drive letter to access
content
s
• Integrate defenses with logging and alerting
systems
33. File Inclusion Vulnerabilities
• Include
fi
les make code re-use eas
y
• Common
fi
les are included within other
fi
le
s
• PHP allows include functions to accept remote
fi
le paths
35. Local File Inclusion (LFI)
• Remote
fi
le inclusion may be blocked, bu
t
• There may be server-executable
fi
les you can
access via LFI, but not directl
y
• Static resources may also be available via LFI
36. Finding Remote File
Inclusion Vulnerabilities
• Insert these items into each targeted paramete
r
• A URL on a Web server you control; look at
server logs to see request
s
• A nonexistent IP address, to see a time dela
y
• If it's vulnerable, put a malicious script on the
server
37. Finding Local File Inclusion
Vulnerabilities
• Insert these items into each targeted paramete
r
• A known executable on the serve
r
• A known static resource on the serve
r
• Try to access sensitive resource
s
• Try traversal to another folder
39. Injecting XML External
Entities
• XML often used to submit data from the client to
the serve
r
• Server-side app responds in XML or another
forma
t
• Most common in Ajax-based applications with
asynchronous requests in the background
42. XML External Entity Injection
(XXE)
• XML parsing libraries support entity references
• A method of referencing data inside or
outside the XML documen
t
• Declaring a custom entity in DOCTYP
E
• Every instance of &testref; will be replaced by
testrefvalue
50. Connecting to Email Server
• Uses the app as a prox
y
• Can scan for open ports on back-end system
s
• Retrieve data from the
m
• Exploit vulnerabilities on them
52. Injecting into SOAP Services
• Simple Object Access Protocol (SOAP) uses
XM
L
• Banking app: user sends this request
53. SOAP Message
• Sent between two of the application's back-end
component
s
• ClearedFunds = False; transaction fails
54.
55. • The comment tag is unmatche
d
• No --
>
• It won't be accepted by normal XML parser
s
• This might work on
fl
awed custom
implementations
56. Finding SOAP Injection
• Simple injection of XML metacharacters will
break the syntax, leading to unhelpful error
message
s
• Try injecting </foo> -- if no error results, your
injection is being
fi
ltered ou
t
• If an error occurs, inject <foo></foo> -- if the
error vanishes, it may be vulnerable
57. Finding SOAP Injection
• Sometimes the XML parameters are stored,
read, and sent back to the use
r
• To detect this, submit these two values in turn
:
• test</foo
>
• test<foo></foo
>
• Reply may contain "test" or injected tags
58. Finding SOAP Injection
• Try injecting this into one parameter
:
• <!-
-
• And this into another parameter
:
• --
>
• May comment out part of the SOAP message
and change application logic or divulge
information
63. Use App as a Proxy
• Attack third-parties on the Interne
t
• Connect to hosts on the internal networ
k
• Connect back to other services on the app
server itsel
f
• Deliver attacks such as XSS that include
attacker-controlled content
64. HTTP Parameter Injection
• This request from the user causes a back-end
request containing parameters the user set
65. HTTP Parameter Injection
• Front-end server can bypass a check by
including this parameter in the reques
t
• clearedfunds=tru
e
• With this request
69. Example
• Front-end app receives this ToAccount value
:
• Back-end request with added parameter
70. Attacks Against URL
Translation
• URL rewriting is commo
n
• To map URLs to relevant back-end function
s
• REST-style parameter
s
• Custom navigation wrapper
s
• Others
73. Injecting into Mail Services
• Apps often send mail via SMT
P
• To report a proble
m
• To provide feedbac
k
• User-supplied information is inserted into the
SMTP conversation
79. Finding SMTP Injection
Flaws
• Inject into every parameter submitted to an
email functio
n
• Test each kind of attac
k
• Use both Windows and Linux newline
characters