Get up to date Tech &Security related news and books to become a Hacker

Breaking

Sunday, December 10, 2017

The Top 10 Web Hacking Techniques Used by the Hackers

The most influential research on vulnerabilities and exploits, as voted on by the security community.
FREAK


SSL/TLS Vulnerability that would allow attackers to intercept HTTPS connections and force them to use weakened encryption.

Researchers: Karthikeyan Bhargavan at INRIA in Paris and the miTLS team
Further details on the research: https://freakattack.com

Logjam


Another TLS vulnerability that allows man-in-the-middle attacks by downgrading vulnerable TLS connections to 512-bit encryption.

Researchers: David Adrian, Karthikeyan Bhargavan, Zakir Durumeric, Pierrick Gaudry, Matthew Green, J. Alex Halderman, Nadia Heninger, Drew Springall, Emmanuel Thomé, Luke Valenta, Benjamin VanderSloot, Eric Wustrow, Santiago Zanella-Béguelin, and Paul Zimmermann

Additional information: https://weakdh.org

Web Timing Attacks Made Practi
cal



Black Hat talk on how to tweak timing side-channel attacks to make it easier to perform remote timing attacks against modern web apps.

Researchers: Timothy Morgan and Jason Morgan

Video: https://www.youtube.com/watch?v=KirTCSAvt9M

Evading All* WAF XSS Filters



Research that shows how it is possible to evade cross-site scripting filters of all popular web-application firewalls.

Researcher: Mazin Ahmed

Additional information: http://blog.mazinahmed.net/2015/09/evading-all-web-application-firewalls.html

Abusing CDN’s with SSRF Flash and DNS


Research highlighted at Black Hat looking at a collection of attack patterns that can be used against content delivery networks to target a wide range of high availability websites.

Researchers: Mike Brooks and Matt Bryant

Video: https://www.youtube.com/watch?v=ekUQIVUzDX4
IllusoryTLS


An attack pattern that can wreck the security assurances of X.509 PKI security architecture by employing CA certificates that include a secretly embedded backdoor.

Researcher: Alfonso De Gregorio

Additional information: http://www.illusorytls.com
 
Exploiting XXE in File Parsing Functionality


A Black Hat talk examining methods in exploiting XML Entity vulnerabilities in file parsing/upload functionality for XML-supported file formats such as DOCX, XSLX and PDF.

Researcher: Will Vandevanter

Video: https://www.youtube.com/watch?v=ouBwRZJHmmo
 
Abusing XLST for Practical Attacks


Research and proof-of-concept attacks highlighted at Black Hat that show how XSLT can be leveraged to undermine the integrity and confidentiality of user information.

Researcher: Fernando Arnaboldi

Video: https://www.youtube.com/watch?v=bUcd-yibTCE

Magic Hashes


Looks into a weakness in the way PHP handles hashed strings in certain instances to make it possible to compromise authentication systems and other functions that use hash comparisons in PHP.

Researchers: Robert Hansen and Jeremi M. Gosney

Additional information: https://www.whitehatsec.com/blog/magic-hashes/

Hunting Asynchronous Vulnerabilities


Research presented at 44CON delves into how to use exploit-induced callback methods to find vulnerabilities hiding in backend functions and background threads.

Researcher: James Kettle

Video: https://vimeo.com/ondemand/44conlondon2015

courtesy:hackingnewstutorials.com

No comments:

Post a Comment