ttern - Free Web Hosting with PHP, MySQL and cPanel

More documents

Recommendations

Info

CONTENTS ATTACK PATTERN 8 Malware Analisys for Windows Systems Administrators Using Sysinternal Tools By Dennis Distler Today administrators deal with malware infections almost daily. Often malware is customized for specific organizations, departments in an organization, and even individuals in the organization. This type of malware typically is not identified by antivirus products, and it is up to the administrator to identify the malware. Locating malware purposely designed not to be detected is difficult, but detection is not impossible. To identify malware, systems administrators must be able to perform malware analysis. To detect malware administrators should understand the types of analysis, the process and tools used to accomplish malware analysis. In this article learn about the two types of analysis, static and dynamic as well as the tools and processes to perform the analysis. 14 Direct Object Reference or, How a Toddler Can Hack Your Web Application By Nick Nikiforakis There is no point in denying that everyday software is steadily moving from desktop applications to Web applications. When you can check your mail, play games, create documents and file your tax report without ever leaving your browser, then you are indeed a citizen of the Web. In this era, many miscreants have changed their game. It’s easier for them to impersonate you or steal your private data from a vulnerable Web application than to take control of the Extended Instruction Pointer (EIP) register of your CPU. In this article we will investigate one type of Web application vulnerability, namely Direct Object Reference. A Direct Object Reference occurs when an identifier, used in the internal implementation of a Web application, is exposed to users. When this is done insecurely, it can lead to a lot of trouble... 20 The Logic Behind Application. Logic Defects. By Rafal Los It’s no secret that web applications are at the center of the ongoing conflict between malicious hackers, and those defending the applications. As more and more critical business functions migrate to an Internet presence, web applications play an extremely vital role in business. Hackers know this well, and have been exploiting weaknesses in web applications at an alarmingly high rate. You will see how a hacker maps out the application flow and determine vulnerabilities before... he comes to exploit application logic. You will also understand how logic defects in an application can cause serious business challenges. DEFENSE PATTERN 22 Password, What Password? By Christian Mergiliano If you have a computer with a non-encrypted hard drive and have not disabled other media devices from booting before your hard drive or have not password protected your BIOS listen up! Your computer and files are at risk even if you have a user account password. Christian explains how to deploy this software and its payload into target computers running supported operating systems. You will understand policies and settings that already exist to block end users on a corporate, government or educational network from being able to use this software. And you will see what you, a home user, can do to keep your computer safe from this attack. 6 03/2011
CONTENTS REVERSE ENGINEERING 28 A Quick „Hands On” Introduction to Packing By Alain Schneider On Windows systems, programs are usually available in the PE file format with the EXE extension. Although this file format is quite complex, it is now well documented, so understanding how it is globally supposed to work is pretty easy and you can find a lot of programs designed to open/analyze/ modify PE executables. Those which are designed to modify PE files are often called packers. In this article we will learn how to write one of them. INTERVIEW 36 Interview with Jan van Bon By Exploiting Software Team Traditional security projects show a high degree of falling back specifically because they are not embedded in a well-functioning management system – says Jan van Bon. Creating a solid and practical architecture under your IT management approach can greatly reduce the cost of improving quality, and it can speed up your projects. An integrated approach requires a simple and straightforward method that is easy to understand, supported by available tools in the market, and accepted by many providers. This kind of approach requires thorough knowledge and sincere dedication. As with many other initiatives in the field of IT Service Management, the Netherlands have again produced a fascinating new approach, with promising results for IT Security projects. Jan will share his thoughts on risk managment and IT Security development. www.hakin9.org/en 7
Page 4: Editor in Chief: Grzegorz Tabaka gr
Page 9 and 10: Malware Analysis for Widows Systems
Page 11 and 12: Malware Analysis for Widows Systems
Page 13 and 14: WHAT IS A GOOD FUZZING TOOL? Fuzz t
Page 15 and 16: Direct Object Reference or, How a T
Page 17 and 18: Direct Object Reference or, How a T
Page 19 and 20: and associates with that specific f
Page 21 and 22: The Logic Behind Application Logic
Page 23 and 24: Password, What Password? Computers
Page 25 and 26: Password, What Password? files. For
Page 28 and 29: 28 REVERSE ENGINEERING A Quick „H
Page 30 and 31: 30 Listing 4. Getting the AddressOf
Page 32 and 33: 32 is stored in the PE headers). Us
Page 34: 34 Table 1. Checking if the �les
Page 37 and 38: Interview with Jan van Bon Exploiti

ttern - Free Web Hosting with PHP, MySQL and cPanel

Create successful ePaper yourself

Delete template?

Save as template?