Penetration

Zero Day Vulnerabilities Have No Patch Yet

When computer system vulnerabilities are discovered, patches are issued that have been designed to close the hole of vulnerability. The patches take some time to construct and deploy and even longer to get the community to accept them and install them. This always leaves a gap of some time between the discovery and when the […]

Password Strength Requirements

While the main premise of the article linked below is correct, it understates a key part of password cracking methodology. There are two primary means of cracking passwords: using word lists, and brute force. There are also many hybrid combinations, which is an important focus of the article. In brute force cracking, every element of […]

Physical attacks

Physical attacks

Physical attacks are attacks that involve penetrating the physical security protecting information systems. In a facility with low physical security or public access, it can be as simple as walking into a building and sitting down at a computer system. Here is a list of some of the types of physical attacks: Walk-in – where […]

Application attacks

Application attacks

Application attacks focus on application software instead of the operating system, where most classical perimeter exploit vulnerabilities are found. A wide variety of application attacks are aimed at web servers and associated functions, but they can also use other applications and protocols. Here is a sample list of some application attack vectors: SQL injection – […]

Client-side attacks

Client-side attacks

Client-side attacks take advantage of weaknesses found in client software usually running on users workstations. Most client-side attacks involve either a web link to a web page that can deliver malware to exploit the client vulnerability or an email with some form of embedded malware that can exploit the client. Another common variation is to […]

Wireless

Wireless

Wireless attacks are constantly changing and so are the defensive techniques used against them. Here are some of the areas involved with different wireless attacks: Recon – most wireless attacks start out with some form of recon. It is usually possible to sniff the wireless packets WEP – this security protocol is no longer safe […]

Perimeter

Perimeter

Perimeter attacks involve using exploit code to take advantage of weaknesses detected in perimeter devices to take control of them or leverage some level of access into greater access. The list of known security holes in windows based systems is quite large and constantly growing. This puts the defenders in a position of needed to […]